./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor286233648

<...>
DUID 00:04:b0:cd:33:f9:4f:8a:55:45:4d:7b:3b:ee:3a:71:f0:8b
forked to background, child pid 3209
[   29.738057][ T3210] 8021q: adding VLAN 0 to HW filter on device bond0
[   29.748580][ T3210] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.10.26' (ECDSA) to the list of known hosts.
execve("./syz-executor286233648", ["./syz-executor286233648"], 0x7fffb70bab20 /* 10 vars */) = 0
brk(NULL)                               = 0x555555b7f000
brk(0x555555b7fc40)                     = 0x555555b7fc40
arch_prctl(ARCH_SET_FS, 0x555555b7f300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor286233648", 4096) = 27
brk(0x555555ba0c40)                     = 0x555555ba0c40
brk(0x555555ba1000)                     = 0x555555ba1000
mprotect(0x7f0fa51fb000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
getpid()                                = 3638
openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3
write(3, "10000000000", 11)             = 11
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3
write(3, "20", 2)                       = 2
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
write(3, "100", 3)                      = 3
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3
write(3, "7 4 1 3", 7)                  = 7
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3
write(3, "3638", 4)                     = 4
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4
sendto(4, [{nlmsg_len=36, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
recvfrom(4, [{nlmsg_len=680, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3638}, "\x01\x02\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00\x06\x00\x01\x00\x1c\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x25\x00\x00\x00\x48\x02\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x05\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x03\x00"...], 4096, 0, NULL, NULL) = 680
recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3638}, {error=0, msg={nlmsg_len=36, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
access("/proc/net", R_OK)               = 0
access("/proc/net/unix", R_OK)          = 0
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0
close(5)                                = 0
sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x06\x00\x0a\x00\xa0\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3638}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0
close(5)                                = 0
sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0c\x00\x01\x00\x02\x00\xaa\xaa\xaa\xaa\xaa\xaa"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44
recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3638}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
sendto(3, [{nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0}, [[{nla_len=11, nla_type=IFLA_IFNAME}, "lowpan0"...], [{nla_len=16, nla_type=IFLA_LINKINFO}, [{nla_len=10, nla_type=IFLA_INFO_KIND}, "lowpan"...]], [{nla_len=8, nla_type=IFLA_LINK}, 11]]], 68, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 68
recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3638}, {error=0, msg={nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0
close(5)                                = 0
sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x06\x00\x0a\x00\xa1\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3638}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0
close(5)                                = 0
sendto(3, [{nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=if_nametoindex("wpan1"), ifi_flags=IFF_UP, ifi_change=0x1}, [{nla_len=12, nla_type=IFLA_ADDRESS}, 02:01:aa:aa:aa:aa:aa]], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44
recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3638}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
close(3)                                = 0
close(4)                                = 0
getpid()                                = 3638
mkdir("./syzkaller.J1ibYh", 0700)       = 0
chmod("./syzkaller.J1ibYh", 0777)       = 0
chdir("./syzkaller.J1ibYh")             = 0
mkdir("./0", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3641
./strace-static-x86_64: Process 3641 attached
[pid  3641] chdir("./0")                = 0
[pid  3641] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3641] setpgid(0, 0)               = 0
[pid  3641] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3641] write(3, "1000", 4)         = 4
[pid  3641] close(3)                    = 0
[pid  3641] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3641] memfd_create("syzkaller", 0) = 3
[pid  3641] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3641] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3641] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3641] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3641] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3641] close(3)                    = 0
[pid  3641] mkdir("./file0", 0777)      = 0
[pid  3641] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3641] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3641] chdir("./file0")            = 0
[pid  3641] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3641] close(4)                    = 0
[pid  3641] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3641] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3641] write(5, "13", 2)           = 2
syzkaller login: [   52.880675][ T3641] loop0: detected capacity change from 0 to 64
[   52.918495][ T3641] FAULT_INJECTION: forcing a failure.
[   52.918495][ T3641] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[   52.932703][ T3641] CPU: 0 PID: 3641 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   52.943224][ T3641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   52.953279][ T3641] Call Trace:
[   52.956551][ T3641]  <TASK>
[   52.959471][ T3641]  dump_stack_lvl+0x1b1/0x28e
[   52.964160][ T3641]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   52.969612][ T3641]  ? panic+0x710/0x710
[   52.973665][ T3641]  ? do_anonymous_page+0xd4a/0x1150
[   52.978854][ T3641]  ? mark_lock+0x9a/0x350
[   52.983171][ T3641]  should_fail_ex+0x395/0x4c0
[   52.987837][ T3641]  prepare_alloc_pages+0x1d7/0x5a0
[   52.992952][ T3641]  __alloc_pages+0x161/0x560
[   52.997547][ T3641]  ? zone_statistics+0x160/0x160
[   53.002489][ T3641]  ? rcu_lock_release+0x5/0x20
[   53.007249][ T3641]  ? alloc_pages+0x520/0x7b0
[   53.011831][ T3641]  ? xas_descend+0x1f3/0x400
[   53.016419][ T3641]  folio_alloc+0x1a/0x50
[   53.020665][ T3641]  filemap_alloc_folio+0x7e/0x1c0
[   53.025689][ T3641]  __filemap_get_folio+0x898/0x1260
[   53.030888][ T3641]  ? page_cache_prev_miss+0x4e0/0x4e0
[   53.036273][ T3641]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[   53.042354][ T3641]  ? print_irqtrace_events+0x220/0x220
[   53.047819][ T3641]  pagecache_get_page+0x28/0x260
[   53.052761][ T3641]  ? hfs_free_extents+0x420/0x420
[   53.057786][ T3641]  block_write_begin+0x2e/0x1e0
[   53.062638][ T3641]  ? cont_write_begin+0x5e5/0x860
[   53.067667][ T3641]  ? hfs_free_extents+0x420/0x420
[   53.072687][ T3641]  cont_write_begin+0x606/0x860
[   53.077542][ T3641]  ? fault_in_readable+0x1d5/0x310
[   53.082656][ T3641]  ? generic_cont_expand_simple+0x250/0x250
[   53.088547][ T3641]  ? fault_in_readable+0x219/0x310
[   53.093655][ T3641]  ? fault_in_safe_writeable+0x240/0x240
[   53.099292][ T3641]  hfs_write_begin+0x86/0xd0
[   53.103876][ T3641]  ? hfs_free_extents+0x420/0x420
[   53.108896][ T3641]  generic_perform_write+0x2e4/0x5e0
[   53.114184][ T3641]  ? __block_commit_write+0x420/0x420
[   53.119555][ T3641]  ? generic_file_direct_write+0x610/0x610
[   53.125358][ T3641]  ? __file_remove_privs+0x6c0/0x6c0
[   53.130641][ T3641]  ? generic_write_checks+0x15c/0x1c0
[   53.136032][ T3641]  __generic_file_write_iter+0x176/0x400
[   53.141686][ T3641]  generic_file_write_iter+0xab/0x310
[   53.147069][ T3641]  vfs_write+0x7dc/0xc50
[   53.151323][ T3641]  ? file_end_write+0x230/0x230
[   53.156199][ T3641]  ? ptrace_stop+0x74d/0x970
[   53.160810][ T3641]  ? _raw_spin_unlock_irq+0x2a/0x40
[   53.166026][ T3641]  ? __fdget_pos+0x252/0x2e0
[   53.170800][ T3641]  ksys_write+0x177/0x2a0
[   53.175138][ T3641]  ? __ia32_sys_read+0x80/0x80
[   53.179902][ T3641]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   53.185880][ T3641]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   53.191855][ T3641]  do_syscall_64+0x3d/0xb0
[   53.196267][ T3641]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   53.202152][ T3641] RIP: 0033:0x7f0fa5191c89
[   53.206561][ T3641] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid  3641] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3641] exit_group(0)               = ?
[pid  3641] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3641, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs")                  = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./0/file0")                      = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./0")                            = 0
mkdir("./1", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3642
./strace-static-x86_64: Process 3642 attached
[pid  3642] chdir("./1")                = 0
[pid  3642] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3642] setpgid(0, 0)               = 0
[pid  3642] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3642] write(3, "1000", 4)         = 4
[pid  3642] close(3)                    = 0
[   53.226157][ T3641] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   53.234566][ T3641] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   53.242530][ T3641] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   53.250501][ T3641] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   53.258473][ T3641] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   53.266439][ T3641] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000000
[   53.274422][ T3641]  </TASK>
[pid  3642] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3642] memfd_create("syzkaller", 0) = 3
[pid  3642] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3642] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3642] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3642] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3642] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3642] close(3)                    = 0
[pid  3642] mkdir("./file0", 0777)      = 0
[pid  3642] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3642] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3642] chdir("./file0")            = 0
[pid  3642] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3642] close(4)                    = 0
[pid  3642] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3642] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3642] write(5, "13", 2)           = 2
[   53.316719][ T3642] loop0: detected capacity change from 0 to 64
[   53.319443][ T3640] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[   53.349738][ T3642] FAULT_INJECTION: forcing a failure.
[   53.349738][ T3642] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   53.367063][ T3642] CPU: 0 PID: 3642 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   53.377500][ T3642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   53.387546][ T3642] Call Trace:
[   53.390822][ T3642]  <TASK>
[   53.393755][ T3642]  dump_stack_lvl+0x1b1/0x28e
[   53.398424][ T3642]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   53.403872][ T3642]  ? panic+0x710/0x710
[   53.407931][ T3642]  ? do_anonymous_page+0xd4a/0x1150
[   53.413120][ T3642]  ? mark_lock+0x9a/0x350
[   53.417452][ T3642]  should_fail_ex+0x395/0x4c0
[   53.422130][ T3642]  prepare_alloc_pages+0x1d7/0x5a0
[   53.427259][ T3642]  __alloc_pages+0x161/0x560
[   53.431850][ T3642]  ? zone_statistics+0x160/0x160
[   53.436798][ T3642]  ? rcu_lock_release+0x5/0x20
[   53.441561][ T3642]  ? alloc_pages+0x520/0x7b0
[   53.446236][ T3642]  ? xas_descend+0x1f3/0x400
[   53.450838][ T3642]  folio_alloc+0x1a/0x50
[   53.455078][ T3642]  filemap_alloc_folio+0x7e/0x1c0
[   53.460101][ T3642]  __filemap_get_folio+0x898/0x1260
[   53.465477][ T3642]  ? page_cache_prev_miss+0x4e0/0x4e0
[   53.470848][ T3642]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[   53.476829][ T3642]  ? print_irqtrace_events+0x220/0x220
[   53.482284][ T3642]  pagecache_get_page+0x28/0x260
[   53.487217][ T3642]  ? hfs_free_extents+0x420/0x420
[   53.492235][ T3642]  block_write_begin+0x2e/0x1e0
[   53.497086][ T3642]  ? cont_write_begin+0x5e5/0x860
[   53.502129][ T3642]  ? hfs_free_extents+0x420/0x420
[   53.507148][ T3642]  cont_write_begin+0x606/0x860
[   53.512088][ T3642]  ? fault_in_readable+0x1d5/0x310
[   53.517208][ T3642]  ? generic_cont_expand_simple+0x250/0x250
[   53.523099][ T3642]  ? fault_in_readable+0x219/0x310
[   53.528207][ T3642]  ? fault_in_safe_writeable+0x240/0x240
[   53.533844][ T3642]  hfs_write_begin+0x86/0xd0
[   53.538437][ T3642]  ? hfs_free_extents+0x420/0x420
[   53.543459][ T3642]  generic_perform_write+0x2e4/0x5e0
[   53.548747][ T3642]  ? __block_commit_write+0x420/0x420
[   53.554121][ T3642]  ? generic_file_direct_write+0x610/0x610
[   53.559927][ T3642]  ? __file_remove_privs+0x6c0/0x6c0
[   53.565212][ T3642]  ? generic_write_checks+0x15c/0x1c0
[   53.570587][ T3642]  __generic_file_write_iter+0x176/0x400
[   53.576224][ T3642]  generic_file_write_iter+0xab/0x310
[   53.581697][ T3642]  vfs_write+0x7dc/0xc50
[   53.585947][ T3642]  ? file_end_write+0x230/0x230
[   53.590792][ T3642]  ? ptrace_stop+0x74d/0x970
[   53.595391][ T3642]  ? _raw_spin_unlock_irq+0x2a/0x40
[   53.600591][ T3642]  ? __fdget_pos+0x252/0x2e0
[   53.605181][ T3642]  ksys_write+0x177/0x2a0
[   53.609596][ T3642]  ? __ia32_sys_read+0x80/0x80
[   53.614359][ T3642]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   53.620426][ T3642]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   53.626404][ T3642]  do_syscall_64+0x3d/0xb0
[   53.630815][ T3642]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   53.636704][ T3642] RIP: 0033:0x7f0fa5191c89
[   53.641114][ T3642] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid  3642] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3642] exit_group(0)               = ?
[pid  3642] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3642, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./1/binderfs")                  = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./1/file0")                      = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./1")                            = 0
mkdir("./2", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3643
./strace-static-x86_64: Process 3643 attached
[pid  3643] chdir("./2")                = 0
[pid  3643] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3643] setpgid(0, 0)               = 0
[pid  3643] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3643] write(3, "1000", 4)         = 4
[pid  3643] close(3)                    = 0
[pid  3643] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3643] memfd_create("syzkaller", 0) = 3
[pid  3643] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[   53.660887][ T3642] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   53.669321][ T3642] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   53.677286][ T3642] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   53.685258][ T3642] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   53.693219][ T3642] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   53.701182][ T3642] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000001
[   53.709246][ T3642]  </TASK>
[pid  3643] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3643] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3643] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3643] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3643] close(3)                    = 0
[pid  3643] mkdir("./file0", 0777)      = 0
[pid  3643] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3643] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3643] chdir("./file0")            = 0
[pid  3643] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3643] close(4)                    = 0
[pid  3643] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3643] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3643] write(5, "13", 2)           = 2
[   53.746202][ T3643] loop0: detected capacity change from 0 to 64
[   53.767348][ T3643] FAULT_INJECTION: forcing a failure.
[   53.767348][ T3643] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   53.780464][ T3643] CPU: 1 PID: 3643 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   53.790871][ T3643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   53.801116][ T3643] Call Trace:
[   53.804427][ T3643]  <TASK>
[   53.807344][ T3643]  dump_stack_lvl+0x1b1/0x28e
[   53.812010][ T3643]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   53.817456][ T3643]  ? panic+0x710/0x710
[   53.821515][ T3643]  ? hfs_free_extents+0x420/0x420
[   53.826543][ T3643]  ? PageHeadHuge+0x8a/0x1d0
[   53.831134][ T3643]  should_fail_ex+0x395/0x4c0
[   53.835834][ T3643]  copy_page_from_iter_atomic+0x217/0x1140
[   53.841653][ T3643]  ? generic_cont_expand_simple+0x250/0x250
[   53.847546][ T3643]  ? pipe_zero+0x200/0x200
[   53.851965][ T3643]  ? hfs_write_begin+0x86/0xd0
[   53.856722][ T3643]  ? hfs_free_extents+0x420/0x420
[   53.861736][ T3643]  ? hfs_write_begin+0x9e/0xd0
[   53.866497][ T3643]  generic_perform_write+0x35a/0x5e0
[   53.871787][ T3643]  ? __block_commit_write+0x420/0x420
[   53.877156][ T3643]  ? generic_file_direct_write+0x610/0x610
[   53.882957][ T3643]  ? __file_remove_privs+0x6c0/0x6c0
[   53.888240][ T3643]  ? generic_write_checks+0x15c/0x1c0
[   53.893617][ T3643]  __generic_file_write_iter+0x176/0x400
[   53.899249][ T3643]  generic_file_write_iter+0xab/0x310
[   53.904619][ T3643]  vfs_write+0x7dc/0xc50
[   53.908866][ T3643]  ? file_end_write+0x230/0x230
[   53.913712][ T3643]  ? ptrace_stop+0x74d/0x970
[   53.918307][ T3643]  ? _raw_spin_unlock_irq+0x2a/0x40
[   53.923512][ T3643]  ? __fdget_pos+0x252/0x2e0
[   53.928099][ T3643]  ksys_write+0x177/0x2a0
[   53.932428][ T3643]  ? __ia32_sys_read+0x80/0x80
[   53.939039][ T3643]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   53.947127][ T3643]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   53.953226][ T3643]  do_syscall_64+0x3d/0xb0
[   53.957638][ T3643]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   53.963527][ T3643] RIP: 0033:0x7f0fa5191c89
[   53.967935][ T3643] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   53.987531][ T3643] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid  3643] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid  3643] exit_group(0)               = ?
[pid  3643] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3643, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./2/binderfs")                  = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./2/file0")                      = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./2")                            = 0
mkdir("./3", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3644
./strace-static-x86_64: Process 3644 attached
[pid  3644] chdir("./3")                = 0
[   53.995969][ T3643] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   54.003967][ T3643] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   54.011936][ T3643] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   54.019988][ T3643] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   54.027949][ T3643] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000002
[   54.035928][ T3643]  </TASK>
[pid  3644] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3644] setpgid(0, 0)               = 0
[pid  3644] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3644] write(3, "1000", 4)         = 4
[pid  3644] close(3)                    = 0
[pid  3644] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3644] memfd_create("syzkaller", 0) = 3
[pid  3644] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3644] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3644] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3644] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3644] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3644] close(3)                    = 0
[pid  3644] mkdir("./file0", 0777)      = 0
[pid  3644] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3644] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3644] chdir("./file0")            = 0
[pid  3644] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3644] close(4)                    = 0
[pid  3644] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3644] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3644] write(5, "13", 2)           = 2
[   54.093652][ T3644] loop0: detected capacity change from 0 to 64
[   54.116452][ T3644] FAULT_INJECTION: forcing a failure.
[   54.116452][ T3644] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   54.129595][ T3644] CPU: 0 PID: 3644 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   54.139997][ T3644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   54.150040][ T3644] Call Trace:
[   54.153308][ T3644]  <TASK>
[   54.156226][ T3644]  dump_stack_lvl+0x1b1/0x28e
[   54.160905][ T3644]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   54.166369][ T3644]  ? panic+0x710/0x710
[   54.170424][ T3644]  ? hfs_free_extents+0x420/0x420
[   54.175449][ T3644]  ? PageHeadHuge+0x8a/0x1d0
[   54.180043][ T3644]  should_fail_ex+0x395/0x4c0
[   54.184716][ T3644]  copy_page_from_iter_atomic+0x217/0x1140
[   54.190516][ T3644]  ? generic_cont_expand_simple+0x250/0x250
[   54.196402][ T3644]  ? pipe_zero+0x200/0x200
[   54.200828][ T3644]  ? hfs_write_begin+0x86/0xd0
[   54.205602][ T3644]  ? hfs_free_extents+0x420/0x420
[   54.210624][ T3644]  ? hfs_write_begin+0x9e/0xd0
[   54.215391][ T3644]  generic_perform_write+0x35a/0x5e0
[   54.220672][ T3644]  ? __block_commit_write+0x420/0x420
[   54.226033][ T3644]  ? generic_file_direct_write+0x610/0x610
[   54.231837][ T3644]  ? __file_remove_privs+0x6c0/0x6c0
[   54.237138][ T3644]  ? generic_write_checks+0x15c/0x1c0
[   54.242509][ T3644]  __generic_file_write_iter+0x176/0x400
[   54.248133][ T3644]  generic_file_write_iter+0xab/0x310
[   54.253492][ T3644]  vfs_write+0x7dc/0xc50
[   54.257729][ T3644]  ? file_end_write+0x230/0x230
[   54.262568][ T3644]  ? ptrace_stop+0x74d/0x970
[   54.267168][ T3644]  ? _raw_spin_unlock_irq+0x2a/0x40
[   54.272388][ T3644]  ? __fdget_pos+0x252/0x2e0
[   54.276969][ T3644]  ksys_write+0x177/0x2a0
[   54.281306][ T3644]  ? __ia32_sys_read+0x80/0x80
[   54.286059][ T3644]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   54.292125][ T3644]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   54.298105][ T3644]  do_syscall_64+0x3d/0xb0
[   54.302532][ T3644]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   54.308407][ T3644] RIP: 0033:0x7f0fa5191c89
[   54.312806][ T3644] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   54.332411][ T3644] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid  3644] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid  3644] exit_group(0)               = ?
[pid  3644] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3644, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./3/binderfs")                  = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./3/file0")                      = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./3")                            = 0
mkdir("./4", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3645
./strace-static-x86_64: Process 3645 attached
[pid  3645] chdir("./4")                = 0
[pid  3645] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3645] setpgid(0, 0)               = 0
[   54.340927][ T3644] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   54.348894][ T3644] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   54.356873][ T3644] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   54.364828][ T3644] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   54.372789][ T3644] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000003
[   54.380775][ T3644]  </TASK>
[pid  3645] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3645] write(3, "1000", 4)         = 4
[pid  3645] close(3)                    = 0
[pid  3645] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3645] memfd_create("syzkaller", 0) = 3
[pid  3645] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3645] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3645] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3645] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3645] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3645] close(3)                    = 0
[pid  3645] mkdir("./file0", 0777)      = 0
[pid  3645] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3645] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3645] chdir("./file0")            = 0
[pid  3645] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3645] close(4)                    = 0
[pid  3645] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3645] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3645] write(5, "13", 2)           = 2
[   54.437054][ T3645] loop0: detected capacity change from 0 to 64
[   54.469637][ T3645] FAULT_INJECTION: forcing a failure.
[   54.469637][ T3645] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   54.482753][ T3645] CPU: 0 PID: 3645 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   54.493160][ T3645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   54.503196][ T3645] Call Trace:
[   54.506461][ T3645]  <TASK>
[   54.509381][ T3645]  dump_stack_lvl+0x1b1/0x28e
[   54.514047][ T3645]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   54.519486][ T3645]  ? panic+0x710/0x710
[   54.523535][ T3645]  ? hfs_free_extents+0x420/0x420
[   54.528544][ T3645]  ? PageHeadHuge+0x8a/0x1d0
[   54.533122][ T3645]  should_fail_ex+0x395/0x4c0
[   54.537790][ T3645]  copy_page_from_iter_atomic+0x217/0x1140
[   54.543604][ T3645]  ? generic_cont_expand_simple+0x250/0x250
[   54.549508][ T3645]  ? pipe_zero+0x200/0x200
[   54.553931][ T3645]  ? hfs_write_begin+0x86/0xd0
[   54.558689][ T3645]  ? hfs_free_extents+0x420/0x420
[   54.563703][ T3645]  ? hfs_write_begin+0x9e/0xd0
[   54.568461][ T3645]  generic_perform_write+0x35a/0x5e0
[   54.573751][ T3645]  ? __block_commit_write+0x420/0x420
[   54.579123][ T3645]  ? generic_file_direct_write+0x610/0x610
[   54.585012][ T3645]  ? __file_remove_privs+0x6c0/0x6c0
[   54.590296][ T3645]  ? generic_write_checks+0x15c/0x1c0
[   54.595673][ T3645]  __generic_file_write_iter+0x176/0x400
[   54.601307][ T3645]  generic_file_write_iter+0xab/0x310
[   54.606676][ T3645]  vfs_write+0x7dc/0xc50
[   54.610924][ T3645]  ? file_end_write+0x230/0x230
[   54.615769][ T3645]  ? ptrace_stop+0x74d/0x970
[   54.620363][ T3645]  ? _raw_spin_unlock_irq+0x2a/0x40
[   54.625567][ T3645]  ? __fdget_pos+0x252/0x2e0
[   54.630163][ T3645]  ksys_write+0x177/0x2a0
[   54.634489][ T3645]  ? __ia32_sys_read+0x80/0x80
[   54.639250][ T3645]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   54.645228][ T3645]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   54.651208][ T3645]  do_syscall_64+0x3d/0xb0
[   54.655616][ T3645]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   54.661502][ T3645] RIP: 0033:0x7f0fa5191c89
[   54.665911][ T3645] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid  3645] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid  3645] exit_group(0)               = ?
[pid  3645] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3645, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./4/binderfs")                  = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./4/file0")                      = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./4")                            = 0
mkdir("./5", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
[   54.685510][ T3645] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   54.693916][ T3645] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   54.701878][ T3645] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   54.709841][ T3645] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   54.717802][ T3645] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   54.725763][ T3645] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000004
[   54.733738][ T3645]  </TASK>
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3646
./strace-static-x86_64: Process 3646 attached
[pid  3646] chdir("./5")                = 0
[pid  3646] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3646] setpgid(0, 0)               = 0
[pid  3646] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3646] write(3, "1000", 4)         = 4
[pid  3646] close(3)                    = 0
[pid  3646] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3646] memfd_create("syzkaller", 0) = 3
[pid  3646] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3646] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3646] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3646] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3646] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3646] close(3)                    = 0
[pid  3646] mkdir("./file0", 0777)      = 0
[pid  3646] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3646] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3646] chdir("./file0")            = 0
[pid  3646] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3646] close(4)                    = 0
[pid  3646] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3646] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3646] write(5, "13", 2)           = 2
[   54.786016][ T3646] loop0: detected capacity change from 0 to 64
[   54.807447][ T3646] FAULT_INJECTION: forcing a failure.
[   54.807447][ T3646] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   54.820654][ T3646] CPU: 1 PID: 3646 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   54.831052][ T3646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   54.841094][ T3646] Call Trace:
[   54.844371][ T3646]  <TASK>
[   54.847303][ T3646]  dump_stack_lvl+0x1b1/0x28e
[   54.851970][ T3646]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   54.857414][ T3646]  ? panic+0x710/0x710
[   54.861471][ T3646]  ? hfs_free_extents+0x420/0x420
[   54.866484][ T3646]  ? PageHeadHuge+0x8a/0x1d0
[   54.871079][ T3646]  should_fail_ex+0x395/0x4c0
[   54.875768][ T3646]  copy_page_from_iter_atomic+0x217/0x1140
[   54.881568][ T3646]  ? generic_cont_expand_simple+0x250/0x250
[   54.887453][ T3646]  ? pipe_zero+0x200/0x200
[   54.891859][ T3646]  ? hfs_write_begin+0x86/0xd0
[   54.896621][ T3646]  ? hfs_free_extents+0x420/0x420
[   54.901642][ T3646]  ? hfs_write_begin+0x9e/0xd0
[   54.906405][ T3646]  generic_perform_write+0x35a/0x5e0
[   54.911701][ T3646]  ? __block_commit_write+0x420/0x420
[   54.917062][ T3646]  ? generic_file_direct_write+0x610/0x610
[   54.922863][ T3646]  ? __file_remove_privs+0x6c0/0x6c0
[   54.928159][ T3646]  ? generic_write_checks+0x15c/0x1c0
[   54.933526][ T3646]  __generic_file_write_iter+0x176/0x400
[   54.939152][ T3646]  generic_file_write_iter+0xab/0x310
[   54.944512][ T3646]  vfs_write+0x7dc/0xc50
[   54.948744][ T3646]  ? file_end_write+0x230/0x230
[   54.953583][ T3646]  ? ptrace_stop+0x74d/0x970
[   54.958164][ T3646]  ? _raw_spin_unlock_irq+0x2a/0x40
[   54.963352][ T3646]  ? __fdget_pos+0x252/0x2e0
[   54.967930][ T3646]  ksys_write+0x177/0x2a0
[   54.972252][ T3646]  ? __ia32_sys_read+0x80/0x80
[   54.977012][ T3646]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   54.982981][ T3646]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   54.988962][ T3646]  do_syscall_64+0x3d/0xb0
[   54.993386][ T3646]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   54.999265][ T3646] RIP: 0033:0x7f0fa5191c89
[   55.003668][ T3646] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   55.023262][ T3646] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid  3646] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid  3646] exit_group(0)               = ?
[pid  3646] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3646, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./5/binderfs")                  = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./5/file0")                      = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./5")                            = 0
mkdir("./6", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
[   55.031678][ T3646] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   55.039651][ T3646] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   55.047608][ T3646] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   55.055565][ T3646] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   55.063530][ T3646] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000005
[   55.071531][ T3646]  </TASK>
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3647
./strace-static-x86_64: Process 3647 attached
[pid  3647] chdir("./6")                = 0
[pid  3647] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3647] setpgid(0, 0)               = 0
[pid  3647] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3647] write(3, "1000", 4)         = 4
[pid  3647] close(3)                    = 0
[pid  3647] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3647] memfd_create("syzkaller", 0) = 3
[pid  3647] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3647] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3647] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3647] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3647] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3647] close(3)                    = 0
[pid  3647] mkdir("./file0", 0777)      = 0
[pid  3647] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3647] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3647] chdir("./file0")            = 0
[pid  3647] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3647] close(4)                    = 0
[pid  3647] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3647] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3647] write(5, "13", 2)           = 2
[   55.132811][ T3647] loop0: detected capacity change from 0 to 64
[   55.169665][ T3647] FAULT_INJECTION: forcing a failure.
[   55.169665][ T3647] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   55.182871][ T3647] CPU: 1 PID: 3647 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   55.193289][ T3647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   55.203345][ T3647] Call Trace:
[   55.206619][ T3647]  <TASK>
[   55.209543][ T3647]  dump_stack_lvl+0x1b1/0x28e
[   55.214238][ T3647]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   55.219690][ T3647]  ? panic+0x710/0x710
[   55.223755][ T3647]  ? hfs_free_extents+0x420/0x420
[   55.228783][ T3647]  ? PageHeadHuge+0x8a/0x1d0
[   55.233385][ T3647]  should_fail_ex+0x395/0x4c0
[   55.238071][ T3647]  copy_page_from_iter_atomic+0x217/0x1140
[   55.243882][ T3647]  ? generic_cont_expand_simple+0x250/0x250
[   55.249951][ T3647]  ? pipe_zero+0x200/0x200
[   55.254376][ T3647]  ? hfs_write_begin+0x86/0xd0
[   55.259133][ T3647]  ? hfs_free_extents+0x420/0x420
[   55.264146][ T3647]  ? hfs_write_begin+0x9e/0xd0
[   55.268908][ T3647]  generic_perform_write+0x35a/0x5e0
[   55.274198][ T3647]  ? __block_commit_write+0x420/0x420
[   55.279571][ T3647]  ? generic_file_direct_write+0x610/0x610
[   55.285375][ T3647]  ? __file_remove_privs+0x6c0/0x6c0
[   55.290661][ T3647]  ? generic_write_checks+0x15c/0x1c0
[   55.296040][ T3647]  __generic_file_write_iter+0x176/0x400
[   55.301675][ T3647]  generic_file_write_iter+0xab/0x310
[   55.307044][ T3647]  vfs_write+0x7dc/0xc50
[   55.311299][ T3647]  ? file_end_write+0x230/0x230
[   55.316143][ T3647]  ? ptrace_stop+0x74d/0x970
[   55.320740][ T3647]  ? _raw_spin_unlock_irq+0x2a/0x40
[   55.325939][ T3647]  ? __fdget_pos+0x252/0x2e0
[   55.330528][ T3647]  ksys_write+0x177/0x2a0
[   55.334858][ T3647]  ? __ia32_sys_read+0x80/0x80
[   55.339617][ T3647]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   55.345603][ T3647]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   55.351582][ T3647]  do_syscall_64+0x3d/0xb0
[   55.355994][ T3647]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   55.361880][ T3647] RIP: 0033:0x7f0fa5191c89
[   55.366293][ T3647] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   55.385892][ T3647] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   55.394305][ T3647] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   55.402271][ T3647] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   55.410254][ T3647] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   55.418241][ T3647] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   55.426209][ T3647] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000006
[pid  3647] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid  3647] exit_group(0)               = ?
[pid  3647] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3647, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./6/binderfs")                  = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./6/file0")                      = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./6")                            = 0
mkdir("./7", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
[   55.434188][ T3647]  </TASK>
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3648
./strace-static-x86_64: Process 3648 attached
[pid  3648] chdir("./7")                = 0
[pid  3648] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3648] setpgid(0, 0)               = 0
[pid  3648] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3648] write(3, "1000", 4)         = 4
[pid  3648] close(3)                    = 0
[pid  3648] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3648] memfd_create("syzkaller", 0) = 3
[pid  3648] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3648] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3648] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3648] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3648] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3648] close(3)                    = 0
[pid  3648] mkdir("./file0", 0777)      = 0
[pid  3648] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3648] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3648] chdir("./file0")            = 0
[pid  3648] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3648] close(4)                    = 0
[pid  3648] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3648] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3648] write(5, "13", 2)           = 2
[   55.490772][ T3648] loop0: detected capacity change from 0 to 64
[   55.516146][ T3648] FAULT_INJECTION: forcing a failure.
[   55.516146][ T3648] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   55.529248][ T3648] CPU: 1 PID: 3648 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   55.539648][ T3648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   55.549698][ T3648] Call Trace:
[   55.552983][ T3648]  <TASK>
[   55.555909][ T3648]  dump_stack_lvl+0x1b1/0x28e
[   55.560589][ T3648]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   55.566041][ T3648]  ? panic+0x710/0x710
[   55.570124][ T3648]  ? hfs_free_extents+0x420/0x420
[   55.575146][ T3648]  ? PageHeadHuge+0x8a/0x1d0
[   55.579739][ T3648]  should_fail_ex+0x395/0x4c0
[   55.584419][ T3648]  copy_page_from_iter_atomic+0x217/0x1140
[   55.590229][ T3648]  ? generic_cont_expand_simple+0x250/0x250
[   55.596123][ T3648]  ? pipe_zero+0x200/0x200
[   55.600542][ T3648]  ? hfs_write_begin+0x86/0xd0
[   55.605299][ T3648]  ? hfs_free_extents+0x420/0x420
[   55.610321][ T3648]  ? hfs_write_begin+0x9e/0xd0
[   55.615086][ T3648]  generic_perform_write+0x35a/0x5e0
[   55.620378][ T3648]  ? __block_commit_write+0x420/0x420
[   55.625751][ T3648]  ? generic_file_direct_write+0x610/0x610
[   55.631552][ T3648]  ? __file_remove_privs+0x6c0/0x6c0
[   55.636837][ T3648]  ? generic_write_checks+0x15c/0x1c0
[   55.642215][ T3648]  __generic_file_write_iter+0x176/0x400
[   55.647850][ T3648]  generic_file_write_iter+0xab/0x310
[   55.653220][ T3648]  vfs_write+0x7dc/0xc50
[   55.657470][ T3648]  ? file_end_write+0x230/0x230
[   55.662315][ T3648]  ? ptrace_stop+0x74d/0x970
[   55.666911][ T3648]  ? _raw_spin_unlock_irq+0x2a/0x40
[   55.672110][ T3648]  ? __fdget_pos+0x252/0x2e0
[   55.676698][ T3648]  ksys_write+0x177/0x2a0
[   55.681028][ T3648]  ? __ia32_sys_read+0x80/0x80
[   55.685792][ T3648]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   55.691769][ T3648]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   55.697744][ T3648]  do_syscall_64+0x3d/0xb0
[   55.702156][ T3648]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   55.708040][ T3648] RIP: 0033:0x7f0fa5191c89
[   55.712452][ T3648] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   55.732138][ T3648] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid  3648] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid  3648] exit_group(0)               = ?
[pid  3648] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3648, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./7/binderfs")                  = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./7/file0")                      = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./7")                            = 0
mkdir("./8", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
[   55.740547][ T3648] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   55.748512][ T3648] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   55.756479][ T3648] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   55.764444][ T3648] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   55.772406][ T3648] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000007
[   55.780391][ T3648]  </TASK>
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3649
./strace-static-x86_64: Process 3649 attached
[pid  3649] chdir("./8")                = 0
[pid  3649] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3649] setpgid(0, 0)               = 0
[pid  3649] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3649] write(3, "1000", 4)         = 4
[pid  3649] close(3)                    = 0
[pid  3649] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3649] memfd_create("syzkaller", 0) = 3
[pid  3649] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3649] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3649] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3649] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3649] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3649] close(3)                    = 0
[pid  3649] mkdir("./file0", 0777)      = 0
[pid  3649] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3649] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3649] chdir("./file0")            = 0
[pid  3649] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3649] close(4)                    = 0
[pid  3649] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3649] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3649] write(5, "13", 2)           = 2
[   55.828865][ T3649] loop0: detected capacity change from 0 to 64
[   55.852206][ T3649] FAULT_INJECTION: forcing a failure.
[   55.852206][ T3649] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   55.865322][ T3649] CPU: 0 PID: 3649 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   55.875742][ T3649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   55.885785][ T3649] Call Trace:
[   55.889057][ T3649]  <TASK>
[   55.891976][ T3649]  dump_stack_lvl+0x1b1/0x28e
[   55.896654][ T3649]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   55.902126][ T3649]  ? panic+0x710/0x710
[   55.906199][ T3649]  ? hfs_free_extents+0x420/0x420
[   55.911213][ T3649]  ? PageHeadHuge+0x8a/0x1d0
[   55.915800][ T3649]  should_fail_ex+0x395/0x4c0
[   55.920471][ T3649]  copy_page_from_iter_atomic+0x217/0x1140
[   55.926276][ T3649]  ? generic_cont_expand_simple+0x250/0x250
[   55.932185][ T3649]  ? pipe_zero+0x200/0x200
[   55.936614][ T3649]  ? hfs_write_begin+0x86/0xd0
[   55.941361][ T3649]  ? hfs_free_extents+0x420/0x420
[   55.946372][ T3649]  ? hfs_write_begin+0x9e/0xd0
[   55.951125][ T3649]  generic_perform_write+0x35a/0x5e0
[   55.956405][ T3649]  ? __block_commit_write+0x420/0x420
[   55.961766][ T3649]  ? generic_file_direct_write+0x610/0x610
[   55.967655][ T3649]  ? __file_remove_privs+0x6c0/0x6c0
[   55.972931][ T3649]  ? generic_write_checks+0x15c/0x1c0
[   55.978298][ T3649]  __generic_file_write_iter+0x176/0x400
[   55.983928][ T3649]  generic_file_write_iter+0xab/0x310
[   55.989333][ T3649]  vfs_write+0x7dc/0xc50
[   55.993592][ T3649]  ? file_end_write+0x230/0x230
[   55.998430][ T3649]  ? ptrace_stop+0x74d/0x970
[   56.003019][ T3649]  ? _raw_spin_unlock_irq+0x2a/0x40
[   56.008219][ T3649]  ? __fdget_pos+0x252/0x2e0
[   56.012818][ T3649]  ksys_write+0x177/0x2a0
[   56.017147][ T3649]  ? __ia32_sys_read+0x80/0x80
[   56.021912][ T3649]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   56.027914][ T3649]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   56.033890][ T3649]  do_syscall_64+0x3d/0xb0
[   56.038297][ T3649]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   56.044187][ T3649] RIP: 0033:0x7f0fa5191c89
[   56.048604][ T3649] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   56.068200][ T3649] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid  3649] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid  3649] exit_group(0)               = ?
[pid  3649] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3649, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./8/binderfs")                  = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./8/file0")                      = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./8")                            = 0
mkdir("./9", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3650
[   56.076603][ T3649] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   56.084563][ T3649] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   56.092520][ T3649] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   56.100489][ T3649] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   56.108463][ T3649] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000008
[   56.116436][ T3649]  </TASK>
./strace-static-x86_64: Process 3650 attached
[pid  3650] chdir("./9")                = 0
[pid  3650] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3650] setpgid(0, 0)               = 0
[pid  3650] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3650] write(3, "1000", 4)         = 4
[pid  3650] close(3)                    = 0
[pid  3650] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3650] memfd_create("syzkaller", 0) = 3
[pid  3650] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3650] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3650] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3650] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3650] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3650] close(3)                    = 0
[pid  3650] mkdir("./file0", 0777)      = 0
[pid  3650] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3650] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3650] chdir("./file0")            = 0
[pid  3650] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3650] close(4)                    = 0
[pid  3650] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3650] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3650] write(5, "13", 2)           = 2
[   56.177836][ T3650] loop0: detected capacity change from 0 to 64
[   56.194125][ T3650] FAULT_INJECTION: forcing a failure.
[   56.194125][ T3650] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   56.207774][ T3650] CPU: 0 PID: 3650 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   56.218204][ T3650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   56.228247][ T3650] Call Trace:
[   56.231521][ T3650]  <TASK>
[   56.234439][ T3650]  dump_stack_lvl+0x1b1/0x28e
[   56.239194][ T3650]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   56.244642][ T3650]  ? panic+0x710/0x710
[   56.248711][ T3650]  ? do_anonymous_page+0xd4a/0x1150
[   56.253932][ T3650]  ? mark_lock+0x9a/0x350
[   56.258291][ T3650]  should_fail_ex+0x395/0x4c0
[   56.262986][ T3650]  prepare_alloc_pages+0x1d7/0x5a0
[   56.268122][ T3650]  __alloc_pages+0x161/0x560
[   56.272723][ T3650]  ? zone_statistics+0x160/0x160
[   56.277679][ T3650]  ? rcu_lock_release+0x5/0x20
[   56.282432][ T3650]  ? alloc_pages+0x520/0x7b0
[   56.287030][ T3650]  ? xas_descend+0x1f3/0x400
[   56.291632][ T3650]  folio_alloc+0x1a/0x50
[   56.295864][ T3650]  filemap_alloc_folio+0x7e/0x1c0
[   56.300902][ T3650]  __filemap_get_folio+0x898/0x1260
[   56.306109][ T3650]  ? page_cache_prev_miss+0x4e0/0x4e0
[   56.311476][ T3650]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[   56.317449][ T3650]  ? print_irqtrace_events+0x220/0x220
[   56.322901][ T3650]  pagecache_get_page+0x28/0x260
[   56.327827][ T3650]  ? hfs_free_extents+0x420/0x420
[   56.332844][ T3650]  block_write_begin+0x2e/0x1e0
[   56.337695][ T3650]  ? cont_write_begin+0x5e5/0x860
[   56.342713][ T3650]  ? hfs_free_extents+0x420/0x420
[   56.347740][ T3650]  cont_write_begin+0x606/0x860
[   56.352613][ T3650]  ? fault_in_readable+0x1d5/0x310
[   56.357721][ T3650]  ? generic_cont_expand_simple+0x250/0x250
[   56.363611][ T3650]  ? fault_in_readable+0x219/0x310
[   56.368732][ T3650]  ? fault_in_safe_writeable+0x240/0x240
[   56.374370][ T3650]  hfs_write_begin+0x86/0xd0
[   56.378951][ T3650]  ? hfs_free_extents+0x420/0x420
[   56.383971][ T3650]  generic_perform_write+0x2e4/0x5e0
[   56.389275][ T3650]  ? __block_commit_write+0x420/0x420
[   56.394670][ T3650]  ? generic_file_direct_write+0x610/0x610
[   56.400484][ T3650]  ? __file_remove_privs+0x6c0/0x6c0
[   56.405769][ T3650]  ? generic_write_checks+0x15c/0x1c0
[   56.411171][ T3650]  __generic_file_write_iter+0x176/0x400
[   56.416829][ T3650]  generic_file_write_iter+0xab/0x310
[   56.422222][ T3650]  vfs_write+0x7dc/0xc50
[   56.426501][ T3650]  ? file_end_write+0x230/0x230
[   56.431345][ T3650]  ? ptrace_stop+0x74d/0x970
[   56.435944][ T3650]  ? _raw_spin_unlock_irq+0x2a/0x40
[   56.441153][ T3650]  ? __fdget_pos+0x252/0x2e0
[   56.445733][ T3650]  ksys_write+0x177/0x2a0
[   56.450053][ T3650]  ? __ia32_sys_read+0x80/0x80
[   56.454807][ T3650]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   56.460784][ T3650]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   56.466760][ T3650]  do_syscall_64+0x3d/0xb0
[   56.471165][ T3650]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   56.477055][ T3650] RIP: 0033:0x7f0fa5191c89
[   56.481474][ T3650] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   56.501100][ T3650] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   56.509519][ T3650] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   56.517482][ T3650] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid  3650] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3650] exit_group(0)               = ?
[pid  3650] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3650, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./9/binderfs")                  = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./9/file0")                      = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./9")                            = 0
mkdir("./10", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3651
[   56.525464][ T3650] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   56.533437][ T3650] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   56.541416][ T3650] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000009
[   56.549401][ T3650]  </TASK>
./strace-static-x86_64: Process 3651 attached
[pid  3651] chdir("./10")               = 0
[pid  3651] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3651] setpgid(0, 0)               = 0
[pid  3651] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3651] write(3, "1000", 4)         = 4
[pid  3651] close(3)                    = 0
[pid  3651] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3651] memfd_create("syzkaller", 0) = 3
[pid  3651] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3651] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3651] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3651] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3651] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3651] close(3)                    = 0
[pid  3651] mkdir("./file0", 0777)      = 0
[pid  3651] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3651] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3651] chdir("./file0")            = 0
[pid  3651] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3651] close(4)                    = 0
[pid  3651] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3651] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3651] write(5, "13", 2)           = 2
[   56.601277][ T3651] loop0: detected capacity change from 0 to 64
[   56.630441][ T3651] FAULT_INJECTION: forcing a failure.
[   56.630441][ T3651] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   56.644045][ T3651] CPU: 0 PID: 3651 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   56.654449][ T3651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   56.664486][ T3651] Call Trace:
[   56.667748][ T3651]  <TASK>
[   56.670696][ T3651]  dump_stack_lvl+0x1b1/0x28e
[   56.675362][ T3651]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   56.680802][ T3651]  ? panic+0x710/0x710
[   56.684861][ T3651]  ? do_anonymous_page+0xd4a/0x1150
[   56.690048][ T3651]  ? mark_lock+0x9a/0x350
[   56.694363][ T3651]  should_fail_ex+0x395/0x4c0
[   56.699032][ T3651]  prepare_alloc_pages+0x1d7/0x5a0
[   56.704144][ T3651]  __alloc_pages+0x161/0x560
[   56.708745][ T3651]  ? zone_statistics+0x160/0x160
[   56.713689][ T3651]  ? rcu_lock_release+0x5/0x20
[   56.718451][ T3651]  ? alloc_pages+0x520/0x7b0
[   56.723037][ T3651]  ? xas_descend+0x1f3/0x400
[   56.727629][ T3651]  folio_alloc+0x1a/0x50
[   56.731868][ T3651]  filemap_alloc_folio+0x7e/0x1c0
[   56.736890][ T3651]  __filemap_get_folio+0x898/0x1260
[   56.742093][ T3651]  ? page_cache_prev_miss+0x4e0/0x4e0
[   56.747465][ T3651]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[   56.753445][ T3651]  ? print_irqtrace_events+0x220/0x220
[   56.758907][ T3651]  pagecache_get_page+0x28/0x260
[   56.763844][ T3651]  ? hfs_free_extents+0x420/0x420
[   56.768864][ T3651]  block_write_begin+0x2e/0x1e0
[   56.773714][ T3651]  ? cont_write_begin+0x5e5/0x860
[   56.778739][ T3651]  ? hfs_free_extents+0x420/0x420
[   56.783761][ T3651]  cont_write_begin+0x606/0x860
[   56.788617][ T3651]  ? fault_in_readable+0x1d5/0x310
[   56.793746][ T3651]  ? generic_cont_expand_simple+0x250/0x250
[   56.799644][ T3651]  ? fault_in_readable+0x219/0x310
[   56.804759][ T3651]  ? fault_in_safe_writeable+0x240/0x240
[   56.810418][ T3651]  hfs_write_begin+0x86/0xd0
[   56.815004][ T3651]  ? hfs_free_extents+0x420/0x420
[   56.820028][ T3651]  generic_perform_write+0x2e4/0x5e0
[   56.825322][ T3651]  ? __block_commit_write+0x420/0x420
[   56.830695][ T3651]  ? generic_file_direct_write+0x610/0x610
[   56.836500][ T3651]  ? __file_remove_privs+0x6c0/0x6c0
[   56.841782][ T3651]  ? generic_write_checks+0x15c/0x1c0
[   56.847162][ T3651]  __generic_file_write_iter+0x176/0x400
[   56.852805][ T3651]  generic_file_write_iter+0xab/0x310
[   56.858177][ T3651]  vfs_write+0x7dc/0xc50
[   56.862431][ T3651]  ? file_end_write+0x230/0x230
[   56.867282][ T3651]  ? ptrace_stop+0x74d/0x970
[   56.871880][ T3651]  ? _raw_spin_unlock_irq+0x2a/0x40
[   56.877087][ T3651]  ? __fdget_pos+0x252/0x2e0
[   56.881681][ T3651]  ksys_write+0x177/0x2a0
[   56.886012][ T3651]  ? __ia32_sys_read+0x80/0x80
[   56.890773][ T3651]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   56.896753][ T3651]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   56.902731][ T3651]  do_syscall_64+0x3d/0xb0
[   56.907146][ T3651]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   56.913035][ T3651] RIP: 0033:0x7f0fa5191c89
[   56.917446][ T3651] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   56.937047][ T3651] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid  3651] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3651] exit_group(0)               = ?
[pid  3651] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3651, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./10/binderfs")                 = 0
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./10/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./10")                           = 0
mkdir("./11", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3652
./strace-static-x86_64: Process 3652 attached
[pid  3652] chdir("./11")               = 0
[pid  3652] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3652] setpgid(0, 0)               = 0
[pid  3652] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3652] write(3, "1000", 4)         = 4
[pid  3652] close(3)                    = 0
[   56.945455][ T3651] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   56.953420][ T3651] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   56.961386][ T3651] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   56.969368][ T3651] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   56.977330][ T3651] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000000a
[   56.985310][ T3651]  </TASK>
[pid  3652] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3652] memfd_create("syzkaller", 0) = 3
[pid  3652] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3652] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3652] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3652] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3652] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3652] close(3)                    = 0
[pid  3652] mkdir("./file0", 0777)      = 0
[pid  3652] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3652] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3652] chdir("./file0")            = 0
[pid  3652] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3652] close(4)                    = 0
[pid  3652] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3652] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3652] write(5, "13", 2)           = 2
[   57.039460][ T3652] loop0: detected capacity change from 0 to 64
[   57.068078][ T3652] FAULT_INJECTION: forcing a failure.
[   57.068078][ T3652] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   57.081415][ T3652] CPU: 1 PID: 3652 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   57.091837][ T3652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   57.101882][ T3652] Call Trace:
[   57.105169][ T3652]  <TASK>
[   57.108113][ T3652]  dump_stack_lvl+0x1b1/0x28e
[   57.112799][ T3652]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   57.118259][ T3652]  ? panic+0x710/0x710
[   57.122344][ T3652]  ? do_anonymous_page+0xd4a/0x1150
[   57.127554][ T3652]  ? mark_lock+0x9a/0x350
[   57.131876][ T3652]  should_fail_ex+0x395/0x4c0
[   57.136566][ T3652]  prepare_alloc_pages+0x1d7/0x5a0
[   57.141706][ T3652]  __alloc_pages+0x161/0x560
[   57.146303][ T3652]  ? zone_statistics+0x160/0x160
[   57.151262][ T3652]  ? rcu_lock_release+0x5/0x20
[   57.156040][ T3652]  ? alloc_pages+0x520/0x7b0
[   57.160625][ T3652]  ? xas_descend+0x1f3/0x400
[   57.165221][ T3652]  folio_alloc+0x1a/0x50
[   57.169489][ T3652]  filemap_alloc_folio+0x7e/0x1c0
[   57.174530][ T3652]  __filemap_get_folio+0x898/0x1260
[   57.179743][ T3652]  ? page_cache_prev_miss+0x4e0/0x4e0
[   57.185129][ T3652]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[   57.191122][ T3652]  ? print_irqtrace_events+0x220/0x220
[   57.196575][ T3652]  pagecache_get_page+0x28/0x260
[   57.201514][ T3652]  ? hfs_free_extents+0x420/0x420
[   57.206532][ T3652]  block_write_begin+0x2e/0x1e0
[   57.211388][ T3652]  ? cont_write_begin+0x5e5/0x860
[   57.216424][ T3652]  ? hfs_free_extents+0x420/0x420
[   57.221440][ T3652]  cont_write_begin+0x606/0x860
[   57.226378][ T3652]  ? fault_in_readable+0x1d5/0x310
[   57.231484][ T3652]  ? generic_cont_expand_simple+0x250/0x250
[   57.237368][ T3652]  ? fault_in_readable+0x219/0x310
[   57.242498][ T3652]  ? fault_in_safe_writeable+0x240/0x240
[   57.248128][ T3652]  hfs_write_begin+0x86/0xd0
[   57.252706][ T3652]  ? hfs_free_extents+0x420/0x420
[   57.257720][ T3652]  generic_perform_write+0x2e4/0x5e0
[   57.263003][ T3652]  ? __block_commit_write+0x420/0x420
[   57.268386][ T3652]  ? generic_file_direct_write+0x610/0x610
[   57.274191][ T3652]  ? __file_remove_privs+0x6c0/0x6c0
[   57.279493][ T3652]  ? generic_write_checks+0x15c/0x1c0
[   57.284893][ T3652]  __generic_file_write_iter+0x176/0x400
[   57.290531][ T3652]  generic_file_write_iter+0xab/0x310
[   57.295933][ T3652]  vfs_write+0x7dc/0xc50
[   57.300185][ T3652]  ? file_end_write+0x230/0x230
[   57.305048][ T3652]  ? ptrace_stop+0x74d/0x970
[   57.309661][ T3652]  ? _raw_spin_unlock_irq+0x2a/0x40
[   57.314859][ T3652]  ? __fdget_pos+0x252/0x2e0
[   57.319465][ T3652]  ksys_write+0x177/0x2a0
[   57.323800][ T3652]  ? __ia32_sys_read+0x80/0x80
[   57.328582][ T3652]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   57.334583][ T3652]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   57.340560][ T3652]  do_syscall_64+0x3d/0xb0
[   57.344974][ T3652]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   57.350867][ T3652] RIP: 0033:0x7f0fa5191c89
[   57.355299][ T3652] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   57.374901][ T3652] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   57.383308][ T3652] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[pid  3652] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3652] exit_group(0)               = ?
[pid  3652] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3652, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./11/binderfs")                 = 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./11/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./11")                           = 0
mkdir("./12", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3653
./strace-static-x86_64: Process 3653 attached
[pid  3653] chdir("./12")               = 0
[pid  3653] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3653] setpgid(0, 0)               = 0
[pid  3653] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3653] write(3, "1000", 4)         = 4
[pid  3653] close(3)                    = 0
[pid  3653] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3653] memfd_create("syzkaller", 0) = 3
[pid  3653] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[   57.391270][ T3652] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   57.399247][ T3652] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   57.407230][ T3652] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   57.415200][ T3652] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000000b
[   57.423197][ T3652]  </TASK>
[pid  3653] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3653] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3653] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3653] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3653] close(3)                    = 0
[pid  3653] mkdir("./file0", 0777)      = 0
[pid  3653] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3653] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3653] chdir("./file0")            = 0
[pid  3653] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3653] close(4)                    = 0
[pid  3653] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3653] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3653] write(5, "13", 2)           = 2
[   57.475701][ T3653] loop0: detected capacity change from 0 to 64
[   57.505884][ T3653] FAULT_INJECTION: forcing a failure.
[   57.505884][ T3653] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   57.519371][ T3653] CPU: 1 PID: 3653 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   57.529805][ T3653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   57.539872][ T3653] Call Trace:
[   57.543154][ T3653]  <TASK>
[   57.546091][ T3653]  dump_stack_lvl+0x1b1/0x28e
[   57.550780][ T3653]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   57.556241][ T3653]  ? panic+0x710/0x710
[   57.560312][ T3653]  ? do_anonymous_page+0xd4a/0x1150
[   57.565516][ T3653]  ? mark_lock+0x9a/0x350
[   57.569857][ T3653]  should_fail_ex+0x395/0x4c0
[   57.574554][ T3653]  prepare_alloc_pages+0x1d7/0x5a0
[   57.579678][ T3653]  __alloc_pages+0x161/0x560
[   57.584270][ T3653]  ? zone_statistics+0x160/0x160
[   57.589213][ T3653]  ? rcu_lock_release+0x5/0x20
[   57.594067][ T3653]  ? alloc_pages+0x520/0x7b0
[   57.598652][ T3653]  ? xas_descend+0x1f3/0x400
[   57.603247][ T3653]  folio_alloc+0x1a/0x50
[   57.607483][ T3653]  filemap_alloc_folio+0x7e/0x1c0
[   57.612509][ T3653]  __filemap_get_folio+0x898/0x1260
[   57.617711][ T3653]  ? page_cache_prev_miss+0x4e0/0x4e0
[   57.623082][ T3653]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[   57.629064][ T3653]  ? print_irqtrace_events+0x220/0x220
[   57.634523][ T3653]  pagecache_get_page+0x28/0x260
[   57.639461][ T3653]  ? hfs_free_extents+0x420/0x420
[   57.644482][ T3653]  block_write_begin+0x2e/0x1e0
[   57.649358][ T3653]  ? cont_write_begin+0x5e5/0x860
[   57.654382][ T3653]  ? hfs_free_extents+0x420/0x420
[   57.659406][ T3653]  cont_write_begin+0x606/0x860
[   57.664262][ T3653]  ? fault_in_readable+0x1d5/0x310
[   57.669379][ T3653]  ? generic_cont_expand_simple+0x250/0x250
[   57.675269][ T3653]  ? fault_in_readable+0x219/0x310
[   57.680381][ T3653]  ? fault_in_safe_writeable+0x240/0x240
[   57.686110][ T3653]  hfs_write_begin+0x86/0xd0
[   57.690694][ T3653]  ? hfs_free_extents+0x420/0x420
[   57.695717][ T3653]  generic_perform_write+0x2e4/0x5e0
[   57.701009][ T3653]  ? __block_commit_write+0x420/0x420
[   57.706387][ T3653]  ? generic_file_direct_write+0x610/0x610
[   57.712191][ T3653]  ? __file_remove_privs+0x6c0/0x6c0
[   57.717909][ T3653]  ? generic_write_checks+0x15c/0x1c0
[   57.723293][ T3653]  __generic_file_write_iter+0x176/0x400
[   57.728932][ T3653]  generic_file_write_iter+0xab/0x310
[   57.734303][ T3653]  vfs_write+0x7dc/0xc50
[   57.738557][ T3653]  ? file_end_write+0x230/0x230
[   57.743404][ T3653]  ? ptrace_stop+0x74d/0x970
[   57.748000][ T3653]  ? _raw_spin_unlock_irq+0x2a/0x40
[   57.753204][ T3653]  ? __fdget_pos+0x252/0x2e0
[   57.757798][ T3653]  ksys_write+0x177/0x2a0
[   57.762133][ T3653]  ? __ia32_sys_read+0x80/0x80
[   57.766897][ T3653]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   57.772963][ T3653]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   57.778939][ T3653]  do_syscall_64+0x3d/0xb0
[   57.783352][ T3653]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   57.789241][ T3653] RIP: 0033:0x7f0fa5191c89
[   57.793652][ T3653] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   57.813252][ T3653] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid  3653] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3653] exit_group(0)               = ?
[pid  3653] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3653, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./12/binderfs")                 = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./12/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./12")                           = 0
mkdir("./13", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3654
./strace-static-x86_64: Process 3654 attached
[pid  3654] chdir("./13")               = 0
[pid  3654] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3654] setpgid(0, 0)               = 0
[pid  3654] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3654] write(3, "1000", 4)         = 4
[pid  3654] close(3)                    = 0
[pid  3654] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3654] memfd_create("syzkaller", 0) = 3
[pid  3654] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[   57.821660][ T3653] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   57.829625][ T3653] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   57.837587][ T3653] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   57.845558][ T3653] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   57.853521][ T3653] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000000c
[   57.861509][ T3653]  </TASK>
[pid  3654] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3654] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3654] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3654] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3654] close(3)                    = 0
[pid  3654] mkdir("./file0", 0777)      = 0
[pid  3654] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3654] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3654] chdir("./file0")            = 0
[pid  3654] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3654] close(4)                    = 0
[pid  3654] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3654] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3654] write(5, "13", 2)           = 2
[   57.914602][ T3654] loop0: detected capacity change from 0 to 64
[   57.947739][ T3654] FAULT_INJECTION: forcing a failure.
[   57.947739][ T3654] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   57.961374][ T3654] CPU: 0 PID: 3654 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   57.971802][ T3654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   57.981857][ T3654] Call Trace:
[   57.985223][ T3654]  <TASK>
[   57.988143][ T3654]  dump_stack_lvl+0x1b1/0x28e
[   57.992826][ T3654]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   57.998298][ T3654]  ? panic+0x710/0x710
[   58.002373][ T3654]  ? do_anonymous_page+0xd4a/0x1150
[   58.007582][ T3654]  ? mark_lock+0x9a/0x350
[   58.011964][ T3654]  should_fail_ex+0x395/0x4c0
[   58.016639][ T3654]  prepare_alloc_pages+0x1d7/0x5a0
[   58.021757][ T3654]  __alloc_pages+0x161/0x560
[   58.026354][ T3654]  ? zone_statistics+0x160/0x160
[   58.031296][ T3654]  ? rcu_lock_release+0x5/0x20
[   58.036063][ T3654]  ? alloc_pages+0x520/0x7b0
[   58.040651][ T3654]  ? xas_descend+0x1f3/0x400
[   58.045243][ T3654]  folio_alloc+0x1a/0x50
[   58.049483][ T3654]  filemap_alloc_folio+0x7e/0x1c0
[   58.054508][ T3654]  __filemap_get_folio+0x898/0x1260
[   58.059709][ T3654]  ? page_cache_prev_miss+0x4e0/0x4e0
[   58.065081][ T3654]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[   58.071060][ T3654]  ? print_irqtrace_events+0x220/0x220
[   58.076523][ T3654]  pagecache_get_page+0x28/0x260
[   58.081459][ T3654]  ? hfs_free_extents+0x420/0x420
[   58.086478][ T3654]  block_write_begin+0x2e/0x1e0
[   58.091327][ T3654]  ? cont_write_begin+0x5e5/0x860
[   58.096349][ T3654]  ? hfs_free_extents+0x420/0x420
[   58.101368][ T3654]  cont_write_begin+0x606/0x860
[   58.106226][ T3654]  ? fault_in_readable+0x1d5/0x310
[   58.111336][ T3654]  ? generic_cont_expand_simple+0x250/0x250
[   58.117225][ T3654]  ? fault_in_readable+0x219/0x310
[   58.122339][ T3654]  ? fault_in_safe_writeable+0x240/0x240
[   58.127974][ T3654]  hfs_write_begin+0x86/0xd0
[   58.132563][ T3654]  ? hfs_free_extents+0x420/0x420
[   58.137587][ T3654]  generic_perform_write+0x2e4/0x5e0
[   58.142875][ T3654]  ? __block_commit_write+0x420/0x420
[   58.148248][ T3654]  ? generic_file_direct_write+0x610/0x610
[   58.154050][ T3654]  ? __file_remove_privs+0x6c0/0x6c0
[   58.159334][ T3654]  ? generic_write_checks+0x15c/0x1c0
[   58.164730][ T3654]  __generic_file_write_iter+0x176/0x400
[   58.170376][ T3654]  generic_file_write_iter+0xab/0x310
[   58.175759][ T3654]  vfs_write+0x7dc/0xc50
[   58.180022][ T3654]  ? file_end_write+0x230/0x230
[   58.184879][ T3654]  ? ptrace_stop+0x74d/0x970
[   58.189501][ T3654]  ? _raw_spin_unlock_irq+0x2a/0x40
[   58.194711][ T3654]  ? __fdget_pos+0x252/0x2e0
[   58.199323][ T3654]  ksys_write+0x177/0x2a0
[   58.203681][ T3654]  ? __ia32_sys_read+0x80/0x80
[   58.208455][ T3654]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   58.214446][ T3654]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   58.220434][ T3654]  do_syscall_64+0x3d/0xb0
[   58.224852][ T3654]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   58.230745][ T3654] RIP: 0033:0x7f0fa5191c89
[   58.235159][ T3654] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   58.254757][ T3654] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid  3654] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3654] exit_group(0)               = ?
[pid  3654] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3654, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./13/binderfs")                 = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./13/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./13")                           = 0
mkdir("./14", 0777)                     = 0
[   58.263165][ T3654] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   58.271131][ T3654] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   58.279099][ T3654] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   58.287084][ T3654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   58.295058][ T3654] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000000d
[   58.303036][ T3654]  </TASK>
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3655 attached
 <unfinished ...>
[pid  3655] chdir("./14")               = 0
[pid  3655] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3655] setpgid(0, 0)               = 0
[pid  3638] <... clone resumed>, child_tidptr=0x555555b7f5d0) = 3655
[pid  3655] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3655] write(3, "1000", 4)         = 4
[pid  3655] close(3)                    = 0
[pid  3655] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3655] memfd_create("syzkaller", 0) = 3
[pid  3655] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3655] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3655] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3655] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3655] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3655] close(3)                    = 0
[pid  3655] mkdir("./file0", 0777)      = 0
[pid  3655] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3655] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3655] chdir("./file0")            = 0
[pid  3655] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3655] close(4)                    = 0
[pid  3655] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3655] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3655] write(5, "13", 2)           = 2
[   58.364566][ T3655] loop0: detected capacity change from 0 to 64
[   58.382596][ T3655] FAULT_INJECTION: forcing a failure.
[   58.382596][ T3655] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   58.395698][ T3655] CPU: 0 PID: 3655 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   58.406164][ T3655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   58.416206][ T3655] Call Trace:
[   58.419471][ T3655]  <TASK>
[   58.422391][ T3655]  dump_stack_lvl+0x1b1/0x28e
[   58.427059][ T3655]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   58.432501][ T3655]  ? panic+0x710/0x710
[   58.436552][ T3655]  ? hfs_free_extents+0x420/0x420
[   58.441563][ T3655]  ? PageHeadHuge+0x8a/0x1d0
[   58.446144][ T3655]  should_fail_ex+0x395/0x4c0
[   58.450810][ T3655]  copy_page_from_iter_atomic+0x217/0x1140
[   58.456638][ T3655]  ? generic_cont_expand_simple+0x250/0x250
[   58.462544][ T3655]  ? pipe_zero+0x200/0x200
[   58.466966][ T3655]  ? hfs_write_begin+0x86/0xd0
[   58.471725][ T3655]  ? hfs_free_extents+0x420/0x420
[   58.476828][ T3655]  ? hfs_write_begin+0x9e/0xd0
[   58.481613][ T3655]  generic_perform_write+0x35a/0x5e0
[   58.486921][ T3655]  ? __block_commit_write+0x420/0x420
[   58.492304][ T3655]  ? generic_file_direct_write+0x610/0x610
[   58.498120][ T3655]  ? __file_remove_privs+0x6c0/0x6c0
[   58.503421][ T3655]  ? generic_write_checks+0x15c/0x1c0
[   58.508811][ T3655]  __generic_file_write_iter+0x176/0x400
[   58.514464][ T3655]  generic_file_write_iter+0xab/0x310
[   58.519846][ T3655]  vfs_write+0x7dc/0xc50
[   58.524101][ T3655]  ? file_end_write+0x230/0x230
[   58.528956][ T3655]  ? ptrace_stop+0x74d/0x970
[   58.533559][ T3655]  ? _raw_spin_unlock_irq+0x2a/0x40
[   58.538771][ T3655]  ? __fdget_pos+0x252/0x2e0
[   58.543403][ T3655]  ksys_write+0x177/0x2a0
[   58.547745][ T3655]  ? __ia32_sys_read+0x80/0x80
[   58.552511][ T3655]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   58.558498][ T3655]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   58.564584][ T3655]  do_syscall_64+0x3d/0xb0
[   58.568997][ T3655]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   58.574887][ T3655] RIP: 0033:0x7f0fa5191c89
[   58.579297][ T3655] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   58.598898][ T3655] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   58.607307][ T3655] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[pid  3655] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid  3655] exit_group(0)               = ?
[pid  3655] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3655, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./14/binderfs")                 = 0
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./14/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./14")                           = 0
mkdir("./15", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3656
./strace-static-x86_64: Process 3656 attached
[pid  3656] chdir("./15")               = 0
[pid  3656] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3656] setpgid(0, 0)               = 0
[pid  3656] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3656] write(3, "1000", 4)         = 4
[pid  3656] close(3)                    = 0
[pid  3656] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3656] memfd_create("syzkaller", 0) = 3
[pid  3656] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3656] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3656] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3656] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   58.615274][ T3655] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   58.623238][ T3655] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   58.631207][ T3655] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   58.639186][ T3655] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000000e
[   58.647176][ T3655]  </TASK>
[pid  3656] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3656] close(3)                    = 0
[pid  3656] mkdir("./file0", 0777)      = 0
[pid  3656] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3656] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3656] chdir("./file0")            = 0
[pid  3656] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3656] close(4)                    = 0
[pid  3656] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3656] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3656] write(5, "13", 2)           = 2
[   58.689481][ T3656] loop0: detected capacity change from 0 to 64
[   58.728907][ T3656] FAULT_INJECTION: forcing a failure.
[   58.728907][ T3656] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   58.742684][ T3656] CPU: 0 PID: 3656 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   58.753095][ T3656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   58.763151][ T3656] Call Trace:
[   58.766436][ T3656]  <TASK>
[   58.769361][ T3656]  dump_stack_lvl+0x1b1/0x28e
[   58.774044][ T3656]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   58.779518][ T3656]  ? panic+0x710/0x710
[   58.783598][ T3656]  ? do_anonymous_page+0xd4a/0x1150
[   58.788806][ T3656]  ? mark_lock+0x9a/0x350
[   58.793128][ T3656]  should_fail_ex+0x395/0x4c0
[   58.797798][ T3656]  prepare_alloc_pages+0x1d7/0x5a0
[   58.802923][ T3656]  __alloc_pages+0x161/0x560
[   58.807526][ T3656]  ? zone_statistics+0x160/0x160
[   58.812470][ T3656]  ? rcu_lock_release+0x5/0x20
[   58.817240][ T3656]  ? alloc_pages+0x520/0x7b0
[   58.821937][ T3656]  ? xas_descend+0x1f3/0x400
[   58.826531][ T3656]  folio_alloc+0x1a/0x50
[   58.830777][ T3656]  filemap_alloc_folio+0x7e/0x1c0
[   58.835791][ T3656]  __filemap_get_folio+0x898/0x1260
[   58.840982][ T3656]  ? page_cache_prev_miss+0x4e0/0x4e0
[   58.846344][ T3656]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[   58.852324][ T3656]  ? print_irqtrace_events+0x220/0x220
[   58.857796][ T3656]  pagecache_get_page+0x28/0x260
[   58.862753][ T3656]  ? hfs_free_extents+0x420/0x420
[   58.867779][ T3656]  block_write_begin+0x2e/0x1e0
[   58.872643][ T3656]  ? cont_write_begin+0x5e5/0x860
[   58.877669][ T3656]  ? hfs_free_extents+0x420/0x420
[   58.882700][ T3656]  cont_write_begin+0x606/0x860
[   58.887547][ T3656]  ? fault_in_readable+0x1d5/0x310
[   58.892663][ T3656]  ? generic_cont_expand_simple+0x250/0x250
[   58.898566][ T3656]  ? fault_in_readable+0x219/0x310
[   58.903680][ T3656]  ? fault_in_safe_writeable+0x240/0x240
[   58.909344][ T3656]  hfs_write_begin+0x86/0xd0
[   58.913938][ T3656]  ? hfs_free_extents+0x420/0x420
[   58.918964][ T3656]  generic_perform_write+0x2e4/0x5e0
[   58.924267][ T3656]  ? __block_commit_write+0x420/0x420
[   58.929649][ T3656]  ? generic_file_direct_write+0x610/0x610
[   58.935467][ T3656]  ? __file_remove_privs+0x6c0/0x6c0
[   58.940761][ T3656]  ? generic_write_checks+0x15c/0x1c0
[   58.946144][ T3656]  __generic_file_write_iter+0x176/0x400
[   58.951771][ T3656]  generic_file_write_iter+0xab/0x310
[   58.957150][ T3656]  vfs_write+0x7dc/0xc50
[   58.961390][ T3656]  ? file_end_write+0x230/0x230
[   58.966232][ T3656]  ? ptrace_stop+0x74d/0x970
[   58.970822][ T3656]  ? _raw_spin_unlock_irq+0x2a/0x40
[   58.976027][ T3656]  ? __fdget_pos+0x252/0x2e0
[   58.980607][ T3656]  ksys_write+0x177/0x2a0
[   58.984939][ T3656]  ? __ia32_sys_read+0x80/0x80
[   58.989718][ T3656]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   58.995697][ T3656]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   59.001686][ T3656]  do_syscall_64+0x3d/0xb0
[   59.006152][ T3656]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   59.012062][ T3656] RIP: 0033:0x7f0fa5191c89
[   59.016471][ T3656] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid  3656] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3656] exit_group(0)               = ?
[pid  3656] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3656, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./15/binderfs")                 = 0
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./15/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./15")                           = 0
mkdir("./16", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
[   59.036073][ T3656] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   59.044484][ T3656] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   59.052512][ T3656] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   59.060475][ T3656] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   59.068433][ T3656] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   59.076403][ T3656] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000000f
[   59.084408][ T3656]  </TASK>
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3657
./strace-static-x86_64: Process 3657 attached
[pid  3657] chdir("./16")               = 0
[pid  3657] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3657] setpgid(0, 0)               = 0
[pid  3657] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3657] write(3, "1000", 4)         = 4
[pid  3657] close(3)                    = 0
[pid  3657] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3657] memfd_create("syzkaller", 0) = 3
[pid  3657] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3657] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3657] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3657] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3657] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3657] close(3)                    = 0
[pid  3657] mkdir("./file0", 0777)      = 0
[pid  3657] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3657] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3657] chdir("./file0")            = 0
[pid  3657] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3657] close(4)                    = 0
[pid  3657] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3657] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3657] write(5, "13", 2)           = 2
[   59.142072][ T3657] loop0: detected capacity change from 0 to 64
[   59.164534][ T3657] FAULT_INJECTION: forcing a failure.
[   59.164534][ T3657] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   59.177710][ T3657] CPU: 1 PID: 3657 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   59.188228][ T3657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   59.198301][ T3657] Call Trace:
[   59.201591][ T3657]  <TASK>
[   59.204522][ T3657]  dump_stack_lvl+0x1b1/0x28e
[   59.209219][ T3657]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   59.214673][ T3657]  ? panic+0x710/0x710
[   59.218736][ T3657]  ? hfs_free_extents+0x420/0x420
[   59.223758][ T3657]  ? PageHeadHuge+0x8a/0x1d0
[   59.228354][ T3657]  should_fail_ex+0x395/0x4c0
[   59.233071][ T3657]  copy_page_from_iter_atomic+0x217/0x1140
[   59.238905][ T3657]  ? generic_cont_expand_simple+0x250/0x250
[   59.244808][ T3657]  ? pipe_zero+0x200/0x200
[   59.249330][ T3657]  ? hfs_write_begin+0x86/0xd0
[   59.254090][ T3657]  ? hfs_free_extents+0x420/0x420
[   59.259107][ T3657]  ? hfs_write_begin+0x9e/0xd0
[   59.263870][ T3657]  generic_perform_write+0x35a/0x5e0
[   59.269162][ T3657]  ? __block_commit_write+0x420/0x420
[   59.274534][ T3657]  ? generic_file_direct_write+0x610/0x610
[   59.280339][ T3657]  ? __file_remove_privs+0x6c0/0x6c0
[   59.285623][ T3657]  ? generic_write_checks+0x15c/0x1c0
[   59.291024][ T3657]  __generic_file_write_iter+0x176/0x400
[   59.296657][ T3657]  generic_file_write_iter+0xab/0x310
[   59.302050][ T3657]  vfs_write+0x7dc/0xc50
[   59.306304][ T3657]  ? file_end_write+0x230/0x230
[   59.311172][ T3657]  ? ptrace_stop+0x74d/0x970
[   59.315770][ T3657]  ? _raw_spin_unlock_irq+0x2a/0x40
[   59.320971][ T3657]  ? __fdget_pos+0x252/0x2e0
[   59.325564][ T3657]  ksys_write+0x177/0x2a0
[   59.329895][ T3657]  ? __ia32_sys_read+0x80/0x80
[   59.334659][ T3657]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   59.340638][ T3657]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   59.346704][ T3657]  do_syscall_64+0x3d/0xb0
[   59.351117][ T3657]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   59.357016][ T3657] RIP: 0033:0x7f0fa5191c89
[   59.361442][ T3657] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   59.381139][ T3657] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid  3657] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid  3657] exit_group(0)               = ?
[pid  3657] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3657, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./16/binderfs")                 = 0
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./16/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./16")                           = 0
mkdir("./17", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3658
./strace-static-x86_64: Process 3658 attached
[   59.389556][ T3657] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   59.397534][ T3657] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   59.405511][ T3657] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   59.413479][ T3657] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   59.421444][ T3657] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000010
[   59.429428][ T3657]  </TASK>
[pid  3658] chdir("./17")               = 0
[pid  3658] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3658] setpgid(0, 0)               = 0
[pid  3658] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3658] write(3, "1000", 4)         = 4
[pid  3658] close(3)                    = 0
[pid  3658] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3658] memfd_create("syzkaller", 0) = 3
[pid  3658] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3658] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3658] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3658] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3658] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3658] close(3)                    = 0
[pid  3658] mkdir("./file0", 0777)      = 0
[pid  3658] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3658] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3658] chdir("./file0")            = 0
[pid  3658] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3658] close(4)                    = 0
[pid  3658] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3658] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3658] write(5, "13", 2)           = 2
[   59.490685][ T3658] loop0: detected capacity change from 0 to 64
[   59.523310][ T3658] FAULT_INJECTION: forcing a failure.
[   59.523310][ T3658] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   59.536452][ T3658] CPU: 0 PID: 3658 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   59.546882][ T3658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   59.556942][ T3658] Call Trace:
[   59.560212][ T3658]  <TASK>
[   59.563136][ T3658]  dump_stack_lvl+0x1b1/0x28e
[   59.567808][ T3658]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   59.573347][ T3658]  ? panic+0x710/0x710
[   59.577406][ T3658]  ? hfs_free_extents+0x420/0x420
[   59.582423][ T3658]  ? PageHeadHuge+0x8a/0x1d0
[   59.587027][ T3658]  should_fail_ex+0x395/0x4c0
[   59.591701][ T3658]  copy_page_from_iter_atomic+0x217/0x1140
[   59.597505][ T3658]  ? generic_cont_expand_simple+0x250/0x250
[   59.603403][ T3658]  ? pipe_zero+0x200/0x200
[   59.607840][ T3658]  ? hfs_write_begin+0x86/0xd0
[   59.612607][ T3658]  ? hfs_free_extents+0x420/0x420
[   59.617618][ T3658]  ? hfs_write_begin+0x9e/0xd0
[   59.622373][ T3658]  generic_perform_write+0x35a/0x5e0
[   59.627654][ T3658]  ? __block_commit_write+0x420/0x420
[   59.633019][ T3658]  ? generic_file_direct_write+0x610/0x610
[   59.638813][ T3658]  ? __file_remove_privs+0x6c0/0x6c0
[   59.644087][ T3658]  ? generic_write_checks+0x15c/0x1c0
[   59.649455][ T3658]  __generic_file_write_iter+0x176/0x400
[   59.655082][ T3658]  generic_file_write_iter+0xab/0x310
[   59.660444][ T3658]  vfs_write+0x7dc/0xc50
[   59.664683][ T3658]  ? file_end_write+0x230/0x230
[   59.669531][ T3658]  ? ptrace_stop+0x74d/0x970
[   59.674133][ T3658]  ? _raw_spin_unlock_irq+0x2a/0x40
[   59.679338][ T3658]  ? __fdget_pos+0x252/0x2e0
[   59.683938][ T3658]  ksys_write+0x177/0x2a0
[   59.688261][ T3658]  ? __ia32_sys_read+0x80/0x80
[   59.693026][ T3658]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   59.699012][ T3658]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   59.704988][ T3658]  do_syscall_64+0x3d/0xb0
[   59.709409][ T3658]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   59.715306][ T3658] RIP: 0033:0x7f0fa5191c89
[   59.719726][ T3658] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid  3658] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid  3658] exit_group(0)               = ?
[pid  3658] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3658, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./17/binderfs")                 = 0
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./17/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./17")                           = 0
mkdir("./18", 0777)                     = 0
[   59.739409][ T3658] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   59.747823][ T3658] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   59.755800][ T3658] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   59.763761][ T3658] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   59.771721][ T3658] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   59.779697][ T3658] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000011
[   59.787698][ T3658]  </TASK>
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3659
./strace-static-x86_64: Process 3659 attached
[pid  3659] chdir("./18")               = 0
[pid  3659] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3659] setpgid(0, 0)               = 0
[pid  3659] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3659] write(3, "1000", 4)         = 4
[pid  3659] close(3)                    = 0
[pid  3659] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3659] memfd_create("syzkaller", 0) = 3
[pid  3659] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3659] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3659] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3659] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3659] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3659] close(3)                    = 0
[pid  3659] mkdir("./file0", 0777)      = 0
[pid  3659] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3659] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3659] chdir("./file0")            = 0
[pid  3659] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3659] close(4)                    = 0
[pid  3659] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3659] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3659] write(5, "13", 2)           = 2
[   59.844137][ T3659] loop0: detected capacity change from 0 to 64
[   59.874713][ T3659] FAULT_INJECTION: forcing a failure.
[   59.874713][ T3659] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   59.888193][ T3659] CPU: 0 PID: 3659 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   59.898792][ T3659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   59.908841][ T3659] Call Trace:
[   59.912116][ T3659]  <TASK>
[   59.915045][ T3659]  dump_stack_lvl+0x1b1/0x28e
[   59.919724][ T3659]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   59.925176][ T3659]  ? panic+0x710/0x710
[   59.929240][ T3659]  ? do_anonymous_page+0xd4a/0x1150
[   59.934444][ T3659]  ? mark_lock+0x9a/0x350
[   59.938773][ T3659]  should_fail_ex+0x395/0x4c0
[   59.943465][ T3659]  prepare_alloc_pages+0x1d7/0x5a0
[   59.948584][ T3659]  __alloc_pages+0x161/0x560
[   59.953176][ T3659]  ? zone_statistics+0x160/0x160
[   59.958129][ T3659]  ? rcu_lock_release+0x5/0x20
[   59.962890][ T3659]  ? alloc_pages+0x520/0x7b0
[   59.967482][ T3659]  ? xas_descend+0x1f3/0x400
[   59.972072][ T3659]  folio_alloc+0x1a/0x50
[   59.976312][ T3659]  filemap_alloc_folio+0x7e/0x1c0
[   59.981335][ T3659]  __filemap_get_folio+0x898/0x1260
[   59.986545][ T3659]  ? page_cache_prev_miss+0x4e0/0x4e0
[   59.991923][ T3659]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[   59.997900][ T3659]  ? print_irqtrace_events+0x220/0x220
[   60.003361][ T3659]  pagecache_get_page+0x28/0x260
[   60.008295][ T3659]  ? hfs_free_extents+0x420/0x420
[   60.013338][ T3659]  block_write_begin+0x2e/0x1e0
[   60.018194][ T3659]  ? cont_write_begin+0x5e5/0x860
[   60.023220][ T3659]  ? hfs_free_extents+0x420/0x420
[   60.028242][ T3659]  cont_write_begin+0x606/0x860
[   60.033095][ T3659]  ? fault_in_readable+0x1d5/0x310
[   60.038208][ T3659]  ? generic_cont_expand_simple+0x250/0x250
[   60.044097][ T3659]  ? fault_in_readable+0x219/0x310
[   60.049208][ T3659]  ? fault_in_safe_writeable+0x240/0x240
[   60.054847][ T3659]  hfs_write_begin+0x86/0xd0
[   60.059431][ T3659]  ? hfs_free_extents+0x420/0x420
[   60.064455][ T3659]  generic_perform_write+0x2e4/0x5e0
[   60.069745][ T3659]  ? __block_commit_write+0x420/0x420
[   60.075121][ T3659]  ? generic_file_direct_write+0x610/0x610
[   60.080924][ T3659]  ? __file_remove_privs+0x6c0/0x6c0
[   60.086210][ T3659]  ? generic_write_checks+0x15c/0x1c0
[   60.091585][ T3659]  __generic_file_write_iter+0x176/0x400
[   60.097222][ T3659]  generic_file_write_iter+0xab/0x310
[   60.102592][ T3659]  vfs_write+0x7dc/0xc50
[   60.106840][ T3659]  ? file_end_write+0x230/0x230
[   60.111688][ T3659]  ? ptrace_stop+0x74d/0x970
[   60.116284][ T3659]  ? _raw_spin_unlock_irq+0x2a/0x40
[   60.121491][ T3659]  ? __fdget_pos+0x252/0x2e0
[   60.126083][ T3659]  ksys_write+0x177/0x2a0
[   60.130414][ T3659]  ? __ia32_sys_read+0x80/0x80
[   60.135175][ T3659]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   60.141153][ T3659]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   60.147131][ T3659]  do_syscall_64+0x3d/0xb0
[   60.151544][ T3659]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   60.157431][ T3659] RIP: 0033:0x7f0fa5191c89
[   60.161845][ T3659] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   60.181442][ T3659] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid  3659] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3659] exit_group(0)               = ?
[pid  3659] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3659, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./18/binderfs")                 = 0
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./18/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./18")                           = 0
mkdir("./19", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3660
./strace-static-x86_64: Process 3660 attached
[pid  3660] chdir("./19")               = 0
[pid  3660] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3660] setpgid(0, 0)               = 0
[pid  3660] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3660] write(3, "1000", 4)         = 4
[pid  3660] close(3)                    = 0
[pid  3660] symlink("/dev/binderfs", "./binderfs") = 0
[   60.189855][ T3659] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   60.197818][ T3659] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   60.205785][ T3659] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   60.213750][ T3659] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   60.221737][ T3659] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000012
[   60.229717][ T3659]  </TASK>
[pid  3660] memfd_create("syzkaller", 0) = 3
[pid  3660] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3660] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3660] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3660] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3660] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3660] close(3)                    = 0
[pid  3660] mkdir("./file0", 0777)      = 0
[pid  3660] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3660] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3660] chdir("./file0")            = 0
[pid  3660] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3660] close(4)                    = 0
[pid  3660] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3660] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3660] write(5, "13", 2)           = 2
[   60.282233][ T3660] loop0: detected capacity change from 0 to 64
[   60.313044][ T3660] FAULT_INJECTION: forcing a failure.
[   60.313044][ T3660] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   60.326176][ T3660] CPU: 0 PID: 3660 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   60.336612][ T3660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   60.346665][ T3660] Call Trace:
[   60.349965][ T3660]  <TASK>
[   60.352889][ T3660]  dump_stack_lvl+0x1b1/0x28e
[   60.357573][ T3660]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   60.363022][ T3660]  ? panic+0x710/0x710
[   60.367077][ T3660]  ? hfs_free_extents+0x420/0x420
[   60.372094][ T3660]  ? PageHeadHuge+0x8a/0x1d0
[   60.376689][ T3660]  should_fail_ex+0x395/0x4c0
[   60.381375][ T3660]  copy_page_from_iter_atomic+0x217/0x1140
[   60.387183][ T3660]  ? generic_cont_expand_simple+0x250/0x250
[   60.393094][ T3660]  ? pipe_zero+0x200/0x200
[   60.397541][ T3660]  ? hfs_write_begin+0x86/0xd0
[   60.402298][ T3660]  ? hfs_free_extents+0x420/0x420
[   60.407316][ T3660]  ? hfs_write_begin+0x9e/0xd0
[   60.412075][ T3660]  generic_perform_write+0x35a/0x5e0
[   60.417359][ T3660]  ? __block_commit_write+0x420/0x420
[   60.422729][ T3660]  ? generic_file_direct_write+0x610/0x610
[   60.428579][ T3660]  ? __file_remove_privs+0x6c0/0x6c0
[   60.433858][ T3660]  ? generic_write_checks+0x15c/0x1c0
[   60.439232][ T3660]  __generic_file_write_iter+0x176/0x400
[   60.444861][ T3660]  generic_file_write_iter+0xab/0x310
[   60.450227][ T3660]  vfs_write+0x7dc/0xc50
[   60.454465][ T3660]  ? file_end_write+0x230/0x230
[   60.459310][ T3660]  ? ptrace_stop+0x74d/0x970
[   60.463915][ T3660]  ? _raw_spin_unlock_irq+0x2a/0x40
[   60.469117][ T3660]  ? __fdget_pos+0x252/0x2e0
[   60.473725][ T3660]  ksys_write+0x177/0x2a0
[   60.478050][ T3660]  ? __ia32_sys_read+0x80/0x80
[   60.482816][ T3660]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   60.488805][ T3660]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   60.494805][ T3660]  do_syscall_64+0x3d/0xb0
[   60.499226][ T3660]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   60.505125][ T3660] RIP: 0033:0x7f0fa5191c89
[   60.509525][ T3660] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid  3660] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid  3660] exit_group(0)               = ?
[pid  3660] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3660, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./19/binderfs")                 = 0
umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./19/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./19")                           = 0
mkdir("./20", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
[   60.529125][ T3660] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   60.537530][ T3660] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   60.545498][ T3660] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   60.553461][ T3660] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   60.561420][ T3660] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   60.569387][ T3660] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000013
[   60.577375][ T3660]  </TASK>
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3661 attached
 <unfinished ...>
[pid  3661] chdir("./20" <unfinished ...>
[pid  3638] <... clone resumed>, child_tidptr=0x555555b7f5d0) = 3661
[pid  3661] <... chdir resumed>)        = 0
[pid  3661] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3661] setpgid(0, 0)               = 0
[pid  3661] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3661] write(3, "1000", 4)         = 4
[pid  3661] close(3)                    = 0
[pid  3661] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3661] memfd_create("syzkaller", 0) = 3
[pid  3661] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3661] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3661] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3661] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3661] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3661] close(3)                    = 0
[pid  3661] mkdir("./file0", 0777)      = 0
[pid  3661] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3661] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3661] chdir("./file0")            = 0
[pid  3661] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3661] close(4)                    = 0
[pid  3661] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3661] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3661] write(5, "13", 2)           = 2
[   60.633810][ T3661] loop0: detected capacity change from 0 to 64
[   60.661455][ T3661] FAULT_INJECTION: forcing a failure.
[   60.661455][ T3661] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   60.675012][ T3661] CPU: 0 PID: 3661 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   60.685428][ T3661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   60.695492][ T3661] Call Trace:
[   60.698768][ T3661]  <TASK>
[   60.701699][ T3661]  dump_stack_lvl+0x1b1/0x28e
[   60.706402][ T3661]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   60.711874][ T3661]  ? panic+0x710/0x710
[   60.715951][ T3661]  ? do_anonymous_page+0xd4a/0x1150
[   60.721161][ T3661]  ? mark_lock+0x9a/0x350
[   60.725503][ T3661]  should_fail_ex+0x395/0x4c0
[   60.730207][ T3661]  prepare_alloc_pages+0x1d7/0x5a0
[   60.735332][ T3661]  __alloc_pages+0x161/0x560
[   60.739927][ T3661]  ? zone_statistics+0x160/0x160
[   60.744871][ T3661]  ? rcu_lock_release+0x5/0x20
[   60.749632][ T3661]  ? alloc_pages+0x520/0x7b0
[   60.754217][ T3661]  ? xas_descend+0x1f3/0x400
[   60.758813][ T3661]  folio_alloc+0x1a/0x50
[   60.763050][ T3661]  filemap_alloc_folio+0x7e/0x1c0
[   60.768073][ T3661]  __filemap_get_folio+0x898/0x1260
[   60.773277][ T3661]  ? page_cache_prev_miss+0x4e0/0x4e0
[   60.778648][ T3661]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[   60.784625][ T3661]  ? print_irqtrace_events+0x220/0x220
[   60.790084][ T3661]  pagecache_get_page+0x28/0x260
[   60.795018][ T3661]  ? hfs_free_extents+0x420/0x420
[   60.800059][ T3661]  block_write_begin+0x2e/0x1e0
[   60.804907][ T3661]  ? cont_write_begin+0x5e5/0x860
[   60.809932][ T3661]  ? hfs_free_extents+0x420/0x420
[   60.814990][ T3661]  cont_write_begin+0x606/0x860
[   60.819846][ T3661]  ? fault_in_readable+0x1d5/0x310
[   60.824961][ T3661]  ? generic_cont_expand_simple+0x250/0x250
[   60.830857][ T3661]  ? fault_in_readable+0x219/0x310
[   60.835978][ T3661]  ? fault_in_safe_writeable+0x240/0x240
[   60.841616][ T3661]  hfs_write_begin+0x86/0xd0
[   60.846204][ T3661]  ? hfs_free_extents+0x420/0x420
[   60.851231][ T3661]  generic_perform_write+0x2e4/0x5e0
[   60.856522][ T3661]  ? __block_commit_write+0x420/0x420
[   60.861898][ T3661]  ? generic_file_direct_write+0x610/0x610
[   60.867702][ T3661]  ? __file_remove_privs+0x6c0/0x6c0
[   60.872987][ T3661]  ? generic_write_checks+0x15c/0x1c0
[   60.878368][ T3661]  __generic_file_write_iter+0x176/0x400
[   60.884005][ T3661]  generic_file_write_iter+0xab/0x310
[   60.889386][ T3661]  vfs_write+0x7dc/0xc50
[   60.893633][ T3661]  ? file_end_write+0x230/0x230
[   60.898479][ T3661]  ? ptrace_stop+0x74d/0x970
[   60.903078][ T3661]  ? _raw_spin_unlock_irq+0x2a/0x40
[   60.908279][ T3661]  ? __fdget_pos+0x252/0x2e0
[   60.912873][ T3661]  ksys_write+0x177/0x2a0
[   60.917201][ T3661]  ? __ia32_sys_read+0x80/0x80
[   60.921964][ T3661]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   60.927943][ T3661]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   60.933937][ T3661]  do_syscall_64+0x3d/0xb0
[   60.938348][ T3661]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   60.944237][ T3661] RIP: 0033:0x7f0fa5191c89
[   60.948649][ T3661] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   60.968247][ T3661] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   60.976657][ T3661] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[pid  3661] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3661] exit_group(0)               = ?
[pid  3661] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3661, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./20/binderfs")                 = 0
umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./20/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./20")                           = 0
mkdir("./21", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3662
./strace-static-x86_64: Process 3662 attached
[pid  3662] chdir("./21")               = 0
[pid  3662] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3662] setpgid(0, 0)               = 0
[pid  3662] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3662] write(3, "1000", 4)         = 4
[   60.984622][ T3661] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   60.992588][ T3661] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   61.000554][ T3661] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   61.008517][ T3661] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000014
[   61.016500][ T3661]  </TASK>
[pid  3662] close(3)                    = 0
[pid  3662] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3662] memfd_create("syzkaller", 0) = 3
[pid  3662] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3662] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3662] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3662] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3662] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3662] close(3)                    = 0
[pid  3662] mkdir("./file0", 0777)      = 0
[pid  3662] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3662] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3662] chdir("./file0")            = 0
[pid  3662] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3662] close(4)                    = 0
[pid  3662] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3662] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3662] write(5, "13", 2)           = 2
[   61.078205][ T3662] loop0: detected capacity change from 0 to 64
[   61.104166][ T3662] FAULT_INJECTION: forcing a failure.
[   61.104166][ T3662] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   61.117707][ T3662] CPU: 1 PID: 3662 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   61.128141][ T3662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   61.138212][ T3662] Call Trace:
[   61.141498][ T3662]  <TASK>
[   61.144420][ T3662]  dump_stack_lvl+0x1b1/0x28e
[   61.149093][ T3662]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   61.154627][ T3662]  ? panic+0x710/0x710
[   61.158696][ T3662]  ? do_anonymous_page+0xd4a/0x1150
[   61.163898][ T3662]  ? mark_lock+0x9a/0x350
[   61.168223][ T3662]  should_fail_ex+0x395/0x4c0
[   61.172918][ T3662]  prepare_alloc_pages+0x1d7/0x5a0
[   61.178044][ T3662]  __alloc_pages+0x161/0x560
[   61.182643][ T3662]  ? zone_statistics+0x160/0x160
[   61.187604][ T3662]  ? rcu_lock_release+0x5/0x20
[   61.192369][ T3662]  ? alloc_pages+0x520/0x7b0
[   61.196962][ T3662]  ? xas_descend+0x1f3/0x400
[   61.201572][ T3662]  folio_alloc+0x1a/0x50
[   61.205809][ T3662]  filemap_alloc_folio+0x7e/0x1c0
[   61.210851][ T3662]  __filemap_get_folio+0x898/0x1260
[   61.216074][ T3662]  ? page_cache_prev_miss+0x4e0/0x4e0
[   61.221450][ T3662]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[   61.227425][ T3662]  ? print_irqtrace_events+0x220/0x220
[   61.232885][ T3662]  pagecache_get_page+0x28/0x260
[   61.237816][ T3662]  ? hfs_free_extents+0x420/0x420
[   61.242837][ T3662]  block_write_begin+0x2e/0x1e0
[   61.247698][ T3662]  ? cont_write_begin+0x5e5/0x860
[   61.252724][ T3662]  ? hfs_free_extents+0x420/0x420
[   61.257754][ T3662]  cont_write_begin+0x606/0x860
[   61.262603][ T3662]  ? fault_in_readable+0x1d5/0x310
[   61.267723][ T3662]  ? generic_cont_expand_simple+0x250/0x250
[   61.273632][ T3662]  ? fault_in_readable+0x219/0x310
[   61.278754][ T3662]  ? fault_in_safe_writeable+0x240/0x240
[   61.284420][ T3662]  hfs_write_begin+0x86/0xd0
[   61.289009][ T3662]  ? hfs_free_extents+0x420/0x420
[   61.294036][ T3662]  generic_perform_write+0x2e4/0x5e0
[   61.299343][ T3662]  ? __block_commit_write+0x420/0x420
[   61.304737][ T3662]  ? generic_file_direct_write+0x610/0x610
[   61.310569][ T3662]  ? __file_remove_privs+0x6c0/0x6c0
[   61.315855][ T3662]  ? generic_write_checks+0x15c/0x1c0
[   61.321249][ T3662]  __generic_file_write_iter+0x176/0x400
[   61.326912][ T3662]  generic_file_write_iter+0xab/0x310
[   61.332311][ T3662]  vfs_write+0x7dc/0xc50
[   61.336583][ T3662]  ? file_end_write+0x230/0x230
[   61.341446][ T3662]  ? ptrace_stop+0x74d/0x970
[   61.346038][ T3662]  ? _raw_spin_unlock_irq+0x2a/0x40
[   61.351253][ T3662]  ? __fdget_pos+0x252/0x2e0
[   61.355848][ T3662]  ksys_write+0x177/0x2a0
[   61.360210][ T3662]  ? __ia32_sys_read+0x80/0x80
[   61.364997][ T3662]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   61.370977][ T3662]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   61.376971][ T3662]  do_syscall_64+0x3d/0xb0
[   61.381401][ T3662]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   61.387285][ T3662] RIP: 0033:0x7f0fa5191c89
[   61.391690][ T3662] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   61.411292][ T3662] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   61.419696][ T3662] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[pid  3662] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3662] exit_group(0)               = ?
[pid  3662] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3662, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./21/binderfs")                 = 0
umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./21/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./21")                           = 0
mkdir("./22", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3663
./strace-static-x86_64: Process 3663 attached
[pid  3663] chdir("./22")               = 0
[pid  3663] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3663] setpgid(0, 0)               = 0
[pid  3663] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3663] write(3, "1000", 4)         = 4
[pid  3663] close(3)                    = 0
[pid  3663] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3663] memfd_create("syzkaller", 0) = 3
[   61.427662][ T3662] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   61.435625][ T3662] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   61.443682][ T3662] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   61.451674][ T3662] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000015
[   61.459661][ T3662]  </TASK>
[pid  3663] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3663] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3663] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3663] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3663] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3663] close(3)                    = 0
[pid  3663] mkdir("./file0", 0777)      = 0
[pid  3663] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3663] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3663] chdir("./file0")            = 0
[pid  3663] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3663] close(4)                    = 0
[pid  3663] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3663] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3663] write(5, "13", 2)           = 2
[   61.515879][ T3663] loop0: detected capacity change from 0 to 64
[   61.536875][ T3663] FAULT_INJECTION: forcing a failure.
[   61.536875][ T3663] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   61.550049][ T3663] CPU: 1 PID: 3663 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   61.560475][ T3663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   61.570518][ T3663] Call Trace:
[   61.573787][ T3663]  <TASK>
[   61.576707][ T3663]  dump_stack_lvl+0x1b1/0x28e
[   61.581374][ T3663]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   61.586818][ T3663]  ? panic+0x710/0x710
[   61.590876][ T3663]  ? hfs_free_extents+0x420/0x420
[   61.595886][ T3663]  ? PageHeadHuge+0x8a/0x1d0
[   61.600469][ T3663]  should_fail_ex+0x395/0x4c0
[   61.605150][ T3663]  copy_page_from_iter_atomic+0x217/0x1140
[   61.610971][ T3663]  ? generic_cont_expand_simple+0x250/0x250
[   61.616872][ T3663]  ? pipe_zero+0x200/0x200
[   61.621306][ T3663]  ? hfs_write_begin+0x86/0xd0
[   61.626064][ T3663]  ? hfs_free_extents+0x420/0x420
[   61.631081][ T3663]  ? hfs_write_begin+0x9e/0xd0
[   61.635844][ T3663]  generic_perform_write+0x35a/0x5e0
[   61.641135][ T3663]  ? __block_commit_write+0x420/0x420
[   61.646509][ T3663]  ? generic_file_direct_write+0x610/0x610
[   61.652312][ T3663]  ? __file_remove_privs+0x6c0/0x6c0
[   61.657597][ T3663]  ? generic_write_checks+0x15c/0x1c0
[   61.662979][ T3663]  __generic_file_write_iter+0x176/0x400
[   61.668643][ T3663]  generic_file_write_iter+0xab/0x310
[   61.674029][ T3663]  vfs_write+0x7dc/0xc50
[   61.678311][ T3663]  ? file_end_write+0x230/0x230
[   61.683185][ T3663]  ? ptrace_stop+0x74d/0x970
[   61.687796][ T3663]  ? _raw_spin_unlock_irq+0x2a/0x40
[   61.693004][ T3663]  ? __fdget_pos+0x252/0x2e0
[   61.697606][ T3663]  ksys_write+0x177/0x2a0
[   61.701948][ T3663]  ? __ia32_sys_read+0x80/0x80
[   61.706716][ T3663]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   61.712701][ T3663]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   61.718686][ T3663]  do_syscall_64+0x3d/0xb0
[   61.723106][ T3663]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   61.728994][ T3663] RIP: 0033:0x7f0fa5191c89
[   61.733410][ T3663] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   61.753012][ T3663] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid  3663] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid  3663] exit_group(0)               = ?
[pid  3663] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3663, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./22/binderfs")                 = 0
umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./22/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./22")                           = 0
mkdir("./23", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3664
./strace-static-x86_64: Process 3664 attached
[pid  3664] chdir("./23")               = 0
[   61.761426][ T3663] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   61.769415][ T3663] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   61.777398][ T3663] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   61.785384][ T3663] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   61.793361][ T3663] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000016
[   61.802740][ T3663]  </TASK>
[pid  3664] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3664] setpgid(0, 0)               = 0
[pid  3664] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3664] write(3, "1000", 4)         = 4
[pid  3664] close(3)                    = 0
[pid  3664] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3664] memfd_create("syzkaller", 0) = 3
[pid  3664] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3664] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3664] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3664] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3664] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3664] close(3)                    = 0
[pid  3664] mkdir("./file0", 0777)      = 0
[pid  3664] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3664] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3664] chdir("./file0")            = 0
[pid  3664] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3664] close(4)                    = 0
[pid  3664] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3664] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3664] write(5, "13", 2)           = 2
[   61.859071][ T3664] loop0: detected capacity change from 0 to 64
[   61.891840][ T3664] FAULT_INJECTION: forcing a failure.
[   61.891840][ T3664] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   61.905229][ T3664] CPU: 0 PID: 3664 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   61.915660][ T3664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   61.925737][ T3664] Call Trace:
[   61.929022][ T3664]  <TASK>
[   61.931949][ T3664]  dump_stack_lvl+0x1b1/0x28e
[   61.936633][ T3664]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   61.942090][ T3664]  ? panic+0x710/0x710
[   61.946156][ T3664]  ? hfs_free_extents+0x420/0x420
[   61.951183][ T3664]  ? PageHeadHuge+0x8a/0x1d0
[   61.955775][ T3664]  should_fail_ex+0x395/0x4c0
[   61.960509][ T3664]  copy_page_from_iter_atomic+0x217/0x1140
[   61.966372][ T3664]  ? generic_cont_expand_simple+0x250/0x250
[   61.972297][ T3664]  ? pipe_zero+0x200/0x200
[   61.976730][ T3664]  ? hfs_write_begin+0x86/0xd0
[   61.981496][ T3664]  ? hfs_free_extents+0x420/0x420
[   61.986518][ T3664]  ? hfs_write_begin+0x9e/0xd0
[   61.991289][ T3664]  generic_perform_write+0x35a/0x5e0
[   61.996585][ T3664]  ? __block_commit_write+0x420/0x420
[   62.001959][ T3664]  ? generic_file_direct_write+0x610/0x610
[   62.007780][ T3664]  ? __file_remove_privs+0x6c0/0x6c0
[   62.013078][ T3664]  ? generic_write_checks+0x15c/0x1c0
[   62.018475][ T3664]  __generic_file_write_iter+0x176/0x400
[   62.024136][ T3664]  generic_file_write_iter+0xab/0x310
[   62.029541][ T3664]  vfs_write+0x7dc/0xc50
[   62.033810][ T3664]  ? file_end_write+0x230/0x230
[   62.038668][ T3664]  ? ptrace_stop+0x74d/0x970
[   62.043279][ T3664]  ? _raw_spin_unlock_irq+0x2a/0x40
[   62.048489][ T3664]  ? __fdget_pos+0x252/0x2e0
[   62.053087][ T3664]  ksys_write+0x177/0x2a0
[   62.057420][ T3664]  ? __ia32_sys_read+0x80/0x80
[   62.062186][ T3664]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   62.068169][ T3664]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   62.074149][ T3664]  do_syscall_64+0x3d/0xb0
[   62.078562][ T3664]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   62.084450][ T3664] RIP: 0033:0x7f0fa5191c89
[   62.088860][ T3664] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid  3664] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid  3664] exit_group(0)               = ?
[pid  3664] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3664, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./23/binderfs")                 = 0
umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
[   62.108461][ T3664] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   62.116872][ T3664] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   62.124838][ T3664] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   62.133010][ T3664] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   62.140976][ T3664] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   62.148958][ T3664] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000017
[   62.156944][ T3664]  </TASK>
umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./23/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./23")                           = 0
mkdir("./24", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3665
./strace-static-x86_64: Process 3665 attached
[pid  3665] chdir("./24")               = 0
[pid  3665] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3665] setpgid(0, 0)               = 0
[pid  3665] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3665] write(3, "1000", 4)         = 4
[pid  3665] close(3)                    = 0
[pid  3665] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3665] memfd_create("syzkaller", 0) = 3
[pid  3665] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3665] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3665] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3665] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3665] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3665] close(3)                    = 0
[pid  3665] mkdir("./file0", 0777)      = 0
[pid  3665] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3665] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3665] chdir("./file0")            = 0
[pid  3665] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3665] close(4)                    = 0
[pid  3665] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3665] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3665] write(5, "13", 2)           = 2
[   62.203562][ T3665] loop0: detected capacity change from 0 to 64
[   62.212182][ T3640] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[   62.244540][ T3665] FAULT_INJECTION: forcing a failure.
[   62.244540][ T3665] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   62.257791][ T3665] CPU: 0 PID: 3665 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   62.268370][ T3665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   62.278412][ T3665] Call Trace:
[   62.281693][ T3665]  <TASK>
[   62.284613][ T3665]  dump_stack_lvl+0x1b1/0x28e
[   62.289282][ T3665]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   62.294726][ T3665]  ? panic+0x710/0x710
[   62.298780][ T3665]  ? hfs_free_extents+0x420/0x420
[   62.303792][ T3665]  ? PageHeadHuge+0x8a/0x1d0
[   62.308389][ T3665]  should_fail_ex+0x395/0x4c0
[   62.313067][ T3665]  copy_page_from_iter_atomic+0x217/0x1140
[   62.318892][ T3665]  ? generic_cont_expand_simple+0x250/0x250
[   62.324807][ T3665]  ? pipe_zero+0x200/0x200
[   62.329244][ T3665]  ? hfs_write_begin+0x86/0xd0
[   62.334036][ T3665]  ? hfs_free_extents+0x420/0x420
[   62.339063][ T3665]  ? hfs_write_begin+0x9e/0xd0
[   62.343834][ T3665]  generic_perform_write+0x35a/0x5e0
[   62.349137][ T3665]  ? __block_commit_write+0x420/0x420
[   62.354509][ T3665]  ? generic_file_direct_write+0x610/0x610
[   62.360312][ T3665]  ? __file_remove_privs+0x6c0/0x6c0
[   62.365604][ T3665]  ? generic_write_checks+0x15c/0x1c0
[   62.370982][ T3665]  __generic_file_write_iter+0x176/0x400
[   62.376621][ T3665]  generic_file_write_iter+0xab/0x310
[   62.381996][ T3665]  vfs_write+0x7dc/0xc50
[   62.386255][ T3665]  ? file_end_write+0x230/0x230
[   62.391108][ T3665]  ? ptrace_stop+0x74d/0x970
[   62.395722][ T3665]  ? _raw_spin_unlock_irq+0x2a/0x40
[   62.400928][ T3665]  ? __fdget_pos+0x252/0x2e0
[   62.405525][ T3665]  ksys_write+0x177/0x2a0
[   62.409856][ T3665]  ? __ia32_sys_read+0x80/0x80
[   62.414621][ T3665]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   62.420601][ T3665]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   62.426583][ T3665]  do_syscall_64+0x3d/0xb0
[   62.430997][ T3665]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   62.436912][ T3665] RIP: 0033:0x7f0fa5191c89
[   62.441326][ T3665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   62.460931][ T3665] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   62.469342][ T3665] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   62.477308][ T3665] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   62.485273][ T3665] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3665] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid  3665] exit_group(0)               = ?
[pid  3665] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3665, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./24/binderfs")                 = 0
umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./24/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./24")                           = 0
mkdir("./25", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
[   62.493255][ T3665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   62.501219][ T3665] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000018
[   62.509202][ T3665]  </TASK>
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3666
./strace-static-x86_64: Process 3666 attached
[pid  3666] chdir("./25")               = 0
[pid  3666] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3666] setpgid(0, 0)               = 0
[pid  3666] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3666] write(3, "1000", 4)         = 4
[pid  3666] close(3)                    = 0
[pid  3666] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3666] memfd_create("syzkaller", 0) = 3
[pid  3666] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3666] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3666] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3666] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3666] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3666] close(3)                    = 0
[pid  3666] mkdir("./file0", 0777)      = 0
[pid  3666] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3666] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3666] chdir("./file0")            = 0
[pid  3666] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3666] close(4)                    = 0
[pid  3666] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3666] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3666] write(5, "13", 2)           = 2
[   62.542825][ T3666] loop0: detected capacity change from 0 to 64
[   62.564845][ T3666] FAULT_INJECTION: forcing a failure.
[   62.564845][ T3666] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   62.578243][ T3666] CPU: 1 PID: 3666 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   62.588680][ T3666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   62.598733][ T3666] Call Trace:
[   62.602004][ T3666]  <TASK>
[   62.604926][ T3666]  dump_stack_lvl+0x1b1/0x28e
[   62.609611][ T3666]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   62.615076][ T3666]  ? panic+0x710/0x710
[   62.619162][ T3666]  ? do_anonymous_page+0xd4a/0x1150
[   62.624362][ T3666]  ? mark_lock+0x9a/0x350
[   62.628696][ T3666]  should_fail_ex+0x395/0x4c0
[   62.633384][ T3666]  prepare_alloc_pages+0x1d7/0x5a0
[   62.638504][ T3666]  __alloc_pages+0x161/0x560
[   62.643099][ T3666]  ? zone_statistics+0x160/0x160
[   62.648043][ T3666]  ? rcu_lock_release+0x5/0x20
[   62.652805][ T3666]  ? alloc_pages+0x520/0x7b0
[   62.657395][ T3666]  ? xas_descend+0x1f3/0x400
[   62.661987][ T3666]  folio_alloc+0x1a/0x50
[   62.666227][ T3666]  filemap_alloc_folio+0x7e/0x1c0
[   62.671250][ T3666]  __filemap_get_folio+0x898/0x1260
[   62.676474][ T3666]  ? page_cache_prev_miss+0x4e0/0x4e0
[   62.681846][ T3666]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[   62.687823][ T3666]  ? print_irqtrace_events+0x220/0x220
[   62.693284][ T3666]  pagecache_get_page+0x28/0x260
[   62.698218][ T3666]  ? hfs_free_extents+0x420/0x420
[   62.703237][ T3666]  block_write_begin+0x2e/0x1e0
[   62.708086][ T3666]  ? cont_write_begin+0x5e5/0x860
[   62.713109][ T3666]  ? hfs_free_extents+0x420/0x420
[   62.718129][ T3666]  cont_write_begin+0x606/0x860
[   62.722984][ T3666]  ? fault_in_readable+0x1d5/0x310
[   62.728096][ T3666]  ? generic_cont_expand_simple+0x250/0x250
[   62.733987][ T3666]  ? fault_in_readable+0x219/0x310
[   62.739102][ T3666]  ? fault_in_safe_writeable+0x240/0x240
[   62.744744][ T3666]  hfs_write_begin+0x86/0xd0
[   62.749346][ T3666]  ? hfs_free_extents+0x420/0x420
[   62.754372][ T3666]  generic_perform_write+0x2e4/0x5e0
[   62.759666][ T3666]  ? __block_commit_write+0x420/0x420
[   62.765039][ T3666]  ? generic_file_direct_write+0x610/0x610
[   62.770846][ T3666]  ? __file_remove_privs+0x6c0/0x6c0
[   62.776135][ T3666]  ? generic_write_checks+0x15c/0x1c0
[   62.781513][ T3666]  __generic_file_write_iter+0x176/0x400
[   62.787155][ T3666]  generic_file_write_iter+0xab/0x310
[   62.792532][ T3666]  vfs_write+0x7dc/0xc50
[   62.796788][ T3666]  ? file_end_write+0x230/0x230
[   62.801648][ T3666]  ? ptrace_stop+0x74d/0x970
[   62.806244][ T3666]  ? _raw_spin_unlock_irq+0x2a/0x40
[   62.811796][ T3666]  ? __fdget_pos+0x252/0x2e0
[   62.816388][ T3666]  ksys_write+0x177/0x2a0
[   62.822108][ T3666]  ? __ia32_sys_read+0x80/0x80
[   62.826875][ T3666]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   62.832854][ T3666]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   62.838832][ T3666]  do_syscall_64+0x3d/0xb0
[   62.843245][ T3666]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   62.849133][ T3666] RIP: 0033:0x7f0fa5191c89
[   62.853550][ T3666] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   62.873153][ T3666] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   62.881573][ T3666] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[pid  3666] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3666] exit_group(0)               = ?
[pid  3666] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3666, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./25/binderfs")                 = 0
umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./25/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./25")                           = 0
mkdir("./26", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3667 attached
, child_tidptr=0x555555b7f5d0) = 3667
[pid  3667] chdir("./26")               = 0
[pid  3667] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3667] setpgid(0, 0)               = 0
[pid  3667] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[   62.889545][ T3666] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   62.897522][ T3666] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   62.905495][ T3666] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   62.913468][ T3666] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000019
[   62.921448][ T3666]  </TASK>
[pid  3667] write(3, "1000", 4)         = 4
[pid  3667] close(3)                    = 0
[pid  3667] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3667] memfd_create("syzkaller", 0) = 3
[pid  3667] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3667] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3667] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3667] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3667] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3667] close(3)                    = 0
[pid  3667] mkdir("./file0", 0777)      = 0
[pid  3667] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3667] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3667] chdir("./file0")            = 0
[pid  3667] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3667] close(4)                    = 0
[pid  3667] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3667] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3667] write(5, "13", 2)           = 2
[   62.983782][ T3667] loop0: detected capacity change from 0 to 64
[   63.005498][ T3667] FAULT_INJECTION: forcing a failure.
[   63.005498][ T3667] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   63.019197][ T3667] CPU: 1 PID: 3667 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   63.029606][ T3667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   63.039650][ T3667] Call Trace:
[   63.042920][ T3667]  <TASK>
[   63.045851][ T3667]  dump_stack_lvl+0x1b1/0x28e
[   63.050517][ T3667]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   63.055972][ T3667]  ? panic+0x710/0x710
[   63.060030][ T3667]  ? do_anonymous_page+0xd4a/0x1150
[   63.065220][ T3667]  ? mark_lock+0x9a/0x350
[   63.069540][ T3667]  should_fail_ex+0x395/0x4c0
[   63.074211][ T3667]  prepare_alloc_pages+0x1d7/0x5a0
[   63.079316][ T3667]  __alloc_pages+0x161/0x560
[   63.083897][ T3667]  ? zone_statistics+0x160/0x160
[   63.088888][ T3667]  ? rcu_lock_release+0x5/0x20
[   63.093639][ T3667]  ? alloc_pages+0x520/0x7b0
[   63.098211][ T3667]  ? xas_descend+0x1f3/0x400
[   63.102792][ T3667]  folio_alloc+0x1a/0x50
[   63.107018][ T3667]  filemap_alloc_folio+0x7e/0x1c0
[   63.112031][ T3667]  __filemap_get_folio+0x898/0x1260
[   63.117220][ T3667]  ? page_cache_prev_miss+0x4e0/0x4e0
[   63.122580][ T3667]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[   63.128549][ T3667]  ? print_irqtrace_events+0x220/0x220
[   63.133999][ T3667]  pagecache_get_page+0x28/0x260
[   63.138921][ T3667]  ? hfs_free_extents+0x420/0x420
[   63.143931][ T3667]  block_write_begin+0x2e/0x1e0
[   63.148778][ T3667]  ? cont_write_begin+0x5e5/0x860
[   63.153801][ T3667]  ? hfs_free_extents+0x420/0x420
[   63.158820][ T3667]  cont_write_begin+0x606/0x860
[   63.163677][ T3667]  ? fault_in_readable+0x1d5/0x310
[   63.168779][ T3667]  ? generic_cont_expand_simple+0x250/0x250
[   63.174660][ T3667]  ? fault_in_readable+0x219/0x310
[   63.179758][ T3667]  ? fault_in_safe_writeable+0x240/0x240
[   63.185382][ T3667]  hfs_write_begin+0x86/0xd0
[   63.189957][ T3667]  ? hfs_free_extents+0x420/0x420
[   63.194968][ T3667]  generic_perform_write+0x2e4/0x5e0
[   63.200244][ T3667]  ? __block_commit_write+0x420/0x420
[   63.205691][ T3667]  ? generic_file_direct_write+0x610/0x610
[   63.211487][ T3667]  ? __file_remove_privs+0x6c0/0x6c0
[   63.216760][ T3667]  ? generic_write_checks+0x15c/0x1c0
[   63.222127][ T3667]  __generic_file_write_iter+0x176/0x400
[   63.227755][ T3667]  generic_file_write_iter+0xab/0x310
[   63.233114][ T3667]  vfs_write+0x7dc/0xc50
[   63.237348][ T3667]  ? file_end_write+0x230/0x230
[   63.242183][ T3667]  ? ptrace_stop+0x74d/0x970
[   63.246766][ T3667]  ? _raw_spin_unlock_irq+0x2a/0x40
[   63.251954][ T3667]  ? __fdget_pos+0x252/0x2e0
[   63.256535][ T3667]  ksys_write+0x177/0x2a0
[   63.260872][ T3667]  ? __ia32_sys_read+0x80/0x80
[   63.265637][ T3667]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   63.271608][ T3667]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   63.277573][ T3667]  do_syscall_64+0x3d/0xb0
[   63.281977][ T3667]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   63.287859][ T3667] RIP: 0033:0x7f0fa5191c89
[   63.292261][ T3667] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   63.311852][ T3667] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   63.320250][ T3667] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[pid  3667] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3667] exit_group(0)               = ?
[pid  3667] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3667, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./26/binderfs")                 = 0
umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./26/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./26")                           = 0
mkdir("./27", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3668
./strace-static-x86_64: Process 3668 attached
[pid  3668] chdir("./27")               = 0
[pid  3668] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3668] setpgid(0, 0)               = 0
[   63.328207][ T3667] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   63.336160][ T3667] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   63.344115][ T3667] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   63.352079][ T3667] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000001a
[   63.360053][ T3667]  </TASK>
[pid  3668] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3668] write(3, "1000", 4)         = 4
[pid  3668] close(3)                    = 0
[pid  3668] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3668] memfd_create("syzkaller", 0) = 3
[pid  3668] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3668] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3668] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3668] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3668] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3668] close(3)                    = 0
[pid  3668] mkdir("./file0", 0777)      = 0
[pid  3668] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3668] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3668] chdir("./file0")            = 0
[pid  3668] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3668] close(4)                    = 0
[pid  3668] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3668] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3668] write(5, "13", 2)           = 2
[   63.424796][ T3668] loop0: detected capacity change from 0 to 64
[   63.456382][ T3668] FAULT_INJECTION: forcing a failure.
[   63.456382][ T3668] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   63.470374][ T3668] CPU: 0 PID: 3668 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   63.480799][ T3668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   63.490860][ T3668] Call Trace:
[   63.494130][ T3668]  <TASK>
[   63.497050][ T3668]  dump_stack_lvl+0x1b1/0x28e
[   63.501716][ T3668]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   63.507158][ T3668]  ? panic+0x710/0x710
[   63.511212][ T3668]  ? do_anonymous_page+0xd4a/0x1150
[   63.516408][ T3668]  ? mark_lock+0x9a/0x350
[   63.520727][ T3668]  should_fail_ex+0x395/0x4c0
[   63.525440][ T3668]  prepare_alloc_pages+0x1d7/0x5a0
[   63.530549][ T3668]  __alloc_pages+0x161/0x560
[   63.535131][ T3668]  ? zone_statistics+0x160/0x160
[   63.540061][ T3668]  ? rcu_lock_release+0x5/0x20
[   63.544811][ T3668]  ? alloc_pages+0x520/0x7b0
[   63.549385][ T3668]  ? xas_descend+0x1f3/0x400
[   63.553969][ T3668]  folio_alloc+0x1a/0x50
[   63.558195][ T3668]  filemap_alloc_folio+0x7e/0x1c0
[   63.563207][ T3668]  __filemap_get_folio+0x898/0x1260
[   63.568399][ T3668]  ? page_cache_prev_miss+0x4e0/0x4e0
[   63.573757][ T3668]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[   63.579723][ T3668]  ? print_irqtrace_events+0x220/0x220
[   63.585172][ T3668]  pagecache_get_page+0x28/0x260
[   63.590115][ T3668]  ? hfs_free_extents+0x420/0x420
[   63.595134][ T3668]  block_write_begin+0x2e/0x1e0
[   63.599970][ T3668]  ? cont_write_begin+0x5e5/0x860
[   63.604983][ T3668]  ? hfs_free_extents+0x420/0x420
[   63.609995][ T3668]  cont_write_begin+0x606/0x860
[   63.614836][ T3668]  ? fault_in_readable+0x1d5/0x310
[   63.619935][ T3668]  ? generic_cont_expand_simple+0x250/0x250
[   63.625818][ T3668]  ? fault_in_readable+0x219/0x310
[   63.630916][ T3668]  ? fault_in_safe_writeable+0x240/0x240
[   63.636541][ T3668]  hfs_write_begin+0x86/0xd0
[   63.641113][ T3668]  ? hfs_free_extents+0x420/0x420
[   63.646125][ T3668]  generic_perform_write+0x2e4/0x5e0
[   63.651409][ T3668]  ? __block_commit_write+0x420/0x420
[   63.656769][ T3668]  ? generic_file_direct_write+0x610/0x610
[   63.662562][ T3668]  ? __file_remove_privs+0x6c0/0x6c0
[   63.667836][ T3668]  ? generic_write_checks+0x15c/0x1c0
[   63.673202][ T3668]  __generic_file_write_iter+0x176/0x400
[   63.678826][ T3668]  generic_file_write_iter+0xab/0x310
[   63.684186][ T3668]  vfs_write+0x7dc/0xc50
[   63.688422][ T3668]  ? file_end_write+0x230/0x230
[   63.693255][ T3668]  ? ptrace_stop+0x74d/0x970
[   63.697837][ T3668]  ? _raw_spin_unlock_irq+0x2a/0x40
[   63.703027][ T3668]  ? __fdget_pos+0x252/0x2e0
[   63.707603][ T3668]  ksys_write+0x177/0x2a0
[   63.711922][ T3668]  ? __ia32_sys_read+0x80/0x80
[   63.716671][ T3668]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   63.722651][ T3668]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   63.728618][ T3668]  do_syscall_64+0x3d/0xb0
[   63.733019][ T3668]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   63.738912][ T3668] RIP: 0033:0x7f0fa5191c89
[   63.743347][ T3668] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   63.762973][ T3668] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid  3668] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3668] exit_group(0)               = ?
[pid  3668] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3668, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./27/binderfs")                 = 0
umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./27/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./27")                           = 0
mkdir("./28", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3669
./strace-static-x86_64: Process 3669 attached
[pid  3669] chdir("./28")               = 0
[pid  3669] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3669] setpgid(0, 0)               = 0
[pid  3669] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[   63.771382][ T3668] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   63.779341][ T3668] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   63.787304][ T3668] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   63.795258][ T3668] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   63.803211][ T3668] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000001b
[   63.811189][ T3668]  </TASK>
[pid  3669] write(3, "1000", 4)         = 4
[pid  3669] close(3)                    = 0
[pid  3669] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3669] memfd_create("syzkaller", 0) = 3
[pid  3669] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3669] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3669] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3669] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3669] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3669] close(3)                    = 0
[pid  3669] mkdir("./file0", 0777)      = 0
[pid  3669] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3669] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3669] chdir("./file0")            = 0
[pid  3669] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3669] close(4)                    = 0
[pid  3669] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3669] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3669] write(5, "13", 2)           = 2
[   63.871975][ T3669] loop0: detected capacity change from 0 to 64
[   63.894816][ T3669] FAULT_INJECTION: forcing a failure.
[   63.894816][ T3669] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   63.908013][ T3669] CPU: 0 PID: 3669 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   63.918444][ T3669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   63.928518][ T3669] Call Trace:
[   63.931795][ T3669]  <TASK>
[   63.934716][ T3669]  dump_stack_lvl+0x1b1/0x28e
[   63.939384][ T3669]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   63.944832][ T3669]  ? panic+0x710/0x710
[   63.948888][ T3669]  ? hfs_free_extents+0x420/0x420
[   63.953913][ T3669]  ? PageHeadHuge+0x8a/0x1d0
[   63.958511][ T3669]  should_fail_ex+0x395/0x4c0
[   63.963187][ T3669]  copy_page_from_iter_atomic+0x217/0x1140
[   63.969006][ T3669]  ? generic_cont_expand_simple+0x250/0x250
[   63.974893][ T3669]  ? pipe_zero+0x200/0x200
[   63.979325][ T3669]  ? hfs_write_begin+0x86/0xd0
[   63.984100][ T3669]  ? hfs_free_extents+0x420/0x420
[   63.989117][ T3669]  ? hfs_write_begin+0x9e/0xd0
[   63.993888][ T3669]  generic_perform_write+0x35a/0x5e0
[   63.999451][ T3669]  ? __block_commit_write+0x420/0x420
[   64.004814][ T3669]  ? generic_file_direct_write+0x610/0x610
[   64.010608][ T3669]  ? __file_remove_privs+0x6c0/0x6c0
[   64.015887][ T3669]  ? generic_write_checks+0x15c/0x1c0
[   64.021267][ T3669]  __generic_file_write_iter+0x176/0x400
[   64.026903][ T3669]  generic_file_write_iter+0xab/0x310
[   64.032277][ T3669]  vfs_write+0x7dc/0xc50
[   64.036531][ T3669]  ? file_end_write+0x230/0x230
[   64.041377][ T3669]  ? ptrace_stop+0x74d/0x970
[   64.045973][ T3669]  ? _raw_spin_unlock_irq+0x2a/0x40
[   64.051184][ T3669]  ? __fdget_pos+0x252/0x2e0
[   64.055775][ T3669]  ksys_write+0x177/0x2a0
[   64.060126][ T3669]  ? __ia32_sys_read+0x80/0x80
[   64.064896][ T3669]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   64.070886][ T3669]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   64.076892][ T3669]  do_syscall_64+0x3d/0xb0
[   64.081305][ T3669]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   64.087196][ T3669] RIP: 0033:0x7f0fa5191c89
[   64.091605][ T3669] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   64.111205][ T3669] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid  3669] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid  3669] exit_group(0)               = ?
[pid  3669] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3669, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./28/binderfs")                 = 0
umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./28/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
[   64.119617][ T3669] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   64.127583][ T3669] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   64.135551][ T3669] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   64.143515][ T3669] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   64.151589][ T3669] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000001c
[   64.159570][ T3669]  </TASK>
close(3)                                = 0
rmdir("./28")                           = 0
mkdir("./29", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3670
./strace-static-x86_64: Process 3670 attached
[pid  3670] chdir("./29")               = 0
[pid  3670] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3670] setpgid(0, 0)               = 0
[pid  3670] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3670] write(3, "1000", 4)         = 4
[pid  3670] close(3)                    = 0
[pid  3670] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3670] memfd_create("syzkaller", 0) = 3
[pid  3670] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3670] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3670] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3670] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3670] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3670] close(3)                    = 0
[pid  3670] mkdir("./file0", 0777)      = 0
[pid  3670] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3670] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3670] chdir("./file0")            = 0
[pid  3670] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3670] close(4)                    = 0
[pid  3670] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3670] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3670] write(5, "13", 2)           = 2
[   64.229962][ T3670] loop0: detected capacity change from 0 to 64
[   64.258504][ T3670] FAULT_INJECTION: forcing a failure.
[   64.258504][ T3670] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   64.272094][ T3670] CPU: 0 PID: 3670 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   64.282511][ T3670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   64.292565][ T3670] Call Trace:
[   64.295846][ T3670]  <TASK>
[   64.298773][ T3670]  dump_stack_lvl+0x1b1/0x28e
[   64.303454][ T3670]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   64.308935][ T3670]  ? panic+0x710/0x710
[   64.313017][ T3670]  ? do_anonymous_page+0xd4a/0x1150
[   64.318240][ T3670]  ? mark_lock+0x9a/0x350
[   64.322582][ T3670]  should_fail_ex+0x395/0x4c0
[   64.327279][ T3670]  prepare_alloc_pages+0x1d7/0x5a0
[   64.332408][ T3670]  __alloc_pages+0x161/0x560
[   64.337002][ T3670]  ? zone_statistics+0x160/0x160
[   64.341944][ T3670]  ? rcu_lock_release+0x5/0x20
[   64.346708][ T3670]  ? alloc_pages+0x520/0x7b0
[   64.351292][ T3670]  ? xas_descend+0x1f3/0x400
[   64.355893][ T3670]  folio_alloc+0x1a/0x50
[   64.360130][ T3670]  filemap_alloc_folio+0x7e/0x1c0
[   64.365156][ T3670]  __filemap_get_folio+0x898/0x1260
[   64.370385][ T3670]  ? page_cache_prev_miss+0x4e0/0x4e0
[   64.375773][ T3670]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[   64.381755][ T3670]  ? print_irqtrace_events+0x220/0x220
[   64.387223][ T3670]  pagecache_get_page+0x28/0x260
[   64.392773][ T3670]  ? hfs_free_extents+0x420/0x420
[   64.397802][ T3670]  block_write_begin+0x2e/0x1e0
[   64.402655][ T3670]  ? cont_write_begin+0x5e5/0x860
[   64.407771][ T3670]  ? hfs_free_extents+0x420/0x420
[   64.412795][ T3670]  cont_write_begin+0x606/0x860
[   64.417650][ T3670]  ? fault_in_readable+0x1d5/0x310
[   64.422762][ T3670]  ? generic_cont_expand_simple+0x250/0x250
[   64.428696][ T3670]  ? fault_in_readable+0x219/0x310
[   64.433822][ T3670]  ? fault_in_safe_writeable+0x240/0x240
[   64.439467][ T3670]  hfs_write_begin+0x86/0xd0
[   64.444061][ T3670]  ? hfs_free_extents+0x420/0x420
[   64.449088][ T3670]  generic_perform_write+0x2e4/0x5e0
[   64.454386][ T3670]  ? __block_commit_write+0x420/0x420
[   64.459763][ T3670]  ? generic_file_direct_write+0x610/0x610
[   64.465577][ T3670]  ? __file_remove_privs+0x6c0/0x6c0
[   64.470870][ T3670]  ? generic_write_checks+0x15c/0x1c0
[   64.476246][ T3670]  __generic_file_write_iter+0x176/0x400
[   64.481884][ T3670]  generic_file_write_iter+0xab/0x310
[   64.487257][ T3670]  vfs_write+0x7dc/0xc50
[   64.491526][ T3670]  ? file_end_write+0x230/0x230
[   64.496483][ T3670]  ? ptrace_stop+0x74d/0x970
[   64.501084][ T3670]  ? _raw_spin_unlock_irq+0x2a/0x40
[   64.506284][ T3670]  ? __fdget_pos+0x252/0x2e0
[   64.510874][ T3670]  ksys_write+0x177/0x2a0
[   64.515203][ T3670]  ? __ia32_sys_read+0x80/0x80
[   64.519968][ T3670]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   64.525949][ T3670]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   64.531928][ T3670]  do_syscall_64+0x3d/0xb0
[   64.536346][ T3670]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   64.542232][ T3670] RIP: 0033:0x7f0fa5191c89
[   64.546644][ T3670] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   64.566246][ T3670] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid  3670] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3670] exit_group(0)               = ?
[pid  3670] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3670, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./29/binderfs")                 = 0
umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./29/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./29")                           = 0
mkdir("./30", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3671 attached
, child_tidptr=0x555555b7f5d0) = 3671
[pid  3671] chdir("./30")               = 0
[pid  3671] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3671] setpgid(0, 0)               = 0
[pid  3671] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3671] write(3, "1000", 4)         = 4
[pid  3671] close(3)                    = 0
[pid  3671] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3671] memfd_create("syzkaller", 0) = 3
[pid  3671] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3671] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[   64.574654][ T3670] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   64.582621][ T3670] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   64.590585][ T3670] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   64.598551][ T3670] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   64.606514][ T3670] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000001d
[   64.614494][ T3670]  </TASK>
[pid  3671] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3671] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3671] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3671] close(3)                    = 0
[pid  3671] mkdir("./file0", 0777)      = 0
[pid  3671] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3671] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3671] chdir("./file0")            = 0
[pid  3671] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3671] close(4)                    = 0
[pid  3671] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3671] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3671] write(5, "13", 2)           = 2
[   64.664897][ T3671] loop0: detected capacity change from 0 to 64
[   64.681576][ T3671] FAULT_INJECTION: forcing a failure.
[   64.681576][ T3671] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   64.695559][ T3671] CPU: 0 PID: 3671 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   64.705991][ T3671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   64.716040][ T3671] Call Trace:
[   64.719305][ T3671]  <TASK>
[   64.722220][ T3671]  dump_stack_lvl+0x1b1/0x28e
[   64.726888][ T3671]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   64.732329][ T3671]  ? panic+0x710/0x710
[   64.736384][ T3671]  ? do_anonymous_page+0xd4a/0x1150
[   64.741573][ T3671]  ? mark_lock+0x9a/0x350
[   64.745891][ T3671]  should_fail_ex+0x395/0x4c0
[   64.750561][ T3671]  prepare_alloc_pages+0x1d7/0x5a0
[   64.755731][ T3671]  __alloc_pages+0x161/0x560
[   64.760316][ T3671]  ? zone_statistics+0x160/0x160
[   64.765244][ T3671]  ? rcu_lock_release+0x5/0x20
[   64.769995][ T3671]  ? alloc_pages+0x520/0x7b0
[   64.774573][ T3671]  ? xas_descend+0x1f3/0x400
[   64.779150][ T3671]  folio_alloc+0x1a/0x50
[   64.783375][ T3671]  filemap_alloc_folio+0x7e/0x1c0
[   64.788395][ T3671]  __filemap_get_folio+0x898/0x1260
[   64.793585][ T3671]  ? page_cache_prev_miss+0x4e0/0x4e0
[   64.798943][ T3671]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[   64.804912][ T3671]  ? print_irqtrace_events+0x220/0x220
[   64.810359][ T3671]  pagecache_get_page+0x28/0x260
[   64.815285][ T3671]  ? hfs_free_extents+0x420/0x420
[   64.820297][ T3671]  block_write_begin+0x2e/0x1e0
[   64.825144][ T3671]  ? cont_write_begin+0x5e5/0x860
[   64.830153][ T3671]  ? hfs_free_extents+0x420/0x420
[   64.835158][ T3671]  cont_write_begin+0x606/0x860
[   64.839999][ T3671]  ? fault_in_readable+0x1d5/0x310
[   64.845108][ T3671]  ? generic_cont_expand_simple+0x250/0x250
[   64.850987][ T3671]  ? fault_in_readable+0x219/0x310
[   64.856085][ T3671]  ? fault_in_safe_writeable+0x240/0x240
[   64.861707][ T3671]  hfs_write_begin+0x86/0xd0
[   64.866289][ T3671]  ? hfs_free_extents+0x420/0x420
[   64.871299][ T3671]  generic_perform_write+0x2e4/0x5e0
[   64.876574][ T3671]  ? __block_commit_write+0x420/0x420
[   64.881934][ T3671]  ? generic_file_direct_write+0x610/0x610
[   64.887725][ T3671]  ? __file_remove_privs+0x6c0/0x6c0
[   64.892997][ T3671]  ? generic_write_checks+0x15c/0x1c0
[   64.898360][ T3671]  __generic_file_write_iter+0x176/0x400
[   64.903984][ T3671]  generic_file_write_iter+0xab/0x310
[   64.909343][ T3671]  vfs_write+0x7dc/0xc50
[   64.913578][ T3671]  ? file_end_write+0x230/0x230
[   64.918412][ T3671]  ? ptrace_stop+0x74d/0x970
[   64.922992][ T3671]  ? _raw_spin_unlock_irq+0x2a/0x40
[   64.928184][ T3671]  ? __fdget_pos+0x252/0x2e0
[   64.932760][ T3671]  ksys_write+0x177/0x2a0
[   64.937083][ T3671]  ? __ia32_sys_read+0x80/0x80
[   64.941921][ T3671]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   64.947893][ T3671]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   64.953860][ T3671]  do_syscall_64+0x3d/0xb0
[   64.958264][ T3671]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   64.964140][ T3671] RIP: 0033:0x7f0fa5191c89
[   64.968543][ T3671] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   64.988132][ T3671] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   64.996526][ T3671] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   65.004479][ T3671] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid  3671] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3671] exit_group(0)               = ?
[pid  3671] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3671, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./30/binderfs")                 = 0
umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./30/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./30")                           = 0
mkdir("./31", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3672
./strace-static-x86_64: Process 3672 attached
[pid  3672] chdir("./31")               = 0
[pid  3672] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3672] setpgid(0, 0)               = 0
[pid  3672] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3672] write(3, "1000", 4)         = 4
[pid  3672] close(3)                    = 0
[pid  3672] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3672] memfd_create("syzkaller", 0) = 3
[pid  3672] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3672] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3672] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3672] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   65.012434][ T3671] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   65.020395][ T3671] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   65.028350][ T3671] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000001e
[   65.036316][ T3671]  </TASK>
[pid  3672] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3672] close(3)                    = 0
[pid  3672] mkdir("./file0", 0777)      = 0
[pid  3672] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3672] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3672] chdir("./file0")            = 0
[pid  3672] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3672] close(4)                    = 0
[pid  3672] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3672] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3672] write(5, "13", 2)           = 2
[   65.075718][ T3672] loop0: detected capacity change from 0 to 64
[   65.104223][ T3672] FAULT_INJECTION: forcing a failure.
[   65.104223][ T3672] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   65.117379][ T3672] CPU: 0 PID: 3672 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   65.127799][ T3672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   65.137927][ T3672] Call Trace:
[   65.141239][ T3672]  <TASK>
[   65.144178][ T3672]  dump_stack_lvl+0x1b1/0x28e
[   65.148860][ T3672]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   65.154316][ T3672]  ? panic+0x710/0x710
[   65.158380][ T3672]  ? hfs_free_extents+0x420/0x420
[   65.163399][ T3672]  ? PageHeadHuge+0x8a/0x1d0
[   65.167989][ T3672]  should_fail_ex+0x395/0x4c0
[   65.172671][ T3672]  copy_page_from_iter_atomic+0x217/0x1140
[   65.178482][ T3672]  ? generic_cont_expand_simple+0x250/0x250
[   65.184387][ T3672]  ? pipe_zero+0x200/0x200
[   65.188825][ T3672]  ? hfs_write_begin+0x86/0xd0
[   65.193579][ T3672]  ? hfs_free_extents+0x420/0x420
[   65.198594][ T3672]  ? hfs_write_begin+0x9e/0xd0
[   65.203359][ T3672]  generic_perform_write+0x35a/0x5e0
[   65.208650][ T3672]  ? __block_commit_write+0x420/0x420
[   65.214019][ T3672]  ? generic_file_direct_write+0x610/0x610
[   65.219816][ T3672]  ? __file_remove_privs+0x6c0/0x6c0
[   65.225096][ T3672]  ? generic_write_checks+0x15c/0x1c0
[   65.230466][ T3672]  __generic_file_write_iter+0x176/0x400
[   65.236095][ T3672]  generic_file_write_iter+0xab/0x310
[   65.241477][ T3672]  vfs_write+0x7dc/0xc50
[   65.245719][ T3672]  ? file_end_write+0x230/0x230
[   65.250561][ T3672]  ? ptrace_stop+0x74d/0x970
[   65.255163][ T3672]  ? _raw_spin_unlock_irq+0x2a/0x40
[   65.260370][ T3672]  ? __fdget_pos+0x252/0x2e0
[   65.264970][ T3672]  ksys_write+0x177/0x2a0
[   65.269317][ T3672]  ? __ia32_sys_read+0x80/0x80
[   65.274098][ T3672]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   65.280091][ T3672]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   65.286065][ T3672]  do_syscall_64+0x3d/0xb0
[   65.290474][ T3672]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   65.296374][ T3672] RIP: 0033:0x7f0fa5191c89
[   65.300806][ T3672] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid  3672] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid  3672] exit_group(0)               = ?
[pid  3672] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3672, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./31/binderfs")                 = 0
umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./31/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./31")                           = 0
mkdir("./32", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
[   65.320418][ T3672] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   65.328851][ T3672] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   65.336831][ T3672] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   65.344814][ T3672] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   65.352778][ T3672] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   65.360740][ T3672] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000001f
[   65.368740][ T3672]  </TASK>
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3673 attached
, child_tidptr=0x555555b7f5d0) = 3673
[pid  3673] chdir("./32")               = 0
[pid  3673] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3673] setpgid(0, 0)               = 0
[pid  3673] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3673] write(3, "1000", 4)         = 4
[pid  3673] close(3)                    = 0
[pid  3673] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3673] memfd_create("syzkaller", 0) = 3
[pid  3673] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3673] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3673] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3673] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3673] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3673] close(3)                    = 0
[pid  3673] mkdir("./file0", 0777)      = 0
[pid  3673] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3673] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3673] chdir("./file0")            = 0
[pid  3673] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3673] close(4)                    = 0
[pid  3673] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3673] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3673] write(5, "13", 2)           = 2
[   65.421959][ T3673] loop0: detected capacity change from 0 to 64
[   65.455467][ T3673] FAULT_INJECTION: forcing a failure.
[   65.455467][ T3673] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   65.468907][ T3673] CPU: 1 PID: 3673 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   65.479329][ T3673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   65.489377][ T3673] Call Trace:
[   65.492752][ T3673]  <TASK>
[   65.495693][ T3673]  dump_stack_lvl+0x1b1/0x28e
[   65.500379][ T3673]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   65.505830][ T3673]  ? panic+0x710/0x710
[   65.509976][ T3673]  ? do_anonymous_page+0xd4a/0x1150
[   65.515170][ T3673]  ? mark_lock+0x9a/0x350
[   65.519492][ T3673]  should_fail_ex+0x395/0x4c0
[   65.524187][ T3673]  prepare_alloc_pages+0x1d7/0x5a0
[   65.529301][ T3673]  __alloc_pages+0x161/0x560
[   65.533901][ T3673]  ? zone_statistics+0x160/0x160
[   65.538852][ T3673]  ? rcu_lock_release+0x5/0x20
[   65.543621][ T3673]  ? alloc_pages+0x520/0x7b0
[   65.548217][ T3673]  ? xas_descend+0x1f3/0x400
[   65.552804][ T3673]  folio_alloc+0x1a/0x50
[   65.557034][ T3673]  filemap_alloc_folio+0x7e/0x1c0
[   65.562054][ T3673]  __filemap_get_folio+0x898/0x1260
[   65.567249][ T3673]  ? page_cache_prev_miss+0x4e0/0x4e0
[   65.572625][ T3673]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[   65.578611][ T3673]  ? print_irqtrace_events+0x220/0x220
[   65.584065][ T3673]  pagecache_get_page+0x28/0x260
[   65.589005][ T3673]  ? hfs_free_extents+0x420/0x420
[   65.594034][ T3673]  block_write_begin+0x2e/0x1e0
[   65.598887][ T3673]  ? cont_write_begin+0x5e5/0x860
[   65.603919][ T3673]  ? hfs_free_extents+0x420/0x420
[   65.608930][ T3673]  cont_write_begin+0x606/0x860
[   65.613788][ T3673]  ? fault_in_readable+0x1d5/0x310
[   65.618919][ T3673]  ? generic_cont_expand_simple+0x250/0x250
[   65.624810][ T3673]  ? fault_in_readable+0x219/0x310
[   65.629931][ T3673]  ? fault_in_safe_writeable+0x240/0x240
[   65.635558][ T3673]  hfs_write_begin+0x86/0xd0
[   65.640143][ T3673]  ? hfs_free_extents+0x420/0x420
[   65.645189][ T3673]  generic_perform_write+0x2e4/0x5e0
[   65.650475][ T3673]  ? __block_commit_write+0x420/0x420
[   65.655839][ T3673]  ? generic_file_direct_write+0x610/0x610
[   65.661664][ T3673]  ? __file_remove_privs+0x6c0/0x6c0
[   65.666939][ T3673]  ? generic_write_checks+0x15c/0x1c0
[   65.672307][ T3673]  __generic_file_write_iter+0x176/0x400
[   65.677936][ T3673]  generic_file_write_iter+0xab/0x310
[   65.683301][ T3673]  vfs_write+0x7dc/0xc50
[   65.687546][ T3673]  ? file_end_write+0x230/0x230
[   65.692393][ T3673]  ? ptrace_stop+0x74d/0x970
[   65.696994][ T3673]  ? _raw_spin_unlock_irq+0x2a/0x40
[   65.702228][ T3673]  ? __fdget_pos+0x252/0x2e0
[   65.706815][ T3673]  ksys_write+0x177/0x2a0
[   65.711137][ T3673]  ? __ia32_sys_read+0x80/0x80
[   65.715903][ T3673]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   65.721891][ T3673]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   65.727863][ T3673]  do_syscall_64+0x3d/0xb0
[   65.732280][ T3673]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   65.738180][ T3673] RIP: 0033:0x7f0fa5191c89
[   65.742586][ T3673] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   65.762186][ T3673] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid  3673] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3673] exit_group(0)               = ?
[pid  3673] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3673, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./32/binderfs")                 = 0
umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./32/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./32")                           = 0
mkdir("./33", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
[   65.770598][ T3673] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   65.778558][ T3673] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   65.786517][ T3673] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   65.794487][ T3673] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   65.802469][ T3673] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000020
[   65.810456][ T3673]  </TASK>
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3674 attached
, child_tidptr=0x555555b7f5d0) = 3674
[pid  3674] chdir("./33")               = 0
[pid  3674] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3674] setpgid(0, 0)               = 0
[pid  3674] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3674] write(3, "1000", 4)         = 4
[pid  3674] close(3)                    = 0
[pid  3674] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3674] memfd_create("syzkaller", 0) = 3
[pid  3674] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3674] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3674] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3674] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3674] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3674] close(3)                    = 0
[pid  3674] mkdir("./file0", 0777)      = 0
[pid  3674] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3674] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3674] chdir("./file0")            = 0
[pid  3674] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3674] close(4)                    = 0
[pid  3674] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3674] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3674] write(5, "13", 2)           = 2
[   65.874142][ T3674] loop0: detected capacity change from 0 to 64
[   65.901629][ T3674] FAULT_INJECTION: forcing a failure.
[   65.901629][ T3674] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   65.914745][ T3674] CPU: 1 PID: 3674 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   65.925153][ T3674] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   65.935215][ T3674] Call Trace:
[   65.938490][ T3674]  <TASK>
[   65.941418][ T3674]  dump_stack_lvl+0x1b1/0x28e
[   65.946098][ T3674]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   65.951554][ T3674]  ? panic+0x710/0x710
[   65.955617][ T3674]  ? hfs_free_extents+0x420/0x420
[   65.960641][ T3674]  ? PageHeadHuge+0x8a/0x1d0
[   65.965249][ T3674]  should_fail_ex+0x395/0x4c0
[   65.969933][ T3674]  copy_page_from_iter_atomic+0x217/0x1140
[   65.975745][ T3674]  ? generic_cont_expand_simple+0x250/0x250
[   65.981643][ T3674]  ? pipe_zero+0x200/0x200
[   65.986064][ T3674]  ? hfs_write_begin+0x86/0xd0
[   65.990828][ T3674]  ? hfs_free_extents+0x420/0x420
[   65.995852][ T3674]  ? hfs_write_begin+0x9e/0xd0
[   66.000615][ T3674]  generic_perform_write+0x35a/0x5e0
[   66.005909][ T3674]  ? __block_commit_write+0x420/0x420
[   66.011284][ T3674]  ? generic_file_direct_write+0x610/0x610
[   66.017116][ T3674]  ? __file_remove_privs+0x6c0/0x6c0
[   66.022404][ T3674]  ? generic_write_checks+0x15c/0x1c0
[   66.027780][ T3674]  __generic_file_write_iter+0x176/0x400
[   66.033428][ T3674]  generic_file_write_iter+0xab/0x310
[   66.038798][ T3674]  vfs_write+0x7dc/0xc50
[   66.043045][ T3674]  ? file_end_write+0x230/0x230
[   66.047891][ T3674]  ? ptrace_stop+0x74d/0x970
[   66.052488][ T3674]  ? _raw_spin_unlock_irq+0x2a/0x40
[   66.057690][ T3674]  ? __fdget_pos+0x252/0x2e0
[   66.062292][ T3674]  ksys_write+0x177/0x2a0
[   66.066622][ T3674]  ? __ia32_sys_read+0x80/0x80
[   66.071389][ T3674]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   66.077368][ T3674]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   66.083345][ T3674]  do_syscall_64+0x3d/0xb0
[   66.087758][ T3674]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   66.093660][ T3674] RIP: 0033:0x7f0fa5191c89
[   66.098073][ T3674] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid  3674] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid  3674] exit_group(0)               = ?
[pid  3674] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3674, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./33/binderfs")                 = 0
umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./33/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./33")                           = 0
mkdir("./34", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3675
./strace-static-x86_64: Process 3675 attached
[pid  3675] chdir("./34")               = 0
[pid  3675] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3675] setpgid(0, 0)               = 0
[   66.117672][ T3674] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   66.126078][ T3674] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   66.134045][ T3674] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   66.142007][ T3674] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   66.149971][ T3674] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   66.157936][ T3674] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000021
[   66.165933][ T3674]  </TASK>
[pid  3675] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3675] write(3, "1000", 4)         = 4
[pid  3675] close(3)                    = 0
[pid  3675] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3675] memfd_create("syzkaller", 0) = 3
[pid  3675] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3675] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3675] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3675] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3675] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3675] close(3)                    = 0
[pid  3675] mkdir("./file0", 0777)      = 0
[pid  3675] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3675] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3675] chdir("./file0")            = 0
[pid  3675] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3675] close(4)                    = 0
[pid  3675] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3675] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3675] write(5, "13", 2)           = 2
[   66.213459][ T3675] loop0: detected capacity change from 0 to 64
[   66.232982][ T3675] FAULT_INJECTION: forcing a failure.
[   66.232982][ T3675] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   66.254202][ T3675] CPU: 0 PID: 3675 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   66.264648][ T3675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   66.274700][ T3675] Call Trace:
[   66.277969][ T3675]  <TASK>
[   66.280890][ T3675]  dump_stack_lvl+0x1b1/0x28e
[   66.285558][ T3675]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   66.291015][ T3675]  ? panic+0x710/0x710
[   66.295069][ T3675]  ? do_anonymous_page+0xd4a/0x1150
[   66.300268][ T3675]  ? mark_lock+0x9a/0x350
[   66.304587][ T3675]  should_fail_ex+0x395/0x4c0
[   66.309258][ T3675]  prepare_alloc_pages+0x1d7/0x5a0
[   66.314374][ T3675]  __alloc_pages+0x161/0x560
[   66.318962][ T3675]  ? zone_statistics+0x160/0x160
[   66.323892][ T3675]  ? rcu_lock_release+0x5/0x20
[   66.328663][ T3675]  ? alloc_pages+0x520/0x7b0
[   66.333247][ T3675]  ? xas_descend+0x1f3/0x400
[   66.337843][ T3675]  folio_alloc+0x1a/0x50
[   66.342106][ T3675]  filemap_alloc_folio+0x7e/0x1c0
[   66.347166][ T3675]  __filemap_get_folio+0x898/0x1260
[   66.352364][ T3675]  ? page_cache_prev_miss+0x4e0/0x4e0
[   66.357744][ T3675]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[   66.363720][ T3675]  ? print_irqtrace_events+0x220/0x220
[   66.369210][ T3675]  pagecache_get_page+0x28/0x260
[   66.374151][ T3675]  ? hfs_free_extents+0x420/0x420
[   66.379182][ T3675]  block_write_begin+0x2e/0x1e0
[   66.384036][ T3675]  ? cont_write_begin+0x5e5/0x860
[   66.389072][ T3675]  ? hfs_free_extents+0x420/0x420
[   66.394089][ T3675]  cont_write_begin+0x606/0x860
[   66.398942][ T3675]  ? fault_in_readable+0x1d5/0x310
[   66.404071][ T3675]  ? generic_cont_expand_simple+0x250/0x250
[   66.409961][ T3675]  ? fault_in_readable+0x219/0x310
[   66.415081][ T3675]  ? fault_in_safe_writeable+0x240/0x240
[   66.420730][ T3675]  hfs_write_begin+0x86/0xd0
[   66.425316][ T3675]  ? hfs_free_extents+0x420/0x420
[   66.430343][ T3675]  generic_perform_write+0x2e4/0x5e0
[   66.435623][ T3675]  ? __block_commit_write+0x420/0x420
[   66.440985][ T3675]  ? generic_file_direct_write+0x610/0x610
[   66.446780][ T3675]  ? __file_remove_privs+0x6c0/0x6c0
[   66.452052][ T3675]  ? generic_write_checks+0x15c/0x1c0
[   66.457417][ T3675]  __generic_file_write_iter+0x176/0x400
[   66.463041][ T3675]  generic_file_write_iter+0xab/0x310
[   66.468409][ T3675]  vfs_write+0x7dc/0xc50
[   66.472645][ T3675]  ? file_end_write+0x230/0x230
[   66.477492][ T3675]  ? ptrace_stop+0x74d/0x970
[   66.482096][ T3675]  ? _raw_spin_unlock_irq+0x2a/0x40
[   66.487286][ T3675]  ? __fdget_pos+0x252/0x2e0
[   66.491865][ T3675]  ksys_write+0x177/0x2a0
[   66.496184][ T3675]  ? __ia32_sys_read+0x80/0x80
[   66.500948][ T3675]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   66.506933][ T3675]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   66.512905][ T3675]  do_syscall_64+0x3d/0xb0
[   66.517323][ T3675]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   66.523221][ T3675] RIP: 0033:0x7f0fa5191c89
[   66.527620][ T3675] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   66.547214][ T3675] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   66.555619][ T3675] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[pid  3675] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3675] exit_group(0)               = ?
[pid  3675] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3675, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./34/binderfs")                 = 0
umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./34/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./34")                           = 0
mkdir("./35", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3676
./strace-static-x86_64: Process 3676 attached
[pid  3676] chdir("./35")               = 0
[pid  3676] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[   66.563582][ T3675] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   66.571545][ T3675] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   66.579512][ T3675] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   66.587477][ T3675] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000022
[   66.595461][ T3675]  </TASK>
[pid  3676] setpgid(0, 0)               = 0
[pid  3676] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3676] write(3, "1000", 4)         = 4
[pid  3676] close(3)                    = 0
[pid  3676] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3676] memfd_create("syzkaller", 0) = 3
[pid  3676] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3676] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3676] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3676] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3676] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3676] close(3)                    = 0
[pid  3676] mkdir("./file0", 0777)      = 0
[pid  3676] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3676] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3676] chdir("./file0")            = 0
[pid  3676] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3676] close(4)                    = 0
[pid  3676] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3676] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3676] write(5, "13", 2)           = 2
[   66.657296][ T3676] loop0: detected capacity change from 0 to 64
[   66.682251][ T3676] FAULT_INJECTION: forcing a failure.
[   66.682251][ T3676] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   66.695386][ T3676] CPU: 1 PID: 3676 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   66.705812][ T3676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   66.715863][ T3676] Call Trace:
[   66.719139][ T3676]  <TASK>
[   66.722064][ T3676]  dump_stack_lvl+0x1b1/0x28e
[   66.726746][ T3676]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   66.732198][ T3676]  ? panic+0x710/0x710
[   66.736265][ T3676]  ? hfs_free_extents+0x420/0x420
[   66.741297][ T3676]  ? PageHeadHuge+0x8a/0x1d0
[   66.745889][ T3676]  should_fail_ex+0x395/0x4c0
[   66.750573][ T3676]  copy_page_from_iter_atomic+0x217/0x1140
[   66.756385][ T3676]  ? generic_cont_expand_simple+0x250/0x250
[   66.762288][ T3676]  ? pipe_zero+0x200/0x200
[   66.766711][ T3676]  ? hfs_write_begin+0x86/0xd0
[   66.771470][ T3676]  ? hfs_free_extents+0x420/0x420
[   66.776571][ T3676]  ? hfs_write_begin+0x9e/0xd0
[   66.781332][ T3676]  generic_perform_write+0x35a/0x5e0
[   66.786622][ T3676]  ? __block_commit_write+0x420/0x420
[   66.791991][ T3676]  ? generic_file_direct_write+0x610/0x610
[   66.797878][ T3676]  ? __file_remove_privs+0x6c0/0x6c0
[   66.803159][ T3676]  ? generic_write_checks+0x15c/0x1c0
[   66.808535][ T3676]  __generic_file_write_iter+0x176/0x400
[   66.814192][ T3676]  generic_file_write_iter+0xab/0x310
[   66.819565][ T3676]  vfs_write+0x7dc/0xc50
[   66.823810][ T3676]  ? file_end_write+0x230/0x230
[   66.828655][ T3676]  ? ptrace_stop+0x74d/0x970
[   66.833253][ T3676]  ? _raw_spin_unlock_irq+0x2a/0x40
[   66.838455][ T3676]  ? __fdget_pos+0x252/0x2e0
[   66.843140][ T3676]  ksys_write+0x177/0x2a0
[   66.847469][ T3676]  ? __ia32_sys_read+0x80/0x80
[   66.852230][ T3676]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   66.858207][ T3676]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   66.864188][ T3676]  do_syscall_64+0x3d/0xb0
[   66.868604][ T3676]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   66.874752][ T3676] RIP: 0033:0x7f0fa5191c89
[   66.879163][ T3676] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   66.898762][ T3676] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid  3676] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid  3676] exit_group(0)               = ?
[pid  3676] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3676, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./35/binderfs")                 = 0
umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./35/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./35")                           = 0
mkdir("./36", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3677
./strace-static-x86_64: Process 3677 attached
[pid  3677] chdir("./36")               = 0
[pid  3677] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3677] setpgid(0, 0)               = 0
[pid  3677] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3677] write(3, "1000", 4)         = 4
[pid  3677] close(3)                    = 0
[pid  3677] symlink("/dev/binderfs", "./binderfs") = 0
[   66.907174][ T3676] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   66.915142][ T3676] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   66.923107][ T3676] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   66.931070][ T3676] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   66.939033][ T3676] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000023
[   66.947357][ T3676]  </TASK>
[pid  3677] memfd_create("syzkaller", 0) = 3
[pid  3677] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3677] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3677] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3677] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3677] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3677] close(3)                    = 0
[pid  3677] mkdir("./file0", 0777)      = 0
[pid  3677] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3677] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3677] chdir("./file0")            = 0
[pid  3677] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3677] close(4)                    = 0
[pid  3677] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3677] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3677] write(5, "13", 2)           = 2
[   66.995732][ T3677] loop0: detected capacity change from 0 to 64
[   67.020052][ T3677] FAULT_INJECTION: forcing a failure.
[   67.020052][ T3677] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   67.033289][ T3677] CPU: 0 PID: 3677 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   67.043701][ T3677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   67.053791][ T3677] Call Trace:
[   67.057092][ T3677]  <TASK>
[   67.060011][ T3677]  dump_stack_lvl+0x1b1/0x28e
[   67.064694][ T3677]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   67.070152][ T3677]  ? panic+0x710/0x710
[   67.074208][ T3677]  ? hfs_free_extents+0x420/0x420
[   67.079235][ T3677]  ? PageHeadHuge+0x8a/0x1d0
[   67.083842][ T3677]  should_fail_ex+0x395/0x4c0
[   67.088515][ T3677]  copy_page_from_iter_atomic+0x217/0x1140
[   67.094323][ T3677]  ? generic_cont_expand_simple+0x250/0x250
[   67.100221][ T3677]  ? pipe_zero+0x200/0x200
[   67.104656][ T3677]  ? hfs_write_begin+0x86/0xd0
[   67.109405][ T3677]  ? hfs_free_extents+0x420/0x420
[   67.114414][ T3677]  ? hfs_write_begin+0x9e/0xd0
[   67.119170][ T3677]  generic_perform_write+0x35a/0x5e0
[   67.124453][ T3677]  ? __block_commit_write+0x420/0x420
[   67.129821][ T3677]  ? generic_file_direct_write+0x610/0x610
[   67.135626][ T3677]  ? __file_remove_privs+0x6c0/0x6c0
[   67.140913][ T3677]  ? generic_write_checks+0x15c/0x1c0
[   67.146300][ T3677]  __generic_file_write_iter+0x176/0x400
[   67.151942][ T3677]  generic_file_write_iter+0xab/0x310
[   67.157316][ T3677]  vfs_write+0x7dc/0xc50
[   67.161569][ T3677]  ? file_end_write+0x230/0x230
[   67.166416][ T3677]  ? ptrace_stop+0x74d/0x970
[   67.171013][ T3677]  ? _raw_spin_unlock_irq+0x2a/0x40
[   67.176216][ T3677]  ? __fdget_pos+0x252/0x2e0
[   67.180808][ T3677]  ksys_write+0x177/0x2a0
[   67.185148][ T3677]  ? __ia32_sys_read+0x80/0x80
[   67.189910][ T3677]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   67.195890][ T3677]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   67.201874][ T3677]  do_syscall_64+0x3d/0xb0
[   67.206286][ T3677]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   67.212175][ T3677] RIP: 0033:0x7f0fa5191c89
[   67.216589][ T3677] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   67.236191][ T3677] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid  3677] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid  3677] exit_group(0)               = ?
[pid  3677] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3677, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./36/binderfs")                 = 0
umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./36/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./36")                           = 0
mkdir("./37", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3678
./strace-static-x86_64: Process 3678 attached
[pid  3678] chdir("./37")               = 0
[   67.244601][ T3677] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   67.252564][ T3677] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   67.260528][ T3677] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   67.268492][ T3677] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   67.276454][ T3677] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000024
[   67.284435][ T3677]  </TASK>
[pid  3678] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3678] setpgid(0, 0)               = 0
[pid  3678] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3678] write(3, "1000", 4)         = 4
[pid  3678] close(3)                    = 0
[pid  3678] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3678] memfd_create("syzkaller", 0) = 3
[pid  3678] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3678] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3678] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3678] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3678] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3678] close(3)                    = 0
[pid  3678] mkdir("./file0", 0777)      = 0
[pid  3678] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3678] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3678] chdir("./file0")            = 0
[pid  3678] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3678] close(4)                    = 0
[pid  3678] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3678] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3678] write(5, "13", 2)           = 2
[   67.350681][ T3678] loop0: detected capacity change from 0 to 64
[   67.383585][ T3678] FAULT_INJECTION: forcing a failure.
[   67.383585][ T3678] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   67.396934][ T3678] CPU: 0 PID: 3678 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   67.407356][ T3678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   67.417419][ T3678] Call Trace:
[   67.420700][ T3678]  <TASK>
[   67.423625][ T3678]  dump_stack_lvl+0x1b1/0x28e
[   67.428304][ T3678]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   67.433756][ T3678]  ? panic+0x710/0x710
[   67.437816][ T3678]  ? do_anonymous_page+0xd4a/0x1150
[   67.443019][ T3678]  ? mark_lock+0x9a/0x350
[   67.447348][ T3678]  should_fail_ex+0x395/0x4c0
[   67.452033][ T3678]  prepare_alloc_pages+0x1d7/0x5a0
[   67.457151][ T3678]  __alloc_pages+0x161/0x560
[   67.461746][ T3678]  ? zone_statistics+0x160/0x160
[   67.466689][ T3678]  ? rcu_lock_release+0x5/0x20
[   67.471467][ T3678]  ? alloc_pages+0x520/0x7b0
[   67.476051][ T3678]  ? xas_descend+0x1f3/0x400
[   67.480638][ T3678]  folio_alloc+0x1a/0x50
[   67.484874][ T3678]  filemap_alloc_folio+0x7e/0x1c0
[   67.489898][ T3678]  __filemap_get_folio+0x898/0x1260
[   67.495095][ T3678]  ? page_cache_prev_miss+0x4e0/0x4e0
[   67.500465][ T3678]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[   67.506442][ T3678]  ? print_irqtrace_events+0x220/0x220
[   67.511899][ T3678]  pagecache_get_page+0x28/0x260
[   67.516829][ T3678]  ? hfs_free_extents+0x420/0x420
[   67.521845][ T3678]  block_write_begin+0x2e/0x1e0
[   67.526713][ T3678]  ? cont_write_begin+0x5e5/0x860
[   67.531760][ T3678]  ? hfs_free_extents+0x420/0x420
[   67.536791][ T3678]  cont_write_begin+0x606/0x860
[   67.541662][ T3678]  ? fault_in_readable+0x1d5/0x310
[   67.546785][ T3678]  ? generic_cont_expand_simple+0x250/0x250
[   67.553203][ T3678]  ? fault_in_readable+0x219/0x310
[   67.558319][ T3678]  ? fault_in_safe_writeable+0x240/0x240
[   67.563962][ T3678]  hfs_write_begin+0x86/0xd0
[   67.568638][ T3678]  ? hfs_free_extents+0x420/0x420
[   67.573660][ T3678]  generic_perform_write+0x2e4/0x5e0
[   67.578958][ T3678]  ? __block_commit_write+0x420/0x420
[   67.584330][ T3678]  ? generic_file_direct_write+0x610/0x610
[   67.590132][ T3678]  ? __file_remove_privs+0x6c0/0x6c0
[   67.595416][ T3678]  ? generic_write_checks+0x15c/0x1c0
[   67.600790][ T3678]  __generic_file_write_iter+0x176/0x400
[   67.606426][ T3678]  generic_file_write_iter+0xab/0x310
[   67.611799][ T3678]  vfs_write+0x7dc/0xc50
[   67.616046][ T3678]  ? file_end_write+0x230/0x230
[   67.620898][ T3678]  ? ptrace_stop+0x74d/0x970
[   67.625492][ T3678]  ? _raw_spin_unlock_irq+0x2a/0x40
[   67.630691][ T3678]  ? __fdget_pos+0x252/0x2e0
[   67.635280][ T3678]  ksys_write+0x177/0x2a0
[   67.639607][ T3678]  ? __ia32_sys_read+0x80/0x80
[   67.644379][ T3678]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   67.650360][ T3678]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   67.656337][ T3678]  do_syscall_64+0x3d/0xb0
[   67.660750][ T3678]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   67.666643][ T3678] RIP: 0033:0x7f0fa5191c89
[   67.671053][ T3678] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   67.690650][ T3678] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid  3678] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3678] exit_group(0)               = ?
[pid  3678] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3678, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./37/binderfs")                 = 0
umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./37/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./37")                           = 0
mkdir("./38", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3679 attached
 <unfinished ...>
[pid  3679] chdir("./38")               = 0
[pid  3679] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3679] setpgid(0, 0)               = 0
[pid  3679] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid  3638] <... clone resumed>, child_tidptr=0x555555b7f5d0) = 3679
[pid  3679] <... openat resumed>)       = 3
[pid  3679] write(3, "1000", 4)         = 4
[pid  3679] close(3)                    = 0
[pid  3679] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3679] memfd_create("syzkaller", 0) = 3
[pid  3679] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3679] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3679] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3679] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   67.699057][ T3678] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   67.707024][ T3678] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   67.715038][ T3678] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   67.723001][ T3678] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   67.730961][ T3678] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000025
[   67.738942][ T3678]  </TASK>
[pid  3679] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3679] close(3)                    = 0
[pid  3679] mkdir("./file0", 0777)      = 0
[pid  3679] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3679] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3679] chdir("./file0")            = 0
[pid  3679] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3679] close(4)                    = 0
[pid  3679] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3679] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3679] write(5, "13", 2)           = 2
[   67.781497][ T3679] loop0: detected capacity change from 0 to 64
[   67.802437][ T3679] FAULT_INJECTION: forcing a failure.
[   67.802437][ T3679] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   67.816334][ T3679] CPU: 0 PID: 3679 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   67.826765][ T3679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   67.836804][ T3679] Call Trace:
[   67.840070][ T3679]  <TASK>
[   67.842986][ T3679]  dump_stack_lvl+0x1b1/0x28e
[   67.847649][ T3679]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   67.853091][ T3679]  ? panic+0x710/0x710
[   67.857139][ T3679]  ? do_anonymous_page+0xd4a/0x1150
[   67.862324][ T3679]  ? mark_lock+0x9a/0x350
[   67.866640][ T3679]  should_fail_ex+0x395/0x4c0
[   67.871310][ T3679]  prepare_alloc_pages+0x1d7/0x5a0
[   67.876414][ T3679]  __alloc_pages+0x161/0x560
[   67.880998][ T3679]  ? zone_statistics+0x160/0x160
[   67.885928][ T3679]  ? rcu_lock_release+0x5/0x20
[   67.890674][ T3679]  ? alloc_pages+0x520/0x7b0
[   67.895248][ T3679]  ? xas_descend+0x1f3/0x400
[   67.899827][ T3679]  folio_alloc+0x1a/0x50
[   67.904051][ T3679]  filemap_alloc_folio+0x7e/0x1c0
[   67.909062][ T3679]  __filemap_get_folio+0x898/0x1260
[   67.914248][ T3679]  ? page_cache_prev_miss+0x4e0/0x4e0
[   67.919614][ T3679]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[   67.925578][ T3679]  ? print_irqtrace_events+0x220/0x220
[   67.931028][ T3679]  pagecache_get_page+0x28/0x260
[   67.935949][ T3679]  ? hfs_free_extents+0x420/0x420
[   67.940958][ T3679]  block_write_begin+0x2e/0x1e0
[   67.945795][ T3679]  ? cont_write_begin+0x5e5/0x860
[   67.950806][ T3679]  ? hfs_free_extents+0x420/0x420
[   67.955823][ T3679]  cont_write_begin+0x606/0x860
[   67.960666][ T3679]  ? fault_in_readable+0x1d5/0x310
[   67.965767][ T3679]  ? generic_cont_expand_simple+0x250/0x250
[   67.971652][ T3679]  ? fault_in_readable+0x219/0x310
[   67.976751][ T3679]  ? fault_in_safe_writeable+0x240/0x240
[   67.982371][ T3679]  hfs_write_begin+0x86/0xd0
[   67.986945][ T3679]  ? hfs_free_extents+0x420/0x420
[   67.991955][ T3679]  generic_perform_write+0x2e4/0x5e0
[   67.997230][ T3679]  ? __block_commit_write+0x420/0x420
[   68.002593][ T3679]  ? generic_file_direct_write+0x610/0x610
[   68.008381][ T3679]  ? __file_remove_privs+0x6c0/0x6c0
[   68.013650][ T3679]  ? generic_write_checks+0x15c/0x1c0
[   68.019012][ T3679]  __generic_file_write_iter+0x176/0x400
[   68.024637][ T3679]  generic_file_write_iter+0xab/0x310
[   68.029994][ T3679]  vfs_write+0x7dc/0xc50
[   68.034228][ T3679]  ? file_end_write+0x230/0x230
[   68.039061][ T3679]  ? ptrace_stop+0x74d/0x970
[   68.043645][ T3679]  ? _raw_spin_unlock_irq+0x2a/0x40
[   68.048830][ T3679]  ? __fdget_pos+0x252/0x2e0
[   68.053406][ T3679]  ksys_write+0x177/0x2a0
[   68.057723][ T3679]  ? __ia32_sys_read+0x80/0x80
[   68.062470][ T3679]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   68.068437][ T3679]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   68.074403][ T3679]  do_syscall_64+0x3d/0xb0
[   68.078803][ T3679]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   68.084679][ T3679] RIP: 0033:0x7f0fa5191c89
[   68.089079][ T3679] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   68.108667][ T3679] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   68.117066][ T3679] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   68.125021][ T3679] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid  3679] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3679] exit_group(0)               = ?
[pid  3679] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3679, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./38/binderfs")                 = 0
umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./38/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./38")                           = 0
mkdir("./39", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3680
./strace-static-x86_64: Process 3680 attached
[pid  3680] chdir("./39")               = 0
[pid  3680] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3680] setpgid(0, 0)               = 0
[pid  3680] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3680] write(3, "1000", 4)         = 4
[pid  3680] close(3)                    = 0
[pid  3680] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3680] memfd_create("syzkaller", 0) = 3
[   68.132971][ T3679] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   68.140922][ T3679] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   68.148873][ T3679] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000026
[   68.156836][ T3679]  </TASK>
[pid  3680] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3680] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3680] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3680] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3680] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3680] close(3)                    = 0
[pid  3680] mkdir("./file0", 0777)      = 0
[pid  3680] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3680] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3680] chdir("./file0")            = 0
[pid  3680] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3680] close(4)                    = 0
[pid  3680] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3680] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3680] write(5, "13", 2)           = 2
[   68.195926][ T3680] loop0: detected capacity change from 0 to 64
[   68.200097][ T3640] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[   68.224452][ T3680] FAULT_INJECTION: forcing a failure.
[   68.224452][ T3680] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   68.237803][ T3680] CPU: 0 PID: 3680 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   68.248233][ T3680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   68.258280][ T3680] Call Trace:
[   68.261546][ T3680]  <TASK>
[   68.264470][ T3680]  dump_stack_lvl+0x1b1/0x28e
[   68.269150][ T3680]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   68.274614][ T3680]  ? panic+0x710/0x710
[   68.278674][ T3680]  ? do_anonymous_page+0xd4a/0x1150
[   68.283887][ T3680]  ? mark_lock+0x9a/0x350
[   68.288251][ T3680]  should_fail_ex+0x395/0x4c0
[   68.292944][ T3680]  prepare_alloc_pages+0x1d7/0x5a0
[   68.298068][ T3680]  __alloc_pages+0x161/0x560
[   68.302673][ T3680]  ? zone_statistics+0x160/0x160
[   68.307619][ T3680]  ? rcu_lock_release+0x5/0x20
[   68.312386][ T3680]  ? alloc_pages+0x520/0x7b0
[   68.316984][ T3680]  ? xas_descend+0x1f3/0x400
[   68.321565][ T3680]  folio_alloc+0x1a/0x50
[   68.325794][ T3680]  filemap_alloc_folio+0x7e/0x1c0
[   68.330820][ T3680]  __filemap_get_folio+0x898/0x1260
[   68.336053][ T3680]  ? page_cache_prev_miss+0x4e0/0x4e0
[   68.341465][ T3680]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[   68.347463][ T3680]  ? print_irqtrace_events+0x220/0x220
[   68.352916][ T3680]  pagecache_get_page+0x28/0x260
[   68.357856][ T3680]  ? hfs_free_extents+0x420/0x420
[   68.362894][ T3680]  block_write_begin+0x2e/0x1e0
[   68.367753][ T3680]  ? cont_write_begin+0x5e5/0x860
[   68.372783][ T3680]  ? hfs_free_extents+0x420/0x420
[   68.377798][ T3680]  cont_write_begin+0x606/0x860
[   68.382648][ T3680]  ? fault_in_readable+0x1d5/0x310
[   68.387752][ T3680]  ? generic_cont_expand_simple+0x250/0x250
[   68.393636][ T3680]  ? fault_in_readable+0x219/0x310
[   68.399798][ T3680]  ? fault_in_safe_writeable+0x240/0x240
[   68.405463][ T3680]  hfs_write_begin+0x86/0xd0
[   68.410052][ T3680]  ? hfs_free_extents+0x420/0x420
[   68.415073][ T3680]  generic_perform_write+0x2e4/0x5e0
[   68.420376][ T3680]  ? __block_commit_write+0x420/0x420
[   68.425771][ T3680]  ? generic_file_direct_write+0x610/0x610
[   68.431589][ T3680]  ? __file_remove_privs+0x6c0/0x6c0
[   68.436881][ T3680]  ? generic_write_checks+0x15c/0x1c0
[   68.442285][ T3680]  __generic_file_write_iter+0x176/0x400
[   68.447952][ T3680]  generic_file_write_iter+0xab/0x310
[   68.453352][ T3680]  vfs_write+0x7dc/0xc50
[   68.457620][ T3680]  ? file_end_write+0x230/0x230
[   68.462471][ T3680]  ? ptrace_stop+0x74d/0x970
[   68.467071][ T3680]  ? _raw_spin_unlock_irq+0x2a/0x40
[   68.472282][ T3680]  ? __fdget_pos+0x252/0x2e0
[   68.476889][ T3680]  ksys_write+0x177/0x2a0
[   68.481214][ T3680]  ? __ia32_sys_read+0x80/0x80
[   68.485973][ T3680]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   68.491961][ T3680]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   68.497955][ T3680]  do_syscall_64+0x3d/0xb0
[   68.502360][ T3680]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   68.508252][ T3680] RIP: 0033:0x7f0fa5191c89
[   68.512681][ T3680] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   68.532453][ T3680] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid  3680] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3680] exit_group(0)               = ?
[pid  3680] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3680, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./39/binderfs")                 = 0
umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./39/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./39")                           = 0
mkdir("./40", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3681
./strace-static-x86_64: Process 3681 attached
[pid  3681] chdir("./40")               = 0
[pid  3681] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3681] setpgid(0, 0)               = 0
[pid  3681] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3681] write(3, "1000", 4)         = 4
[pid  3681] close(3)                    = 0
[pid  3681] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3681] memfd_create("syzkaller", 0) = 3
[pid  3681] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3681] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3681] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3681] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   68.540867][ T3680] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   68.548842][ T3680] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   68.556800][ T3680] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   68.564769][ T3680] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   68.572740][ T3680] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000027
[   68.580800][ T3680]  </TASK>
[pid  3681] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3681] close(3)                    = 0
[pid  3681] mkdir("./file0", 0777)      = 0
[pid  3681] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3681] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3681] chdir("./file0")            = 0
[pid  3681] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3681] close(4)                    = 0
[pid  3681] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3681] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3681] write(5, "13", 2)           = 2
[   68.619820][ T3681] loop0: detected capacity change from 0 to 64
[   68.646996][ T3681] FAULT_INJECTION: forcing a failure.
[   68.646996][ T3681] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   68.660141][ T3681] CPU: 1 PID: 3681 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   68.670543][ T3681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   68.680676][ T3681] Call Trace:
[   68.683972][ T3681]  <TASK>
[   68.687003][ T3681]  dump_stack_lvl+0x1b1/0x28e
[   68.691674][ T3681]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   68.697118][ T3681]  ? panic+0x710/0x710
[   68.701184][ T3681]  ? hfs_free_extents+0x420/0x420
[   68.706214][ T3681]  ? PageHeadHuge+0x8a/0x1d0
[   68.710820][ T3681]  should_fail_ex+0x395/0x4c0
[   68.715509][ T3681]  copy_page_from_iter_atomic+0x217/0x1140
[   68.721339][ T3681]  ? generic_cont_expand_simple+0x250/0x250
[   68.727226][ T3681]  ? pipe_zero+0x200/0x200
[   68.731640][ T3681]  ? hfs_write_begin+0x86/0xd0
[   68.736392][ T3681]  ? hfs_free_extents+0x420/0x420
[   68.741402][ T3681]  ? hfs_write_begin+0x9e/0xd0
[   68.746167][ T3681]  generic_perform_write+0x35a/0x5e0
[   68.751457][ T3681]  ? __block_commit_write+0x420/0x420
[   68.756833][ T3681]  ? generic_file_direct_write+0x610/0x610
[   68.762646][ T3681]  ? __file_remove_privs+0x6c0/0x6c0
[   68.767929][ T3681]  ? generic_write_checks+0x15c/0x1c0
[   68.773303][ T3681]  __generic_file_write_iter+0x176/0x400
[   68.778940][ T3681]  generic_file_write_iter+0xab/0x310
[   68.784327][ T3681]  vfs_write+0x7dc/0xc50
[   68.788595][ T3681]  ? file_end_write+0x230/0x230
[   68.793440][ T3681]  ? ptrace_stop+0x74d/0x970
[   68.798041][ T3681]  ? _raw_spin_unlock_irq+0x2a/0x40
[   68.803261][ T3681]  ? __fdget_pos+0x252/0x2e0
[   68.807857][ T3681]  ksys_write+0x177/0x2a0
[   68.812199][ T3681]  ? __ia32_sys_read+0x80/0x80
[   68.816954][ T3681]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   68.822941][ T3681]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   68.828939][ T3681]  do_syscall_64+0x3d/0xb0
[   68.833349][ T3681]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   68.839234][ T3681] RIP: 0033:0x7f0fa5191c89
[   68.843638][ T3681] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid  3681] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid  3681] exit_group(0)               = ?
[pid  3681] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3681, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./40/binderfs")                 = 0
umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./40/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./40")                           = 0
mkdir("./41", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
[   68.863262][ T3681] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   68.871686][ T3681] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   68.879657][ T3681] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   68.887639][ T3681] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   68.895626][ T3681] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   68.903591][ T3681] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000028
[   68.911572][ T3681]  </TASK>
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3682
./strace-static-x86_64: Process 3682 attached
[pid  3682] chdir("./41")               = 0
[pid  3682] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3682] setpgid(0, 0)               = 0
[pid  3682] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3682] write(3, "1000", 4)         = 4
[pid  3682] close(3)                    = 0
[pid  3682] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3682] memfd_create("syzkaller", 0) = 3
[pid  3682] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3682] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3682] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3682] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3682] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3682] close(3)                    = 0
[pid  3682] mkdir("./file0", 0777)      = 0
[pid  3682] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3682] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3682] chdir("./file0")            = 0
[pid  3682] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3682] close(4)                    = 0
[pid  3682] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3682] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3682] write(5, "13", 2)           = 2
[   68.966561][ T3682] loop0: detected capacity change from 0 to 64
[   68.997922][ T3682] FAULT_INJECTION: forcing a failure.
[   68.997922][ T3682] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   69.011313][ T3682] CPU: 0 PID: 3682 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   69.021766][ T3682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   69.031830][ T3682] Call Trace:
[   69.035110][ T3682]  <TASK>
[   69.038033][ T3682]  dump_stack_lvl+0x1b1/0x28e
[   69.042717][ T3682]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   69.048169][ T3682]  ? panic+0x710/0x710
[   69.052225][ T3682]  ? do_anonymous_page+0xd4a/0x1150
[   69.057416][ T3682]  ? mark_lock+0x9a/0x350
[   69.061752][ T3682]  should_fail_ex+0x395/0x4c0
[   69.066431][ T3682]  prepare_alloc_pages+0x1d7/0x5a0
[   69.071555][ T3682]  __alloc_pages+0x161/0x560
[   69.076146][ T3682]  ? zone_statistics+0x160/0x160
[   69.081081][ T3682]  ? rcu_lock_release+0x5/0x20
[   69.085836][ T3682]  ? alloc_pages+0x520/0x7b0
[   69.090416][ T3682]  ? xas_descend+0x1f3/0x400
[   69.094997][ T3682]  folio_alloc+0x1a/0x50
[   69.099241][ T3682]  filemap_alloc_folio+0x7e/0x1c0
[   69.104274][ T3682]  __filemap_get_folio+0x898/0x1260
[   69.109465][ T3682]  ? page_cache_prev_miss+0x4e0/0x4e0
[   69.114834][ T3682]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[   69.120806][ T3682]  ? print_irqtrace_events+0x220/0x220
[   69.126271][ T3682]  pagecache_get_page+0x28/0x260
[   69.131216][ T3682]  ? hfs_free_extents+0x420/0x420
[   69.136254][ T3682]  block_write_begin+0x2e/0x1e0
[   69.141102][ T3682]  ? cont_write_begin+0x5e5/0x860
[   69.146123][ T3682]  ? hfs_free_extents+0x420/0x420
[   69.151139][ T3682]  cont_write_begin+0x606/0x860
[   69.156006][ T3682]  ? fault_in_readable+0x1d5/0x310
[   69.161129][ T3682]  ? generic_cont_expand_simple+0x250/0x250
[   69.167023][ T3682]  ? fault_in_readable+0x219/0x310
[   69.172156][ T3682]  ? fault_in_safe_writeable+0x240/0x240
[   69.177884][ T3682]  hfs_write_begin+0x86/0xd0
[   69.182479][ T3682]  ? hfs_free_extents+0x420/0x420
[   69.187514][ T3682]  generic_perform_write+0x2e4/0x5e0
[   69.192799][ T3682]  ? __block_commit_write+0x420/0x420
[   69.198165][ T3682]  ? generic_file_direct_write+0x610/0x610
[   69.203962][ T3682]  ? __file_remove_privs+0x6c0/0x6c0
[   69.209253][ T3682]  ? generic_write_checks+0x15c/0x1c0
[   69.214695][ T3682]  __generic_file_write_iter+0x176/0x400
[   69.220327][ T3682]  generic_file_write_iter+0xab/0x310
[   69.225699][ T3682]  vfs_write+0x7dc/0xc50
[   69.229936][ T3682]  ? file_end_write+0x230/0x230
[   69.234784][ T3682]  ? ptrace_stop+0x74d/0x970
[   69.239393][ T3682]  ? _raw_spin_unlock_irq+0x2a/0x40
[   69.244585][ T3682]  ? __fdget_pos+0x252/0x2e0
[   69.249168][ T3682]  ksys_write+0x177/0x2a0
[   69.253488][ T3682]  ? __ia32_sys_read+0x80/0x80
[   69.258240][ T3682]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   69.264210][ T3682]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   69.270179][ T3682]  do_syscall_64+0x3d/0xb0
[   69.274618][ T3682]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   69.280540][ T3682] RIP: 0033:0x7f0fa5191c89
[   69.284948][ T3682] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   69.304552][ T3682] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid  3682] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3682] exit_group(0)               = ?
[pid  3682] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3682, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./41/binderfs")                 = 0
umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./41/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./41")                           = 0
mkdir("./42", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3683
./strace-static-x86_64: Process 3683 attached
[   69.312963][ T3682] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   69.320934][ T3682] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   69.328908][ T3682] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   69.336888][ T3682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   69.344852][ T3682] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000029
[   69.352840][ T3682]  </TASK>
[pid  3683] chdir("./42")               = 0
[pid  3683] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3683] setpgid(0, 0)               = 0
[pid  3683] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3683] write(3, "1000", 4)         = 4
[pid  3683] close(3)                    = 0
[pid  3683] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3683] memfd_create("syzkaller", 0) = 3
[pid  3683] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3683] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3683] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3683] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3683] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3683] close(3)                    = 0
[pid  3683] mkdir("./file0", 0777)      = 0
[pid  3683] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3683] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3683] chdir("./file0")            = 0
[pid  3683] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3683] close(4)                    = 0
[pid  3683] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3683] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3683] write(5, "13", 2)           = 2
[   69.408716][ T3683] loop0: detected capacity change from 0 to 64
[   69.445502][ T3683] FAULT_INJECTION: forcing a failure.
[   69.445502][ T3683] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   69.459044][ T3683] CPU: 0 PID: 3683 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   69.469470][ T3683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   69.479599][ T3683] Call Trace:
[   69.482867][ T3683]  <TASK>
[   69.485785][ T3683]  dump_stack_lvl+0x1b1/0x28e
[   69.490449][ T3683]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   69.495906][ T3683]  ? panic+0x710/0x710
[   69.499958][ T3683]  ? do_anonymous_page+0xd4a/0x1150
[   69.505150][ T3683]  ? mark_lock+0x9a/0x350
[   69.509468][ T3683]  should_fail_ex+0x395/0x4c0
[   69.514151][ T3683]  prepare_alloc_pages+0x1d7/0x5a0
[   69.519264][ T3683]  __alloc_pages+0x161/0x560
[   69.523861][ T3683]  ? zone_statistics+0x160/0x160
[   69.528812][ T3683]  ? rcu_lock_release+0x5/0x20
[   69.533564][ T3683]  ? alloc_pages+0x520/0x7b0
[   69.538156][ T3683]  ? xas_descend+0x1f3/0x400
[   69.542752][ T3683]  folio_alloc+0x1a/0x50
[   69.546982][ T3683]  filemap_alloc_folio+0x7e/0x1c0
[   69.552000][ T3683]  __filemap_get_folio+0x898/0x1260
[   69.557188][ T3683]  ? page_cache_prev_miss+0x4e0/0x4e0
[   69.562551][ T3683]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[   69.568522][ T3683]  ? print_irqtrace_events+0x220/0x220
[   69.573972][ T3683]  pagecache_get_page+0x28/0x260
[   69.578902][ T3683]  ? hfs_free_extents+0x420/0x420
[   69.583915][ T3683]  block_write_begin+0x2e/0x1e0
[   69.588756][ T3683]  ? cont_write_begin+0x5e5/0x860
[   69.593768][ T3683]  ? hfs_free_extents+0x420/0x420
[   69.598778][ T3683]  cont_write_begin+0x606/0x860
[   69.603627][ T3683]  ? fault_in_readable+0x1d5/0x310
[   69.608752][ T3683]  ? generic_cont_expand_simple+0x250/0x250
[   69.614656][ T3683]  ? fault_in_readable+0x219/0x310
[   69.619784][ T3683]  ? fault_in_safe_writeable+0x240/0x240
[   69.625443][ T3683]  hfs_write_begin+0x86/0xd0
[   69.630032][ T3683]  ? hfs_free_extents+0x420/0x420
[   69.635059][ T3683]  generic_perform_write+0x2e4/0x5e0
[   69.640377][ T3683]  ? __block_commit_write+0x420/0x420
[   69.645761][ T3683]  ? generic_file_direct_write+0x610/0x610
[   69.651581][ T3683]  ? __file_remove_privs+0x6c0/0x6c0
[   69.656877][ T3683]  ? generic_write_checks+0x15c/0x1c0
[   69.662269][ T3683]  __generic_file_write_iter+0x176/0x400
[   69.667925][ T3683]  generic_file_write_iter+0xab/0x310
[   69.673317][ T3683]  vfs_write+0x7dc/0xc50
[   69.677590][ T3683]  ? file_end_write+0x230/0x230
[   69.682445][ T3683]  ? ptrace_stop+0x74d/0x970
[   69.687047][ T3683]  ? _raw_spin_unlock_irq+0x2a/0x40
[   69.692260][ T3683]  ? __fdget_pos+0x252/0x2e0
[   69.696851][ T3683]  ksys_write+0x177/0x2a0
[   69.701190][ T3683]  ? __ia32_sys_read+0x80/0x80
[   69.705941][ T3683]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   69.711921][ T3683]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   69.717910][ T3683]  do_syscall_64+0x3d/0xb0
[   69.722316][ T3683]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   69.728195][ T3683] RIP: 0033:0x7f0fa5191c89
[   69.732616][ T3683] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   69.752225][ T3683] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid  3683] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3683] exit_group(0)               = ?
[pid  3683] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3683, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./42/binderfs")                 = 0
umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./42/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./42")                           = 0
mkdir("./43", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
[   69.760627][ T3683] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   69.768587][ T3683] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   69.776556][ T3683] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   69.784529][ T3683] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   69.792491][ T3683] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000002a
[   69.800463][ T3683]  </TASK>
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3684
./strace-static-x86_64: Process 3684 attached
[pid  3684] chdir("./43")               = 0
[pid  3684] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3684] setpgid(0, 0)               = 0
[pid  3684] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3684] write(3, "1000", 4)         = 4
[pid  3684] close(3)                    = 0
[pid  3684] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3684] memfd_create("syzkaller", 0) = 3
[pid  3684] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3684] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3684] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3684] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3684] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3684] close(3)                    = 0
[pid  3684] mkdir("./file0", 0777)      = 0
[pid  3684] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3684] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3684] chdir("./file0")            = 0
[pid  3684] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3684] close(4)                    = 0
[pid  3684] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3684] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3684] write(5, "13", 2)           = 2
[   69.851568][ T3684] loop0: detected capacity change from 0 to 64
[   69.883066][ T3684] FAULT_INJECTION: forcing a failure.
[   69.883066][ T3684] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   69.896624][ T3684] CPU: 0 PID: 3684 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   69.907040][ T3684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   69.917087][ T3684] Call Trace:
[   69.920374][ T3684]  <TASK>
[   69.923316][ T3684]  dump_stack_lvl+0x1b1/0x28e
[   69.928000][ T3684]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   69.933444][ T3684]  ? panic+0x710/0x710
[   69.937497][ T3684]  ? do_anonymous_page+0xd4a/0x1150
[   69.942689][ T3684]  ? mark_lock+0x9a/0x350
[   69.947020][ T3684]  should_fail_ex+0x395/0x4c0
[   69.951711][ T3684]  prepare_alloc_pages+0x1d7/0x5a0
[   69.956834][ T3684]  __alloc_pages+0x161/0x560
[   69.961434][ T3684]  ? zone_statistics+0x160/0x160
[   69.966386][ T3684]  ? rcu_lock_release+0x5/0x20
[   69.971154][ T3684]  ? alloc_pages+0x520/0x7b0
[   69.975732][ T3684]  ? xas_descend+0x1f3/0x400
[   69.980314][ T3684]  folio_alloc+0x1a/0x50
[   69.984546][ T3684]  filemap_alloc_folio+0x7e/0x1c0
[   69.989569][ T3684]  __filemap_get_folio+0x898/0x1260
[   69.994775][ T3684]  ? page_cache_prev_miss+0x4e0/0x4e0
[   70.000135][ T3684]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[   70.006105][ T3684]  ? print_irqtrace_events+0x220/0x220
[   70.011562][ T3684]  pagecache_get_page+0x28/0x260
[   70.016488][ T3684]  ? hfs_free_extents+0x420/0x420
[   70.021508][ T3684]  block_write_begin+0x2e/0x1e0
[   70.026366][ T3684]  ? cont_write_begin+0x5e5/0x860
[   70.031381][ T3684]  ? hfs_free_extents+0x420/0x420
[   70.036404][ T3684]  cont_write_begin+0x606/0x860
[   70.041269][ T3684]  ? fault_in_readable+0x1d5/0x310
[   70.046371][ T3684]  ? generic_cont_expand_simple+0x250/0x250
[   70.052254][ T3684]  ? fault_in_readable+0x219/0x310
[   70.057362][ T3684]  ? fault_in_safe_writeable+0x240/0x240
[   70.062991][ T3684]  hfs_write_begin+0x86/0xd0
[   70.067571][ T3684]  ? hfs_free_extents+0x420/0x420
[   70.072586][ T3684]  generic_perform_write+0x2e4/0x5e0
[   70.077884][ T3684]  ? __block_commit_write+0x420/0x420
[   70.083262][ T3684]  ? generic_file_direct_write+0x610/0x610
[   70.089076][ T3684]  ? __file_remove_privs+0x6c0/0x6c0
[   70.094522][ T3684]  ? generic_write_checks+0x15c/0x1c0
[   70.099890][ T3684]  __generic_file_write_iter+0x176/0x400
[   70.105518][ T3684]  generic_file_write_iter+0xab/0x310
[   70.110895][ T3684]  vfs_write+0x7dc/0xc50
[   70.115145][ T3684]  ? file_end_write+0x230/0x230
[   70.119983][ T3684]  ? ptrace_stop+0x74d/0x970
[   70.124583][ T3684]  ? _raw_spin_unlock_irq+0x2a/0x40
[   70.129810][ T3684]  ? __fdget_pos+0x252/0x2e0
[   70.134414][ T3684]  ksys_write+0x177/0x2a0
[   70.138737][ T3684]  ? __ia32_sys_read+0x80/0x80
[   70.143495][ T3684]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   70.149726][ T3684]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   70.155697][ T3684]  do_syscall_64+0x3d/0xb0
[   70.160113][ T3684]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   70.166011][ T3684] RIP: 0033:0x7f0fa5191c89
[   70.170415][ T3684] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   70.190198][ T3684] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid  3684] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3684] exit_group(0)               = ?
[pid  3684] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3684, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./43/binderfs")                 = 0
umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./43/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./43")                           = 0
mkdir("./44", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
[   70.198707][ T3684] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   70.206712][ T3684] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   70.214684][ T3684] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   70.222663][ T3684] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   70.230640][ T3684] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000002b
[   70.238613][ T3684]  </TASK>
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3685
./strace-static-x86_64: Process 3685 attached
[pid  3685] chdir("./44")               = 0
[pid  3685] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3685] setpgid(0, 0)               = 0
[pid  3685] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3685] write(3, "1000", 4)         = 4
[pid  3685] close(3)                    = 0
[pid  3685] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3685] memfd_create("syzkaller", 0) = 3
[pid  3685] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3685] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3685] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3685] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3685] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3685] close(3)                    = 0
[pid  3685] mkdir("./file0", 0777)      = 0
[pid  3685] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3685] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3685] chdir("./file0")            = 0
[pid  3685] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3685] close(4)                    = 0
[pid  3685] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3685] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3685] write(5, "13", 2)           = 2
[   70.295110][ T3685] loop0: detected capacity change from 0 to 64
[   70.326856][ T3685] FAULT_INJECTION: forcing a failure.
[   70.326856][ T3685] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   70.340073][ T3685] CPU: 0 PID: 3685 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   70.350480][ T3685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   70.360527][ T3685] Call Trace:
[   70.363807][ T3685]  <TASK>
[   70.366751][ T3685]  dump_stack_lvl+0x1b1/0x28e
[   70.371438][ T3685]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   70.376906][ T3685]  ? panic+0x710/0x710
[   70.381002][ T3685]  ? hfs_free_extents+0x420/0x420
[   70.386044][ T3685]  ? PageHeadHuge+0x8a/0x1d0
[   70.390637][ T3685]  should_fail_ex+0x395/0x4c0
[   70.395333][ T3685]  copy_page_from_iter_atomic+0x217/0x1140
[   70.401159][ T3685]  ? generic_cont_expand_simple+0x250/0x250
[   70.407075][ T3685]  ? pipe_zero+0x200/0x200
[   70.411507][ T3685]  ? hfs_write_begin+0x86/0xd0
[   70.416268][ T3685]  ? hfs_free_extents+0x420/0x420
[   70.421296][ T3685]  ? hfs_write_begin+0x9e/0xd0
[   70.426057][ T3685]  generic_perform_write+0x35a/0x5e0
[   70.431367][ T3685]  ? __block_commit_write+0x420/0x420
[   70.436742][ T3685]  ? generic_file_direct_write+0x610/0x610
[   70.442549][ T3685]  ? __file_remove_privs+0x6c0/0x6c0
[   70.447835][ T3685]  ? generic_write_checks+0x15c/0x1c0
[   70.453226][ T3685]  __generic_file_write_iter+0x176/0x400
[   70.458885][ T3685]  generic_file_write_iter+0xab/0x310
[   70.464271][ T3685]  vfs_write+0x7dc/0xc50
[   70.468529][ T3685]  ? file_end_write+0x230/0x230
[   70.473380][ T3685]  ? ptrace_stop+0x74d/0x970
[   70.477979][ T3685]  ? _raw_spin_unlock_irq+0x2a/0x40
[   70.483179][ T3685]  ? __fdget_pos+0x252/0x2e0
[   70.487772][ T3685]  ksys_write+0x177/0x2a0
[   70.492105][ T3685]  ? __ia32_sys_read+0x80/0x80
[   70.496867][ T3685]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   70.502846][ T3685]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   70.508839][ T3685]  do_syscall_64+0x3d/0xb0
[   70.513256][ T3685]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   70.519143][ T3685] RIP: 0033:0x7f0fa5191c89
[   70.523554][ T3685] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid  3685] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid  3685] exit_group(0)               = ?
[pid  3685] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3685, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./44/binderfs")                 = 0
umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./44/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./44")                           = 0
mkdir("./45", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
[   70.543155][ T3685] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   70.551564][ T3685] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   70.559530][ T3685] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   70.567505][ T3685] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   70.575471][ T3685] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   70.583435][ T3685] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000002c
[   70.591417][ T3685]  </TASK>
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3686
./strace-static-x86_64: Process 3686 attached
[pid  3686] chdir("./45")               = 0
[pid  3686] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3686] setpgid(0, 0)               = 0
[pid  3686] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3686] write(3, "1000", 4)         = 4
[pid  3686] close(3)                    = 0
[pid  3686] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3686] memfd_create("syzkaller", 0) = 3
[pid  3686] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3686] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3686] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3686] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3686] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3686] close(3)                    = 0
[pid  3686] mkdir("./file0", 0777)      = 0
[pid  3686] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3686] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3686] chdir("./file0")            = 0
[pid  3686] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3686] close(4)                    = 0
[pid  3686] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3686] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3686] write(5, "13", 2)           = 2
[   70.643291][ T3686] loop0: detected capacity change from 0 to 64
[   70.666114][ T3686] FAULT_INJECTION: forcing a failure.
[   70.666114][ T3686] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   70.680201][ T3686] CPU: 0 PID: 3686 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   70.690640][ T3686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   70.700694][ T3686] Call Trace:
[   70.703979][ T3686]  <TASK>
[   70.706916][ T3686]  dump_stack_lvl+0x1b1/0x28e
[   70.711586][ T3686]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   70.717034][ T3686]  ? panic+0x710/0x710
[   70.721103][ T3686]  ? do_anonymous_page+0xd4a/0x1150
[   70.726313][ T3686]  ? mark_lock+0x9a/0x350
[   70.730634][ T3686]  should_fail_ex+0x395/0x4c0
[   70.735332][ T3686]  prepare_alloc_pages+0x1d7/0x5a0
[   70.740461][ T3686]  __alloc_pages+0x161/0x560
[   70.745187][ T3686]  ? zone_statistics+0x160/0x160
[   70.750147][ T3686]  ? rcu_lock_release+0x5/0x20
[   70.754922][ T3686]  ? alloc_pages+0x520/0x7b0
[   70.759515][ T3686]  ? xas_descend+0x1f3/0x400
[   70.764118][ T3686]  folio_alloc+0x1a/0x50
[   70.768368][ T3686]  filemap_alloc_folio+0x7e/0x1c0
[   70.773399][ T3686]  __filemap_get_folio+0x898/0x1260
[   70.778689][ T3686]  ? page_cache_prev_miss+0x4e0/0x4e0
[   70.784059][ T3686]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[   70.790034][ T3686]  ? print_irqtrace_events+0x220/0x220
[   70.795489][ T3686]  pagecache_get_page+0x28/0x260
[   70.800419][ T3686]  ? hfs_free_extents+0x420/0x420
[   70.805449][ T3686]  block_write_begin+0x2e/0x1e0
[   70.810311][ T3686]  ? cont_write_begin+0x5e5/0x860
[   70.815412][ T3686]  ? hfs_free_extents+0x420/0x420
[   70.820424][ T3686]  cont_write_begin+0x606/0x860
[   70.825269][ T3686]  ? fault_in_readable+0x1d5/0x310
[   70.830390][ T3686]  ? generic_cont_expand_simple+0x250/0x250
[   70.836307][ T3686]  ? fault_in_readable+0x219/0x310
[   70.841423][ T3686]  ? fault_in_safe_writeable+0x240/0x240
[   70.847066][ T3686]  hfs_write_begin+0x86/0xd0
[   70.851645][ T3686]  ? hfs_free_extents+0x420/0x420
[   70.856658][ T3686]  generic_perform_write+0x2e4/0x5e0
[   70.861953][ T3686]  ? __block_commit_write+0x420/0x420
[   70.867345][ T3686]  ? generic_file_direct_write+0x610/0x610
[   70.873159][ T3686]  ? __file_remove_privs+0x6c0/0x6c0
[   70.878442][ T3686]  ? generic_write_checks+0x15c/0x1c0
[   70.883843][ T3686]  __generic_file_write_iter+0x176/0x400
[   70.889505][ T3686]  generic_file_write_iter+0xab/0x310
[   70.894895][ T3686]  vfs_write+0x7dc/0xc50
[   70.899164][ T3686]  ? file_end_write+0x230/0x230
[   70.904021][ T3686]  ? ptrace_stop+0x74d/0x970
[   70.908622][ T3686]  ? _raw_spin_unlock_irq+0x2a/0x40
[   70.913833][ T3686]  ? __fdget_pos+0x252/0x2e0
[   70.918426][ T3686]  ksys_write+0x177/0x2a0
[   70.922769][ T3686]  ? __ia32_sys_read+0x80/0x80
[   70.927522][ T3686]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   70.933517][ T3686]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   70.939510][ T3686]  do_syscall_64+0x3d/0xb0
[   70.943920][ T3686]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   70.949818][ T3686] RIP: 0033:0x7f0fa5191c89
[   70.954236][ T3686] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   70.973835][ T3686] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   70.982327][ T3686] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[pid  3686] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3686] exit_group(0)               = ?
[pid  3686] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3686, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./45/binderfs")                 = 0
umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./45/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./45")                           = 0
mkdir("./46", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3687
./strace-static-x86_64: Process 3687 attached
[pid  3687] chdir("./46")               = 0
[pid  3687] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3687] setpgid(0, 0)               = 0
[pid  3687] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3687] write(3, "1000", 4)         = 4
[pid  3687] close(3)                    = 0
[pid  3687] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3687] memfd_create("syzkaller", 0) = 3
[pid  3687] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[   70.990290][ T3686] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   70.998253][ T3686] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   71.006219][ T3686] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   71.014203][ T3686] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000002d
[   71.022177][ T3686]  </TASK>
[pid  3687] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3687] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3687] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3687] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3687] close(3)                    = 0
[pid  3687] mkdir("./file0", 0777)      = 0
[pid  3687] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3687] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3687] chdir("./file0")            = 0
[pid  3687] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3687] close(4)                    = 0
[pid  3687] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3687] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3687] write(5, "13", 2)           = 2
[   71.077807][ T3687] loop0: detected capacity change from 0 to 64
[   71.097501][ T3687] FAULT_INJECTION: forcing a failure.
[   71.097501][ T3687] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   71.113902][ T1250] ieee802154 phy0 wpan0: encryption failed: -22
[   71.120329][ T1250] ieee802154 phy1 wpan1: encryption failed: -22
[   71.126866][ T3687] CPU: 0 PID: 3687 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   71.137305][ T3687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   71.147369][ T3687] Call Trace:
[   71.150651][ T3687]  <TASK>
[   71.153600][ T3687]  dump_stack_lvl+0x1b1/0x28e
[   71.158286][ T3687]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   71.163744][ T3687]  ? panic+0x710/0x710
[   71.167815][ T3687]  ? do_anonymous_page+0xd4a/0x1150
[   71.173035][ T3687]  ? mark_lock+0x9a/0x350
[   71.177365][ T3687]  should_fail_ex+0x395/0x4c0
[   71.182053][ T3687]  prepare_alloc_pages+0x1d7/0x5a0
[   71.187171][ T3687]  __alloc_pages+0x161/0x560
[   71.191764][ T3687]  ? zone_statistics+0x160/0x160
[   71.196711][ T3687]  ? rcu_lock_release+0x5/0x20
[   71.201475][ T3687]  ? alloc_pages+0x520/0x7b0
[   71.206060][ T3687]  ? xas_descend+0x1f3/0x400
[   71.210739][ T3687]  folio_alloc+0x1a/0x50
[   71.214975][ T3687]  filemap_alloc_folio+0x7e/0x1c0
[   71.219998][ T3687]  __filemap_get_folio+0x898/0x1260
[   71.225199][ T3687]  ? page_cache_prev_miss+0x4e0/0x4e0
[   71.230571][ T3687]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[   71.236562][ T3687]  ? print_irqtrace_events+0x220/0x220
[   71.242023][ T3687]  pagecache_get_page+0x28/0x260
[   71.246960][ T3687]  ? hfs_free_extents+0x420/0x420
[   71.251980][ T3687]  block_write_begin+0x2e/0x1e0
[   71.256837][ T3687]  ? cont_write_begin+0x5e5/0x860
[   71.261861][ T3687]  ? hfs_free_extents+0x420/0x420
[   71.266884][ T3687]  cont_write_begin+0x606/0x860
[   71.271740][ T3687]  ? fault_in_readable+0x1d5/0x310
[   71.276856][ T3687]  ? generic_cont_expand_simple+0x250/0x250
[   71.282748][ T3687]  ? fault_in_readable+0x219/0x310
[   71.287860][ T3687]  ? fault_in_safe_writeable+0x240/0x240
[   71.293499][ T3687]  hfs_write_begin+0x86/0xd0
[   71.298082][ T3687]  ? hfs_free_extents+0x420/0x420
[   71.303104][ T3687]  generic_perform_write+0x2e4/0x5e0
[   71.308397][ T3687]  ? __block_commit_write+0x420/0x420
[   71.313769][ T3687]  ? generic_file_direct_write+0x610/0x610
[   71.319582][ T3687]  ? __file_remove_privs+0x6c0/0x6c0
[   71.324882][ T3687]  ? generic_write_checks+0x15c/0x1c0
[   71.330259][ T3687]  __generic_file_write_iter+0x176/0x400
[   71.335893][ T3687]  generic_file_write_iter+0xab/0x310
[   71.341267][ T3687]  vfs_write+0x7dc/0xc50
[   71.345537][ T3687]  ? file_end_write+0x230/0x230
[   71.350396][ T3687]  ? ptrace_stop+0x74d/0x970
[   71.355007][ T3687]  ? _raw_spin_unlock_irq+0x2a/0x40
[   71.360220][ T3687]  ? __fdget_pos+0x252/0x2e0
[   71.364824][ T3687]  ksys_write+0x177/0x2a0
[   71.369166][ T3687]  ? __ia32_sys_read+0x80/0x80
[   71.373939][ T3687]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   71.379922][ T3687]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   71.385925][ T3687]  do_syscall_64+0x3d/0xb0
[   71.390352][ T3687]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   71.396249][ T3687] RIP: 0033:0x7f0fa5191c89
[   71.400667][ T3687] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   71.420271][ T3687] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid  3687] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3687] exit_group(0)               = ?
[pid  3687] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3687, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./46/binderfs")                 = 0
umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[   71.428681][ T3687] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   71.436654][ T3687] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   71.444627][ T3687] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   71.452591][ T3687] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   71.460560][ T3687] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000002e
[   71.468633][ T3687]  </TASK>
umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./46/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./46")                           = 0
mkdir("./47", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3688
./strace-static-x86_64: Process 3688 attached
[pid  3688] chdir("./47")               = 0
[pid  3688] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3688] setpgid(0, 0)               = 0
[pid  3688] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3688] write(3, "1000", 4)         = 4
[pid  3688] close(3)                    = 0
[pid  3688] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3688] memfd_create("syzkaller", 0) = 3
[pid  3688] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3688] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3688] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3688] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3688] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3688] close(3)                    = 0
[pid  3688] mkdir("./file0", 0777)      = 0
[pid  3688] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3688] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3688] chdir("./file0")            = 0
[pid  3688] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3688] close(4)                    = 0
[pid  3688] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3688] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3688] write(5, "13", 2)           = 2
[   71.563388][ T3688] loop0: detected capacity change from 0 to 64
[   71.598888][ T3688] FAULT_INJECTION: forcing a failure.
[   71.598888][ T3688] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   71.623848][ T3688] CPU: 1 PID: 3688 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   71.634307][ T3688] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   71.644372][ T3688] Call Trace:
[   71.647661][ T3688]  <TASK>
[   71.650597][ T3688]  dump_stack_lvl+0x1b1/0x28e
[   71.655297][ T3688]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   71.660764][ T3688]  ? panic+0x710/0x710
[   71.664844][ T3688]  ? do_anonymous_page+0xd4a/0x1150
[   71.670059][ T3688]  ? mark_lock+0x9a/0x350
[   71.674411][ T3688]  should_fail_ex+0x395/0x4c0
[   71.679109][ T3688]  prepare_alloc_pages+0x1d7/0x5a0
[   71.684247][ T3688]  __alloc_pages+0x161/0x560
[   71.688855][ T3688]  ? zone_statistics+0x160/0x160
[   71.693817][ T3688]  ? rcu_lock_release+0x5/0x20
[   71.698593][ T3688]  ? alloc_pages+0x520/0x7b0
[   71.703192][ T3688]  ? xas_descend+0x1f3/0x400
[   71.707794][ T3688]  folio_alloc+0x1a/0x50
[   71.712031][ T3688]  filemap_alloc_folio+0x7e/0x1c0
[   71.717055][ T3688]  __filemap_get_folio+0x898/0x1260
[   71.722255][ T3688]  ? page_cache_prev_miss+0x4e0/0x4e0
[   71.727629][ T3688]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[   71.733610][ T3688]  ? print_irqtrace_events+0x220/0x220
[   71.739068][ T3688]  pagecache_get_page+0x28/0x260
[   71.744007][ T3688]  ? hfs_free_extents+0x420/0x420
[   71.749026][ T3688]  block_write_begin+0x2e/0x1e0
[   71.753877][ T3688]  ? cont_write_begin+0x5e5/0x860
[   71.758903][ T3688]  ? hfs_free_extents+0x420/0x420
[   71.763922][ T3688]  cont_write_begin+0x606/0x860
[   71.769038][ T3688]  ? fault_in_readable+0x1d5/0x310
[   71.774152][ T3688]  ? generic_cont_expand_simple+0x250/0x250
[   71.780047][ T3688]  ? fault_in_readable+0x219/0x310
[   71.785165][ T3688]  ? fault_in_safe_writeable+0x240/0x240
[   71.790803][ T3688]  hfs_write_begin+0x86/0xd0
[   71.795395][ T3688]  ? hfs_free_extents+0x420/0x420
[   71.800418][ T3688]  generic_perform_write+0x2e4/0x5e0
[   71.805710][ T3688]  ? __block_commit_write+0x420/0x420
[   71.811085][ T3688]  ? generic_file_direct_write+0x610/0x610
[   71.816892][ T3688]  ? __file_remove_privs+0x6c0/0x6c0
[   71.822182][ T3688]  ? generic_write_checks+0x15c/0x1c0
[   71.827559][ T3688]  __generic_file_write_iter+0x176/0x400
[   71.833195][ T3688]  generic_file_write_iter+0xab/0x310
[   71.838569][ T3688]  vfs_write+0x7dc/0xc50
[   71.842828][ T3688]  ? file_end_write+0x230/0x230
[   71.847676][ T3688]  ? ptrace_stop+0x74d/0x970
[   71.852273][ T3688]  ? _raw_spin_unlock_irq+0x2a/0x40
[   71.857475][ T3688]  ? __fdget_pos+0x252/0x2e0
[   71.862066][ T3688]  ksys_write+0x177/0x2a0
[   71.866397][ T3688]  ? __ia32_sys_read+0x80/0x80
[   71.871167][ T3688]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   71.877152][ T3688]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   71.883132][ T3688]  do_syscall_64+0x3d/0xb0
[   71.887553][ T3688]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   71.893441][ T3688] RIP: 0033:0x7f0fa5191c89
[   71.897854][ T3688] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid  3688] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3688] exit_group(0)               = ?
[pid  3688] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3688, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./47/binderfs")                 = 0
umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[   71.917455][ T3688] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   71.925873][ T3688] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   71.933942][ T3688] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   71.941909][ T3688] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   71.949876][ T3688] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   71.957841][ T3688] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000002f
[   71.965826][ T3688]  </TASK>
umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./47/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./47")                           = 0
mkdir("./48", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3689
./strace-static-x86_64: Process 3689 attached
[pid  3689] chdir("./48")               = 0
[pid  3689] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3689] setpgid(0, 0)               = 0
[pid  3689] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3689] write(3, "1000", 4)         = 4
[pid  3689] close(3)                    = 0
[pid  3689] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3689] memfd_create("syzkaller", 0) = 3
[pid  3689] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3689] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3689] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3689] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3689] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3689] close(3)                    = 0
[pid  3689] mkdir("./file0", 0777)      = 0
[pid  3689] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3689] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3689] chdir("./file0")            = 0
[pid  3689] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3689] close(4)                    = 0
[pid  3689] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3689] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3689] write(5, "13", 2)           = 2
[   72.058820][ T3689] loop0: detected capacity change from 0 to 64
[   72.109881][ T3689] FAULT_INJECTION: forcing a failure.
[   72.109881][ T3689] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   72.123403][ T3689] CPU: 1 PID: 3689 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   72.133840][ T3689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   72.143906][ T3689] Call Trace:
[   72.147194][ T3689]  <TASK>
[   72.150144][ T3689]  dump_stack_lvl+0x1b1/0x28e
[   72.154842][ T3689]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   72.160328][ T3689]  ? panic+0x710/0x710
[   72.164496][ T3689]  ? do_anonymous_page+0xd4a/0x1150
[   72.169716][ T3689]  ? mark_lock+0x9a/0x350
[   72.174063][ T3689]  should_fail_ex+0x395/0x4c0
[   72.178807][ T3689]  prepare_alloc_pages+0x1d7/0x5a0
[   72.183948][ T3689]  __alloc_pages+0x161/0x560
[   72.188567][ T3689]  ? zone_statistics+0x160/0x160
[   72.193531][ T3689]  ? rcu_lock_release+0x5/0x20
[   72.198311][ T3689]  ? alloc_pages+0x520/0x7b0
[   72.202913][ T3689]  ? xas_descend+0x1f3/0x400
[   72.207521][ T3689]  folio_alloc+0x1a/0x50
[   72.211774][ T3689]  filemap_alloc_folio+0x7e/0x1c0
[   72.216818][ T3689]  __filemap_get_folio+0x898/0x1260
[   72.222038][ T3689]  ? page_cache_prev_miss+0x4e0/0x4e0
[   72.227427][ T3689]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[   72.233425][ T3689]  ? print_irqtrace_events+0x220/0x220
[   72.238924][ T3689]  pagecache_get_page+0x28/0x260
[   72.243875][ T3689]  ? hfs_free_extents+0x420/0x420
[   72.248907][ T3689]  block_write_begin+0x2e/0x1e0
[   72.253862][ T3689]  ? cont_write_begin+0x5e5/0x860
[   72.258903][ T3689]  ? hfs_free_extents+0x420/0x420
[   72.263943][ T3689]  cont_write_begin+0x606/0x860
[   72.268818][ T3689]  ? fault_in_readable+0x1d5/0x310
[   72.273947][ T3689]  ? generic_cont_expand_simple+0x250/0x250
[   72.279853][ T3689]  ? fault_in_readable+0x219/0x310
[   72.284986][ T3689]  ? fault_in_safe_writeable+0x240/0x240
[   72.290821][ T3689]  hfs_write_begin+0x86/0xd0
[   72.295411][ T3689]  ? hfs_free_extents+0x420/0x420
[   72.300426][ T3689]  generic_perform_write+0x2e4/0x5e0
[   72.305722][ T3689]  ? __block_commit_write+0x420/0x420
[   72.311087][ T3689]  ? generic_file_direct_write+0x610/0x610
[   72.316899][ T3689]  ? __file_remove_privs+0x6c0/0x6c0
[   72.322179][ T3689]  ? generic_write_checks+0x15c/0x1c0
[   72.327653][ T3689]  __generic_file_write_iter+0x176/0x400
[   72.333315][ T3689]  generic_file_write_iter+0xab/0x310
[   72.338702][ T3689]  vfs_write+0x7dc/0xc50
[   72.342961][ T3689]  ? file_end_write+0x230/0x230
[   72.347816][ T3689]  ? ptrace_stop+0x74d/0x970
[   72.352402][ T3689]  ? _raw_spin_unlock_irq+0x2a/0x40
[   72.357592][ T3689]  ? __fdget_pos+0x252/0x2e0
[   72.362174][ T3689]  ksys_write+0x177/0x2a0
[   72.366505][ T3689]  ? __ia32_sys_read+0x80/0x80
[   72.371363][ T3689]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   72.377347][ T3689]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   72.383336][ T3689]  do_syscall_64+0x3d/0xb0
[   72.387740][ T3689]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   72.393708][ T3689] RIP: 0033:0x7f0fa5191c89
[   72.398123][ T3689] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   72.417736][ T3689] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   72.426145][ T3689] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   72.434121][ T3689] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   72.442086][ T3689] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   72.450065][ T3689] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  3689] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3689] exit_group(0)               = ?
[pid  3689] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3689, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./48/binderfs")                 = 0
umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./48/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./48")                           = 0
mkdir("./49", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3690
./strace-static-x86_64: Process 3690 attached
[pid  3690] chdir("./49")               = 0
[pid  3690] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3690] setpgid(0, 0)               = 0
[pid  3690] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3690] write(3, "1000", 4)         = 4
[pid  3690] close(3)                    = 0
[pid  3690] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3690] memfd_create("syzkaller", 0) = 3
[pid  3690] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3690] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3690] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3690] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   72.458030][ T3689] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000030
[   72.466004][ T3689]  </TASK>
[pid  3690] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3690] close(3)                    = 0
[pid  3690] mkdir("./file0", 0777)      = 0
[pid  3690] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3690] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3690] chdir("./file0")            = 0
[pid  3690] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3690] close(4)                    = 0
[pid  3690] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3690] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3690] write(5, "13", 2)           = 2
[   72.517909][ T3690] loop0: detected capacity change from 0 to 64
[   72.542928][ T3690] FAULT_INJECTION: forcing a failure.
[   72.542928][ T3690] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   72.556234][ T3690] CPU: 0 PID: 3690 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   72.566668][ T3690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   72.576730][ T3690] Call Trace:
[   72.580023][ T3690]  <TASK>
[   72.582965][ T3690]  dump_stack_lvl+0x1b1/0x28e
[   72.587663][ T3690]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   72.593131][ T3690]  ? panic+0x710/0x710
[   72.597209][ T3690]  ? hfs_free_extents+0x420/0x420
[   72.602247][ T3690]  ? PageHeadHuge+0x8a/0x1d0
[   72.606862][ T3690]  should_fail_ex+0x395/0x4c0
[   72.611574][ T3690]  copy_page_from_iter_atomic+0x217/0x1140
[   72.617414][ T3690]  ? generic_cont_expand_simple+0x250/0x250
[   72.623333][ T3690]  ? pipe_zero+0x200/0x200
[   72.627784][ T3690]  ? hfs_write_begin+0x86/0xd0
[   72.632558][ T3690]  ? hfs_free_extents+0x420/0x420
[   72.637606][ T3690]  ? hfs_write_begin+0x9e/0xd0
[   72.642374][ T3690]  generic_perform_write+0x35a/0x5e0
[   72.647826][ T3690]  ? __block_commit_write+0x420/0x420
[   72.653222][ T3690]  ? generic_file_direct_write+0x610/0x610
[   72.659131][ T3690]  ? __file_remove_privs+0x6c0/0x6c0
[   72.664524][ T3690]  ? generic_write_checks+0x15c/0x1c0
[   72.669926][ T3690]  __generic_file_write_iter+0x176/0x400
[   72.675593][ T3690]  generic_file_write_iter+0xab/0x310
[   72.680988][ T3690]  vfs_write+0x7dc/0xc50
[   72.685256][ T3690]  ? file_end_write+0x230/0x230
[   72.690122][ T3690]  ? ptrace_stop+0x74d/0x970
[   72.694747][ T3690]  ? _raw_spin_unlock_irq+0x2a/0x40
[   72.699969][ T3690]  ? __fdget_pos+0x252/0x2e0
[   72.704658][ T3690]  ksys_write+0x177/0x2a0
[   72.708996][ T3690]  ? __ia32_sys_read+0x80/0x80
[   72.713778][ T3690]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   72.719780][ T3690]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   72.725780][ T3690]  do_syscall_64+0x3d/0xb0
[   72.730215][ T3690]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   72.736128][ T3690] RIP: 0033:0x7f0fa5191c89
[   72.740555][ T3690] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   72.760189][ T3690] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid  3690] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid  3690] exit_group(0)               = ?
[pid  3690] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3690, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./49/binderfs")                 = 0
umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./49/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./49")                           = 0
mkdir("./50", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3691
./strace-static-x86_64: Process 3691 attached
[pid  3691] chdir("./50")               = 0
[pid  3691] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3691] setpgid(0, 0)               = 0
[pid  3691] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3691] write(3, "1000", 4)         = 4
[pid  3691] close(3)                    = 0
[pid  3691] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3691] memfd_create("syzkaller", 0) = 3
[   72.768605][ T3690] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   72.776582][ T3690] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   72.784629][ T3690] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   72.792588][ T3690] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   72.800565][ T3690] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000031
[   72.808546][ T3690]  </TASK>
[pid  3691] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3691] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3691] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3691] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3691] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3691] close(3)                    = 0
[pid  3691] mkdir("./file0", 0777)      = 0
[pid  3691] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3691] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3691] chdir("./file0")            = 0
[pid  3691] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3691] close(4)                    = 0
[pid  3691] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3691] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3691] write(5, "13", 2)           = 2
[   72.854732][ T3691] loop0: detected capacity change from 0 to 64
[   72.884573][ T3691] FAULT_INJECTION: forcing a failure.
[   72.884573][ T3691] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   72.897728][ T3691] CPU: 0 PID: 3691 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   72.908141][ T3691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   72.918200][ T3691] Call Trace:
[   72.921464][ T3691]  <TASK>
[   72.924379][ T3691]  dump_stack_lvl+0x1b1/0x28e
[   72.929047][ T3691]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   72.934487][ T3691]  ? panic+0x710/0x710
[   72.938541][ T3691]  ? hfs_free_extents+0x420/0x420
[   72.943559][ T3691]  ? PageHeadHuge+0x8a/0x1d0
[   72.948136][ T3691]  should_fail_ex+0x395/0x4c0
[   72.952814][ T3691]  copy_page_from_iter_atomic+0x217/0x1140
[   72.958629][ T3691]  ? generic_cont_expand_simple+0x250/0x250
[   72.964530][ T3691]  ? pipe_zero+0x200/0x200
[   72.968952][ T3691]  ? hfs_write_begin+0x86/0xd0
[   72.973706][ T3691]  ? hfs_free_extents+0x420/0x420
[   72.978724][ T3691]  ? hfs_write_begin+0x9e/0xd0
[   72.983484][ T3691]  generic_perform_write+0x35a/0x5e0
[   72.988775][ T3691]  ? __block_commit_write+0x420/0x420
[   72.994148][ T3691]  ? generic_file_direct_write+0x610/0x610
[   72.999951][ T3691]  ? __file_remove_privs+0x6c0/0x6c0
[   73.005233][ T3691]  ? generic_write_checks+0x15c/0x1c0
[   73.010610][ T3691]  __generic_file_write_iter+0x176/0x400
[   73.016246][ T3691]  generic_file_write_iter+0xab/0x310
[   73.021617][ T3691]  vfs_write+0x7dc/0xc50
[   73.025866][ T3691]  ? file_end_write+0x230/0x230
[   73.030710][ T3691]  ? ptrace_stop+0x74d/0x970
[   73.035307][ T3691]  ? _raw_spin_unlock_irq+0x2a/0x40
[   73.040505][ T3691]  ? __fdget_pos+0x252/0x2e0
[   73.045095][ T3691]  ksys_write+0x177/0x2a0
[   73.049439][ T3691]  ? __ia32_sys_read+0x80/0x80
[   73.054201][ T3691]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   73.060180][ T3691]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   73.066157][ T3691]  do_syscall_64+0x3d/0xb0
[   73.070569][ T3691]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   73.076453][ T3691] RIP: 0033:0x7f0fa5191c89
[   73.080859][ T3691] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid  3691] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid  3691] exit_group(0)               = ?
[pid  3691] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3691, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./50/binderfs")                 = 0
umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./50/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./50")                           = 0
mkdir("./51", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
[   73.100454][ T3691] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   73.108874][ T3691] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   73.116847][ T3691] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   73.124897][ T3691] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   73.132861][ T3691] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   73.140826][ T3691] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000032
[   73.148807][ T3691]  </TASK>
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3692
./strace-static-x86_64: Process 3692 attached
[pid  3692] chdir("./51")               = 0
[pid  3692] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3692] setpgid(0, 0)               = 0
[pid  3692] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3692] write(3, "1000", 4)         = 4
[pid  3692] close(3)                    = 0
[pid  3692] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3692] memfd_create("syzkaller", 0) = 3
[pid  3692] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3692] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3692] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3692] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3692] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3692] close(3)                    = 0
[pid  3692] mkdir("./file0", 0777)      = 0
[pid  3692] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3692] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3692] chdir("./file0")            = 0
[pid  3692] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3692] close(4)                    = 0
[pid  3692] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3692] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3692] write(5, "13", 2)           = 2
[   73.202259][ T3692] loop0: detected capacity change from 0 to 64
[   73.228544][ T3692] FAULT_INJECTION: forcing a failure.
[   73.228544][ T3692] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   73.241853][ T3692] CPU: 1 PID: 3692 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   73.252276][ T3692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   73.262331][ T3692] Call Trace:
[   73.265608][ T3692]  <TASK>
[   73.268535][ T3692]  dump_stack_lvl+0x1b1/0x28e
[   73.273213][ T3692]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   73.278672][ T3692]  ? panic+0x710/0x710
[   73.282734][ T3692]  ? do_anonymous_page+0xd4a/0x1150
[   73.287935][ T3692]  ? mark_lock+0x9a/0x350
[   73.292264][ T3692]  should_fail_ex+0x395/0x4c0
[   73.296947][ T3692]  prepare_alloc_pages+0x1d7/0x5a0
[   73.302066][ T3692]  __alloc_pages+0x161/0x560
[   73.306658][ T3692]  ? zone_statistics+0x160/0x160
[   73.311598][ T3692]  ? rcu_lock_release+0x5/0x20
[   73.316357][ T3692]  ? alloc_pages+0x520/0x7b0
[   73.320944][ T3692]  ? xas_descend+0x1f3/0x400
[   73.325541][ T3692]  folio_alloc+0x1a/0x50
[   73.329808][ T3692]  filemap_alloc_folio+0x7e/0x1c0
[   73.334861][ T3692]  __filemap_get_folio+0x898/0x1260
[   73.340087][ T3692]  ? page_cache_prev_miss+0x4e0/0x4e0
[   73.345494][ T3692]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[   73.351470][ T3692]  ? print_irqtrace_events+0x220/0x220
[   73.356927][ T3692]  pagecache_get_page+0x28/0x260
[   73.361862][ T3692]  ? hfs_free_extents+0x420/0x420
[   73.366880][ T3692]  block_write_begin+0x2e/0x1e0
[   73.371733][ T3692]  ? cont_write_begin+0x5e5/0x860
[   73.376753][ T3692]  ? hfs_free_extents+0x420/0x420
[   73.381770][ T3692]  cont_write_begin+0x606/0x860
[   73.386630][ T3692]  ? fault_in_readable+0x1d5/0x310
[   73.391744][ T3692]  ? generic_cont_expand_simple+0x250/0x250
[   73.397661][ T3692]  ? fault_in_readable+0x219/0x310
[   73.402788][ T3692]  ? fault_in_safe_writeable+0x240/0x240
[   73.408435][ T3692]  hfs_write_begin+0x86/0xd0
[   73.413027][ T3692]  ? hfs_free_extents+0x420/0x420
[   73.418057][ T3692]  generic_perform_write+0x2e4/0x5e0
[   73.423365][ T3692]  ? __block_commit_write+0x420/0x420
[   73.428759][ T3692]  ? generic_file_direct_write+0x610/0x610
[   73.434571][ T3692]  ? __file_remove_privs+0x6c0/0x6c0
[   73.439861][ T3692]  ? generic_write_checks+0x15c/0x1c0
[   73.445245][ T3692]  __generic_file_write_iter+0x176/0x400
[   73.450892][ T3692]  generic_file_write_iter+0xab/0x310
[   73.456269][ T3692]  vfs_write+0x7dc/0xc50
[   73.460525][ T3692]  ? file_end_write+0x230/0x230
[   73.465374][ T3692]  ? ptrace_stop+0x74d/0x970
[   73.469979][ T3692]  ? _raw_spin_unlock_irq+0x2a/0x40
[   73.475178][ T3692]  ? __fdget_pos+0x252/0x2e0
[   73.479769][ T3692]  ksys_write+0x177/0x2a0
[   73.484102][ T3692]  ? __ia32_sys_read+0x80/0x80
[   73.488864][ T3692]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   73.494841][ T3692]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   73.500818][ T3692]  do_syscall_64+0x3d/0xb0
[   73.505240][ T3692]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   73.511125][ T3692] RIP: 0033:0x7f0fa5191c89
[   73.515535][ T3692] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   73.535133][ T3692] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   73.543542][ T3692] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[pid  3692] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3692] exit_group(0)               = ?
[pid  3692] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3692, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./51/binderfs")                 = 0
umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./51/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./51")                           = 0
mkdir("./52", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3693
./strace-static-x86_64: Process 3693 attached
[pid  3693] chdir("./52")               = 0
[pid  3693] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3693] setpgid(0, 0)               = 0
[pid  3693] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3693] write(3, "1000", 4)         = 4
[pid  3693] close(3)                    = 0
[pid  3693] symlink("/dev/binderfs", "./binderfs") = 0
[   73.551506][ T3692] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   73.559489][ T3692] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   73.567472][ T3692] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   73.575434][ T3692] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000033
[   73.583412][ T3692]  </TASK>
[pid  3693] memfd_create("syzkaller", 0) = 3
[pid  3693] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3693] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3693] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3693] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3693] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3693] close(3)                    = 0
[pid  3693] mkdir("./file0", 0777)      = 0
[pid  3693] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3693] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3693] chdir("./file0")            = 0
[pid  3693] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3693] close(4)                    = 0
[pid  3693] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3693] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3693] write(5, "13", 2)           = 2
[   73.638026][ T3693] loop0: detected capacity change from 0 to 64
[   73.673574][ T3693] FAULT_INJECTION: forcing a failure.
[   73.673574][ T3693] name failslab, interval 1, probability 0, space 0, times 1
[   73.686470][ T3693] CPU: 0 PID: 3693 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   73.696895][ T3693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   73.707025][ T3693] Call Trace:
[   73.710301][ T3693]  <TASK>
[   73.713234][ T3693]  dump_stack_lvl+0x1b1/0x28e
[   73.717900][ T3693]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   73.723347][ T3693]  ? panic+0x710/0x710
[   73.727416][ T3693]  ? __might_sleep+0xc0/0xc0
[   73.731997][ T3693]  ? __mutex_lock_common+0x45f/0x26e0
[   73.737365][ T3693]  should_fail_ex+0x395/0x4c0
[   73.742039][ T3693]  ? hfs_find_init+0x8b/0x1e0
[   73.746710][ T3693]  should_failslab+0x5/0x20
[   73.751208][ T3693]  __kmem_cache_alloc_node+0x69/0x310
[   73.756571][ T3693]  ? hfs_find_init+0x8b/0x1e0
[   73.761249][ T3693]  __kmalloc+0x9e/0x1a0
[   73.765405][ T3693]  hfs_find_init+0x8b/0x1e0
[   73.769900][ T3693]  hfs_extend_file+0x2f8/0x1420
[   73.774763][ T3693]  ? hfs_get_block+0xbb0/0xbb0
[   73.779531][ T3693]  ? lru_cache_disable+0x30/0x30
[   73.784468][ T3693]  ? __might_sleep+0xc0/0xc0
[   73.789074][ T3693]  hfs_get_block+0x3fc/0xbb0
[   73.793661][ T3693]  ? hfs_free_extents+0x420/0x420
[   73.798668][ T3693]  ? do_raw_spin_unlock+0x134/0x8a0
[   73.803877][ T3693]  ? create_page_buffers+0x244/0x4b0
[   73.809168][ T3693]  __block_write_begin_int+0x54c/0x1a80
[   73.814782][ T3693]  ? hfs_free_extents+0x420/0x420
[   73.819805][ T3693]  ? page_zero_new_buffers+0x940/0x940
[   73.825254][ T3693]  ? PageHeadHuge+0x8a/0x1d0
[   73.829846][ T3693]  ? hfs_free_extents+0x420/0x420
[   73.834870][ T3693]  block_write_begin+0x93/0x1e0
[   73.839709][ T3693]  ? cont_write_begin+0x5e5/0x860
[   73.844723][ T3693]  ? hfs_free_extents+0x420/0x420
[   73.849821][ T3693]  cont_write_begin+0x606/0x860
[   73.854682][ T3693]  ? fault_in_readable+0x1d5/0x310
[   73.859800][ T3693]  ? generic_cont_expand_simple+0x250/0x250
[   73.865693][ T3693]  ? fault_in_readable+0x219/0x310
[   73.870814][ T3693]  ? fault_in_safe_writeable+0x240/0x240
[   73.876470][ T3693]  hfs_write_begin+0x86/0xd0
[   73.881062][ T3693]  ? hfs_free_extents+0x420/0x420
[   73.886086][ T3693]  generic_perform_write+0x2e4/0x5e0
[   73.891384][ T3693]  ? __block_commit_write+0x420/0x420
[   73.896759][ T3693]  ? generic_file_direct_write+0x610/0x610
[   73.902653][ T3693]  ? __file_remove_privs+0x6c0/0x6c0
[   73.907953][ T3693]  ? generic_write_checks+0x15c/0x1c0
[   73.913339][ T3693]  __generic_file_write_iter+0x176/0x400
[   73.919064][ T3693]  generic_file_write_iter+0xab/0x310
[   73.924459][ T3693]  vfs_write+0x7dc/0xc50
[   73.928728][ T3693]  ? file_end_write+0x230/0x230
[   73.933582][ T3693]  ? ptrace_stop+0x74d/0x970
[   73.938169][ T3693]  ? _raw_spin_unlock_irq+0x2a/0x40
[   73.943363][ T3693]  ? __fdget_pos+0x252/0x2e0
[   73.947959][ T3693]  ksys_write+0x177/0x2a0
[   73.952309][ T3693]  ? __ia32_sys_read+0x80/0x80
[   73.957076][ T3693]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   73.963047][ T3693]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   73.969017][ T3693]  do_syscall_64+0x3d/0xb0
[   73.973426][ T3693]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   73.979305][ T3693] RIP: 0033:0x7f0fa5191c89
[   73.983725][ T3693] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   74.003346][ T3693] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   74.011751][ T3693] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   74.019720][ T3693] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   74.027693][ T3693] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3693] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3693] exit_group(0)               = ?
[pid  3693] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3693, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./52/binderfs")                 = 0
umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./52/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./52")                           = 0
mkdir("./53", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3694
./strace-static-x86_64: Process 3694 attached
[pid  3694] chdir("./53")               = 0
[pid  3694] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3694] setpgid(0, 0)               = 0
[pid  3694] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3694] write(3, "1000", 4)         = 4
[pid  3694] close(3)                    = 0
[pid  3694] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3694] memfd_create("syzkaller", 0) = 3
[pid  3694] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3694] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3694] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3694] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   74.035661][ T3693] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   74.043630][ T3693] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000034
[   74.051625][ T3693]  </TASK>
[pid  3694] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3694] close(3)                    = 0
[pid  3694] mkdir("./file0", 0777)      = 0
[pid  3694] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3694] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3694] chdir("./file0")            = 0
[pid  3694] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3694] close(4)                    = 0
[pid  3694] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3694] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3694] write(5, "13", 2)           = 2
[   74.090277][ T3694] loop0: detected capacity change from 0 to 64
[   74.092536][ T3640] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[   74.119260][ T3694] FAULT_INJECTION: forcing a failure.
[   74.119260][ T3694] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   74.133624][ T3694] CPU: 1 PID: 3694 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   74.144057][ T3694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   74.154098][ T3694] Call Trace:
[   74.157362][ T3694]  <TASK>
[   74.160279][ T3694]  dump_stack_lvl+0x1b1/0x28e
[   74.165032][ T3694]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   74.170476][ T3694]  ? panic+0x710/0x710
[   74.174528][ T3694]  ? do_anonymous_page+0xd4a/0x1150
[   74.179830][ T3694]  ? mark_lock+0x9a/0x350
[   74.184161][ T3694]  should_fail_ex+0x395/0x4c0
[   74.188848][ T3694]  prepare_alloc_pages+0x1d7/0x5a0
[   74.193963][ T3694]  __alloc_pages+0x161/0x560
[   74.198546][ T3694]  ? zone_statistics+0x160/0x160
[   74.203478][ T3694]  ? rcu_lock_release+0x5/0x20
[   74.208227][ T3694]  ? alloc_pages+0x520/0x7b0
[   74.212802][ T3694]  ? xas_descend+0x1f3/0x400
[   74.217385][ T3694]  folio_alloc+0x1a/0x50
[   74.221612][ T3694]  filemap_alloc_folio+0x7e/0x1c0
[   74.226623][ T3694]  __filemap_get_folio+0x898/0x1260
[   74.232244][ T3694]  ? page_cache_prev_miss+0x4e0/0x4e0
[   74.237600][ T3694]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[   74.243566][ T3694]  ? print_irqtrace_events+0x220/0x220
[   74.249013][ T3694]  pagecache_get_page+0x28/0x260
[   74.253938][ T3694]  ? hfs_free_extents+0x420/0x420
[   74.258951][ T3694]  block_write_begin+0x2e/0x1e0
[   74.263797][ T3694]  ? cont_write_begin+0x5e5/0x860
[   74.268894][ T3694]  ? hfs_free_extents+0x420/0x420
[   74.273901][ T3694]  cont_write_begin+0x606/0x860
[   74.278758][ T3694]  ? fault_in_readable+0x1d5/0x310
[   74.283863][ T3694]  ? generic_cont_expand_simple+0x250/0x250
[   74.289741][ T3694]  ? fault_in_readable+0x219/0x310
[   74.294839][ T3694]  ? fault_in_safe_writeable+0x240/0x240
[   74.300471][ T3694]  hfs_write_begin+0x86/0xd0
[   74.305054][ T3694]  ? hfs_free_extents+0x420/0x420
[   74.310061][ T3694]  generic_perform_write+0x2e4/0x5e0
[   74.315338][ T3694]  ? __block_commit_write+0x420/0x420
[   74.320695][ T3694]  ? generic_file_direct_write+0x610/0x610
[   74.326500][ T3694]  ? __file_remove_privs+0x6c0/0x6c0
[   74.331770][ T3694]  ? generic_write_checks+0x15c/0x1c0
[   74.337133][ T3694]  __generic_file_write_iter+0x176/0x400
[   74.342750][ T3694]  generic_file_write_iter+0xab/0x310
[   74.348105][ T3694]  vfs_write+0x7dc/0xc50
[   74.352357][ T3694]  ? file_end_write+0x230/0x230
[   74.357254][ T3694]  ? ptrace_stop+0x74d/0x970
[   74.361847][ T3694]  ? _raw_spin_unlock_irq+0x2a/0x40
[   74.367048][ T3694]  ? __fdget_pos+0x252/0x2e0
[   74.371629][ T3694]  ksys_write+0x177/0x2a0
[   74.375954][ T3694]  ? __ia32_sys_read+0x80/0x80
[   74.380706][ T3694]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   74.386674][ T3694]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   74.392640][ T3694]  do_syscall_64+0x3d/0xb0
[   74.397039][ T3694]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   74.402917][ T3694] RIP: 0033:0x7f0fa5191c89
[   74.407320][ T3694] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   74.426938][ T3694] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid  3694] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3694] exit_group(0)               = ?
[pid  3694] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3694, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./53/binderfs")                 = 0
umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./53/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./53")                           = 0
mkdir("./54", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3695
./strace-static-x86_64: Process 3695 attached
[pid  3695] chdir("./54")               = 0
[pid  3695] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3695] setpgid(0, 0)               = 0
[pid  3695] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3695] write(3, "1000", 4)         = 4
[pid  3695] close(3)                    = 0
[pid  3695] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3695] memfd_create("syzkaller", 0) = 3
[pid  3695] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3695] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3695] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3695] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   74.435450][ T3694] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   74.443424][ T3694] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   74.451378][ T3694] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   74.459334][ T3694] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   74.467294][ T3694] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000035
[   74.475262][ T3694]  </TASK>
[pid  3695] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3695] close(3)                    = 0
[pid  3695] mkdir("./file0", 0777)      = 0
[pid  3695] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3695] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3695] chdir("./file0")            = 0
[pid  3695] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3695] close(4)                    = 0
[pid  3695] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3695] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3695] write(5, "13", 2)           = 2
[   74.521693][ T3695] loop0: detected capacity change from 0 to 64
[   74.557619][ T3695] FAULT_INJECTION: forcing a failure.
[   74.557619][ T3695] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   74.571159][ T3695] CPU: 0 PID: 3695 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   74.581593][ T3695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   74.591638][ T3695] Call Trace:
[   74.594906][ T3695]  <TASK>
[   74.597830][ T3695]  dump_stack_lvl+0x1b1/0x28e
[   74.602509][ T3695]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   74.607973][ T3695]  ? panic+0x710/0x710
[   74.612028][ T3695]  ? do_anonymous_page+0xd4a/0x1150
[   74.617217][ T3695]  ? mark_lock+0x9a/0x350
[   74.621537][ T3695]  should_fail_ex+0x395/0x4c0
[   74.626207][ T3695]  prepare_alloc_pages+0x1d7/0x5a0
[   74.631339][ T3695]  __alloc_pages+0x161/0x560
[   74.635931][ T3695]  ? zone_statistics+0x160/0x160
[   74.640875][ T3695]  ? rcu_lock_release+0x5/0x20
[   74.645654][ T3695]  ? alloc_pages+0x520/0x7b0
[   74.650229][ T3695]  ? xas_descend+0x1f3/0x400
[   74.654822][ T3695]  folio_alloc+0x1a/0x50
[   74.659076][ T3695]  filemap_alloc_folio+0x7e/0x1c0
[   74.664106][ T3695]  __filemap_get_folio+0x898/0x1260
[   74.669316][ T3695]  ? page_cache_prev_miss+0x4e0/0x4e0
[   74.674676][ T3695]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[   74.680641][ T3695]  ? print_irqtrace_events+0x220/0x220
[   74.686093][ T3695]  pagecache_get_page+0x28/0x260
[   74.691020][ T3695]  ? hfs_free_extents+0x420/0x420
[   74.696125][ T3695]  block_write_begin+0x2e/0x1e0
[   74.700982][ T3695]  ? cont_write_begin+0x5e5/0x860
[   74.705992][ T3695]  ? hfs_free_extents+0x420/0x420
[   74.711002][ T3695]  cont_write_begin+0x606/0x860
[   74.715845][ T3695]  ? fault_in_readable+0x1d5/0x310
[   74.720955][ T3695]  ? generic_cont_expand_simple+0x250/0x250
[   74.726859][ T3695]  ? fault_in_readable+0x219/0x310
[   74.731975][ T3695]  ? fault_in_safe_writeable+0x240/0x240
[   74.737623][ T3695]  hfs_write_begin+0x86/0xd0
[   74.742200][ T3695]  ? hfs_free_extents+0x420/0x420
[   74.747217][ T3695]  generic_perform_write+0x2e4/0x5e0
[   74.752515][ T3695]  ? __block_commit_write+0x420/0x420
[   74.757989][ T3695]  ? generic_file_direct_write+0x610/0x610
[   74.763803][ T3695]  ? __file_remove_privs+0x6c0/0x6c0
[   74.769086][ T3695]  ? generic_write_checks+0x15c/0x1c0
[   74.774481][ T3695]  __generic_file_write_iter+0x176/0x400
[   74.780385][ T3695]  generic_file_write_iter+0xab/0x310
[   74.785752][ T3695]  vfs_write+0x7dc/0xc50
[   74.789989][ T3695]  ? file_end_write+0x230/0x230
[   74.794826][ T3695]  ? ptrace_stop+0x74d/0x970
[   74.799427][ T3695]  ? _raw_spin_unlock_irq+0x2a/0x40
[   74.804634][ T3695]  ? __fdget_pos+0x252/0x2e0
[   74.809240][ T3695]  ksys_write+0x177/0x2a0
[   74.813561][ T3695]  ? __ia32_sys_read+0x80/0x80
[   74.818322][ T3695]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   74.824307][ T3695]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   74.830275][ T3695]  do_syscall_64+0x3d/0xb0
[   74.834678][ T3695]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   74.840571][ T3695] RIP: 0033:0x7f0fa5191c89
[   74.844988][ T3695] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   74.864580][ T3695] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid  3695] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3695] exit_group(0)               = ?
[pid  3695] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3695, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./54/binderfs")                 = 0
umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./54/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./54")                           = 0
mkdir("./55", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
[   74.872982][ T3695] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   74.880953][ T3695] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   74.888914][ T3695] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   74.896881][ T3695] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   74.904862][ T3695] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000036
[   74.912839][ T3695]  </TASK>
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3696
./strace-static-x86_64: Process 3696 attached
[pid  3696] chdir("./55")               = 0
[pid  3696] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3696] setpgid(0, 0)               = 0
[pid  3696] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3696] write(3, "1000", 4)         = 4
[pid  3696] close(3)                    = 0
[pid  3696] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3696] memfd_create("syzkaller", 0) = 3
[pid  3696] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3696] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3696] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3696] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3696] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3696] close(3)                    = 0
[pid  3696] mkdir("./file0", 0777)      = 0
[pid  3696] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3696] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3696] chdir("./file0")            = 0
[pid  3696] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3696] close(4)                    = 0
[pid  3696] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3696] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3696] write(5, "13", 2)           = 2
[pid  3696] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid  3696] exit_group(0)               = ?
[pid  3696] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3696, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./55/binderfs")                 = 0
umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./55/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./55")                           = 0
mkdir("./56", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3697 attached
, child_tidptr=0x555555b7f5d0) = 3697
[   74.965195][ T3696] loop0: detected capacity change from 0 to 64
[pid  3697] chdir("./56")               = 0
[pid  3697] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3697] setpgid(0, 0)               = 0
[pid  3697] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3697] write(3, "1000", 4)         = 4
[pid  3697] close(3)                    = 0
[pid  3697] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3697] memfd_create("syzkaller", 0) = 3
[pid  3697] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3697] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3697] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3697] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3697] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3697] close(3)                    = 0
[pid  3697] mkdir("./file0", 0777)      = 0
[pid  3697] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3697] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3697] chdir("./file0")            = 0
[pid  3697] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3697] close(4)                    = 0
[pid  3697] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3697] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3697] write(5, "13", 2)           = 2
[   75.043143][ T3697] loop0: detected capacity change from 0 to 64
[   75.068049][ T3697] FAULT_INJECTION: forcing a failure.
[   75.068049][ T3697] name failslab, interval 1, probability 0, space 0, times 0
[   75.081719][ T3697] CPU: 1 PID: 3697 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   75.092167][ T3697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   75.102226][ T3697] Call Trace:
[   75.105493][ T3697]  <TASK>
[   75.108411][ T3697]  dump_stack_lvl+0x1b1/0x28e
[   75.113080][ T3697]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   75.118530][ T3697]  ? panic+0x710/0x710
[   75.122593][ T3697]  ? __might_sleep+0xc0/0xc0
[   75.127178][ T3697]  ? __mutex_lock_common+0x45f/0x26e0
[   75.132574][ T3697]  should_fail_ex+0x395/0x4c0
[   75.137302][ T3697]  ? hfs_find_init+0x8b/0x1e0
[   75.141972][ T3697]  should_failslab+0x5/0x20
[   75.146473][ T3697]  __kmem_cache_alloc_node+0x69/0x310
[   75.152041][ T3697]  ? rcu_lock_release+0x5/0x20
[   75.156809][ T3697]  ? hfs_find_init+0x8b/0x1e0
[   75.161482][ T3697]  __kmalloc+0x9e/0x1a0
[   75.165657][ T3697]  hfs_find_init+0x8b/0x1e0
[   75.170179][ T3697]  hfs_extend_file+0x2f8/0x1420
[   75.175017][ T3697]  ? xas_find+0x937/0xa60
[   75.179366][ T3697]  ? hfs_get_block+0xbb0/0xbb0
[   75.184175][ T3697]  ? filemap_get_folios+0x557/0x830
[   75.189392][ T3697]  ? find_lock_entries+0xf60/0xf60
[   75.194521][ T3697]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[   75.200425][ T3697]  hfs_get_block+0x3fc/0xbb0
[   75.205034][ T3697]  ? hfs_free_extents+0x420/0x420
[   75.210057][ T3697]  ? do_raw_spin_unlock+0x134/0x8a0
[   75.215269][ T3697]  ? create_page_buffers+0x244/0x4b0
[   75.220552][ T3697]  __block_write_begin_int+0x54c/0x1a80
[   75.226104][ T3697]  ? hfs_free_extents+0x420/0x420
[   75.231118][ T3697]  ? page_zero_new_buffers+0x940/0x940
[   75.236574][ T3697]  ? PageHeadHuge+0x8a/0x1d0
[   75.241156][ T3697]  ? hfs_free_extents+0x420/0x420
[   75.246174][ T3697]  block_write_begin+0x93/0x1e0
[   75.251020][ T3697]  ? cont_write_begin+0x5e5/0x860
[   75.256031][ T3697]  ? hfs_free_extents+0x420/0x420
[   75.261057][ T3697]  cont_write_begin+0x606/0x860
[   75.265922][ T3697]  ? fault_in_readable+0x1d5/0x310
[   75.271036][ T3697]  ? generic_cont_expand_simple+0x250/0x250
[   75.276934][ T3697]  ? fault_in_readable+0x219/0x310
[   75.282046][ T3697]  ? fault_in_safe_writeable+0x240/0x240
[   75.287696][ T3697]  hfs_write_begin+0x86/0xd0
[   75.292277][ T3697]  ? hfs_free_extents+0x420/0x420
[   75.297293][ T3697]  generic_perform_write+0x2e4/0x5e0
[   75.302680][ T3697]  ? __block_commit_write+0x420/0x420
[   75.308067][ T3697]  ? generic_file_direct_write+0x610/0x610
[   75.313886][ T3697]  ? __file_remove_privs+0x6c0/0x6c0
[   75.319175][ T3697]  ? generic_write_checks+0x15c/0x1c0
[   75.324591][ T3697]  __generic_file_write_iter+0x176/0x400
[   75.330255][ T3697]  generic_file_write_iter+0xab/0x310
[   75.335640][ T3697]  vfs_write+0x7dc/0xc50
[   75.339899][ T3697]  ? file_end_write+0x230/0x230
[   75.344737][ T3697]  ? ptrace_stop+0x74d/0x970
[   75.349355][ T3697]  ? _raw_spin_unlock_irq+0x2a/0x40
[   75.354564][ T3697]  ? __fdget_pos+0x252/0x2e0
[   75.359158][ T3697]  ksys_write+0x177/0x2a0
[   75.363513][ T3697]  ? __ia32_sys_read+0x80/0x80
[   75.368272][ T3697]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   75.374256][ T3697]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   75.380260][ T3697]  do_syscall_64+0x3d/0xb0
[   75.384675][ T3697]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   75.390560][ T3697] RIP: 0033:0x7f0fa5191c89
[   75.394976][ T3697] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   75.414588][ T3697] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   75.422991][ T3697] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   75.430964][ T3697] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid  3697] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3697] exit_group(0)               = ?
[pid  3697] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3697, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./56/binderfs")                 = 0
umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./56/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./56")                           = 0
mkdir("./57", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
[   75.439033][ T3697] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   75.447010][ T3697] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   75.454971][ T3697] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000038
[   75.462951][ T3697]  </TASK>
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3698 attached
 <unfinished ...>
[pid  3698] chdir("./57")               = 0
[pid  3698] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3698] setpgid(0, 0)               = 0
[pid  3698] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid  3638] <... clone resumed>, child_tidptr=0x555555b7f5d0) = 3698
[pid  3698] <... openat resumed>)       = 3
[pid  3698] write(3, "1000", 4)         = 4
[pid  3698] close(3)                    = 0
[pid  3698] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3698] memfd_create("syzkaller", 0) = 3
[pid  3698] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3698] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3698] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3698] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3698] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3698] close(3)                    = 0
[pid  3698] mkdir("./file0", 0777)      = 0
[pid  3698] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3698] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3698] chdir("./file0")            = 0
[pid  3698] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3698] close(4)                    = 0
[pid  3698] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3698] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3698] write(5, "13", 2)           = 2
[   75.525713][ T3698] loop0: detected capacity change from 0 to 64
[   75.559924][ T3698] FAULT_INJECTION: forcing a failure.
[   75.559924][ T3698] name failslab, interval 1, probability 0, space 0, times 0
[   75.572882][ T3698] CPU: 0 PID: 3698 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   75.583310][ T3698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   75.593356][ T3698] Call Trace:
[   75.596722][ T3698]  <TASK>
[   75.599691][ T3698]  dump_stack_lvl+0x1b1/0x28e
[   75.604365][ T3698]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   75.609813][ T3698]  ? panic+0x710/0x710
[   75.613876][ T3698]  ? __might_sleep+0xc0/0xc0
[   75.618456][ T3698]  ? __mutex_lock_common+0x45f/0x26e0
[   75.623839][ T3698]  should_fail_ex+0x395/0x4c0
[   75.628510][ T3698]  ? hfs_find_init+0x8b/0x1e0
[   75.633185][ T3698]  should_failslab+0x5/0x20
[   75.637680][ T3698]  __kmem_cache_alloc_node+0x69/0x310
[   75.643045][ T3698]  ? hfs_find_init+0x8b/0x1e0
[   75.647812][ T3698]  __kmalloc+0x9e/0x1a0
[   75.651985][ T3698]  hfs_find_init+0x8b/0x1e0
[   75.656482][ T3698]  hfs_extend_file+0x2f8/0x1420
[   75.661343][ T3698]  ? hfs_get_block+0xbb0/0xbb0
[   75.666116][ T3698]  ? lru_cache_disable+0x30/0x30
[   75.671049][ T3698]  ? __might_sleep+0xc0/0xc0
[   75.675662][ T3698]  hfs_get_block+0x3fc/0xbb0
[   75.680251][ T3698]  ? hfs_free_extents+0x420/0x420
[   75.685267][ T3698]  ? do_raw_spin_unlock+0x134/0x8a0
[   75.690460][ T3698]  ? create_page_buffers+0x244/0x4b0
[   75.695749][ T3698]  __block_write_begin_int+0x54c/0x1a80
[   75.701348][ T3698]  ? hfs_free_extents+0x420/0x420
[   75.706376][ T3698]  ? page_zero_new_buffers+0x940/0x940
[   75.711826][ T3698]  ? PageHeadHuge+0x8a/0x1d0
[   75.716422][ T3698]  ? hfs_free_extents+0x420/0x420
[   75.721450][ T3698]  block_write_begin+0x93/0x1e0
[   75.726288][ T3698]  ? cont_write_begin+0x5e5/0x860
[   75.731299][ T3698]  ? hfs_free_extents+0x420/0x420
[   75.736310][ T3698]  cont_write_begin+0x606/0x860
[   75.741168][ T3698]  ? fault_in_readable+0x1d5/0x310
[   75.746287][ T3698]  ? generic_cont_expand_simple+0x250/0x250
[   75.752180][ T3698]  ? fault_in_readable+0x219/0x310
[   75.757299][ T3698]  ? fault_in_safe_writeable+0x240/0x240
[   75.762929][ T3698]  hfs_write_begin+0x86/0xd0
[   75.767521][ T3698]  ? hfs_free_extents+0x420/0x420
[   75.772535][ T3698]  generic_perform_write+0x2e4/0x5e0
[   75.777817][ T3698]  ? __block_commit_write+0x420/0x420
[   75.783178][ T3698]  ? generic_file_direct_write+0x610/0x610
[   75.788972][ T3698]  ? __file_remove_privs+0x6c0/0x6c0
[   75.794245][ T3698]  ? generic_write_checks+0x15c/0x1c0
[   75.799612][ T3698]  __generic_file_write_iter+0x176/0x400
[   75.805240][ T3698]  generic_file_write_iter+0xab/0x310
[   75.810687][ T3698]  vfs_write+0x7dc/0xc50
[   75.814925][ T3698]  ? file_end_write+0x230/0x230
[   75.819763][ T3698]  ? ptrace_stop+0x74d/0x970
[   75.824435][ T3698]  ? _raw_spin_unlock_irq+0x2a/0x40
[   75.829645][ T3698]  ? __fdget_pos+0x252/0x2e0
[   75.834236][ T3698]  ksys_write+0x177/0x2a0
[   75.838558][ T3698]  ? __ia32_sys_read+0x80/0x80
[   75.843311][ T3698]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   75.849278][ T3698]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   75.855430][ T3698]  do_syscall_64+0x3d/0xb0
[   75.859849][ T3698]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   75.865728][ T3698] RIP: 0033:0x7f0fa5191c89
[   75.870131][ T3698] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   75.889742][ T3698] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   75.898167][ T3698] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   75.906138][ T3698] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   75.914113][ T3698] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3698] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3698] exit_group(0)               = ?
[pid  3698] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3698, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./57/binderfs")                 = 0
umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./57/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./57/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./57")                           = 0
mkdir("./58", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3699
./strace-static-x86_64: Process 3699 attached
[pid  3699] chdir("./58")               = 0
[pid  3699] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3699] setpgid(0, 0)               = 0
[pid  3699] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3699] write(3, "1000", 4)         = 4
[pid  3699] close(3)                    = 0
[pid  3699] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3699] memfd_create("syzkaller", 0) = 3
[pid  3699] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[   75.922074][ T3698] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   75.930033][ T3698] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000039
[   75.938024][ T3698]  </TASK>
[pid  3699] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3699] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3699] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3699] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3699] close(3)                    = 0
[pid  3699] mkdir("./file0", 0777)      = 0
[pid  3699] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3699] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3699] chdir("./file0")            = 0
[pid  3699] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3699] close(4)                    = 0
[pid  3699] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3699] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3699] write(5, "13", 2)           = 2
[   75.991452][ T3699] loop0: detected capacity change from 0 to 64
[   76.017344][ T3699] FAULT_INJECTION: forcing a failure.
[   76.017344][ T3699] name failslab, interval 1, probability 0, space 0, times 0
[   76.030053][ T3699] CPU: 1 PID: 3699 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   76.040454][ T3699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   76.050515][ T3699] Call Trace:
[   76.053797][ T3699]  <TASK>
[   76.056721][ T3699]  dump_stack_lvl+0x1b1/0x28e
[   76.061401][ T3699]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   76.066871][ T3699]  ? panic+0x710/0x710
[   76.070941][ T3699]  ? __might_sleep+0xc0/0xc0
[   76.075519][ T3699]  ? __mutex_lock_common+0x45f/0x26e0
[   76.080908][ T3699]  should_fail_ex+0x395/0x4c0
[   76.085595][ T3699]  ? hfs_find_init+0x8b/0x1e0
[   76.090264][ T3699]  should_failslab+0x5/0x20
[   76.094770][ T3699]  __kmem_cache_alloc_node+0x69/0x310
[   76.100163][ T3699]  ? hfs_find_init+0x8b/0x1e0
[   76.104877][ T3699]  __kmalloc+0x9e/0x1a0
[   76.109026][ T3699]  hfs_find_init+0x8b/0x1e0
[   76.113553][ T3699]  hfs_extend_file+0x2f8/0x1420
[   76.118407][ T3699]  ? hfs_get_block+0xbb0/0xbb0
[   76.123249][ T3699]  ? lru_cache_disable+0x30/0x30
[   76.128177][ T3699]  ? __might_sleep+0xc0/0xc0
[   76.132773][ T3699]  hfs_get_block+0x3fc/0xbb0
[   76.137390][ T3699]  ? hfs_free_extents+0x420/0x420
[   76.142420][ T3699]  ? do_raw_spin_unlock+0x134/0x8a0
[   76.147621][ T3699]  ? create_page_buffers+0x244/0x4b0
[   76.152925][ T3699]  __block_write_begin_int+0x54c/0x1a80
[   76.158498][ T3699]  ? hfs_free_extents+0x420/0x420
[   76.163519][ T3699]  ? page_zero_new_buffers+0x940/0x940
[   76.168979][ T3699]  ? PageHeadHuge+0x8a/0x1d0
[   76.173572][ T3699]  ? hfs_free_extents+0x420/0x420
[   76.178590][ T3699]  block_write_begin+0x93/0x1e0
[   76.183442][ T3699]  ? cont_write_begin+0x5e5/0x860
[   76.188458][ T3699]  ? hfs_free_extents+0x420/0x420
[   76.193484][ T3699]  cont_write_begin+0x606/0x860
[   76.198354][ T3699]  ? fault_in_readable+0x1d5/0x310
[   76.203461][ T3699]  ? generic_cont_expand_simple+0x250/0x250
[   76.209356][ T3699]  ? fault_in_readable+0x219/0x310
[   76.214472][ T3699]  ? fault_in_safe_writeable+0x240/0x240
[   76.220111][ T3699]  hfs_write_begin+0x86/0xd0
[   76.224692][ T3699]  ? hfs_free_extents+0x420/0x420
[   76.229719][ T3699]  generic_perform_write+0x2e4/0x5e0
[   76.232826][   T14] cfg80211: failed to load regulatory.db
[   76.234997][ T3699]  ? __block_commit_write+0x420/0x420
[   76.246007][ T3699]  ? generic_file_direct_write+0x610/0x610
[   76.251835][ T3699]  ? __file_remove_privs+0x6c0/0x6c0
[   76.257119][ T3699]  ? generic_write_checks+0x15c/0x1c0
[   76.262491][ T3699]  __generic_file_write_iter+0x176/0x400
[   76.268135][ T3699]  generic_file_write_iter+0xab/0x310
[   76.273525][ T3699]  vfs_write+0x7dc/0xc50
[   76.277801][ T3699]  ? file_end_write+0x230/0x230
[   76.282653][ T3699]  ? ptrace_stop+0x74d/0x970
[   76.287259][ T3699]  ? _raw_spin_unlock_irq+0x2a/0x40
[   76.292469][ T3699]  ? __fdget_pos+0x252/0x2e0
[   76.297062][ T3699]  ksys_write+0x177/0x2a0
[   76.301404][ T3699]  ? __ia32_sys_read+0x80/0x80
[   76.306160][ T3699]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   76.312143][ T3699]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   76.318137][ T3699]  do_syscall_64+0x3d/0xb0
[   76.322544][ T3699]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   76.328425][ T3699] RIP: 0033:0x7f0fa5191c89
[   76.332838][ T3699] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   76.352469][ T3699] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   76.360908][ T3699] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   76.368891][ T3699] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   76.376869][ T3699] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   76.384830][ T3699] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  3699] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3699] exit_group(0)               = ?
[pid  3699] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3699, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./58/binderfs")                 = 0
umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./58/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./58")                           = 0
mkdir("./59", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3700
./strace-static-x86_64: Process 3700 attached
[pid  3700] chdir("./59")               = 0
[pid  3700] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3700] setpgid(0, 0)               = 0
[pid  3700] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3700] write(3, "1000", 4)         = 4
[pid  3700] close(3)                    = 0
[   76.392794][ T3699] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000003a
[   76.400795][ T3699]  </TASK>
[pid  3700] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3700] memfd_create("syzkaller", 0) = 3
[pid  3700] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3700] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3700] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3700] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3700] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3700] close(3)                    = 0
[pid  3700] mkdir("./file0", 0777)      = 0
[pid  3700] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3700] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3700] chdir("./file0")            = 0
[pid  3700] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3700] close(4)                    = 0
[pid  3700] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3700] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3700] write(5, "13", 2)           = 2
[   76.460346][ T3700] loop0: detected capacity change from 0 to 64
[   76.485647][ T3700] FAULT_INJECTION: forcing a failure.
[   76.485647][ T3700] name failslab, interval 1, probability 0, space 0, times 0
[   76.498366][ T3700] CPU: 1 PID: 3700 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   76.508786][ T3700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   76.518835][ T3700] Call Trace:
[   76.522120][ T3700]  <TASK>
[   76.525046][ T3700]  dump_stack_lvl+0x1b1/0x28e
[   76.529724][ T3700]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   76.535179][ T3700]  ? panic+0x710/0x710
[   76.539333][ T3700]  ? __might_sleep+0xc0/0xc0
[   76.543917][ T3700]  ? __mutex_lock_common+0x45f/0x26e0
[   76.549292][ T3700]  should_fail_ex+0x395/0x4c0
[   76.553969][ T3700]  ? hfs_find_init+0x8b/0x1e0
[   76.558648][ T3700]  should_failslab+0x5/0x20
[   76.563183][ T3700]  __kmem_cache_alloc_node+0x69/0x310
[   76.568548][ T3700]  ? rcu_lock_release+0x5/0x20
[   76.573311][ T3700]  ? hfs_find_init+0x8b/0x1e0
[   76.577987][ T3700]  __kmalloc+0x9e/0x1a0
[   76.582156][ T3700]  hfs_find_init+0x8b/0x1e0
[   76.586661][ T3700]  hfs_extend_file+0x2f8/0x1420
[   76.591507][ T3700]  ? xas_find+0x937/0xa60
[   76.595842][ T3700]  ? hfs_get_block+0xbb0/0xbb0
[   76.600615][ T3700]  ? filemap_get_folios+0x557/0x830
[   76.605830][ T3700]  ? find_lock_entries+0xf60/0xf60
[   76.610946][ T3700]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[   76.616934][ T3700]  hfs_get_block+0x3fc/0xbb0
[   76.621531][ T3700]  ? hfs_free_extents+0x420/0x420
[   76.626547][ T3700]  ? do_raw_spin_unlock+0x134/0x8a0
[   76.631750][ T3700]  ? create_page_buffers+0x244/0x4b0
[   76.637038][ T3700]  __block_write_begin_int+0x54c/0x1a80
[   76.642601][ T3700]  ? hfs_free_extents+0x420/0x420
[   76.647618][ T3700]  ? page_zero_new_buffers+0x940/0x940
[   76.653074][ T3700]  ? PageHeadHuge+0x8a/0x1d0
[   76.657681][ T3700]  ? hfs_free_extents+0x420/0x420
[   76.662718][ T3700]  block_write_begin+0x93/0x1e0
[   76.667589][ T3700]  ? cont_write_begin+0x5e5/0x860
[   76.672625][ T3700]  ? hfs_free_extents+0x420/0x420
[   76.677657][ T3700]  cont_write_begin+0x606/0x860
[   76.682526][ T3700]  ? fault_in_readable+0x1d5/0x310
[   76.687639][ T3700]  ? generic_cont_expand_simple+0x250/0x250
[   76.693529][ T3700]  ? fault_in_readable+0x219/0x310
[   76.698641][ T3700]  ? fault_in_safe_writeable+0x240/0x240
[   76.704278][ T3700]  hfs_write_begin+0x86/0xd0
[   76.708861][ T3700]  ? hfs_free_extents+0x420/0x420
[   76.713974][ T3700]  generic_perform_write+0x2e4/0x5e0
[   76.719353][ T3700]  ? __block_commit_write+0x420/0x420
[   76.724732][ T3700]  ? generic_file_direct_write+0x610/0x610
[   76.730536][ T3700]  ? __file_remove_privs+0x6c0/0x6c0
[   76.735818][ T3700]  ? generic_write_checks+0x15c/0x1c0
[   76.741197][ T3700]  __generic_file_write_iter+0x176/0x400
[   76.746831][ T3700]  generic_file_write_iter+0xab/0x310
[   76.752201][ T3700]  vfs_write+0x7dc/0xc50
[   76.756453][ T3700]  ? file_end_write+0x230/0x230
[   76.761300][ T3700]  ? ptrace_stop+0x74d/0x970
[   76.765894][ T3700]  ? _raw_spin_unlock_irq+0x2a/0x40
[   76.771098][ T3700]  ? __fdget_pos+0x252/0x2e0
[   76.775688][ T3700]  ksys_write+0x177/0x2a0
[   76.780019][ T3700]  ? __ia32_sys_read+0x80/0x80
[   76.784785][ T3700]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   76.790762][ T3700]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   76.796740][ T3700]  do_syscall_64+0x3d/0xb0
[   76.801161][ T3700]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   76.807486][ T3700] RIP: 0033:0x7f0fa5191c89
[   76.811897][ T3700] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   76.831499][ T3700] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   76.839993][ T3700] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   76.847958][ T3700] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid  3700] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3700] exit_group(0)               = ?
[pid  3700] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3700, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./59/binderfs")                 = 0
umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./59/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./59")                           = 0
mkdir("./60", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
[   76.856007][ T3700] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   76.863979][ T3700] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   76.871942][ T3700] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000003b
[   76.879922][ T3700]  </TASK>
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3701
./strace-static-x86_64: Process 3701 attached
[pid  3701] chdir("./60")               = 0
[pid  3701] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3701] setpgid(0, 0)               = 0
[pid  3701] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3701] write(3, "1000", 4)         = 4
[pid  3701] close(3)                    = 0
[pid  3701] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3701] memfd_create("syzkaller", 0) = 3
[pid  3701] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3701] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3701] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3701] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3701] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3701] close(3)                    = 0
[pid  3701] mkdir("./file0", 0777)      = 0
[pid  3701] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3701] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3701] chdir("./file0")            = 0
[pid  3701] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3701] close(4)                    = 0
[pid  3701] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3701] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3701] write(5, "13", 2)           = 2
[   76.943873][ T3701] loop0: detected capacity change from 0 to 64
[   76.965037][ T3701] FAULT_INJECTION: forcing a failure.
[   76.965037][ T3701] name failslab, interval 1, probability 0, space 0, times 0
[   76.977787][ T3701] CPU: 1 PID: 3701 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   76.988211][ T3701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   76.998346][ T3701] Call Trace:
[   77.001627][ T3701]  <TASK>
[   77.004556][ T3701]  dump_stack_lvl+0x1b1/0x28e
[   77.009230][ T3701]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   77.014765][ T3701]  ? panic+0x710/0x710
[   77.018822][ T3701]  ? __might_sleep+0xc0/0xc0
[   77.023401][ T3701]  ? __mutex_lock_common+0x45f/0x26e0
[   77.028773][ T3701]  should_fail_ex+0x395/0x4c0
[   77.033456][ T3701]  ? hfs_find_init+0x8b/0x1e0
[   77.038126][ T3701]  should_failslab+0x5/0x20
[   77.042617][ T3701]  __kmem_cache_alloc_node+0x69/0x310
[   77.047980][ T3701]  ? rcu_lock_release+0x5/0x20
[   77.052735][ T3701]  ? hfs_find_init+0x8b/0x1e0
[   77.057400][ T3701]  __kmalloc+0x9e/0x1a0
[   77.061549][ T3701]  hfs_find_init+0x8b/0x1e0
[   77.066047][ T3701]  hfs_extend_file+0x2f8/0x1420
[   77.070903][ T3701]  ? xas_find+0x937/0xa60
[   77.075230][ T3701]  ? hfs_get_block+0xbb0/0xbb0
[   77.079987][ T3701]  ? filemap_get_folios+0x557/0x830
[   77.085287][ T3701]  ? find_lock_entries+0xf60/0xf60
[   77.090389][ T3701]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[   77.096281][ T3701]  hfs_get_block+0x3fc/0xbb0
[   77.100884][ T3701]  ? hfs_free_extents+0x420/0x420
[   77.105911][ T3701]  ? do_raw_spin_unlock+0x134/0x8a0
[   77.111108][ T3701]  ? create_page_buffers+0x244/0x4b0
[   77.116385][ T3701]  __block_write_begin_int+0x54c/0x1a80
[   77.121935][ T3701]  ? hfs_free_extents+0x420/0x420
[   77.126955][ T3701]  ? page_zero_new_buffers+0x940/0x940
[   77.132445][ T3701]  ? PageHeadHuge+0x8a/0x1d0
[   77.137042][ T3701]  ? hfs_free_extents+0x420/0x420
[   77.142082][ T3701]  block_write_begin+0x93/0x1e0
[   77.146940][ T3701]  ? cont_write_begin+0x5e5/0x860
[   77.152216][ T3701]  ? hfs_free_extents+0x420/0x420
[   77.157241][ T3701]  cont_write_begin+0x606/0x860
[   77.162106][ T3701]  ? fault_in_readable+0x1d5/0x310
[   77.167225][ T3701]  ? generic_cont_expand_simple+0x250/0x250
[   77.173124][ T3701]  ? fault_in_readable+0x219/0x310
[   77.178243][ T3701]  ? fault_in_safe_writeable+0x240/0x240
[   77.183900][ T3701]  hfs_write_begin+0x86/0xd0
[   77.188489][ T3701]  ? hfs_free_extents+0x420/0x420
[   77.193593][ T3701]  generic_perform_write+0x2e4/0x5e0
[   77.198891][ T3701]  ? __block_commit_write+0x420/0x420
[   77.204287][ T3701]  ? generic_file_direct_write+0x610/0x610
[   77.210103][ T3701]  ? __file_remove_privs+0x6c0/0x6c0
[   77.215387][ T3701]  ? generic_write_checks+0x15c/0x1c0
[   77.220785][ T3701]  __generic_file_write_iter+0x176/0x400
[   77.226444][ T3701]  generic_file_write_iter+0xab/0x310
[   77.231851][ T3701]  vfs_write+0x7dc/0xc50
[   77.236124][ T3701]  ? file_end_write+0x230/0x230
[   77.240989][ T3701]  ? ptrace_stop+0x74d/0x970
[   77.245589][ T3701]  ? _raw_spin_unlock_irq+0x2a/0x40
[   77.250795][ T3701]  ? __fdget_pos+0x252/0x2e0
[   77.255401][ T3701]  ksys_write+0x177/0x2a0
[   77.259737][ T3701]  ? __ia32_sys_read+0x80/0x80
[   77.264493][ T3701]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   77.270476][ T3701]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   77.276465][ T3701]  do_syscall_64+0x3d/0xb0
[   77.280882][ T3701]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   77.286768][ T3701] RIP: 0033:0x7f0fa5191c89
[   77.291181][ T3701] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   77.310794][ T3701] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   77.319213][ T3701] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   77.327182][ T3701] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   77.335169][ T3701] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3701] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3701] exit_group(0)               = ?
[pid  3701] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3701, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./60/binderfs")                 = 0
umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./60/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./60")                           = 0
mkdir("./61", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3702
[   77.343321][ T3701] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   77.351284][ T3701] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000003c
[   77.359277][ T3701]  </TASK>
./strace-static-x86_64: Process 3702 attached
[pid  3702] chdir("./61")               = 0
[pid  3702] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3702] setpgid(0, 0)               = 0
[pid  3702] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3702] write(3, "1000", 4)         = 4
[pid  3702] close(3)                    = 0
[pid  3702] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3702] memfd_create("syzkaller", 0) = 3
[pid  3702] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3702] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3702] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3702] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3702] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3702] close(3)                    = 0
[pid  3702] mkdir("./file0", 0777)      = 0
[pid  3702] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3702] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3702] chdir("./file0")            = 0
[pid  3702] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3702] close(4)                    = 0
[pid  3702] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3702] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3702] write(5, "13", 2)           = 2
[   77.420474][ T3702] loop0: detected capacity change from 0 to 64
[   77.445106][ T3702] FAULT_INJECTION: forcing a failure.
[   77.445106][ T3702] name failslab, interval 1, probability 0, space 0, times 0
[   77.458028][ T3702] CPU: 1 PID: 3702 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   77.468458][ T3702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   77.478516][ T3702] Call Trace:
[   77.481793][ T3702]  <TASK>
[   77.484721][ T3702]  dump_stack_lvl+0x1b1/0x28e
[   77.489399][ T3702]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   77.494853][ T3702]  ? panic+0x710/0x710
[   77.498920][ T3702]  ? __might_sleep+0xc0/0xc0
[   77.503509][ T3702]  ? __mutex_lock_common+0x45f/0x26e0
[   77.508884][ T3702]  should_fail_ex+0x395/0x4c0
[   77.513566][ T3702]  ? hfs_find_init+0x8b/0x1e0
[   77.518244][ T3702]  should_failslab+0x5/0x20
[   77.522744][ T3702]  __kmem_cache_alloc_node+0x69/0x310
[   77.528111][ T3702]  ? rcu_lock_release+0x5/0x20
[   77.532874][ T3702]  ? hfs_find_init+0x8b/0x1e0
[   77.537638][ T3702]  __kmalloc+0x9e/0x1a0
[   77.541798][ T3702]  hfs_find_init+0x8b/0x1e0
[   77.546302][ T3702]  hfs_extend_file+0x2f8/0x1420
[   77.551147][ T3702]  ? xas_find+0x937/0xa60
[   77.555484][ T3702]  ? hfs_get_block+0xbb0/0xbb0
[   77.560239][ T3702]  ? filemap_get_folios+0x557/0x830
[   77.565437][ T3702]  ? find_lock_entries+0xf60/0xf60
[   77.570550][ T3702]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[   77.576452][ T3702]  hfs_get_block+0x3fc/0xbb0
[   77.581051][ T3702]  ? hfs_free_extents+0x420/0x420
[   77.586071][ T3702]  ? do_raw_spin_unlock+0x134/0x8a0
[   77.591275][ T3702]  ? create_page_buffers+0x244/0x4b0
[   77.596564][ T3702]  __block_write_begin_int+0x54c/0x1a80
[   77.602131][ T3702]  ? hfs_free_extents+0x420/0x420
[   77.607148][ T3702]  ? page_zero_new_buffers+0x940/0x940
[   77.612605][ T3702]  ? PageHeadHuge+0x8a/0x1d0
[   77.617194][ T3702]  ? hfs_free_extents+0x420/0x420
[   77.622212][ T3702]  block_write_begin+0x93/0x1e0
[   77.627062][ T3702]  ? cont_write_begin+0x5e5/0x860
[   77.632081][ T3702]  ? hfs_free_extents+0x420/0x420
[   77.637100][ T3702]  cont_write_begin+0x606/0x860
[   77.641956][ T3702]  ? fault_in_readable+0x1d5/0x310
[   77.647066][ T3702]  ? generic_cont_expand_simple+0x250/0x250
[   77.652955][ T3702]  ? fault_in_readable+0x219/0x310
[   77.658067][ T3702]  ? fault_in_safe_writeable+0x240/0x240
[   77.663703][ T3702]  hfs_write_begin+0x86/0xd0
[   77.668288][ T3702]  ? hfs_free_extents+0x420/0x420
[   77.673311][ T3702]  generic_perform_write+0x2e4/0x5e0
[   77.678601][ T3702]  ? __block_commit_write+0x420/0x420
[   77.683971][ T3702]  ? generic_file_direct_write+0x610/0x610
[   77.689774][ T3702]  ? __file_remove_privs+0x6c0/0x6c0
[   77.695087][ T3702]  ? generic_write_checks+0x15c/0x1c0
[   77.700464][ T3702]  __generic_file_write_iter+0x176/0x400
[   77.706183][ T3702]  generic_file_write_iter+0xab/0x310
[   77.711557][ T3702]  vfs_write+0x7dc/0xc50
[   77.715808][ T3702]  ? file_end_write+0x230/0x230
[   77.720654][ T3702]  ? ptrace_stop+0x74d/0x970
[   77.725248][ T3702]  ? _raw_spin_unlock_irq+0x2a/0x40
[   77.730448][ T3702]  ? __fdget_pos+0x252/0x2e0
[   77.735046][ T3702]  ksys_write+0x177/0x2a0
[   77.739373][ T3702]  ? __ia32_sys_read+0x80/0x80
[   77.744143][ T3702]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   77.750120][ T3702]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   77.756103][ T3702]  do_syscall_64+0x3d/0xb0
[   77.760602][ T3702]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   77.766489][ T3702] RIP: 0033:0x7f0fa5191c89
[   77.770902][ T3702] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   77.790500][ T3702] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   77.798909][ T3702] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   77.806885][ T3702] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid  3702] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3702] exit_group(0)               = ?
[pid  3702] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3702, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./61/binderfs")                 = 0
umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./61/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./61/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./61")                           = 0
mkdir("./62", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
[   77.814934][ T3702] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   77.822900][ T3702] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   77.830949][ T3702] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000003d
[   77.838930][ T3702]  </TASK>
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3703
./strace-static-x86_64: Process 3703 attached
[pid  3703] chdir("./62")               = 0
[pid  3703] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3703] setpgid(0, 0)               = 0
[pid  3703] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3703] write(3, "1000", 4)         = 4
[pid  3703] close(3)                    = 0
[pid  3703] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3703] memfd_create("syzkaller", 0) = 3
[pid  3703] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3703] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3703] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3703] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3703] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3703] close(3)                    = 0
[pid  3703] mkdir("./file0", 0777)      = 0
[pid  3703] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3703] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3703] chdir("./file0")            = 0
[pid  3703] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3703] close(4)                    = 0
[pid  3703] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3703] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3703] write(5, "13", 2)           = 2
[   77.890969][ T3703] loop0: detected capacity change from 0 to 64
[   77.912271][ T3703] FAULT_INJECTION: forcing a failure.
[   77.912271][ T3703] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   77.926191][ T3703] CPU: 1 PID: 3703 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   77.936622][ T3703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   77.946668][ T3703] Call Trace:
[   77.949933][ T3703]  <TASK>
[   77.952849][ T3703]  dump_stack_lvl+0x1b1/0x28e
[   77.957521][ T3703]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   77.962987][ T3703]  ? panic+0x710/0x710
[   77.967072][ T3703]  ? do_anonymous_page+0xd4a/0x1150
[   77.972264][ T3703]  ? mark_lock+0x9a/0x350
[   77.976581][ T3703]  should_fail_ex+0x395/0x4c0
[   77.981246][ T3703]  prepare_alloc_pages+0x1d7/0x5a0
[   77.986351][ T3703]  __alloc_pages+0x161/0x560
[   77.990931][ T3703]  ? zone_statistics+0x160/0x160
[   77.995879][ T3703]  ? rcu_lock_release+0x5/0x20
[   78.001064][ T3703]  ? alloc_pages+0x520/0x7b0
[   78.005637][ T3703]  ? xas_descend+0x1f3/0x400
[   78.010214][ T3703]  folio_alloc+0x1a/0x50
[   78.014438][ T3703]  filemap_alloc_folio+0x7e/0x1c0
[   78.019447][ T3703]  __filemap_get_folio+0x898/0x1260
[   78.024631][ T3703]  ? page_cache_prev_miss+0x4e0/0x4e0
[   78.029990][ T3703]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[   78.035964][ T3703]  ? print_irqtrace_events+0x220/0x220
[   78.041408][ T3703]  pagecache_get_page+0x28/0x260
[   78.046328][ T3703]  ? hfs_free_extents+0x420/0x420
[   78.051335][ T3703]  block_write_begin+0x2e/0x1e0
[   78.056169][ T3703]  ? cont_write_begin+0x5e5/0x860
[   78.061176][ T3703]  ? hfs_free_extents+0x420/0x420
[   78.066275][ T3703]  cont_write_begin+0x606/0x860
[   78.071119][ T3703]  ? fault_in_readable+0x1d5/0x310
[   78.076221][ T3703]  ? generic_cont_expand_simple+0x250/0x250
[   78.082099][ T3703]  ? fault_in_readable+0x219/0x310
[   78.087283][ T3703]  ? fault_in_safe_writeable+0x240/0x240
[   78.092907][ T3703]  hfs_write_begin+0x86/0xd0
[   78.097479][ T3703]  ? hfs_free_extents+0x420/0x420
[   78.102492][ T3703]  generic_perform_write+0x2e4/0x5e0
[   78.107777][ T3703]  ? __block_commit_write+0x420/0x420
[   78.113137][ T3703]  ? generic_file_direct_write+0x610/0x610
[   78.118938][ T3703]  ? __file_remove_privs+0x6c0/0x6c0
[   78.124207][ T3703]  ? generic_write_checks+0x15c/0x1c0
[   78.129575][ T3703]  __generic_file_write_iter+0x176/0x400
[   78.135239][ T3703]  generic_file_write_iter+0xab/0x310
[   78.140600][ T3703]  vfs_write+0x7dc/0xc50
[   78.144855][ T3703]  ? file_end_write+0x230/0x230
[   78.149688][ T3703]  ? ptrace_stop+0x74d/0x970
[   78.154270][ T3703]  ? _raw_spin_unlock_irq+0x2a/0x40
[   78.159455][ T3703]  ? __fdget_pos+0x252/0x2e0
[   78.164035][ T3703]  ksys_write+0x177/0x2a0
[   78.168349][ T3703]  ? __ia32_sys_read+0x80/0x80
[   78.173095][ T3703]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   78.179061][ T3703]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   78.185030][ T3703]  do_syscall_64+0x3d/0xb0
[   78.189431][ T3703]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   78.195308][ T3703] RIP: 0033:0x7f0fa5191c89
[   78.199721][ T3703] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   78.219323][ T3703] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   78.227730][ T3703] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[pid  3703] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3703] exit_group(0)               = ?
[pid  3703] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3703, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./62/binderfs")                 = 0
umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./62/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./62/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./62")                           = 0
mkdir("./63", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3704
./strace-static-x86_64: Process 3704 attached
[pid  3704] chdir("./63")               = 0
[pid  3704] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3704] setpgid(0, 0)               = 0
[pid  3704] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3704] write(3, "1000", 4)         = 4
[pid  3704] close(3)                    = 0
[   78.235694][ T3703] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   78.243653][ T3703] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   78.251608][ T3703] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   78.259562][ T3703] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000003e
[   78.267537][ T3703]  </TASK>
[pid  3704] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3704] memfd_create("syzkaller", 0) = 3
[pid  3704] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3704] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3704] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3704] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3704] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3704] close(3)                    = 0
[pid  3704] mkdir("./file0", 0777)      = 0
[pid  3704] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3704] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3704] chdir("./file0")            = 0
[pid  3704] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3704] close(4)                    = 0
[pid  3704] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3704] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3704] write(5, "13", 2)           = 2
[   78.329375][ T3704] loop0: detected capacity change from 0 to 64
[   78.355161][ T3704] FAULT_INJECTION: forcing a failure.
[   78.355161][ T3704] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   78.368743][ T3704] CPU: 1 PID: 3704 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   78.379157][ T3704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   78.389214][ T3704] Call Trace:
[   78.392491][ T3704]  <TASK>
[   78.395421][ T3704]  dump_stack_lvl+0x1b1/0x28e
[   78.400111][ T3704]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   78.405576][ T3704]  ? panic+0x710/0x710
[   78.409650][ T3704]  ? do_anonymous_page+0xd4a/0x1150
[   78.414846][ T3704]  ? mark_lock+0x9a/0x350
[   78.419174][ T3704]  should_fail_ex+0x395/0x4c0
[   78.423856][ T3704]  prepare_alloc_pages+0x1d7/0x5a0
[   78.428969][ T3704]  __alloc_pages+0x161/0x560
[   78.433555][ T3704]  ? zone_statistics+0x160/0x160
[   78.438498][ T3704]  ? rcu_lock_release+0x5/0x20
[   78.443257][ T3704]  ? alloc_pages+0x520/0x7b0
[   78.447837][ T3704]  ? xas_descend+0x1f3/0x400
[   78.452435][ T3704]  folio_alloc+0x1a/0x50
[   78.456691][ T3704]  filemap_alloc_folio+0x7e/0x1c0
[   78.461725][ T3704]  __filemap_get_folio+0x898/0x1260
[   78.466931][ T3704]  ? page_cache_prev_miss+0x4e0/0x4e0
[   78.472326][ T3704]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[   78.478339][ T3704]  ? print_irqtrace_events+0x220/0x220
[   78.483896][ T3704]  pagecache_get_page+0x28/0x260
[   78.488846][ T3704]  ? hfs_free_extents+0x420/0x420
[   78.493871][ T3704]  block_write_begin+0x2e/0x1e0
[   78.498734][ T3704]  ? cont_write_begin+0x5e5/0x860
[   78.503749][ T3704]  ? hfs_free_extents+0x420/0x420
[   78.508774][ T3704]  cont_write_begin+0x606/0x860
[   78.513640][ T3704]  ? fault_in_readable+0x1d5/0x310
[   78.518745][ T3704]  ? generic_cont_expand_simple+0x250/0x250
[   78.524626][ T3704]  ? fault_in_readable+0x219/0x310
[   78.529733][ T3704]  ? fault_in_safe_writeable+0x240/0x240
[   78.535362][ T3704]  hfs_write_begin+0x86/0xd0
[   78.539961][ T3704]  ? hfs_free_extents+0x420/0x420
[   78.544977][ T3704]  generic_perform_write+0x2e4/0x5e0
[   78.550278][ T3704]  ? __block_commit_write+0x420/0x420
[   78.555671][ T3704]  ? generic_file_direct_write+0x610/0x610
[   78.561489][ T3704]  ? __file_remove_privs+0x6c0/0x6c0
[   78.566776][ T3704]  ? generic_write_checks+0x15c/0x1c0
[   78.572178][ T3704]  __generic_file_write_iter+0x176/0x400
[   78.577839][ T3704]  generic_file_write_iter+0xab/0x310
[   78.583235][ T3704]  vfs_write+0x7dc/0xc50
[   78.587505][ T3704]  ? file_end_write+0x230/0x230
[   78.592363][ T3704]  ? ptrace_stop+0x74d/0x970
[   78.596965][ T3704]  ? _raw_spin_unlock_irq+0x2a/0x40
[   78.602174][ T3704]  ? __fdget_pos+0x252/0x2e0
[   78.606767][ T3704]  ksys_write+0x177/0x2a0
[   78.611106][ T3704]  ? __ia32_sys_read+0x80/0x80
[   78.615858][ T3704]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   78.621847][ T3704]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   78.627835][ T3704]  do_syscall_64+0x3d/0xb0
[   78.632241][ T3704]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   78.638121][ T3704] RIP: 0033:0x7f0fa5191c89
[   78.642536][ T3704] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   78.662148][ T3704] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   78.670548][ T3704] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[pid  3704] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3704] exit_group(0)               = ?
[pid  3704] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3704, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./63/binderfs")                 = 0
umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./63/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./63/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./63")                           = 0
mkdir("./64", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3705 attached
[   78.678526][ T3704] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   78.686512][ T3704] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   78.694476][ T3704] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   78.702437][ T3704] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000003f
[   78.710429][ T3704]  </TASK>
, child_tidptr=0x555555b7f5d0) = 3705
[pid  3705] chdir("./64")               = 0
[pid  3705] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3705] setpgid(0, 0)               = 0
[pid  3705] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3705] write(3, "1000", 4)         = 4
[pid  3705] close(3)                    = 0
[pid  3705] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3705] memfd_create("syzkaller", 0) = 3
[pid  3705] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3705] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3705] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3705] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3705] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3705] close(3)                    = 0
[pid  3705] mkdir("./file0", 0777)      = 0
[pid  3705] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3705] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3705] chdir("./file0")            = 0
[pid  3705] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3705] close(4)                    = 0
[pid  3705] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3705] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3705] write(5, "13", 2)           = 2
[   78.772705][ T3705] loop0: detected capacity change from 0 to 64
[   78.794268][ T3705] FAULT_INJECTION: forcing a failure.
[   78.794268][ T3705] name failslab, interval 1, probability 0, space 0, times 0
[   78.807163][ T3705] CPU: 1 PID: 3705 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   78.817591][ T3705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   78.827659][ T3705] Call Trace:
[   78.830944][ T3705]  <TASK>
[   78.833873][ T3705]  dump_stack_lvl+0x1b1/0x28e
[   78.838562][ T3705]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   78.844024][ T3705]  ? panic+0x710/0x710
[   78.848096][ T3705]  ? __might_sleep+0xc0/0xc0
[   78.852681][ T3705]  ? __mutex_lock_common+0x45f/0x26e0
[   78.858056][ T3705]  should_fail_ex+0x395/0x4c0
[   78.862818][ T3705]  ? hfs_find_init+0x8b/0x1e0
[   78.867503][ T3705]  should_failslab+0x5/0x20
[   78.872023][ T3705]  __kmem_cache_alloc_node+0x69/0x310
[   78.877420][ T3705]  ? rcu_lock_release+0x5/0x20
[   78.882207][ T3705]  ? hfs_find_init+0x8b/0x1e0
[   78.886887][ T3705]  __kmalloc+0x9e/0x1a0
[   78.891064][ T3705]  hfs_find_init+0x8b/0x1e0
[   78.895618][ T3705]  hfs_extend_file+0x2f8/0x1420
[   78.900475][ T3705]  ? xas_find+0x937/0xa60
[   78.904829][ T3705]  ? hfs_get_block+0xbb0/0xbb0
[   78.909592][ T3705]  ? filemap_get_folios+0x557/0x830
[   78.914792][ T3705]  ? find_lock_entries+0xf60/0xf60
[   78.919927][ T3705]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[   78.925830][ T3705]  hfs_get_block+0x3fc/0xbb0
[   78.930432][ T3705]  ? hfs_free_extents+0x420/0x420
[   78.935449][ T3705]  ? do_raw_spin_unlock+0x134/0x8a0
[   78.940653][ T3705]  ? create_page_buffers+0x244/0x4b0
[   78.945945][ T3705]  __block_write_begin_int+0x54c/0x1a80
[   78.951510][ T3705]  ? hfs_free_extents+0x420/0x420
[   78.956530][ T3705]  ? page_zero_new_buffers+0x940/0x940
[   78.961987][ T3705]  ? PageHeadHuge+0x8a/0x1d0
[   78.966576][ T3705]  ? hfs_free_extents+0x420/0x420
[   78.971594][ T3705]  block_write_begin+0x93/0x1e0
[   78.976441][ T3705]  ? cont_write_begin+0x5e5/0x860
[   78.981463][ T3705]  ? hfs_free_extents+0x420/0x420
[   78.986481][ T3705]  cont_write_begin+0x606/0x860
[   78.991334][ T3705]  ? fault_in_readable+0x1d5/0x310
[   78.996453][ T3705]  ? generic_cont_expand_simple+0x250/0x250
[   79.002344][ T3705]  ? fault_in_readable+0x219/0x310
[   79.007453][ T3705]  ? fault_in_safe_writeable+0x240/0x240
[   79.013090][ T3705]  hfs_write_begin+0x86/0xd0
[   79.017773][ T3705]  ? hfs_free_extents+0x420/0x420
[   79.022799][ T3705]  generic_perform_write+0x2e4/0x5e0
[   79.028089][ T3705]  ? __block_commit_write+0x420/0x420
[   79.033459][ T3705]  ? generic_file_direct_write+0x610/0x610
[   79.039262][ T3705]  ? __file_remove_privs+0x6c0/0x6c0
[   79.044543][ T3705]  ? generic_write_checks+0x15c/0x1c0
[   79.049923][ T3705]  __generic_file_write_iter+0x176/0x400
[   79.055560][ T3705]  generic_file_write_iter+0xab/0x310
[   79.060952][ T3705]  vfs_write+0x7dc/0xc50
[   79.065202][ T3705]  ? file_end_write+0x230/0x230
[   79.070052][ T3705]  ? ptrace_stop+0x74d/0x970
[   79.074648][ T3705]  ? _raw_spin_unlock_irq+0x2a/0x40
[   79.079851][ T3705]  ? __fdget_pos+0x252/0x2e0
[   79.084473][ T3705]  ksys_write+0x177/0x2a0
[   79.088811][ T3705]  ? __ia32_sys_read+0x80/0x80
[   79.093577][ T3705]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   79.099558][ T3705]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   79.105868][ T3705]  do_syscall_64+0x3d/0xb0
[   79.110328][ T3705]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   79.116236][ T3705] RIP: 0033:0x7f0fa5191c89
[   79.120649][ T3705] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   79.140253][ T3705] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   79.148664][ T3705] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   79.156656][ T3705] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   79.164652][ T3705] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3705] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3705] exit_group(0)               = ?
[pid  3705] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3705, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./64/binderfs")                 = 0
umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./64/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./64/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./64")                           = 0
mkdir("./65", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3706
./strace-static-x86_64: Process 3706 attached
[pid  3706] chdir("./65")               = 0
[pid  3706] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3706] setpgid(0, 0)               = 0
[   79.172622][ T3705] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   79.180587][ T3705] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000040
[   79.188572][ T3705]  </TASK>
[pid  3706] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3706] write(3, "1000", 4)         = 4
[pid  3706] close(3)                    = 0
[pid  3706] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3706] memfd_create("syzkaller", 0) = 3
[pid  3706] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3706] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3706] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3706] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3706] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3706] close(3)                    = 0
[pid  3706] mkdir("./file0", 0777)      = 0
[pid  3706] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3706] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3706] chdir("./file0")            = 0
[pid  3706] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3706] close(4)                    = 0
[pid  3706] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3706] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3706] write(5, "13", 2)           = 2
[   79.245523][ T3706] loop0: detected capacity change from 0 to 64
[   79.273616][ T3706] FAULT_INJECTION: forcing a failure.
[   79.273616][ T3706] name failslab, interval 1, probability 0, space 0, times 0
[   79.286706][ T3706] CPU: 1 PID: 3706 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   79.297115][ T3706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   79.307157][ T3706] Call Trace:
[   79.310555][ T3706]  <TASK>
[   79.313471][ T3706]  dump_stack_lvl+0x1b1/0x28e
[   79.318138][ T3706]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   79.323580][ T3706]  ? panic+0x710/0x710
[   79.327634][ T3706]  ? __might_sleep+0xc0/0xc0
[   79.332206][ T3706]  ? __mutex_lock_common+0x45f/0x26e0
[   79.337567][ T3706]  should_fail_ex+0x395/0x4c0
[   79.342233][ T3706]  ? hfs_find_init+0x8b/0x1e0
[   79.346899][ T3706]  should_failslab+0x5/0x20
[   79.351390][ T3706]  __kmem_cache_alloc_node+0x69/0x310
[   79.356751][ T3706]  ? hfs_find_init+0x8b/0x1e0
[   79.361503][ T3706]  __kmalloc+0x9e/0x1a0
[   79.365657][ T3706]  hfs_find_init+0x8b/0x1e0
[   79.370233][ T3706]  hfs_extend_file+0x2f8/0x1420
[   79.375083][ T3706]  ? hfs_get_block+0xbb0/0xbb0
[   79.379832][ T3706]  ? lru_cache_disable+0x30/0x30
[   79.384761][ T3706]  ? __might_sleep+0xc0/0xc0
[   79.389436][ T3706]  hfs_get_block+0x3fc/0xbb0
[   79.394021][ T3706]  ? hfs_free_extents+0x420/0x420
[   79.399027][ T3706]  ? do_raw_spin_unlock+0x134/0x8a0
[   79.404216][ T3706]  ? create_page_buffers+0x244/0x4b0
[   79.409514][ T3706]  __block_write_begin_int+0x54c/0x1a80
[   79.415078][ T3706]  ? hfs_free_extents+0x420/0x420
[   79.420099][ T3706]  ? page_zero_new_buffers+0x940/0x940
[   79.425556][ T3706]  ? PageHeadHuge+0x8a/0x1d0
[   79.430399][ T3706]  ? hfs_free_extents+0x420/0x420
[   79.435415][ T3706]  block_write_begin+0x93/0x1e0
[   79.440258][ T3706]  ? cont_write_begin+0x5e5/0x860
[   79.445270][ T3706]  ? hfs_free_extents+0x420/0x420
[   79.450281][ T3706]  cont_write_begin+0x606/0x860
[   79.455124][ T3706]  ? fault_in_readable+0x1d5/0x310
[   79.460228][ T3706]  ? generic_cont_expand_simple+0x250/0x250
[   79.466110][ T3706]  ? fault_in_readable+0x219/0x310
[   79.471211][ T3706]  ? fault_in_safe_writeable+0x240/0x240
[   79.476839][ T3706]  hfs_write_begin+0x86/0xd0
[   79.481411][ T3706]  ? hfs_free_extents+0x420/0x420
[   79.486422][ T3706]  generic_perform_write+0x2e4/0x5e0
[   79.491701][ T3706]  ? __block_commit_write+0x420/0x420
[   79.497062][ T3706]  ? generic_file_direct_write+0x610/0x610
[   79.502857][ T3706]  ? __file_remove_privs+0x6c0/0x6c0
[   79.508126][ T3706]  ? generic_write_checks+0x15c/0x1c0
[   79.513491][ T3706]  __generic_file_write_iter+0x176/0x400
[   79.519113][ T3706]  generic_file_write_iter+0xab/0x310
[   79.524472][ T3706]  vfs_write+0x7dc/0xc50
[   79.528738][ T3706]  ? file_end_write+0x230/0x230
[   79.533573][ T3706]  ? ptrace_stop+0x74d/0x970
[   79.538173][ T3706]  ? _raw_spin_unlock_irq+0x2a/0x40
[   79.543361][ T3706]  ? __fdget_pos+0x252/0x2e0
[   79.547939][ T3706]  ksys_write+0x177/0x2a0
[   79.552257][ T3706]  ? __ia32_sys_read+0x80/0x80
[   79.557007][ T3706]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   79.562990][ T3706]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   79.568958][ T3706]  do_syscall_64+0x3d/0xb0
[   79.573356][ T3706]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   79.579236][ T3706] RIP: 0033:0x7f0fa5191c89
[   79.583635][ T3706] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   79.603230][ T3706] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   79.611629][ T3706] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   79.619582][ T3706] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   79.627538][ T3706] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   79.635496][ T3706] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  3706] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3706] exit_group(0)               = ?
[pid  3706] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3706, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./65/binderfs")                 = 0
umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./65/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./65/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./65")                           = 0
mkdir("./66", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3707
./strace-static-x86_64: Process 3707 attached
[pid  3707] chdir("./66")               = 0
[pid  3707] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3707] setpgid(0, 0)               = 0
[pid  3707] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3707] write(3, "1000", 4)         = 4
[pid  3707] close(3)                    = 0
[pid  3707] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3707] memfd_create("syzkaller", 0) = 3
[pid  3707] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3707] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3707] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3707] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   79.643447][ T3706] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000041
[   79.651422][ T3706]  </TASK>
[pid  3707] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3707] close(3)                    = 0
[pid  3707] mkdir("./file0", 0777)      = 0
[pid  3707] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3707] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3707] chdir("./file0")            = 0
[pid  3707] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3707] close(4)                    = 0
[pid  3707] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3707] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3707] write(5, "13", 2)           = 2
[   79.703973][ T3707] loop0: detected capacity change from 0 to 64
[   79.726960][ T3707] FAULT_INJECTION: forcing a failure.
[   79.726960][ T3707] name failslab, interval 1, probability 0, space 0, times 0
[   79.745818][ T3707] CPU: 0 PID: 3707 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   79.756269][ T3707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   79.766317][ T3707] Call Trace:
[   79.769597][ T3707]  <TASK>
[   79.772538][ T3707]  dump_stack_lvl+0x1b1/0x28e
[   79.777241][ T3707]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   79.782687][ T3707]  ? panic+0x710/0x710
[   79.786745][ T3707]  ? __might_sleep+0xc0/0xc0
[   79.791321][ T3707]  ? __mutex_lock_common+0x45f/0x26e0
[   79.796688][ T3707]  should_fail_ex+0x395/0x4c0
[   79.801369][ T3707]  ? hfs_find_init+0x8b/0x1e0
[   79.806056][ T3707]  should_failslab+0x5/0x20
[   79.810547][ T3707]  __kmem_cache_alloc_node+0x69/0x310
[   79.815910][ T3707]  ? rcu_lock_release+0x5/0x20
[   79.820759][ T3707]  ? hfs_find_init+0x8b/0x1e0
[   79.825429][ T3707]  __kmalloc+0x9e/0x1a0
[   79.829576][ T3707]  hfs_find_init+0x8b/0x1e0
[   79.834084][ T3707]  hfs_extend_file+0x2f8/0x1420
[   79.838940][ T3707]  ? xas_find+0x937/0xa60
[   79.843265][ T3707]  ? hfs_get_block+0xbb0/0xbb0
[   79.848021][ T3707]  ? filemap_get_folios+0x557/0x830
[   79.853229][ T3707]  ? find_lock_entries+0xf60/0xf60
[   79.858406][ T3707]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[   79.864315][ T3707]  hfs_get_block+0x3fc/0xbb0
[   79.868970][ T3707]  ? hfs_free_extents+0x420/0x420
[   79.873992][ T3707]  ? do_raw_spin_unlock+0x134/0x8a0
[   79.879202][ T3707]  ? create_page_buffers+0x244/0x4b0
[   79.884483][ T3707]  __block_write_begin_int+0x54c/0x1a80
[   79.890037][ T3707]  ? hfs_free_extents+0x420/0x420
[   79.895061][ T3707]  ? page_zero_new_buffers+0x940/0x940
[   79.900535][ T3707]  ? PageHeadHuge+0x8a/0x1d0
[   79.905147][ T3707]  ? hfs_free_extents+0x420/0x420
[   79.910176][ T3707]  block_write_begin+0x93/0x1e0
[   79.915037][ T3707]  ? cont_write_begin+0x5e5/0x860
[   79.920053][ T3707]  ? hfs_free_extents+0x420/0x420
[   79.925075][ T3707]  cont_write_begin+0x606/0x860
[   79.929937][ T3707]  ? fault_in_readable+0x1d5/0x310
[   79.935046][ T3707]  ? generic_cont_expand_simple+0x250/0x250
[   79.941104][ T3707]  ? fault_in_readable+0x219/0x310
[   79.946237][ T3707]  ? fault_in_safe_writeable+0x240/0x240
[   79.951888][ T3707]  hfs_write_begin+0x86/0xd0
[   79.956473][ T3707]  ? hfs_free_extents+0x420/0x420
[   79.961498][ T3707]  generic_perform_write+0x2e4/0x5e0
[   79.966805][ T3707]  ? __block_commit_write+0x420/0x420
[   79.972198][ T3707]  ? generic_file_direct_write+0x610/0x610
[   79.978100][ T3707]  ? __file_remove_privs+0x6c0/0x6c0
[   79.983385][ T3707]  ? generic_write_checks+0x15c/0x1c0
[   79.988785][ T3707]  __generic_file_write_iter+0x176/0x400
[   79.994603][ T3707]  generic_file_write_iter+0xab/0x310
[   79.999967][ T3707]  vfs_write+0x7dc/0xc50
[   80.004210][ T3707]  ? file_end_write+0x230/0x230
[   80.009055][ T3707]  ? ptrace_stop+0x74d/0x970
[   80.013661][ T3707]  ? _raw_spin_unlock_irq+0x2a/0x40
[   80.018868][ T3707]  ? __fdget_pos+0x252/0x2e0
[   80.023455][ T3707]  ksys_write+0x177/0x2a0
[   80.027867][ T3707]  ? __ia32_sys_read+0x80/0x80
[   80.032620][ T3707]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   80.038608][ T3707]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   80.044580][ T3707]  do_syscall_64+0x3d/0xb0
[   80.049006][ T3707]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   80.054897][ T3707] RIP: 0033:0x7f0fa5191c89
[   80.059335][ T3707] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   80.078937][ T3707] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   80.087452][ T3707] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   80.095426][ T3707] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid  3707] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3707] exit_group(0)               = ?
[pid  3707] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3707, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./66/binderfs")                 = 0
umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./66/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./66/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./66")                           = 0
mkdir("./67", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
[   80.103408][ T3707] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   80.111473][ T3707] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   80.119446][ T3707] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000042
[   80.127443][ T3707]  </TASK>
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3708
./strace-static-x86_64: Process 3708 attached
[pid  3708] chdir("./67")               = 0
[pid  3708] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3708] setpgid(0, 0)               = 0
[pid  3708] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3708] write(3, "1000", 4)         = 4
[pid  3708] close(3)                    = 0
[pid  3708] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3708] memfd_create("syzkaller", 0) = 3
[pid  3708] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3708] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3708] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3708] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3708] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3708] close(3)                    = 0
[pid  3708] mkdir("./file0", 0777)      = 0
[pid  3708] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3708] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3708] chdir("./file0")            = 0
[pid  3708] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3708] close(4)                    = 0
[pid  3708] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3708] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3708] write(5, "13", 2)           = 2
[   80.186621][ T3708] loop0: detected capacity change from 0 to 64
[   80.217547][ T3708] FAULT_INJECTION: forcing a failure.
[   80.217547][ T3708] name failslab, interval 1, probability 0, space 0, times 0
[   80.231107][ T3708] CPU: 0 PID: 3708 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   80.241542][ T3708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   80.251597][ T3708] Call Trace:
[   80.254882][ T3708]  <TASK>
[   80.257824][ T3708]  dump_stack_lvl+0x1b1/0x28e
[   80.262591][ T3708]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   80.268052][ T3708]  ? panic+0x710/0x710
[   80.272118][ T3708]  ? __might_sleep+0xc0/0xc0
[   80.276702][ T3708]  ? __mutex_lock_common+0x45f/0x26e0
[   80.282079][ T3708]  should_fail_ex+0x395/0x4c0
[   80.286765][ T3708]  ? hfs_find_init+0x8b/0x1e0
[   80.291457][ T3708]  should_failslab+0x5/0x20
[   80.295952][ T3708]  __kmem_cache_alloc_node+0x69/0x310
[   80.301367][ T3708]  ? hfs_find_init+0x8b/0x1e0
[   80.306059][ T3708]  __kmalloc+0x9e/0x1a0
[   80.310249][ T3708]  hfs_find_init+0x8b/0x1e0
[   80.314775][ T3708]  hfs_extend_file+0x2f8/0x1420
[   80.319623][ T3708]  ? hfs_get_block+0xbb0/0xbb0
[   80.324381][ T3708]  ? lru_cache_disable+0x30/0x30
[   80.329309][ T3708]  ? __might_sleep+0xc0/0xc0
[   80.333930][ T3708]  hfs_get_block+0x3fc/0xbb0
[   80.338542][ T3708]  ? hfs_free_extents+0x420/0x420
[   80.343568][ T3708]  ? do_raw_spin_unlock+0x134/0x8a0
[   80.348783][ T3708]  ? create_page_buffers+0x244/0x4b0
[   80.354063][ T3708]  __block_write_begin_int+0x54c/0x1a80
[   80.359623][ T3708]  ? hfs_free_extents+0x420/0x420
[   80.364638][ T3708]  ? page_zero_new_buffers+0x940/0x940
[   80.370108][ T3708]  ? PageHeadHuge+0x8a/0x1d0
[   80.374715][ T3708]  ? hfs_free_extents+0x420/0x420
[   80.379745][ T3708]  block_write_begin+0x93/0x1e0
[   80.384615][ T3708]  ? cont_write_begin+0x5e5/0x860
[   80.389631][ T3708]  ? hfs_free_extents+0x420/0x420
[   80.394645][ T3708]  cont_write_begin+0x606/0x860
[   80.399769][ T3708]  ? fault_in_readable+0x1d5/0x310
[   80.404876][ T3708]  ? generic_cont_expand_simple+0x250/0x250
[   80.410767][ T3708]  ? fault_in_readable+0x219/0x310
[   80.415877][ T3708]  ? fault_in_safe_writeable+0x240/0x240
[   80.421503][ T3708]  hfs_write_begin+0x86/0xd0
[   80.426087][ T3708]  ? hfs_free_extents+0x420/0x420
[   80.431103][ T3708]  generic_perform_write+0x2e4/0x5e0
[   80.436386][ T3708]  ? __block_commit_write+0x420/0x420
[   80.441782][ T3708]  ? generic_file_direct_write+0x610/0x610
[   80.447590][ T3708]  ? __file_remove_privs+0x6c0/0x6c0
[   80.452866][ T3708]  ? generic_write_checks+0x15c/0x1c0
[   80.458258][ T3708]  __generic_file_write_iter+0x176/0x400
[   80.463929][ T3708]  generic_file_write_iter+0xab/0x310
[   80.469332][ T3708]  vfs_write+0x7dc/0xc50
[   80.473856][ T3708]  ? file_end_write+0x230/0x230
[   80.478798][ T3708]  ? ptrace_stop+0x74d/0x970
[   80.483422][ T3708]  ? _raw_spin_unlock_irq+0x2a/0x40
[   80.488649][ T3708]  ? __fdget_pos+0x252/0x2e0
[   80.493269][ T3708]  ksys_write+0x177/0x2a0
[   80.497629][ T3708]  ? __ia32_sys_read+0x80/0x80
[   80.502412][ T3708]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   80.508507][ T3708]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   80.514507][ T3708]  do_syscall_64+0x3d/0xb0
[   80.518922][ T3708]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   80.524812][ T3708] RIP: 0033:0x7f0fa5191c89
[   80.529221][ T3708] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   80.548828][ T3708] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   80.557233][ T3708] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   80.565216][ T3708] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   80.573185][ T3708] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3708] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3708] exit_group(0)               = ?
[pid  3708] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3708, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./67/binderfs")                 = 0
umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./67/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./67/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./67")                           = 0
mkdir("./68", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3709
./strace-static-x86_64: Process 3709 attached
[pid  3709] chdir("./68")               = 0
[pid  3709] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3709] setpgid(0, 0)               = 0
[   80.581151][ T3708] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   80.589121][ T3708] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000043
[   80.597120][ T3708]  </TASK>
[pid  3709] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3709] write(3, "1000", 4)         = 4
[pid  3709] close(3)                    = 0
[pid  3709] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3709] memfd_create("syzkaller", 0) = 3
[pid  3709] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3709] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3709] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3709] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3709] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3709] close(3)                    = 0
[pid  3709] mkdir("./file0", 0777)      = 0
[pid  3709] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3709] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3709] chdir("./file0")            = 0
[pid  3709] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3709] close(4)                    = 0
[pid  3709] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3709] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3709] write(5, "13", 2)           = 2
[   80.659077][ T3709] loop0: detected capacity change from 0 to 64
[   80.685744][ T3709] FAULT_INJECTION: forcing a failure.
[   80.685744][ T3709] name failslab, interval 1, probability 0, space 0, times 0
[   80.698891][ T3709] CPU: 1 PID: 3709 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   80.709305][ T3709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   80.719377][ T3709] Call Trace:
[   80.722646][ T3709]  <TASK>
[   80.725572][ T3709]  dump_stack_lvl+0x1b1/0x28e
[   80.730239][ T3709]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   80.735723][ T3709]  ? panic+0x710/0x710
[   80.739866][ T3709]  ? __might_sleep+0xc0/0xc0
[   80.744440][ T3709]  ? __mutex_lock_common+0x45f/0x26e0
[   80.749804][ T3709]  should_fail_ex+0x395/0x4c0
[   80.754471][ T3709]  ? hfs_find_init+0x8b/0x1e0
[   80.759138][ T3709]  should_failslab+0x5/0x20
[   80.763630][ T3709]  __kmem_cache_alloc_node+0x69/0x310
[   80.768996][ T3709]  ? rcu_lock_release+0x5/0x20
[   80.773755][ T3709]  ? hfs_find_init+0x8b/0x1e0
[   80.778417][ T3709]  __kmalloc+0x9e/0x1a0
[   80.782563][ T3709]  hfs_find_init+0x8b/0x1e0
[   80.787055][ T3709]  hfs_extend_file+0x2f8/0x1420
[   80.791899][ T3709]  ? xas_find+0x937/0xa60
[   80.796220][ T3709]  ? hfs_get_block+0xbb0/0xbb0
[   80.800966][ T3709]  ? filemap_get_folios+0x557/0x830
[   80.806170][ T3709]  ? find_lock_entries+0xf60/0xf60
[   80.811285][ T3709]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[   80.817195][ T3709]  hfs_get_block+0x3fc/0xbb0
[   80.821789][ T3709]  ? hfs_free_extents+0x420/0x420
[   80.826889][ T3709]  ? do_raw_spin_unlock+0x134/0x8a0
[   80.832083][ T3709]  ? create_page_buffers+0x244/0x4b0
[   80.837360][ T3709]  __block_write_begin_int+0x54c/0x1a80
[   80.842909][ T3709]  ? hfs_free_extents+0x420/0x420
[   80.848109][ T3709]  ? page_zero_new_buffers+0x940/0x940
[   80.853572][ T3709]  ? PageHeadHuge+0x8a/0x1d0
[   80.858165][ T3709]  ? hfs_free_extents+0x420/0x420
[   80.863180][ T3709]  block_write_begin+0x93/0x1e0
[   80.868019][ T3709]  ? cont_write_begin+0x5e5/0x860
[   80.873035][ T3709]  ? hfs_free_extents+0x420/0x420
[   80.878049][ T3709]  cont_write_begin+0x606/0x860
[   80.882893][ T3709]  ? fault_in_readable+0x1d5/0x310
[   80.887993][ T3709]  ? generic_cont_expand_simple+0x250/0x250
[   80.893870][ T3709]  ? fault_in_readable+0x219/0x310
[   80.899029][ T3709]  ? fault_in_safe_writeable+0x240/0x240
[   80.904654][ T3709]  hfs_write_begin+0x86/0xd0
[   80.909228][ T3709]  ? hfs_free_extents+0x420/0x420
[   80.914241][ T3709]  generic_perform_write+0x2e4/0x5e0
[   80.919520][ T3709]  ? __block_commit_write+0x420/0x420
[   80.924883][ T3709]  ? generic_file_direct_write+0x610/0x610
[   80.930674][ T3709]  ? __file_remove_privs+0x6c0/0x6c0
[   80.935944][ T3709]  ? generic_write_checks+0x15c/0x1c0
[   80.941657][ T3709]  __generic_file_write_iter+0x176/0x400
[   80.947283][ T3709]  generic_file_write_iter+0xab/0x310
[   80.952644][ T3709]  vfs_write+0x7dc/0xc50
[   80.956881][ T3709]  ? file_end_write+0x230/0x230
[   80.961723][ T3709]  ? ptrace_stop+0x74d/0x970
[   80.966309][ T3709]  ? _raw_spin_unlock_irq+0x2a/0x40
[   80.971497][ T3709]  ? __fdget_pos+0x252/0x2e0
[   80.976164][ T3709]  ksys_write+0x177/0x2a0
[   80.980483][ T3709]  ? __ia32_sys_read+0x80/0x80
[   80.985233][ T3709]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   80.991201][ T3709]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   80.997168][ T3709]  do_syscall_64+0x3d/0xb0
[   81.001569][ T3709]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   81.007449][ T3709] RIP: 0033:0x7f0fa5191c89
[   81.011856][ T3709] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   81.031450][ T3709] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   81.039847][ T3709] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   81.047900][ T3709] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid  3709] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3709] exit_group(0)               = ?
[pid  3709] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3709, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./68/binderfs")                 = 0
umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./68/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./68/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./68")                           = 0
mkdir("./69", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
[   81.055872][ T3709] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   81.063830][ T3709] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   81.071785][ T3709] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000044
[   81.079927][ T3709]  </TASK>
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3710 attached
, child_tidptr=0x555555b7f5d0) = 3710
[pid  3710] chdir("./69")               = 0
[pid  3710] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3710] setpgid(0, 0)               = 0
[pid  3710] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3710] write(3, "1000", 4)         = 4
[pid  3710] close(3)                    = 0
[pid  3710] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3710] memfd_create("syzkaller", 0) = 3
[pid  3710] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3710] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3710] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3710] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3710] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3710] close(3)                    = 0
[pid  3710] mkdir("./file0", 0777)      = 0
[pid  3710] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3710] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3710] chdir("./file0")            = 0
[pid  3710] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3710] close(4)                    = 0
[pid  3710] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3710] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3710] write(5, "13", 2)           = 2
[   81.143041][ T3710] loop0: detected capacity change from 0 to 64
[   81.167351][ T3710] FAULT_INJECTION: forcing a failure.
[   81.167351][ T3710] name failslab, interval 1, probability 0, space 0, times 0
[   81.180627][ T3710] CPU: 0 PID: 3710 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   81.191087][ T3710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   81.201165][ T3710] Call Trace:
[   81.204456][ T3710]  <TASK>
[   81.207469][ T3710]  dump_stack_lvl+0x1b1/0x28e
[   81.212142][ T3710]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   81.217589][ T3710]  ? panic+0x710/0x710
[   81.221655][ T3710]  ? __might_sleep+0xc0/0xc0
[   81.226234][ T3710]  ? __mutex_lock_common+0x45f/0x26e0
[   81.231623][ T3710]  should_fail_ex+0x395/0x4c0
[   81.236296][ T3710]  ? hfs_find_init+0x8b/0x1e0
[   81.240965][ T3710]  should_failslab+0x5/0x20
[   81.245468][ T3710]  __kmem_cache_alloc_node+0x69/0x310
[   81.250849][ T3710]  ? rcu_lock_release+0x5/0x20
[   81.255629][ T3710]  ? hfs_find_init+0x8b/0x1e0
[   81.260320][ T3710]  __kmalloc+0x9e/0x1a0
[   81.264474][ T3710]  hfs_find_init+0x8b/0x1e0
[   81.268991][ T3710]  hfs_extend_file+0x2f8/0x1420
[   81.273856][ T3710]  ? xas_find+0x937/0xa60
[   81.278211][ T3710]  ? hfs_get_block+0xbb0/0xbb0
[   81.282969][ T3710]  ? filemap_get_folios+0x557/0x830
[   81.288169][ T3710]  ? find_lock_entries+0xf60/0xf60
[   81.293294][ T3710]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[   81.299209][ T3710]  hfs_get_block+0x3fc/0xbb0
[   81.303804][ T3710]  ? hfs_free_extents+0x420/0x420
[   81.308819][ T3710]  ? do_raw_spin_unlock+0x134/0x8a0
[   81.314029][ T3710]  ? create_page_buffers+0x244/0x4b0
[   81.319328][ T3710]  __block_write_begin_int+0x54c/0x1a80
[   81.324879][ T3710]  ? hfs_free_extents+0x420/0x420
[   81.329892][ T3710]  ? page_zero_new_buffers+0x940/0x940
[   81.335348][ T3710]  ? PageHeadHuge+0x8a/0x1d0
[   81.339942][ T3710]  ? hfs_free_extents+0x420/0x420
[   81.345112][ T3710]  block_write_begin+0x93/0x1e0
[   81.349980][ T3710]  ? cont_write_begin+0x5e5/0x860
[   81.355021][ T3710]  ? hfs_free_extents+0x420/0x420
[   81.360125][ T3710]  cont_write_begin+0x606/0x860
[   81.364987][ T3710]  ? fault_in_readable+0x1d5/0x310
[   81.370106][ T3710]  ? generic_cont_expand_simple+0x250/0x250
[   81.375994][ T3710]  ? fault_in_readable+0x219/0x310
[   81.381101][ T3710]  ? fault_in_safe_writeable+0x240/0x240
[   81.386820][ T3710]  hfs_write_begin+0x86/0xd0
[   81.391401][ T3710]  ? hfs_free_extents+0x420/0x420
[   81.396423][ T3710]  generic_perform_write+0x2e4/0x5e0
[   81.401709][ T3710]  ? __block_commit_write+0x420/0x420
[   81.407075][ T3710]  ? generic_file_direct_write+0x610/0x610
[   81.412870][ T3710]  ? __file_remove_privs+0x6c0/0x6c0
[   81.418147][ T3710]  ? generic_write_checks+0x15c/0x1c0
[   81.423523][ T3710]  __generic_file_write_iter+0x176/0x400
[   81.429157][ T3710]  generic_file_write_iter+0xab/0x310
[   81.434522][ T3710]  vfs_write+0x7dc/0xc50
[   81.438762][ T3710]  ? file_end_write+0x230/0x230
[   81.443603][ T3710]  ? ptrace_stop+0x74d/0x970
[   81.448213][ T3710]  ? _raw_spin_unlock_irq+0x2a/0x40
[   81.453423][ T3710]  ? __fdget_pos+0x252/0x2e0
[   81.458024][ T3710]  ksys_write+0x177/0x2a0
[   81.462348][ T3710]  ? __ia32_sys_read+0x80/0x80
[   81.467100][ T3710]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   81.473087][ T3710]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   81.479228][ T3710]  do_syscall_64+0x3d/0xb0
[   81.483657][ T3710]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   81.489553][ T3710] RIP: 0033:0x7f0fa5191c89
[   81.493957][ T3710] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   81.513552][ T3710] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   81.521953][ T3710] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   81.530004][ T3710] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid  3710] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3710] exit_group(0)               = ?
[pid  3710] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3710, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./69/binderfs")                 = 0
umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./69/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./69/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./69")                           = 0
mkdir("./70", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
[   81.537963][ T3710] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   81.546009][ T3710] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   81.554065][ T3710] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000045
[   81.562056][ T3710]  </TASK>
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3711
./strace-static-x86_64: Process 3711 attached
[pid  3711] chdir("./70")               = 0
[pid  3711] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3711] setpgid(0, 0)               = 0
[pid  3711] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3711] write(3, "1000", 4)         = 4
[pid  3711] close(3)                    = 0
[pid  3711] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3711] memfd_create("syzkaller", 0) = 3
[pid  3711] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3711] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3711] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3711] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3711] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3711] close(3)                    = 0
[pid  3711] mkdir("./file0", 0777)      = 0
[pid  3711] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3711] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3711] chdir("./file0")            = 0
[pid  3711] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3711] close(4)                    = 0
[pid  3711] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3711] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3711] write(5, "13", 2)           = 2
[   81.624746][ T3711] loop0: detected capacity change from 0 to 64
[   81.645249][ T3711] FAULT_INJECTION: forcing a failure.
[   81.645249][ T3711] name failslab, interval 1, probability 0, space 0, times 0
[   81.658336][ T3711] CPU: 0 PID: 3711 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   81.668771][ T3711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   81.678820][ T3711] Call Trace:
[   81.682091][ T3711]  <TASK>
[   81.685012][ T3711]  dump_stack_lvl+0x1b1/0x28e
[   81.689707][ T3711]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   81.695183][ T3711]  ? panic+0x710/0x710
[   81.699263][ T3711]  ? __might_sleep+0xc0/0xc0
[   81.703882][ T3711]  ? __mutex_lock_common+0x45f/0x26e0
[   81.709270][ T3711]  should_fail_ex+0x395/0x4c0
[   81.713950][ T3711]  ? hfs_find_init+0x8b/0x1e0
[   81.718630][ T3711]  should_failslab+0x5/0x20
[   81.723136][ T3711]  __kmem_cache_alloc_node+0x69/0x310
[   81.728504][ T3711]  ? rcu_lock_release+0x5/0x20
[   81.733266][ T3711]  ? hfs_find_init+0x8b/0x1e0
[   81.737941][ T3711]  __kmalloc+0x9e/0x1a0
[   81.742101][ T3711]  hfs_find_init+0x8b/0x1e0
[   81.746628][ T3711]  hfs_extend_file+0x2f8/0x1420
[   81.751482][ T3711]  ? xas_find+0x937/0xa60
[   81.755820][ T3711]  ? hfs_get_block+0xbb0/0xbb0
[   81.760586][ T3711]  ? filemap_get_folios+0x557/0x830
[   81.765789][ T3711]  ? find_lock_entries+0xf60/0xf60
[   81.770902][ T3711]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[   81.776803][ T3711]  hfs_get_block+0x3fc/0xbb0
[   81.781401][ T3711]  ? hfs_free_extents+0x420/0x420
[   81.786418][ T3711]  ? do_raw_spin_unlock+0x134/0x8a0
[   81.791636][ T3711]  ? create_page_buffers+0x244/0x4b0
[   81.796929][ T3711]  __block_write_begin_int+0x54c/0x1a80
[   81.802494][ T3711]  ? hfs_free_extents+0x420/0x420
[   81.807515][ T3711]  ? page_zero_new_buffers+0x940/0x940
[   81.812976][ T3711]  ? PageHeadHuge+0x8a/0x1d0
[   81.817570][ T3711]  ? hfs_free_extents+0x420/0x420
[   81.822602][ T3711]  block_write_begin+0x93/0x1e0
[   81.827450][ T3711]  ? cont_write_begin+0x5e5/0x860
[   81.832474][ T3711]  ? hfs_free_extents+0x420/0x420
[   81.837501][ T3711]  cont_write_begin+0x606/0x860
[   81.842354][ T3711]  ? fault_in_readable+0x1d5/0x310
[   81.847473][ T3711]  ? generic_cont_expand_simple+0x250/0x250
[   81.853365][ T3711]  ? fault_in_readable+0x219/0x310
[   81.858477][ T3711]  ? fault_in_safe_writeable+0x240/0x240
[   81.864119][ T3711]  hfs_write_begin+0x86/0xd0
[   81.868705][ T3711]  ? hfs_free_extents+0x420/0x420
[   81.873730][ T3711]  generic_perform_write+0x2e4/0x5e0
[   81.879021][ T3711]  ? __block_commit_write+0x420/0x420
[   81.884393][ T3711]  ? generic_file_direct_write+0x610/0x610
[   81.890193][ T3711]  ? __file_remove_privs+0x6c0/0x6c0
[   81.895474][ T3711]  ? generic_write_checks+0x15c/0x1c0
[   81.900856][ T3711]  __generic_file_write_iter+0x176/0x400
[   81.906496][ T3711]  generic_file_write_iter+0xab/0x310
[   81.911869][ T3711]  vfs_write+0x7dc/0xc50
[   81.916129][ T3711]  ? file_end_write+0x230/0x230
[   81.920976][ T3711]  ? ptrace_stop+0x74d/0x970
[   81.925575][ T3711]  ? _raw_spin_unlock_irq+0x2a/0x40
[   81.930775][ T3711]  ? __fdget_pos+0x252/0x2e0
[   81.935369][ T3711]  ksys_write+0x177/0x2a0
[   81.939700][ T3711]  ? __ia32_sys_read+0x80/0x80
[   81.944469][ T3711]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   81.950447][ T3711]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   81.956430][ T3711]  do_syscall_64+0x3d/0xb0
[   81.960848][ T3711]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   81.966735][ T3711] RIP: 0033:0x7f0fa5191c89
[   81.971147][ T3711] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   81.990765][ T3711] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   81.999185][ T3711] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   82.007152][ T3711] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   82.015114][ T3711] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3711] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3711] exit_group(0)               = ?
[pid  3711] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3711, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./70/binderfs")                 = 0
umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./70/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./70/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./70")                           = 0
mkdir("./71", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
[   82.023085][ T3711] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   82.031057][ T3711] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000046
[   82.039044][ T3711]  </TASK>
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3712
./strace-static-x86_64: Process 3712 attached
[pid  3712] chdir("./71")               = 0
[pid  3712] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3712] setpgid(0, 0)               = 0
[pid  3712] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3712] write(3, "1000", 4)         = 4
[pid  3712] close(3)                    = 0
[pid  3712] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3712] memfd_create("syzkaller", 0) = 3
[pid  3712] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3712] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3712] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3712] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3712] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3712] close(3)                    = 0
[pid  3712] mkdir("./file0", 0777)      = 0
[pid  3712] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3712] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3712] chdir("./file0")            = 0
[pid  3712] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3712] close(4)                    = 0
[pid  3712] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3712] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3712] write(5, "13", 2)           = 2
[   82.093239][ T3712] loop0: detected capacity change from 0 to 64
[   82.132555][ T3712] FAULT_INJECTION: forcing a failure.
[   82.132555][ T3712] name failslab, interval 1, probability 0, space 0, times 0
[   82.145382][ T3712] CPU: 0 PID: 3712 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   82.155805][ T3712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   82.165855][ T3712] Call Trace:
[   82.169127][ T3712]  <TASK>
[   82.172120][ T3712]  dump_stack_lvl+0x1b1/0x28e
[   82.176802][ T3712]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   82.182356][ T3712]  ? panic+0x710/0x710
[   82.186420][ T3712]  ? __might_sleep+0xc0/0xc0
[   82.191015][ T3712]  ? __mutex_lock_common+0x45f/0x26e0
[   82.196399][ T3712]  should_fail_ex+0x395/0x4c0
[   82.201082][ T3712]  ? hfs_find_init+0x8b/0x1e0
[   82.205771][ T3712]  should_failslab+0x5/0x20
[   82.210265][ T3712]  __kmem_cache_alloc_node+0x69/0x310
[   82.215632][ T3712]  ? hfs_find_init+0x8b/0x1e0
[   82.220303][ T3712]  __kmalloc+0x9e/0x1a0
[   82.224457][ T3712]  hfs_find_init+0x8b/0x1e0
[   82.228960][ T3712]  hfs_extend_file+0x2f8/0x1420
[   82.233809][ T3712]  ? hfs_get_block+0xbb0/0xbb0
[   82.238584][ T3712]  ? lru_cache_disable+0x30/0x30
[   82.243529][ T3712]  ? __might_sleep+0xc0/0xc0
[   82.248139][ T3712]  hfs_get_block+0x3fc/0xbb0
[   82.252744][ T3712]  ? hfs_free_extents+0x420/0x420
[   82.257763][ T3712]  ? do_raw_spin_unlock+0x134/0x8a0
[   82.262983][ T3712]  ? create_page_buffers+0x244/0x4b0
[   82.268277][ T3712]  __block_write_begin_int+0x54c/0x1a80
[   82.273844][ T3712]  ? hfs_free_extents+0x420/0x420
[   82.278864][ T3712]  ? page_zero_new_buffers+0x940/0x940
[   82.284328][ T3712]  ? PageHeadHuge+0x8a/0x1d0
[   82.288919][ T3712]  ? hfs_free_extents+0x420/0x420
[   82.293937][ T3712]  block_write_begin+0x93/0x1e0
[   82.298785][ T3712]  ? cont_write_begin+0x5e5/0x860
[   82.303823][ T3712]  ? hfs_free_extents+0x420/0x420
[   82.308875][ T3712]  cont_write_begin+0x606/0x860
[   82.313748][ T3712]  ? fault_in_readable+0x1d5/0x310
[   82.318869][ T3712]  ? generic_cont_expand_simple+0x250/0x250
[   82.324775][ T3712]  ? fault_in_readable+0x219/0x310
[   82.329891][ T3712]  ? fault_in_safe_writeable+0x240/0x240
[   82.335553][ T3712]  hfs_write_begin+0x86/0xd0
[   82.340149][ T3712]  ? hfs_free_extents+0x420/0x420
[   82.345189][ T3712]  generic_perform_write+0x2e4/0x5e0
[   82.350510][ T3712]  ? __block_commit_write+0x420/0x420
[   82.355912][ T3712]  ? generic_file_direct_write+0x610/0x610
[   82.361728][ T3712]  ? __file_remove_privs+0x6c0/0x6c0
[   82.367026][ T3712]  ? generic_write_checks+0x15c/0x1c0
[   82.372420][ T3712]  __generic_file_write_iter+0x176/0x400
[   82.378058][ T3712]  generic_file_write_iter+0xab/0x310
[   82.383432][ T3712]  vfs_write+0x7dc/0xc50
[   82.387768][ T3712]  ? file_end_write+0x230/0x230
[   82.392617][ T3712]  ? ptrace_stop+0x74d/0x970
[   82.397212][ T3712]  ? _raw_spin_unlock_irq+0x2a/0x40
[   82.402412][ T3712]  ? __fdget_pos+0x252/0x2e0
[   82.407004][ T3712]  ksys_write+0x177/0x2a0
[   82.411356][ T3712]  ? __ia32_sys_read+0x80/0x80
[   82.416119][ T3712]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   82.422103][ T3712]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   82.428084][ T3712]  do_syscall_64+0x3d/0xb0
[   82.432496][ T3712]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   82.438383][ T3712] RIP: 0033:0x7f0fa5191c89
[   82.442796][ T3712] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   82.462396][ T3712] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   82.470808][ T3712] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   82.478780][ T3712] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   82.486767][ T3712] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3712] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3712] exit_group(0)               = ?
[pid  3712] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3712, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./71/binderfs")                 = 0
umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./71/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./71/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./71")                           = 0
mkdir("./72", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3713
./strace-static-x86_64: Process 3713 attached
[pid  3713] chdir("./72")               = 0
[pid  3713] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3713] setpgid(0, 0)               = 0
[pid  3713] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3713] write(3, "1000", 4)         = 4
[   82.494749][ T3712] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   82.502725][ T3712] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000047
[   82.510709][ T3712]  </TASK>
[pid  3713] close(3)                    = 0
[pid  3713] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3713] memfd_create("syzkaller", 0) = 3
[pid  3713] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3713] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3713] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3713] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3713] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3713] close(3)                    = 0
[pid  3713] mkdir("./file0", 0777)      = 0
[pid  3713] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3713] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3713] chdir("./file0")            = 0
[pid  3713] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3713] close(4)                    = 0
[pid  3713] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3713] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3713] write(5, "13", 2)           = 2
[   82.568114][ T3713] loop0: detected capacity change from 0 to 64
[   82.590488][ T3713] FAULT_INJECTION: forcing a failure.
[   82.590488][ T3713] name failslab, interval 1, probability 0, space 0, times 0
[   82.603305][ T3713] CPU: 0 PID: 3713 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   82.613996][ T3713] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   82.624051][ T3713] Call Trace:
[   82.627324][ T3713]  <TASK>
[   82.630249][ T3713]  dump_stack_lvl+0x1b1/0x28e
[   82.634928][ T3713]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   82.640376][ T3713]  ? panic+0x710/0x710
[   82.644433][ T3713]  ? __might_sleep+0xc0/0xc0
[   82.649009][ T3713]  ? __mutex_lock_common+0x45f/0x26e0
[   82.654378][ T3713]  should_fail_ex+0x395/0x4c0
[   82.659051][ T3713]  ? hfs_find_init+0x8b/0x1e0
[   82.663735][ T3713]  should_failslab+0x5/0x20
[   82.668257][ T3713]  __kmem_cache_alloc_node+0x69/0x310
[   82.673645][ T3713]  ? rcu_lock_release+0x5/0x20
[   82.678419][ T3713]  ? hfs_find_init+0x8b/0x1e0
[   82.683209][ T3713]  __kmalloc+0x9e/0x1a0
[   82.687360][ T3713]  hfs_find_init+0x8b/0x1e0
[   82.691872][ T3713]  hfs_extend_file+0x2f8/0x1420
[   82.696740][ T3713]  ? xas_find+0x937/0xa60
[   82.701071][ T3713]  ? hfs_get_block+0xbb0/0xbb0
[   82.705830][ T3713]  ? filemap_get_folios+0x557/0x830
[   82.711038][ T3713]  ? find_lock_entries+0xf60/0xf60
[   82.716160][ T3713]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[   82.722051][ T3713]  hfs_get_block+0x3fc/0xbb0
[   82.726656][ T3713]  ? hfs_free_extents+0x420/0x420
[   82.731666][ T3713]  ? do_raw_spin_unlock+0x134/0x8a0
[   82.736870][ T3713]  ? create_page_buffers+0x244/0x4b0
[   82.742156][ T3713]  __block_write_begin_int+0x54c/0x1a80
[   82.747716][ T3713]  ? hfs_free_extents+0x420/0x420
[   82.752729][ T3713]  ? page_zero_new_buffers+0x940/0x940
[   82.758190][ T3713]  ? PageHeadHuge+0x8a/0x1d0
[   82.762776][ T3713]  ? hfs_free_extents+0x420/0x420
[   82.767808][ T3713]  block_write_begin+0x93/0x1e0
[   82.772670][ T3713]  ? cont_write_begin+0x5e5/0x860
[   82.777683][ T3713]  ? hfs_free_extents+0x420/0x420
[   82.782707][ T3713]  cont_write_begin+0x606/0x860
[   82.787572][ T3713]  ? fault_in_readable+0x1d5/0x310
[   82.792696][ T3713]  ? generic_cont_expand_simple+0x250/0x250
[   82.798579][ T3713]  ? fault_in_readable+0x219/0x310
[   82.803690][ T3713]  ? fault_in_safe_writeable+0x240/0x240
[   82.809321][ T3713]  hfs_write_begin+0x86/0xd0
[   82.813900][ T3713]  ? hfs_free_extents+0x420/0x420
[   82.818926][ T3713]  generic_perform_write+0x2e4/0x5e0
[   82.824209][ T3713]  ? __block_commit_write+0x420/0x420
[   82.829589][ T3713]  ? generic_file_direct_write+0x610/0x610
[   82.835408][ T3713]  ? __file_remove_privs+0x6c0/0x6c0
[   82.840709][ T3713]  ? generic_write_checks+0x15c/0x1c0
[   82.846093][ T3713]  __generic_file_write_iter+0x176/0x400
[   82.851748][ T3713]  generic_file_write_iter+0xab/0x310
[   82.857126][ T3713]  vfs_write+0x7dc/0xc50
[   82.861383][ T3713]  ? file_end_write+0x230/0x230
[   82.866224][ T3713]  ? ptrace_stop+0x74d/0x970
[   82.870829][ T3713]  ? _raw_spin_unlock_irq+0x2a/0x40
[   82.876043][ T3713]  ? __fdget_pos+0x252/0x2e0
[   82.880625][ T3713]  ksys_write+0x177/0x2a0
[   82.884949][ T3713]  ? __ia32_sys_read+0x80/0x80
[   82.889703][ T3713]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   82.895679][ T3713]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   82.901653][ T3713]  do_syscall_64+0x3d/0xb0
[   82.906062][ T3713]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   82.911953][ T3713] RIP: 0033:0x7f0fa5191c89
[   82.916371][ T3713] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   82.935972][ T3713] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   82.944383][ T3713] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   82.952348][ T3713] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   82.960312][ T3713] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3713] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3713] exit_group(0)               = ?
[pid  3713] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3713, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./72/binderfs")                 = 0
umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./72/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./72/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./72/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./72")                           = 0
mkdir("./73", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3714
./strace-static-x86_64: Process 3714 attached
[pid  3714] chdir("./73")               = 0
[pid  3714] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3714] setpgid(0, 0)               = 0
[pid  3714] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3714] write(3, "1000", 4)         = 4
[pid  3714] close(3)                    = 0
[pid  3714] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3714] memfd_create("syzkaller", 0) = 3
[pid  3714] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3714] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3714] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3714] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   82.968276][ T3713] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   82.976243][ T3713] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000048
[   82.984227][ T3713]  </TASK>
[pid  3714] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3714] close(3)                    = 0
[pid  3714] mkdir("./file0", 0777)      = 0
[pid  3714] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3714] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3714] chdir("./file0")            = 0
[pid  3714] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3714] close(4)                    = 0
[pid  3714] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3714] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3714] write(5, "13", 2)           = 2
[   83.023268][ T3714] loop0: detected capacity change from 0 to 64
[   83.045334][ T3714] FAULT_INJECTION: forcing a failure.
[   83.045334][ T3714] name failslab, interval 1, probability 0, space 0, times 0
[   83.058325][ T3714] CPU: 0 PID: 3714 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   83.068756][ T3714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   83.078804][ T3714] Call Trace:
[   83.082085][ T3714]  <TASK>
[   83.085029][ T3714]  dump_stack_lvl+0x1b1/0x28e
[   83.089730][ T3714]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   83.095180][ T3714]  ? panic+0x710/0x710
[   83.099254][ T3714]  ? __might_sleep+0xc0/0xc0
[   83.103853][ T3714]  ? __mutex_lock_common+0x45f/0x26e0
[   83.109242][ T3714]  should_fail_ex+0x395/0x4c0
[   83.113922][ T3714]  ? hfs_find_init+0x8b/0x1e0
[   83.118602][ T3714]  should_failslab+0x5/0x20
[   83.123191][ T3714]  __kmem_cache_alloc_node+0x69/0x310
[   83.128561][ T3714]  ? rcu_lock_release+0x5/0x20
[   83.133331][ T3714]  ? hfs_find_init+0x8b/0x1e0
[   83.138006][ T3714]  __kmalloc+0x9e/0x1a0
[   83.142164][ T3714]  hfs_find_init+0x8b/0x1e0
[   83.146670][ T3714]  hfs_extend_file+0x2f8/0x1420
[   83.151520][ T3714]  ? xas_find+0x937/0xa60
[   83.155859][ T3714]  ? hfs_get_block+0xbb0/0xbb0
[   83.160615][ T3714]  ? filemap_get_folios+0x557/0x830
[   83.165821][ T3714]  ? find_lock_entries+0xf60/0xf60
[   83.170940][ T3714]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[   83.176927][ T3714]  hfs_get_block+0x3fc/0xbb0
[   83.181533][ T3714]  ? hfs_free_extents+0x420/0x420
[   83.186618][ T3714]  ? do_raw_spin_unlock+0x134/0x8a0
[   83.191846][ T3714]  ? create_page_buffers+0x244/0x4b0
[   83.197150][ T3714]  __block_write_begin_int+0x54c/0x1a80
[   83.202727][ T3714]  ? hfs_free_extents+0x420/0x420
[   83.207747][ T3714]  ? page_zero_new_buffers+0x940/0x940
[   83.213294][ T3714]  ? PageHeadHuge+0x8a/0x1d0
[   83.217887][ T3714]  ? hfs_free_extents+0x420/0x420
[   83.223079][ T3714]  block_write_begin+0x93/0x1e0
[   83.227930][ T3714]  ? cont_write_begin+0x5e5/0x860
[   83.232955][ T3714]  ? hfs_free_extents+0x420/0x420
[   83.237977][ T3714]  cont_write_begin+0x606/0x860
[   83.242842][ T3714]  ? fault_in_readable+0x1d5/0x310
[   83.247956][ T3714]  ? generic_cont_expand_simple+0x250/0x250
[   83.253850][ T3714]  ? fault_in_readable+0x219/0x310
[   83.258981][ T3714]  ? fault_in_safe_writeable+0x240/0x240
[   83.264621][ T3714]  hfs_write_begin+0x86/0xd0
[   83.269209][ T3714]  ? hfs_free_extents+0x420/0x420
[   83.274234][ T3714]  generic_perform_write+0x2e4/0x5e0
[   83.279527][ T3714]  ? __block_commit_write+0x420/0x420
[   83.284897][ T3714]  ? generic_file_direct_write+0x610/0x610
[   83.290699][ T3714]  ? __file_remove_privs+0x6c0/0x6c0
[   83.296007][ T3714]  ? generic_write_checks+0x15c/0x1c0
[   83.301388][ T3714]  __generic_file_write_iter+0x176/0x400
[   83.307038][ T3714]  generic_file_write_iter+0xab/0x310
[   83.312413][ T3714]  vfs_write+0x7dc/0xc50
[   83.316662][ T3714]  ? file_end_write+0x230/0x230
[   83.321508][ T3714]  ? ptrace_stop+0x74d/0x970
[   83.326106][ T3714]  ? _raw_spin_unlock_irq+0x2a/0x40
[   83.331310][ T3714]  ? __fdget_pos+0x252/0x2e0
[   83.335906][ T3714]  ksys_write+0x177/0x2a0
[   83.340236][ T3714]  ? __ia32_sys_read+0x80/0x80
[   83.345000][ T3714]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   83.350986][ T3714]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   83.356969][ T3714]  do_syscall_64+0x3d/0xb0
[   83.361388][ T3714]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   83.367280][ T3714] RIP: 0033:0x7f0fa5191c89
[   83.371689][ T3714] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   83.391482][ T3714] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   83.399902][ T3714] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   83.407959][ T3714] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   83.415926][ T3714] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3714] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3714] exit_group(0)               = ?
[pid  3714] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3714, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./73/binderfs")                 = 0
umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./73/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./73/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./73/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
[   83.423892][ T3714] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   83.431862][ T3714] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000049
[   83.439846][ T3714]  </TASK>
rmdir("./73")                           = 0
mkdir("./74", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3715
./strace-static-x86_64: Process 3715 attached
[pid  3715] chdir("./74")               = 0
[pid  3715] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3715] setpgid(0, 0)               = 0
[pid  3715] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3715] write(3, "1000", 4)         = 4
[pid  3715] close(3)                    = 0
[pid  3715] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3715] memfd_create("syzkaller", 0) = 3
[pid  3715] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3715] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3715] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3715] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3715] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3715] close(3)                    = 0
[pid  3715] mkdir("./file0", 0777)      = 0
[pid  3715] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3715] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3715] chdir("./file0")            = 0
[pid  3715] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3715] close(4)                    = 0
[pid  3715] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3715] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3715] write(5, "13", 2)           = 2
[   83.488551][ T3715] loop0: detected capacity change from 0 to 64
[   83.507879][ T3715] FAULT_INJECTION: forcing a failure.
[   83.507879][ T3715] name failslab, interval 1, probability 0, space 0, times 0
[   83.521175][ T3715] CPU: 1 PID: 3715 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   83.531613][ T3715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   83.541659][ T3715] Call Trace:
[   83.544926][ T3715]  <TASK>
[   83.547852][ T3715]  dump_stack_lvl+0x1b1/0x28e
[   83.552523][ T3715]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   83.557967][ T3715]  ? panic+0x710/0x710
[   83.562031][ T3715]  ? __might_sleep+0xc0/0xc0
[   83.566635][ T3715]  ? __mutex_lock_common+0x45f/0x26e0
[   83.572025][ T3715]  should_fail_ex+0x395/0x4c0
[   83.576709][ T3715]  ? hfs_find_init+0x8b/0x1e0
[   83.581389][ T3715]  should_failslab+0x5/0x20
[   83.585895][ T3715]  __kmem_cache_alloc_node+0x69/0x310
[   83.591264][ T3715]  ? rcu_lock_release+0x5/0x20
[   83.596032][ T3715]  ? hfs_find_init+0x8b/0x1e0
[   83.600717][ T3715]  __kmalloc+0x9e/0x1a0
[   83.604877][ T3715]  hfs_find_init+0x8b/0x1e0
[   83.609388][ T3715]  hfs_extend_file+0x2f8/0x1420
[   83.614235][ T3715]  ? xas_find+0x937/0xa60
[   83.618573][ T3715]  ? hfs_get_block+0xbb0/0xbb0
[   83.623331][ T3715]  ? filemap_get_folios+0x557/0x830
[   83.628546][ T3715]  ? find_lock_entries+0xf60/0xf60
[   83.633665][ T3715]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[   83.639569][ T3715]  hfs_get_block+0x3fc/0xbb0
[   83.644171][ T3715]  ? hfs_free_extents+0x420/0x420
[   83.649193][ T3715]  ? do_raw_spin_unlock+0x134/0x8a0
[   83.654403][ T3715]  ? create_page_buffers+0x244/0x4b0
[   83.659696][ T3715]  __block_write_begin_int+0x54c/0x1a80
[   83.665264][ T3715]  ? hfs_free_extents+0x420/0x420
[   83.670284][ T3715]  ? page_zero_new_buffers+0x940/0x940
[   83.675744][ T3715]  ? PageHeadHuge+0x8a/0x1d0
[   83.680339][ T3715]  ? hfs_free_extents+0x420/0x420
[   83.685359][ T3715]  block_write_begin+0x93/0x1e0
[   83.690212][ T3715]  ? cont_write_begin+0x5e5/0x860
[   83.695235][ T3715]  ? hfs_free_extents+0x420/0x420
[   83.700259][ T3715]  cont_write_begin+0x606/0x860
[   83.705115][ T3715]  ? fault_in_readable+0x1d5/0x310
[   83.710232][ T3715]  ? generic_cont_expand_simple+0x250/0x250
[   83.716128][ T3715]  ? fault_in_readable+0x219/0x310
[   83.721239][ T3715]  ? fault_in_safe_writeable+0x240/0x240
[   83.726880][ T3715]  hfs_write_begin+0x86/0xd0
[   83.731469][ T3715]  ? hfs_free_extents+0x420/0x420
[   83.736495][ T3715]  generic_perform_write+0x2e4/0x5e0
[   83.741786][ T3715]  ? __block_commit_write+0x420/0x420
[   83.747160][ T3715]  ? generic_file_direct_write+0x610/0x610
[   83.752968][ T3715]  ? __file_remove_privs+0x6c0/0x6c0
[   83.758254][ T3715]  ? generic_write_checks+0x15c/0x1c0
[   83.763633][ T3715]  __generic_file_write_iter+0x176/0x400
[   83.769272][ T3715]  generic_file_write_iter+0xab/0x310
[   83.774656][ T3715]  vfs_write+0x7dc/0xc50
[   83.778908][ T3715]  ? file_end_write+0x230/0x230
[   83.783760][ T3715]  ? ptrace_stop+0x74d/0x970
[   83.788364][ T3715]  ? _raw_spin_unlock_irq+0x2a/0x40
[   83.793571][ T3715]  ? __fdget_pos+0x252/0x2e0
[   83.798161][ T3715]  ksys_write+0x177/0x2a0
[   83.802496][ T3715]  ? __ia32_sys_read+0x80/0x80
[   83.807258][ T3715]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   83.813241][ T3715]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   83.819222][ T3715]  do_syscall_64+0x3d/0xb0
[   83.823636][ T3715]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   83.829525][ T3715] RIP: 0033:0x7f0fa5191c89
[   83.833937][ T3715] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   83.853547][ T3715] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   83.861964][ T3715] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   83.869931][ T3715] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   83.877903][ T3715] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3715] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3715] exit_group(0)               = ?
[pid  3715] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3715, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./74/binderfs")                 = 0
umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./74/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./74/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./74/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./74")                           = 0
mkdir("./75", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
[   83.885881][ T3715] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   83.893850][ T3715] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000004a
[   83.901835][ T3715]  </TASK>
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3716
./strace-static-x86_64: Process 3716 attached
[pid  3716] chdir("./75")               = 0
[pid  3716] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3716] setpgid(0, 0)               = 0
[pid  3716] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3716] write(3, "1000", 4)         = 4
[pid  3716] close(3)                    = 0
[pid  3716] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3716] memfd_create("syzkaller", 0) = 3
[pid  3716] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3716] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3716] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3716] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3716] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3716] close(3)                    = 0
[pid  3716] mkdir("./file0", 0777)      = 0
[pid  3716] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3716] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3716] chdir("./file0")            = 0
[pid  3716] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3716] close(4)                    = 0
[pid  3716] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3716] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3716] write(5, "13", 2)           = 2
[   83.975911][ T3716] loop0: detected capacity change from 0 to 64
[   84.008904][ T3716] FAULT_INJECTION: forcing a failure.
[   84.008904][ T3716] name failslab, interval 1, probability 0, space 0, times 0
[   84.021858][ T3716] CPU: 0 PID: 3716 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   84.032299][ T3716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   84.042362][ T3716] Call Trace:
[   84.045644][ T3716]  <TASK>
[   84.048577][ T3716]  dump_stack_lvl+0x1b1/0x28e
[   84.053261][ T3716]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   84.058717][ T3716]  ? panic+0x710/0x710
[   84.062792][ T3716]  ? __might_sleep+0xc0/0xc0
[   84.067381][ T3716]  ? __mutex_lock_common+0x45f/0x26e0
[   84.072758][ T3716]  should_fail_ex+0x395/0x4c0
[   84.077441][ T3716]  ? hfs_find_init+0x8b/0x1e0
[   84.082122][ T3716]  should_failslab+0x5/0x20
[   84.086713][ T3716]  __kmem_cache_alloc_node+0x69/0x310
[   84.092175][ T3716]  ? hfs_find_init+0x8b/0x1e0
[   84.096857][ T3716]  __kmalloc+0x9e/0x1a0
[   84.101016][ T3716]  hfs_find_init+0x8b/0x1e0
[   84.105527][ T3716]  hfs_extend_file+0x2f8/0x1420
[   84.110385][ T3716]  ? hfs_get_block+0xbb0/0xbb0
[   84.115156][ T3716]  ? lru_cache_disable+0x30/0x30
[   84.120094][ T3716]  ? __might_sleep+0xc0/0xc0
[   84.124736][ T3716]  hfs_get_block+0x3fc/0xbb0
[   84.129336][ T3716]  ? hfs_free_extents+0x420/0x420
[   84.134358][ T3716]  ? do_raw_spin_unlock+0x134/0x8a0
[   84.139565][ T3716]  ? create_page_buffers+0x244/0x4b0
[   84.144881][ T3716]  __block_write_begin_int+0x54c/0x1a80
[   84.150463][ T3716]  ? hfs_free_extents+0x420/0x420
[   84.155495][ T3716]  ? page_zero_new_buffers+0x940/0x940
[   84.160966][ T3716]  ? PageHeadHuge+0x8a/0x1d0
[   84.165564][ T3716]  ? hfs_free_extents+0x420/0x420
[   84.170586][ T3716]  block_write_begin+0x93/0x1e0
[   84.175530][ T3716]  ? cont_write_begin+0x5e5/0x860
[   84.180572][ T3716]  ? hfs_free_extents+0x420/0x420
[   84.185609][ T3716]  cont_write_begin+0x606/0x860
[   84.190479][ T3716]  ? fault_in_readable+0x1d5/0x310
[   84.195621][ T3716]  ? generic_cont_expand_simple+0x250/0x250
[   84.201525][ T3716]  ? fault_in_readable+0x219/0x310
[   84.206662][ T3716]  ? fault_in_safe_writeable+0x240/0x240
[   84.212332][ T3716]  hfs_write_begin+0x86/0xd0
[   84.216945][ T3716]  ? hfs_free_extents+0x420/0x420
[   84.221980][ T3716]  generic_perform_write+0x2e4/0x5e0
[   84.227280][ T3716]  ? __block_commit_write+0x420/0x420
[   84.232660][ T3716]  ? generic_file_direct_write+0x610/0x610
[   84.238468][ T3716]  ? __file_remove_privs+0x6c0/0x6c0
[   84.243756][ T3716]  ? generic_write_checks+0x15c/0x1c0
[   84.249135][ T3716]  __generic_file_write_iter+0x176/0x400
[   84.254772][ T3716]  generic_file_write_iter+0xab/0x310
[   84.260146][ T3716]  vfs_write+0x7dc/0xc50
[   84.264401][ T3716]  ? file_end_write+0x230/0x230
[   84.269249][ T3716]  ? ptrace_stop+0x74d/0x970
[   84.273847][ T3716]  ? _raw_spin_unlock_irq+0x2a/0x40
[   84.279049][ T3716]  ? __fdget_pos+0x252/0x2e0
[   84.283646][ T3716]  ksys_write+0x177/0x2a0
[   84.288009][ T3716]  ? __ia32_sys_read+0x80/0x80
[   84.292803][ T3716]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   84.298814][ T3716]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   84.304811][ T3716]  do_syscall_64+0x3d/0xb0
[   84.309240][ T3716]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   84.315139][ T3716] RIP: 0033:0x7f0fa5191c89
[   84.319554][ T3716] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   84.339182][ T3716] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   84.347617][ T3716] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   84.355597][ T3716] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   84.363568][ T3716] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3716] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3716] exit_group(0)               = ?
[pid  3716] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3716, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./75", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./75/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./75/binderfs")                 = 0
umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./75/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./75/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./75/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./75")                           = 0
mkdir("./76", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3717 attached
, child_tidptr=0x555555b7f5d0) = 3717
[pid  3717] chdir("./76")               = 0
[pid  3717] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3717] setpgid(0, 0)               = 0
[pid  3717] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3717] write(3, "1000", 4)         = 4
[pid  3717] close(3)                    = 0
[   84.371538][ T3716] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   84.379505][ T3716] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000004b
[   84.387488][ T3716]  </TASK>
[pid  3717] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3717] memfd_create("syzkaller", 0) = 3
[pid  3717] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3717] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3717] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3717] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3717] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3717] close(3)                    = 0
[pid  3717] mkdir("./file0", 0777)      = 0
[pid  3717] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3717] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3717] chdir("./file0")            = 0
[pid  3717] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3717] close(4)                    = 0
[pid  3717] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3717] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3717] write(5, "13", 2)           = 2
[   84.444566][ T3717] loop0: detected capacity change from 0 to 64
[   84.472532][ T3717] FAULT_INJECTION: forcing a failure.
[   84.472532][ T3717] name failslab, interval 1, probability 0, space 0, times 0
[   84.485427][ T3717] CPU: 1 PID: 3717 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   84.495851][ T3717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   84.505921][ T3717] Call Trace:
[   84.509192][ T3717]  <TASK>
[   84.512123][ T3717]  dump_stack_lvl+0x1b1/0x28e
[   84.516814][ T3717]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   84.522264][ T3717]  ? panic+0x710/0x710
[   84.526337][ T3717]  ? __might_sleep+0xc0/0xc0
[   84.530916][ T3717]  ? __mutex_lock_common+0x45f/0x26e0
[   84.536290][ T3717]  should_fail_ex+0x395/0x4c0
[   84.540971][ T3717]  ? hfs_find_init+0x8b/0x1e0
[   84.545660][ T3717]  should_failslab+0x5/0x20
[   84.550163][ T3717]  __kmem_cache_alloc_node+0x69/0x310
[   84.555534][ T3717]  ? hfs_find_init+0x8b/0x1e0
[   84.560205][ T3717]  __kmalloc+0x9e/0x1a0
[   84.564360][ T3717]  hfs_find_init+0x8b/0x1e0
[   84.568870][ T3717]  hfs_extend_file+0x2f8/0x1420
[   84.573734][ T3717]  ? hfs_get_block+0xbb0/0xbb0
[   84.578497][ T3717]  ? lru_cache_disable+0x30/0x30
[   84.583450][ T3717]  ? __might_sleep+0xc0/0xc0
[   84.588064][ T3717]  hfs_get_block+0x3fc/0xbb0
[   84.592676][ T3717]  ? hfs_free_extents+0x420/0x420
[   84.597708][ T3717]  ? do_raw_spin_unlock+0x134/0x8a0
[   84.602927][ T3717]  ? create_page_buffers+0x244/0x4b0
[   84.608214][ T3717]  __block_write_begin_int+0x54c/0x1a80
[   84.613767][ T3717]  ? hfs_free_extents+0x420/0x420
[   84.618791][ T3717]  ? page_zero_new_buffers+0x940/0x940
[   84.624423][ T3717]  ? PageHeadHuge+0x8a/0x1d0
[   84.629010][ T3717]  ? hfs_free_extents+0x420/0x420
[   84.634025][ T3717]  block_write_begin+0x93/0x1e0
[   84.638868][ T3717]  ? cont_write_begin+0x5e5/0x860
[   84.643886][ T3717]  ? hfs_free_extents+0x420/0x420
[   84.648909][ T3717]  cont_write_begin+0x606/0x860
[   84.653789][ T3717]  ? fault_in_readable+0x1d5/0x310
[   84.658907][ T3717]  ? generic_cont_expand_simple+0x250/0x250
[   84.664795][ T3717]  ? fault_in_readable+0x219/0x310
[   84.669899][ T3717]  ? fault_in_safe_writeable+0x240/0x240
[   84.675529][ T3717]  hfs_write_begin+0x86/0xd0
[   84.680109][ T3717]  ? hfs_free_extents+0x420/0x420
[   84.685127][ T3717]  generic_perform_write+0x2e4/0x5e0
[   84.690412][ T3717]  ? __block_commit_write+0x420/0x420
[   84.695792][ T3717]  ? generic_file_direct_write+0x610/0x610
[   84.701595][ T3717]  ? __file_remove_privs+0x6c0/0x6c0
[   84.706874][ T3717]  ? generic_write_checks+0x15c/0x1c0
[   84.712260][ T3717]  __generic_file_write_iter+0x176/0x400
[   84.717908][ T3717]  generic_file_write_iter+0xab/0x310
[   84.723301][ T3717]  vfs_write+0x7dc/0xc50
[   84.727559][ T3717]  ? file_end_write+0x230/0x230
[   84.732425][ T3717]  ? ptrace_stop+0x74d/0x970
[   84.737028][ T3717]  ? _raw_spin_unlock_irq+0x2a/0x40
[   84.742240][ T3717]  ? __fdget_pos+0x252/0x2e0
[   84.746840][ T3717]  ksys_write+0x177/0x2a0
[   84.751166][ T3717]  ? __ia32_sys_read+0x80/0x80
[   84.755925][ T3717]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   84.761914][ T3717]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   84.767903][ T3717]  do_syscall_64+0x3d/0xb0
[   84.772315][ T3717]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   84.778211][ T3717] RIP: 0033:0x7f0fa5191c89
[   84.782647][ T3717] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   84.802244][ T3717] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   84.810649][ T3717] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   84.818615][ T3717] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   84.826587][ T3717] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   84.834576][ T3717] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  3717] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3717] exit_group(0)               = ?
[pid  3717] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3717, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./76", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./76/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./76/binderfs")                 = 0
umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./76/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./76/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./76/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./76")                           = 0
mkdir("./77", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3718
./strace-static-x86_64: Process 3718 attached
[pid  3718] chdir("./77")               = 0
[pid  3718] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3718] setpgid(0, 0)               = 0
[pid  3718] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3718] write(3, "1000", 4)         = 4
[pid  3718] close(3)                    = 0
[pid  3718] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3718] memfd_create("syzkaller", 0) = 3
[pid  3718] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3718] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3718] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3718] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   84.842554][ T3717] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000004c
[   84.850531][ T3717]  </TASK>
[pid  3718] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3718] close(3)                    = 0
[pid  3718] mkdir("./file0", 0777)      = 0
[pid  3718] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3718] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3718] chdir("./file0")            = 0
[pid  3718] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3718] close(4)                    = 0
[pid  3718] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3718] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3718] write(5, "13", 2)           = 2
[   84.905361][ T3718] loop0: detected capacity change from 0 to 64
[   84.933066][ T3718] FAULT_INJECTION: forcing a failure.
[   84.933066][ T3718] name failslab, interval 1, probability 0, space 0, times 0
[   84.945922][ T3718] CPU: 0 PID: 3718 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   84.956333][ T3718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   84.966403][ T3718] Call Trace:
[   84.969692][ T3718]  <TASK>
[   84.972613][ T3718]  dump_stack_lvl+0x1b1/0x28e
[   84.977298][ T3718]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   84.982775][ T3718]  ? panic+0x710/0x710
[   84.986861][ T3718]  ? __might_sleep+0xc0/0xc0
[   84.991456][ T3718]  ? __mutex_lock_common+0x45f/0x26e0
[   84.996830][ T3718]  should_fail_ex+0x395/0x4c0
[   85.001507][ T3718]  ? hfs_find_init+0x8b/0x1e0
[   85.006177][ T3718]  should_failslab+0x5/0x20
[   85.010678][ T3718]  __kmem_cache_alloc_node+0x69/0x310
[   85.016067][ T3718]  ? hfs_find_init+0x8b/0x1e0
[   85.020756][ T3718]  __kmalloc+0x9e/0x1a0
[   85.024910][ T3718]  hfs_find_init+0x8b/0x1e0
[   85.029412][ T3718]  hfs_extend_file+0x2f8/0x1420
[   85.034263][ T3718]  ? hfs_get_block+0xbb0/0xbb0
[   85.039032][ T3718]  ? lru_cache_disable+0x30/0x30
[   85.043960][ T3718]  ? __might_sleep+0xc0/0xc0
[   85.048554][ T3718]  hfs_get_block+0x3fc/0xbb0
[   85.053162][ T3718]  ? hfs_free_extents+0x420/0x420
[   85.058192][ T3718]  ? do_raw_spin_unlock+0x134/0x8a0
[   85.063406][ T3718]  ? create_page_buffers+0x244/0x4b0
[   85.068688][ T3718]  __block_write_begin_int+0x54c/0x1a80
[   85.074240][ T3718]  ? hfs_free_extents+0x420/0x420
[   85.079267][ T3718]  ? page_zero_new_buffers+0x940/0x940
[   85.084747][ T3718]  ? PageHeadHuge+0x8a/0x1d0
[   85.089360][ T3718]  ? hfs_free_extents+0x420/0x420
[   85.094381][ T3718]  block_write_begin+0x93/0x1e0
[   85.099247][ T3718]  ? cont_write_begin+0x5e5/0x860
[   85.104265][ T3718]  ? hfs_free_extents+0x420/0x420
[   85.109286][ T3718]  cont_write_begin+0x606/0x860
[   85.114153][ T3718]  ? fault_in_readable+0x1d5/0x310
[   85.119270][ T3718]  ? generic_cont_expand_simple+0x250/0x250
[   85.125159][ T3718]  ? fault_in_readable+0x219/0x310
[   85.130271][ T3718]  ? fault_in_safe_writeable+0x240/0x240
[   85.135900][ T3718]  hfs_write_begin+0x86/0xd0
[   85.140920][ T3718]  ? hfs_free_extents+0x420/0x420
[   85.145959][ T3718]  generic_perform_write+0x2e4/0x5e0
[   85.151248][ T3718]  ? __block_commit_write+0x420/0x420
[   85.156617][ T3718]  ? generic_file_direct_write+0x610/0x610
[   85.162418][ T3718]  ? __file_remove_privs+0x6c0/0x6c0
[   85.167704][ T3718]  ? generic_write_checks+0x15c/0x1c0
[   85.173107][ T3718]  __generic_file_write_iter+0x176/0x400
[   85.178782][ T3718]  generic_file_write_iter+0xab/0x310
[   85.184182][ T3718]  vfs_write+0x7dc/0xc50
[   85.188462][ T3718]  ? file_end_write+0x230/0x230
[   85.193325][ T3718]  ? ptrace_stop+0x74d/0x970
[   85.197919][ T3718]  ? _raw_spin_unlock_irq+0x2a/0x40
[   85.203133][ T3718]  ? __fdget_pos+0x252/0x2e0
[   85.207726][ T3718]  ksys_write+0x177/0x2a0
[   85.212078][ T3718]  ? __ia32_sys_read+0x80/0x80
[   85.216850][ T3718]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   85.222836][ T3718]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   85.228825][ T3718]  do_syscall_64+0x3d/0xb0
[   85.233232][ T3718]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   85.239120][ T3718] RIP: 0033:0x7f0fa5191c89
[   85.243535][ T3718] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   85.263252][ T3718] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   85.271763][ T3718] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   85.279754][ T3718] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   85.287739][ T3718] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   85.295708][ T3718] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  3718] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3718] exit_group(0)               = ?
[pid  3718] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3718, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./77", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./77/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./77/binderfs")                 = 0
umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./77/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./77/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./77/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./77")                           = 0
mkdir("./78", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3719
./strace-static-x86_64: Process 3719 attached
[pid  3719] chdir("./78")               = 0
[pid  3719] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3719] setpgid(0, 0)               = 0
[pid  3719] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3719] write(3, "1000", 4)         = 4
[pid  3719] close(3)                    = 0
[pid  3719] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3719] memfd_create("syzkaller", 0) = 3
[pid  3719] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3719] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3719] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3719] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   85.303677][ T3718] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000004d
[   85.311673][ T3718]  </TASK>
[pid  3719] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3719] close(3)                    = 0
[pid  3719] mkdir("./file0", 0777)      = 0
[pid  3719] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3719] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3719] chdir("./file0")            = 0
[pid  3719] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3719] close(4)                    = 0
[pid  3719] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3719] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3719] write(5, "13", 2)           = 2
[   85.365207][ T3719] loop0: detected capacity change from 0 to 64
[   85.386951][ T3719] FAULT_INJECTION: forcing a failure.
[   85.386951][ T3719] name failslab, interval 1, probability 0, space 0, times 0
[   85.399862][ T3719] CPU: 0 PID: 3719 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   85.410302][ T3719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   85.420367][ T3719] Call Trace:
[   85.423651][ T3719]  <TASK>
[   85.426573][ T3719]  dump_stack_lvl+0x1b1/0x28e
[   85.431258][ T3719]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   85.436744][ T3719]  ? panic+0x710/0x710
[   85.440832][ T3719]  ? __might_sleep+0xc0/0xc0
[   85.445430][ T3719]  ? __mutex_lock_common+0x45f/0x26e0
[   85.450811][ T3719]  should_fail_ex+0x395/0x4c0
[   85.455503][ T3719]  ? hfs_find_init+0x8b/0x1e0
[   85.460175][ T3719]  should_failslab+0x5/0x20
[   85.464689][ T3719]  __kmem_cache_alloc_node+0x69/0x310
[   85.470064][ T3719]  ? rcu_lock_release+0x5/0x20
[   85.474840][ T3719]  ? hfs_find_init+0x8b/0x1e0
[   85.479529][ T3719]  __kmalloc+0x9e/0x1a0
[   85.483713][ T3719]  hfs_find_init+0x8b/0x1e0
[   85.488236][ T3719]  hfs_extend_file+0x2f8/0x1420
[   85.493080][ T3719]  ? xas_find+0x937/0xa60
[   85.497423][ T3719]  ? hfs_get_block+0xbb0/0xbb0
[   85.502193][ T3719]  ? filemap_get_folios+0x557/0x830
[   85.507388][ T3719]  ? find_lock_entries+0xf60/0xf60
[   85.512508][ T3719]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[   85.518422][ T3719]  hfs_get_block+0x3fc/0xbb0
[   85.523580][ T3719]  ? hfs_free_extents+0x420/0x420
[   85.528640][ T3719]  ? do_raw_spin_unlock+0x134/0x8a0
[   85.533840][ T3719]  ? create_page_buffers+0x244/0x4b0
[   85.539131][ T3719]  __block_write_begin_int+0x54c/0x1a80
[   85.544688][ T3719]  ? hfs_free_extents+0x420/0x420
[   85.549715][ T3719]  ? page_zero_new_buffers+0x940/0x940
[   85.555206][ T3719]  ? PageHeadHuge+0x8a/0x1d0
[   85.559810][ T3719]  ? hfs_free_extents+0x420/0x420
[   85.564830][ T3719]  block_write_begin+0x93/0x1e0
[   85.569700][ T3719]  ? cont_write_begin+0x5e5/0x860
[   85.574738][ T3719]  ? hfs_free_extents+0x420/0x420
[   85.579771][ T3719]  cont_write_begin+0x606/0x860
[   85.584621][ T3719]  ? fault_in_readable+0x1d5/0x310
[   85.589825][ T3719]  ? generic_cont_expand_simple+0x250/0x250
[   85.595907][ T3719]  ? fault_in_readable+0x219/0x310
[   85.601021][ T3719]  ? fault_in_safe_writeable+0x240/0x240
[   85.606656][ T3719]  hfs_write_begin+0x86/0xd0
[   85.611240][ T3719]  ? hfs_free_extents+0x420/0x420
[   85.616257][ T3719]  generic_perform_write+0x2e4/0x5e0
[   85.621556][ T3719]  ? __block_commit_write+0x420/0x420
[   85.626969][ T3719]  ? generic_file_direct_write+0x610/0x610
[   85.632788][ T3719]  ? __file_remove_privs+0x6c0/0x6c0
[   85.638076][ T3719]  ? generic_write_checks+0x15c/0x1c0
[   85.643481][ T3719]  __generic_file_write_iter+0x176/0x400
[   85.649146][ T3719]  generic_file_write_iter+0xab/0x310
[   85.654546][ T3719]  vfs_write+0x7dc/0xc50
[   85.658820][ T3719]  ? file_end_write+0x230/0x230
[   85.663676][ T3719]  ? ptrace_stop+0x74d/0x970
[   85.668284][ T3719]  ? _raw_spin_unlock_irq+0x2a/0x40
[   85.673493][ T3719]  ? __fdget_pos+0x252/0x2e0
[   85.678077][ T3719]  ksys_write+0x177/0x2a0
[   85.682401][ T3719]  ? __ia32_sys_read+0x80/0x80
[   85.687162][ T3719]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   85.693148][ T3719]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   85.699144][ T3719]  do_syscall_64+0x3d/0xb0
[   85.703551][ T3719]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   85.709445][ T3719] RIP: 0033:0x7f0fa5191c89
[   85.713866][ T3719] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   85.733465][ T3719] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   85.741871][ T3719] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   85.749866][ T3719] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   85.757839][ T3719] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3719] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3719] exit_group(0)               = ?
[pid  3719] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3719, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./78", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./78/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./78/binderfs")                 = 0
umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./78/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./78/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./78/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./78")                           = 0
mkdir("./79", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
[   85.765822][ T3719] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   85.773795][ T3719] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000004e
[   85.781768][ T3719]  </TASK>
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3720
./strace-static-x86_64: Process 3720 attached
[pid  3720] chdir("./79")               = 0
[pid  3720] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3720] setpgid(0, 0)               = 0
[pid  3720] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3720] write(3, "1000", 4)         = 4
[pid  3720] close(3)                    = 0
[pid  3720] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3720] memfd_create("syzkaller", 0) = 3
[pid  3720] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3720] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3720] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3720] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3720] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3720] close(3)                    = 0
[pid  3720] mkdir("./file0", 0777)      = 0
[pid  3720] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3720] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3720] chdir("./file0")            = 0
[pid  3720] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3720] close(4)                    = 0
[pid  3720] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3720] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3720] write(5, "13", 2)           = 2
[   85.843191][ T3720] loop0: detected capacity change from 0 to 64
[   85.865156][ T3720] FAULT_INJECTION: forcing a failure.
[   85.865156][ T3720] name failslab, interval 1, probability 0, space 0, times 0
[   85.877942][ T3720] CPU: 0 PID: 3720 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   85.888366][ T3720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   85.898411][ T3720] Call Trace:
[   85.901681][ T3720]  <TASK>
[   85.904607][ T3720]  dump_stack_lvl+0x1b1/0x28e
[   85.909294][ T3720]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   85.914760][ T3720]  ? panic+0x710/0x710
[   85.918826][ T3720]  ? __might_sleep+0xc0/0xc0
[   85.923409][ T3720]  ? __mutex_lock_common+0x45f/0x26e0
[   85.928782][ T3720]  should_fail_ex+0x395/0x4c0
[   85.933454][ T3720]  ? hfs_find_init+0x8b/0x1e0
[   85.938149][ T3720]  should_failslab+0x5/0x20
[   85.942661][ T3720]  __kmem_cache_alloc_node+0x69/0x310
[   85.948036][ T3720]  ? rcu_lock_release+0x5/0x20
[   85.952810][ T3720]  ? hfs_find_init+0x8b/0x1e0
[   85.957478][ T3720]  __kmalloc+0x9e/0x1a0
[   85.961627][ T3720]  hfs_find_init+0x8b/0x1e0
[   85.966141][ T3720]  hfs_extend_file+0x2f8/0x1420
[   85.971000][ T3720]  ? xas_find+0x937/0xa60
[   85.975328][ T3720]  ? hfs_get_block+0xbb0/0xbb0
[   85.980077][ T3720]  ? filemap_get_folios+0x557/0x830
[   85.985294][ T3720]  ? find_lock_entries+0xf60/0xf60
[   85.990418][ T3720]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[   85.996326][ T3720]  hfs_get_block+0x3fc/0xbb0
[   86.000932][ T3720]  ? hfs_free_extents+0x420/0x420
[   86.005952][ T3720]  ? do_raw_spin_unlock+0x134/0x8a0
[   86.011164][ T3720]  ? create_page_buffers+0x244/0x4b0
[   86.016445][ T3720]  __block_write_begin_int+0x54c/0x1a80
[   86.022000][ T3720]  ? hfs_free_extents+0x420/0x420
[   86.027014][ T3720]  ? page_zero_new_buffers+0x940/0x940
[   86.032482][ T3720]  ? PageHeadHuge+0x8a/0x1d0
[   86.037072][ T3720]  ? hfs_free_extents+0x420/0x420
[   86.042086][ T3720]  block_write_begin+0x93/0x1e0
[   86.046933][ T3720]  ? cont_write_begin+0x5e5/0x860
[   86.051949][ T3720]  ? hfs_free_extents+0x420/0x420
[   86.056972][ T3720]  cont_write_begin+0x606/0x860
[   86.061840][ T3720]  ? fault_in_readable+0x1d5/0x310
[   86.067284][ T3720]  ? generic_cont_expand_simple+0x250/0x250
[   86.073191][ T3720]  ? fault_in_readable+0x219/0x310
[   86.078421][ T3720]  ? fault_in_safe_writeable+0x240/0x240
[   86.084071][ T3720]  hfs_write_begin+0x86/0xd0
[   86.088654][ T3720]  ? hfs_free_extents+0x420/0x420
[   86.093691][ T3720]  generic_perform_write+0x2e4/0x5e0
[   86.099010][ T3720]  ? __block_commit_write+0x420/0x420
[   86.104412][ T3720]  ? generic_file_direct_write+0x610/0x610
[   86.110241][ T3720]  ? __file_remove_privs+0x6c0/0x6c0
[   86.115532][ T3720]  ? generic_write_checks+0x15c/0x1c0
[   86.120910][ T3720]  __generic_file_write_iter+0x176/0x400
[   86.126558][ T3720]  generic_file_write_iter+0xab/0x310
[   86.131931][ T3720]  vfs_write+0x7dc/0xc50
[   86.136176][ T3720]  ? file_end_write+0x230/0x230
[   86.141542][ T3720]  ? ptrace_stop+0x74d/0x970
[   86.146146][ T3720]  ? _raw_spin_unlock_irq+0x2a/0x40
[   86.151372][ T3720]  ? __fdget_pos+0x252/0x2e0
[   86.155968][ T3720]  ksys_write+0x177/0x2a0
[   86.160309][ T3720]  ? __ia32_sys_read+0x80/0x80
[   86.165155][ T3720]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   86.171141][ T3720]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   86.177135][ T3720]  do_syscall_64+0x3d/0xb0
[   86.181542][ T3720]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   86.187422][ T3720] RIP: 0033:0x7f0fa5191c89
[   86.191835][ T3720] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   86.211455][ T3720] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   86.219898][ T3720] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   86.227884][ T3720] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   86.235854][ T3720] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3720] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3720] exit_group(0)               = ?
[pid  3720] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3720, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./79", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./79/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./79/binderfs")                 = 0
umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./79/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./79/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./79/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./79")                           = 0
mkdir("./80", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
[   86.243824][ T3720] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   86.251795][ T3720] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000004f
[   86.259796][ T3720]  </TASK>
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3721
./strace-static-x86_64: Process 3721 attached
[pid  3721] chdir("./80")               = 0
[pid  3721] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3721] setpgid(0, 0)               = 0
[pid  3721] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3721] write(3, "1000", 4)         = 4
[pid  3721] close(3)                    = 0
[pid  3721] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3721] memfd_create("syzkaller", 0) = 3
[pid  3721] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3721] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3721] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3721] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3721] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3721] close(3)                    = 0
[pid  3721] mkdir("./file0", 0777)      = 0
[pid  3721] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3721] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3721] chdir("./file0")            = 0
[pid  3721] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3721] close(4)                    = 0
[pid  3721] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3721] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3721] write(5, "13", 2)           = 2
[   86.322138][ T3721] loop0: detected capacity change from 0 to 64
[   86.348068][ T3721] FAULT_INJECTION: forcing a failure.
[   86.348068][ T3721] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   86.361733][ T3721] CPU: 0 PID: 3721 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   86.372147][ T3721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   86.382238][ T3721] Call Trace:
[   86.385532][ T3721]  <TASK>
[   86.388459][ T3721]  dump_stack_lvl+0x1b1/0x28e
[   86.393134][ T3721]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   86.398584][ T3721]  ? panic+0x710/0x710
[   86.402643][ T3721]  ? do_anonymous_page+0xd4a/0x1150
[   86.407832][ T3721]  ? mark_lock+0x9a/0x350
[   86.412151][ T3721]  should_fail_ex+0x395/0x4c0
[   86.416842][ T3721]  prepare_alloc_pages+0x1d7/0x5a0
[   86.421971][ T3721]  __alloc_pages+0x161/0x560
[   86.426583][ T3721]  ? zone_statistics+0x160/0x160
[   86.431542][ T3721]  ? rcu_lock_release+0x5/0x20
[   86.436313][ T3721]  ? alloc_pages+0x520/0x7b0
[   86.440910][ T3721]  ? xas_descend+0x1f3/0x400
[   86.445505][ T3721]  folio_alloc+0x1a/0x50
[   86.449742][ T3721]  filemap_alloc_folio+0x7e/0x1c0
[   86.454769][ T3721]  __filemap_get_folio+0x898/0x1260
[   86.460061][ T3721]  ? page_cache_prev_miss+0x4e0/0x4e0
[   86.465449][ T3721]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[   86.471456][ T3721]  ? print_irqtrace_events+0x220/0x220
[   86.476922][ T3721]  pagecache_get_page+0x28/0x260
[   86.481857][ T3721]  ? hfs_free_extents+0x420/0x420
[   86.486883][ T3721]  block_write_begin+0x2e/0x1e0
[   86.491737][ T3721]  ? cont_write_begin+0x5e5/0x860
[   86.496767][ T3721]  ? hfs_free_extents+0x420/0x420
[   86.501819][ T3721]  cont_write_begin+0x606/0x860
[   86.506678][ T3721]  ? fault_in_readable+0x1d5/0x310
[   86.511795][ T3721]  ? generic_cont_expand_simple+0x250/0x250
[   86.517686][ T3721]  ? fault_in_readable+0x219/0x310
[   86.522826][ T3721]  ? fault_in_safe_writeable+0x240/0x240
[   86.528479][ T3721]  hfs_write_begin+0x86/0xd0
[   86.533065][ T3721]  ? hfs_free_extents+0x420/0x420
[   86.538103][ T3721]  generic_perform_write+0x2e4/0x5e0
[   86.543399][ T3721]  ? __block_commit_write+0x420/0x420
[   86.548779][ T3721]  ? generic_file_direct_write+0x610/0x610
[   86.554683][ T3721]  ? __file_remove_privs+0x6c0/0x6c0
[   86.559971][ T3721]  ? generic_write_checks+0x15c/0x1c0
[   86.565356][ T3721]  __generic_file_write_iter+0x176/0x400
[   86.571017][ T3721]  generic_file_write_iter+0xab/0x310
[   86.576391][ T3721]  vfs_write+0x7dc/0xc50
[   86.580641][ T3721]  ? file_end_write+0x230/0x230
[   86.585490][ T3721]  ? ptrace_stop+0x74d/0x970
[   86.590109][ T3721]  ? _raw_spin_unlock_irq+0x2a/0x40
[   86.595310][ T3721]  ? __fdget_pos+0x252/0x2e0
[   86.599903][ T3721]  ksys_write+0x177/0x2a0
[   86.604234][ T3721]  ? __ia32_sys_read+0x80/0x80
[   86.609005][ T3721]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   86.614986][ T3721]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   86.620966][ T3721]  do_syscall_64+0x3d/0xb0
[   86.625554][ T3721]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   86.631443][ T3721] RIP: 0033:0x7f0fa5191c89
[   86.635852][ T3721] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   86.655453][ T3721] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   86.663861][ T3721] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[pid  3721] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3721] exit_group(0)               = ?
[pid  3721] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3721, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./80", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./80/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./80/binderfs")                 = 0
umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./80/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./80/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./80/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./80")                           = 0
mkdir("./81", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3722
./strace-static-x86_64: Process 3722 attached
[pid  3722] chdir("./81")               = 0
[pid  3722] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3722] setpgid(0, 0)               = 0
[pid  3722] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3722] write(3, "1000", 4)         = 4
[pid  3722] close(3)                    = 0
[   86.671827][ T3721] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   86.679792][ T3721] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   86.687757][ T3721] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   86.695732][ T3721] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000050
[   86.703715][ T3721]  </TASK>
[pid  3722] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3722] memfd_create("syzkaller", 0) = 3
[pid  3722] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3722] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3722] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3722] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3722] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3722] close(3)                    = 0
[pid  3722] mkdir("./file0", 0777)      = 0
[pid  3722] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3722] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3722] chdir("./file0")            = 0
[pid  3722] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3722] close(4)                    = 0
[pid  3722] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3722] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3722] write(5, "13", 2)           = 2
[   86.760613][ T3722] loop0: detected capacity change from 0 to 64
[   86.791954][ T3722] FAULT_INJECTION: forcing a failure.
[   86.791954][ T3722] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   86.805657][ T3722] CPU: 0 PID: 3722 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   86.816060][ T3722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   86.826100][ T3722] Call Trace:
[   86.829363][ T3722]  <TASK>
[   86.832281][ T3722]  dump_stack_lvl+0x1b1/0x28e
[   86.836948][ T3722]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   86.842389][ T3722]  ? panic+0x710/0x710
[   86.846444][ T3722]  ? do_anonymous_page+0xd4a/0x1150
[   86.851632][ T3722]  ? mark_lock+0x9a/0x350
[   86.855970][ T3722]  should_fail_ex+0x395/0x4c0
[   86.860638][ T3722]  prepare_alloc_pages+0x1d7/0x5a0
[   86.865765][ T3722]  __alloc_pages+0x161/0x560
[   86.870346][ T3722]  ? zone_statistics+0x160/0x160
[   86.875275][ T3722]  ? rcu_lock_release+0x5/0x20
[   86.880112][ T3722]  ? alloc_pages+0x520/0x7b0
[   86.884704][ T3722]  ? xas_descend+0x1f3/0x400
[   86.889277][ T3722]  folio_alloc+0x1a/0x50
[   86.893504][ T3722]  filemap_alloc_folio+0x7e/0x1c0
[   86.898513][ T3722]  __filemap_get_folio+0x898/0x1260
[   86.903697][ T3722]  ? page_cache_prev_miss+0x4e0/0x4e0
[   86.909058][ T3722]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[   86.915033][ T3722]  ? print_irqtrace_events+0x220/0x220
[   86.920486][ T3722]  pagecache_get_page+0x28/0x260
[   86.925410][ T3722]  ? hfs_free_extents+0x420/0x420
[   86.930416][ T3722]  block_write_begin+0x2e/0x1e0
[   86.935252][ T3722]  ? cont_write_begin+0x5e5/0x860
[   86.940259][ T3722]  ? hfs_free_extents+0x420/0x420
[   86.945270][ T3722]  cont_write_begin+0x606/0x860
[   86.950107][ T3722]  ? fault_in_readable+0x1d5/0x310
[   86.955205][ T3722]  ? generic_cont_expand_simple+0x250/0x250
[   86.961082][ T3722]  ? fault_in_readable+0x219/0x310
[   86.966178][ T3722]  ? fault_in_safe_writeable+0x240/0x240
[   86.971801][ T3722]  hfs_write_begin+0x86/0xd0
[   86.976373][ T3722]  ? hfs_free_extents+0x420/0x420
[   86.981382][ T3722]  generic_perform_write+0x2e4/0x5e0
[   86.986655][ T3722]  ? __block_commit_write+0x420/0x420
[   86.992013][ T3722]  ? generic_file_direct_write+0x610/0x610
[   86.997800][ T3722]  ? __file_remove_privs+0x6c0/0x6c0
[   87.003069][ T3722]  ? generic_write_checks+0x15c/0x1c0
[   87.008430][ T3722]  __generic_file_write_iter+0x176/0x400
[   87.014049][ T3722]  generic_file_write_iter+0xab/0x310
[   87.019405][ T3722]  vfs_write+0x7dc/0xc50
[   87.023634][ T3722]  ? file_end_write+0x230/0x230
[   87.028467][ T3722]  ? ptrace_stop+0x74d/0x970
[   87.033047][ T3722]  ? _raw_spin_unlock_irq+0x2a/0x40
[   87.038251][ T3722]  ? __fdget_pos+0x252/0x2e0
[   87.042826][ T3722]  ksys_write+0x177/0x2a0
[   87.047150][ T3722]  ? __ia32_sys_read+0x80/0x80
[   87.051899][ T3722]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   87.057865][ T3722]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   87.063833][ T3722]  do_syscall_64+0x3d/0xb0
[   87.068231][ T3722]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   87.074107][ T3722] RIP: 0033:0x7f0fa5191c89
[   87.078506][ T3722] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   87.098120][ T3722] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid  3722] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3722] exit_group(0)               = ?
[pid  3722] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3722, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./81", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./81/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./81/binderfs")                 = 0
umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./81/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./81/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./81/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./81")                           = 0
mkdir("./82", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3723
./strace-static-x86_64: Process 3723 attached
[pid  3723] chdir("./82")               = 0
[pid  3723] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3723] setpgid(0, 0)               = 0
[pid  3723] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3723] write(3, "1000", 4)         = 4
[pid  3723] close(3)                    = 0
[pid  3723] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3723] memfd_create("syzkaller", 0) = 3
[pid  3723] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3723] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3723] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3723] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   87.106687][ T3722] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   87.114639][ T3722] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   87.122590][ T3722] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   87.130543][ T3722] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   87.138841][ T3722] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000051
[   87.146806][ T3722]  </TASK>
[pid  3723] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3723] close(3)                    = 0
[pid  3723] mkdir("./file0", 0777)      = 0
[pid  3723] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3723] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3723] chdir("./file0")            = 0
[pid  3723] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3723] close(4)                    = 0
[pid  3723] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3723] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3723] write(5, "13", 2)           = 2
[   87.191057][ T3723] loop0: detected capacity change from 0 to 64
[   87.220115][ T3723] FAULT_INJECTION: forcing a failure.
[   87.220115][ T3723] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   87.234232][ T3723] CPU: 0 PID: 3723 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   87.244662][ T3723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   87.254713][ T3723] Call Trace:
[   87.257978][ T3723]  <TASK>
[   87.260911][ T3723]  dump_stack_lvl+0x1b1/0x28e
[   87.265576][ T3723]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   87.271023][ T3723]  ? panic+0x710/0x710
[   87.275076][ T3723]  ? do_anonymous_page+0xd4a/0x1150
[   87.280265][ T3723]  ? mark_lock+0x9a/0x350
[   87.284579][ T3723]  should_fail_ex+0x395/0x4c0
[   87.289255][ T3723]  prepare_alloc_pages+0x1d7/0x5a0
[   87.294382][ T3723]  __alloc_pages+0x161/0x560
[   87.298995][ T3723]  ? zone_statistics+0x160/0x160
[   87.303947][ T3723]  ? rcu_lock_release+0x5/0x20
[   87.308709][ T3723]  ? alloc_pages+0x520/0x7b0
[   87.313306][ T3723]  ? xas_descend+0x1f3/0x400
[   87.317906][ T3723]  folio_alloc+0x1a/0x50
[   87.322142][ T3723]  filemap_alloc_folio+0x7e/0x1c0
[   87.327164][ T3723]  __filemap_get_folio+0x898/0x1260
[   87.332362][ T3723]  ? page_cache_prev_miss+0x4e0/0x4e0
[   87.337731][ T3723]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[   87.343731][ T3723]  ? print_irqtrace_events+0x220/0x220
[   87.349207][ T3723]  pagecache_get_page+0x28/0x260
[   87.354158][ T3723]  ? hfs_free_extents+0x420/0x420
[   87.359189][ T3723]  block_write_begin+0x2e/0x1e0
[   87.364049][ T3723]  ? cont_write_begin+0x5e5/0x860
[   87.369077][ T3723]  ? hfs_free_extents+0x420/0x420
[   87.374115][ T3723]  cont_write_begin+0x606/0x860
[   87.378969][ T3723]  ? fault_in_readable+0x1d5/0x310
[   87.384100][ T3723]  ? generic_cont_expand_simple+0x250/0x250
[   87.389995][ T3723]  ? fault_in_readable+0x219/0x310
[   87.395114][ T3723]  ? fault_in_safe_writeable+0x240/0x240
[   87.400752][ T3723]  hfs_write_begin+0x86/0xd0
[   87.405336][ T3723]  ? hfs_free_extents+0x420/0x420
[   87.410364][ T3723]  generic_perform_write+0x2e4/0x5e0
[   87.415657][ T3723]  ? __block_commit_write+0x420/0x420
[   87.421027][ T3723]  ? generic_file_direct_write+0x610/0x610
[   87.426829][ T3723]  ? __file_remove_privs+0x6c0/0x6c0
[   87.432114][ T3723]  ? generic_write_checks+0x15c/0x1c0
[   87.437490][ T3723]  __generic_file_write_iter+0x176/0x400
[   87.443385][ T3723]  generic_file_write_iter+0xab/0x310
[   87.448756][ T3723]  vfs_write+0x7dc/0xc50
[   87.453003][ T3723]  ? file_end_write+0x230/0x230
[   87.457852][ T3723]  ? ptrace_stop+0x74d/0x970
[   87.462535][ T3723]  ? _raw_spin_unlock_irq+0x2a/0x40
[   87.467734][ T3723]  ? __fdget_pos+0x252/0x2e0
[   87.472326][ T3723]  ksys_write+0x177/0x2a0
[   87.476666][ T3723]  ? __ia32_sys_read+0x80/0x80
[   87.481426][ T3723]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   87.487404][ T3723]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   87.493383][ T3723]  do_syscall_64+0x3d/0xb0
[   87.497797][ T3723]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   87.503684][ T3723] RIP: 0033:0x7f0fa5191c89
[   87.508128][ T3723] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   87.527726][ T3723] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid  3723] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3723] exit_group(0)               = ?
[pid  3723] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3723, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./82", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./82/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./82/binderfs")                 = 0
umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./82/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./82/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./82/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./82")                           = 0
mkdir("./83", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3724
./strace-static-x86_64: Process 3724 attached
[pid  3724] chdir("./83")               = 0
[pid  3724] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3724] setpgid(0, 0)               = 0
[   87.536135][ T3723] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   87.544099][ T3723] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   87.552236][ T3723] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   87.560203][ T3723] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   87.568167][ T3723] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000052
[   87.576150][ T3723]  </TASK>
[pid  3724] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3724] write(3, "1000", 4)         = 4
[pid  3724] close(3)                    = 0
[pid  3724] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3724] memfd_create("syzkaller", 0) = 3
[pid  3724] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3724] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3724] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3724] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3724] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3724] close(3)                    = 0
[pid  3724] mkdir("./file0", 0777)      = 0
[pid  3724] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3724] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3724] chdir("./file0")            = 0
[pid  3724] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3724] close(4)                    = 0
[pid  3724] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3724] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3724] write(5, "13", 2)           = 2
[   87.631827][ T3724] loop0: detected capacity change from 0 to 64
[   87.648258][ T3724] FAULT_INJECTION: forcing a failure.
[   87.648258][ T3724] name failslab, interval 1, probability 0, space 0, times 0
[   87.661601][ T3724] CPU: 0 PID: 3724 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   87.672070][ T3724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   87.682144][ T3724] Call Trace:
[   87.685425][ T3724]  <TASK>
[   87.688431][ T3724]  dump_stack_lvl+0x1b1/0x28e
[   87.693100][ T3724]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   87.698548][ T3724]  ? panic+0x710/0x710
[   87.702613][ T3724]  ? __might_sleep+0xc0/0xc0
[   87.707362][ T3724]  ? __mutex_lock_common+0x45f/0x26e0
[   87.712729][ T3724]  should_fail_ex+0x395/0x4c0
[   87.717400][ T3724]  ? hfs_find_init+0x8b/0x1e0
[   87.722074][ T3724]  should_failslab+0x5/0x20
[   87.726586][ T3724]  __kmem_cache_alloc_node+0x69/0x310
[   87.731963][ T3724]  ? rcu_lock_release+0x5/0x20
[   87.736733][ T3724]  ? hfs_find_init+0x8b/0x1e0
[   87.741403][ T3724]  __kmalloc+0x9e/0x1a0
[   87.745551][ T3724]  hfs_find_init+0x8b/0x1e0
[   87.750047][ T3724]  hfs_extend_file+0x2f8/0x1420
[   87.754905][ T3724]  ? xas_find+0x937/0xa60
[   87.759285][ T3724]  ? hfs_get_block+0xbb0/0xbb0
[   87.764057][ T3724]  ? filemap_get_folios+0x557/0x830
[   87.769263][ T3724]  ? find_lock_entries+0xf60/0xf60
[   87.774450][ T3724]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[   87.780343][ T3724]  hfs_get_block+0x3fc/0xbb0
[   87.784930][ T3724]  ? hfs_free_extents+0x420/0x420
[   87.789940][ T3724]  ? do_raw_spin_unlock+0x134/0x8a0
[   87.795135][ T3724]  ? create_page_buffers+0x244/0x4b0
[   87.800422][ T3724]  __block_write_begin_int+0x54c/0x1a80
[   87.806017][ T3724]  ? hfs_free_extents+0x420/0x420
[   87.811055][ T3724]  ? page_zero_new_buffers+0x940/0x940
[   87.816506][ T3724]  ? PageHeadHuge+0x8a/0x1d0
[   87.821102][ T3724]  ? hfs_free_extents+0x420/0x420
[   87.826128][ T3724]  block_write_begin+0x93/0x1e0
[   87.830972][ T3724]  ? cont_write_begin+0x5e5/0x860
[   87.835986][ T3724]  ? hfs_free_extents+0x420/0x420
[   87.840998][ T3724]  cont_write_begin+0x606/0x860
[   87.845857][ T3724]  ? fault_in_readable+0x1d5/0x310
[   87.850985][ T3724]  ? generic_cont_expand_simple+0x250/0x250
[   87.856878][ T3724]  ? fault_in_readable+0x219/0x310
[   87.861998][ T3724]  ? fault_in_safe_writeable+0x240/0x240
[   87.867626][ T3724]  hfs_write_begin+0x86/0xd0
[   87.872219][ T3724]  ? hfs_free_extents+0x420/0x420
[   87.877254][ T3724]  generic_perform_write+0x2e4/0x5e0
[   87.882534][ T3724]  ? __block_commit_write+0x420/0x420
[   87.887897][ T3724]  ? generic_file_direct_write+0x610/0x610
[   87.893703][ T3724]  ? __file_remove_privs+0x6c0/0x6c0
[   87.898988][ T3724]  ? generic_write_checks+0x15c/0x1c0
[   87.904365][ T3724]  __generic_file_write_iter+0x176/0x400
[   87.909997][ T3724]  generic_file_write_iter+0xab/0x310
[   87.915370][ T3724]  vfs_write+0x7dc/0xc50
[   87.919614][ T3724]  ? file_end_write+0x230/0x230
[   87.924454][ T3724]  ? ptrace_stop+0x74d/0x970
[   87.929115][ T3724]  ? _raw_spin_unlock_irq+0x2a/0x40
[   87.934324][ T3724]  ? __fdget_pos+0x252/0x2e0
[   87.938935][ T3724]  ksys_write+0x177/0x2a0
[   87.943278][ T3724]  ? __ia32_sys_read+0x80/0x80
[   87.948052][ T3724]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   87.954049][ T3724]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   87.960030][ T3724]  do_syscall_64+0x3d/0xb0
[   87.964463][ T3724]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   87.970341][ T3724] RIP: 0033:0x7f0fa5191c89
[   87.974743][ T3724] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   87.994356][ T3724] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   88.002798][ T3724] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   88.010781][ T3724] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   88.018762][ T3724] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3724] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3724] exit_group(0)               = ?
[pid  3724] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3724, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./83", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./83/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./83/binderfs")                 = 0
umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./83/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./83/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./83/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./83")                           = 0
mkdir("./84", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3725
./strace-static-x86_64: Process 3725 attached
[pid  3725] chdir("./84")               = 0
[pid  3725] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3725] setpgid(0, 0)               = 0
[pid  3725] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3725] write(3, "1000", 4)         = 4
[pid  3725] close(3)                    = 0
[pid  3725] symlink("/dev/binderfs", "./binderfs") = 0
[   88.026726][ T3724] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   88.034711][ T3724] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000053
[   88.042950][ T3724]  </TASK>
[pid  3725] memfd_create("syzkaller", 0) = 3
[pid  3725] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3725] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3725] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3725] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3725] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3725] close(3)                    = 0
[pid  3725] mkdir("./file0", 0777)      = 0
[pid  3725] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3725] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3725] chdir("./file0")            = 0
[pid  3725] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3725] close(4)                    = 0
[pid  3725] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3725] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3725] write(5, "13", 2)           = 2
[   88.097633][ T3725] loop0: detected capacity change from 0 to 64
[   88.125175][ T3725] FAULT_INJECTION: forcing a failure.
[   88.125175][ T3725] name failslab, interval 1, probability 0, space 0, times 0
[   88.137942][ T3725] CPU: 0 PID: 3725 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   88.148377][ T3725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   88.158424][ T3725] Call Trace:
[   88.161693][ T3725]  <TASK>
[   88.164612][ T3725]  dump_stack_lvl+0x1b1/0x28e
[   88.169294][ T3725]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   88.174761][ T3725]  ? panic+0x710/0x710
[   88.178823][ T3725]  ? __might_sleep+0xc0/0xc0
[   88.183405][ T3725]  ? __mutex_lock_common+0x45f/0x26e0
[   88.188871][ T3725]  should_fail_ex+0x395/0x4c0
[   88.193637][ T3725]  ? hfs_find_init+0x8b/0x1e0
[   88.198314][ T3725]  should_failslab+0x5/0x20
[   88.202821][ T3725]  __kmem_cache_alloc_node+0x69/0x310
[   88.208196][ T3725]  ? hfs_find_init+0x8b/0x1e0
[   88.212869][ T3725]  __kmalloc+0x9e/0x1a0
[   88.217028][ T3725]  hfs_find_init+0x8b/0x1e0
[   88.221621][ T3725]  hfs_extend_file+0x2f8/0x1420
[   88.226476][ T3725]  ? hfs_get_block+0xbb0/0xbb0
[   88.231235][ T3725]  ? lru_cache_disable+0x30/0x30
[   88.236170][ T3725]  ? __might_sleep+0xc0/0xc0
[   88.240775][ T3725]  hfs_get_block+0x3fc/0xbb0
[   88.245375][ T3725]  ? hfs_free_extents+0x420/0x420
[   88.250396][ T3725]  ? do_raw_spin_unlock+0x134/0x8a0
[   88.255600][ T3725]  ? create_page_buffers+0x244/0x4b0
[   88.260887][ T3725]  __block_write_begin_int+0x54c/0x1a80
[   88.266449][ T3725]  ? hfs_free_extents+0x420/0x420
[   88.271466][ T3725]  ? page_zero_new_buffers+0x940/0x940
[   88.276922][ T3725]  ? PageHeadHuge+0x8a/0x1d0
[   88.281540][ T3725]  ? hfs_free_extents+0x420/0x420
[   88.286563][ T3725]  block_write_begin+0x93/0x1e0
[   88.291415][ T3725]  ? cont_write_begin+0x5e5/0x860
[   88.296445][ T3725]  ? hfs_free_extents+0x420/0x420
[   88.301464][ T3725]  cont_write_begin+0x606/0x860
[   88.306339][ T3725]  ? fault_in_readable+0x1d5/0x310
[   88.311476][ T3725]  ? generic_cont_expand_simple+0x250/0x250
[   88.317387][ T3725]  ? fault_in_readable+0x219/0x310
[   88.322507][ T3725]  ? fault_in_safe_writeable+0x240/0x240
[   88.328143][ T3725]  hfs_write_begin+0x86/0xd0
[   88.332726][ T3725]  ? hfs_free_extents+0x420/0x420
[   88.337749][ T3725]  generic_perform_write+0x2e4/0x5e0
[   88.343136][ T3725]  ? __block_commit_write+0x420/0x420
[   88.348506][ T3725]  ? generic_file_direct_write+0x610/0x610
[   88.354309][ T3725]  ? __file_remove_privs+0x6c0/0x6c0
[   88.359591][ T3725]  ? generic_write_checks+0x15c/0x1c0
[   88.365059][ T3725]  __generic_file_write_iter+0x176/0x400
[   88.370713][ T3725]  generic_file_write_iter+0xab/0x310
[   88.376105][ T3725]  vfs_write+0x7dc/0xc50
[   88.380365][ T3725]  ? file_end_write+0x230/0x230
[   88.385308][ T3725]  ? ptrace_stop+0x74d/0x970
[   88.389922][ T3725]  ? _raw_spin_unlock_irq+0x2a/0x40
[   88.395129][ T3725]  ? __fdget_pos+0x252/0x2e0
[   88.399720][ T3725]  ksys_write+0x177/0x2a0
[   88.404055][ T3725]  ? __ia32_sys_read+0x80/0x80
[   88.408816][ T3725]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   88.414795][ T3725]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   88.420773][ T3725]  do_syscall_64+0x3d/0xb0
[   88.425272][ T3725]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   88.431157][ T3725] RIP: 0033:0x7f0fa5191c89
[   88.435568][ T3725] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   88.455163][ T3725] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   88.463570][ T3725] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   88.471539][ T3725] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   88.479500][ T3725] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   88.487466][ T3725] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  3725] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3725] exit_group(0)               = ?
[pid  3725] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3725, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./84", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./84/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./84/binderfs")                 = 0
umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./84/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./84/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./84/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./84")                           = 0
mkdir("./85", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3726 attached
, child_tidptr=0x555555b7f5d0) = 3726
[pid  3726] chdir("./85")               = 0
[pid  3726] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3726] setpgid(0, 0)               = 0
[pid  3726] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3726] write(3, "1000", 4)         = 4
[pid  3726] close(3)                    = 0
[pid  3726] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3726] memfd_create("syzkaller", 0) = 3
[   88.495434][ T3725] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000054
[   88.503413][ T3725]  </TASK>
[pid  3726] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3726] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3726] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3726] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3726] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3726] close(3)                    = 0
[pid  3726] mkdir("./file0", 0777)      = 0
[pid  3726] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3726] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3726] chdir("./file0")            = 0
[pid  3726] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3726] close(4)                    = 0
[pid  3726] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3726] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3726] write(5, "13", 2)           = 2
[   88.563046][ T3726] loop0: detected capacity change from 0 to 64
[   88.579442][ T3726] FAULT_INJECTION: forcing a failure.
[   88.579442][ T3726] name failslab, interval 1, probability 0, space 0, times 0
[   88.592860][ T3726] CPU: 0 PID: 3726 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   88.603329][ T3726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   88.613394][ T3726] Call Trace:
[   88.616661][ T3726]  <TASK>
[   88.619578][ T3726]  dump_stack_lvl+0x1b1/0x28e
[   88.624244][ T3726]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   88.629691][ T3726]  ? panic+0x710/0x710
[   88.633766][ T3726]  ? __might_sleep+0xc0/0xc0
[   88.638360][ T3726]  ? __mutex_lock_common+0x45f/0x26e0
[   88.643736][ T3726]  should_fail_ex+0x395/0x4c0
[   88.648412][ T3726]  ? hfs_find_init+0x8b/0x1e0
[   88.653087][ T3726]  should_failslab+0x5/0x20
[   88.657582][ T3726]  __kmem_cache_alloc_node+0x69/0x310
[   88.662946][ T3726]  ? rcu_lock_release+0x5/0x20
[   88.667701][ T3726]  ? hfs_find_init+0x8b/0x1e0
[   88.672386][ T3726]  __kmalloc+0x9e/0x1a0
[   88.676564][ T3726]  hfs_find_init+0x8b/0x1e0
[   88.681090][ T3726]  hfs_extend_file+0x2f8/0x1420
[   88.685941][ T3726]  ? xas_find+0x937/0xa60
[   88.690266][ T3726]  ? hfs_get_block+0xbb0/0xbb0
[   88.695026][ T3726]  ? filemap_get_folios+0x557/0x830
[   88.700231][ T3726]  ? find_lock_entries+0xf60/0xf60
[   88.705337][ T3726]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[   88.711228][ T3726]  hfs_get_block+0x3fc/0xbb0
[   88.715818][ T3726]  ? hfs_free_extents+0x420/0x420
[   88.720835][ T3726]  ? do_raw_spin_unlock+0x134/0x8a0
[   88.726049][ T3726]  ? create_page_buffers+0x244/0x4b0
[   88.731327][ T3726]  __block_write_begin_int+0x54c/0x1a80
[   88.736963][ T3726]  ? hfs_free_extents+0x420/0x420
[   88.741982][ T3726]  ? page_zero_new_buffers+0x940/0x940
[   88.747462][ T3726]  ? PageHeadHuge+0x8a/0x1d0
[   88.752066][ T3726]  ? hfs_free_extents+0x420/0x420
[   88.757077][ T3726]  block_write_begin+0x93/0x1e0
[   88.761928][ T3726]  ? cont_write_begin+0x5e5/0x860
[   88.766954][ T3726]  ? hfs_free_extents+0x420/0x420
[   88.771966][ T3726]  cont_write_begin+0x606/0x860
[   88.776812][ T3726]  ? fault_in_readable+0x1d5/0x310
[   88.781920][ T3726]  ? generic_cont_expand_simple+0x250/0x250
[   88.787801][ T3726]  ? fault_in_readable+0x219/0x310
[   88.792915][ T3726]  ? fault_in_safe_writeable+0x240/0x240
[   88.798573][ T3726]  hfs_write_begin+0x86/0xd0
[   88.803168][ T3726]  ? hfs_free_extents+0x420/0x420
[   88.808197][ T3726]  generic_perform_write+0x2e4/0x5e0
[   88.813495][ T3726]  ? __block_commit_write+0x420/0x420
[   88.818866][ T3726]  ? generic_file_direct_write+0x610/0x610
[   88.824672][ T3726]  ? __file_remove_privs+0x6c0/0x6c0
[   88.829974][ T3726]  ? generic_write_checks+0x15c/0x1c0
[   88.835344][ T3726]  __generic_file_write_iter+0x176/0x400
[   88.840971][ T3726]  generic_file_write_iter+0xab/0x310
[   88.846342][ T3726]  vfs_write+0x7dc/0xc50
[   88.850585][ T3726]  ? file_end_write+0x230/0x230
[   88.855434][ T3726]  ? ptrace_stop+0x74d/0x970
[   88.860025][ T3726]  ? _raw_spin_unlock_irq+0x2a/0x40
[   88.865219][ T3726]  ? __fdget_pos+0x252/0x2e0
[   88.869798][ T3726]  ksys_write+0x177/0x2a0
[   88.874132][ T3726]  ? __ia32_sys_read+0x80/0x80
[   88.878907][ T3726]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   88.884881][ T3726]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   88.890861][ T3726]  do_syscall_64+0x3d/0xb0
[   88.895276][ T3726]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   88.901161][ T3726] RIP: 0033:0x7f0fa5191c89
[   88.905561][ T3726] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   88.925329][ T3726] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   88.933758][ T3726] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   88.941726][ T3726] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   88.949698][ T3726] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3726] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3726] exit_group(0)               = ?
[pid  3726] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3726, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./85", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./85/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./85/binderfs")                 = 0
umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./85/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./85/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./85/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./85")                           = 0
mkdir("./86", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3727
./strace-static-x86_64: Process 3727 attached
[pid  3727] chdir("./86")               = 0
[pid  3727] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3727] setpgid(0, 0)               = 0
[pid  3727] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3727] write(3, "1000", 4)         = 4
[pid  3727] close(3)                    = 0
[   88.957678][ T3726] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   88.965636][ T3726] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000055
[   88.973705][ T3726]  </TASK>
[pid  3727] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3727] memfd_create("syzkaller", 0) = 3
[pid  3727] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3727] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3727] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3727] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3727] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3727] close(3)                    = 0
[pid  3727] mkdir("./file0", 0777)      = 0
[pid  3727] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3727] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3727] chdir("./file0")            = 0
[pid  3727] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3727] close(4)                    = 0
[pid  3727] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3727] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3727] write(5, "13", 2)           = 2
[   89.032236][ T3727] loop0: detected capacity change from 0 to 64
[   89.064554][ T3727] FAULT_INJECTION: forcing a failure.
[   89.064554][ T3727] name failslab, interval 1, probability 0, space 0, times 0
[   89.077252][ T3727] CPU: 1 PID: 3727 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   89.087657][ T3727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   89.097705][ T3727] Call Trace:
[   89.100992][ T3727]  <TASK>
[   89.103935][ T3727]  dump_stack_lvl+0x1b1/0x28e
[   89.108622][ T3727]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   89.114081][ T3727]  ? panic+0x710/0x710
[   89.118169][ T3727]  ? __might_sleep+0xc0/0xc0
[   89.122764][ T3727]  ? __mutex_lock_common+0x45f/0x26e0
[   89.128149][ T3727]  should_fail_ex+0x395/0x4c0
[   89.133272][ T3727]  ? hfs_find_init+0x8b/0x1e0
[   89.137964][ T3727]  should_failslab+0x5/0x20
[   89.142471][ T3727]  __kmem_cache_alloc_node+0x69/0x310
[   89.147850][ T3727]  ? hfs_find_init+0x8b/0x1e0
[   89.152530][ T3727]  __kmalloc+0x9e/0x1a0
[   89.156690][ T3727]  hfs_find_init+0x8b/0x1e0
[   89.161192][ T3727]  hfs_extend_file+0x2f8/0x1420
[   89.166058][ T3727]  ? hfs_get_block+0xbb0/0xbb0
[   89.170821][ T3727]  ? lru_cache_disable+0x30/0x30
[   89.175854][ T3727]  ? __might_sleep+0xc0/0xc0
[   89.180453][ T3727]  hfs_get_block+0x3fc/0xbb0
[   89.185052][ T3727]  ? hfs_free_extents+0x420/0x420
[   89.190090][ T3727]  ? do_raw_spin_unlock+0x134/0x8a0
[   89.195284][ T3727]  ? create_page_buffers+0x244/0x4b0
[   89.200580][ T3727]  __block_write_begin_int+0x54c/0x1a80
[   89.206228][ T3727]  ? hfs_free_extents+0x420/0x420
[   89.211331][ T3727]  ? page_zero_new_buffers+0x940/0x940
[   89.216789][ T3727]  ? PageHeadHuge+0x8a/0x1d0
[   89.221394][ T3727]  ? hfs_free_extents+0x420/0x420
[   89.226431][ T3727]  block_write_begin+0x93/0x1e0
[   89.231310][ T3727]  ? cont_write_begin+0x5e5/0x860
[   89.236339][ T3727]  ? hfs_free_extents+0x420/0x420
[   89.241362][ T3727]  cont_write_begin+0x606/0x860
[   89.246211][ T3727]  ? fault_in_readable+0x1d5/0x310
[   89.251317][ T3727]  ? generic_cont_expand_simple+0x250/0x250
[   89.257203][ T3727]  ? fault_in_readable+0x219/0x310
[   89.262312][ T3727]  ? fault_in_safe_writeable+0x240/0x240
[   89.267952][ T3727]  hfs_write_begin+0x86/0xd0
[   89.272539][ T3727]  ? hfs_free_extents+0x420/0x420
[   89.277833][ T3727]  generic_perform_write+0x2e4/0x5e0
[   89.283119][ T3727]  ? __block_commit_write+0x420/0x420
[   89.288496][ T3727]  ? generic_file_direct_write+0x610/0x610
[   89.294307][ T3727]  ? __file_remove_privs+0x6c0/0x6c0
[   89.299612][ T3727]  ? generic_write_checks+0x15c/0x1c0
[   89.305028][ T3727]  __generic_file_write_iter+0x176/0x400
[   89.310683][ T3727]  generic_file_write_iter+0xab/0x310
[   89.316074][ T3727]  vfs_write+0x7dc/0xc50
[   89.320328][ T3727]  ? file_end_write+0x230/0x230
[   89.325188][ T3727]  ? ptrace_stop+0x74d/0x970
[   89.329779][ T3727]  ? _raw_spin_unlock_irq+0x2a/0x40
[   89.334980][ T3727]  ? __fdget_pos+0x252/0x2e0
[   89.339663][ T3727]  ksys_write+0x177/0x2a0
[   89.344020][ T3727]  ? __ia32_sys_read+0x80/0x80
[   89.348792][ T3727]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   89.354763][ T3727]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   89.360747][ T3727]  do_syscall_64+0x3d/0xb0
[   89.365155][ T3727]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   89.371039][ T3727] RIP: 0033:0x7f0fa5191c89
[   89.375479][ T3727] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   89.395178][ T3727] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   89.403586][ T3727] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   89.411549][ T3727] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   89.419509][ T3727] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3727] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3727] exit_group(0)               = ?
[pid  3727] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3727, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./86", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./86/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./86/binderfs")                 = 0
umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./86/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./86/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./86/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./86")                           = 0
mkdir("./87", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3728
./strace-static-x86_64: Process 3728 attached
[pid  3728] chdir("./87")               = 0
[pid  3728] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3728] setpgid(0, 0)               = 0
[pid  3728] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3728] write(3, "1000", 4)         = 4
[pid  3728] close(3)                    = 0
[pid  3728] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3728] memfd_create("syzkaller", 0) = 3
[pid  3728] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[   89.427485][ T3727] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   89.435475][ T3727] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000056
[   89.443468][ T3727]  </TASK>
[pid  3728] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3728] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3728] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3728] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3728] close(3)                    = 0
[pid  3728] mkdir("./file0", 0777)      = 0
[pid  3728] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3728] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3728] chdir("./file0")            = 0
[pid  3728] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3728] close(4)                    = 0
[pid  3728] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3728] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3728] write(5, "13", 2)           = 2
[   89.494523][ T3728] loop0: detected capacity change from 0 to 64
[   89.496245][ T3640] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[   89.523143][ T3728] FAULT_INJECTION: forcing a failure.
[   89.523143][ T3728] name failslab, interval 1, probability 0, space 0, times 0
[   89.536118][ T3728] CPU: 1 PID: 3728 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   89.546519][ T3728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   89.556735][ T3728] Call Trace:
[   89.560007][ T3728]  <TASK>
[   89.562938][ T3728]  dump_stack_lvl+0x1b1/0x28e
[   89.567614][ T3728]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   89.573065][ T3728]  ? panic+0x710/0x710
[   89.577134][ T3728]  ? __might_sleep+0xc0/0xc0
[   89.581717][ T3728]  ? __mutex_lock_common+0x45f/0x26e0
[   89.587091][ T3728]  should_fail_ex+0x395/0x4c0
[   89.591765][ T3728]  ? hfs_find_init+0x8b/0x1e0
[   89.596465][ T3728]  should_failslab+0x5/0x20
[   89.600963][ T3728]  __kmem_cache_alloc_node+0x69/0x310
[   89.606338][ T3728]  ? hfs_find_init+0x8b/0x1e0
[   89.611015][ T3728]  __kmalloc+0x9e/0x1a0
[   89.615174][ T3728]  hfs_find_init+0x8b/0x1e0
[   89.619686][ T3728]  hfs_extend_file+0x2f8/0x1420
[   89.624543][ T3728]  ? hfs_get_block+0xbb0/0xbb0
[   89.629304][ T3728]  ? lru_cache_disable+0x30/0x30
[   89.634238][ T3728]  ? __might_sleep+0xc0/0xc0
[   89.638846][ T3728]  hfs_get_block+0x3fc/0xbb0
[   89.643443][ T3728]  ? hfs_free_extents+0x420/0x420
[   89.648459][ T3728]  ? do_raw_spin_unlock+0x134/0x8a0
[   89.653668][ T3728]  ? create_page_buffers+0x244/0x4b0
[   89.658975][ T3728]  __block_write_begin_int+0x54c/0x1a80
[   89.664543][ T3728]  ? hfs_free_extents+0x420/0x420
[   89.669561][ T3728]  ? page_zero_new_buffers+0x940/0x940
[   89.675029][ T3728]  ? PageHeadHuge+0x8a/0x1d0
[   89.679617][ T3728]  ? hfs_free_extents+0x420/0x420
[   89.684635][ T3728]  block_write_begin+0x93/0x1e0
[   89.689482][ T3728]  ? cont_write_begin+0x5e5/0x860
[   89.694505][ T3728]  ? hfs_free_extents+0x420/0x420
[   89.699527][ T3728]  cont_write_begin+0x606/0x860
[   89.704382][ T3728]  ? fault_in_readable+0x1d5/0x310
[   89.709493][ T3728]  ? generic_cont_expand_simple+0x250/0x250
[   89.715476][ T3728]  ? fault_in_readable+0x219/0x310
[   89.720590][ T3728]  ? fault_in_safe_writeable+0x240/0x240
[   89.726313][ T3728]  hfs_write_begin+0x86/0xd0
[   89.730895][ T3728]  ? hfs_free_extents+0x420/0x420
[   89.735926][ T3728]  generic_perform_write+0x2e4/0x5e0
[   89.741218][ T3728]  ? __block_commit_write+0x420/0x420
[   89.746591][ T3728]  ? generic_file_direct_write+0x610/0x610
[   89.752391][ T3728]  ? __file_remove_privs+0x6c0/0x6c0
[   89.757677][ T3728]  ? generic_write_checks+0x15c/0x1c0
[   89.763052][ T3728]  __generic_file_write_iter+0x176/0x400
[   89.768690][ T3728]  generic_file_write_iter+0xab/0x310
[   89.774063][ T3728]  vfs_write+0x7dc/0xc50
[   89.778309][ T3728]  ? file_end_write+0x230/0x230
[   89.783194][ T3728]  ? ptrace_stop+0x74d/0x970
[   89.787791][ T3728]  ? _raw_spin_unlock_irq+0x2a/0x40
[   89.792989][ T3728]  ? __fdget_pos+0x252/0x2e0
[   89.797583][ T3728]  ksys_write+0x177/0x2a0
[   89.801920][ T3728]  ? __ia32_sys_read+0x80/0x80
[   89.806688][ T3728]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   89.812667][ T3728]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   89.818738][ T3728]  do_syscall_64+0x3d/0xb0
[   89.823155][ T3728]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   89.829040][ T3728] RIP: 0033:0x7f0fa5191c89
[   89.833451][ T3728] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   89.853138][ T3728] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   89.861548][ T3728] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   89.869510][ T3728] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   89.877473][ T3728] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   89.885437][ T3728] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  3728] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3728] exit_group(0)               = ?
[pid  3728] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3728, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./87", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./87/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./87/binderfs")                 = 0
umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./87/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./87/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./87/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./87")                           = 0
mkdir("./88", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3729
./strace-static-x86_64: Process 3729 attached
[pid  3729] chdir("./88")               = 0
[pid  3729] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3729] setpgid(0, 0)               = 0
[pid  3729] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3729] write(3, "1000", 4)         = 4
[pid  3729] close(3)                    = 0
[pid  3729] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3729] memfd_create("syzkaller", 0) = 3
[pid  3729] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3729] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3729] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3729] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   89.893400][ T3728] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000057
[   89.901379][ T3728]  </TASK>
[pid  3729] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3729] close(3)                    = 0
[pid  3729] mkdir("./file0", 0777)      = 0
[pid  3729] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3729] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3729] chdir("./file0")            = 0
[pid  3729] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3729] close(4)                    = 0
[pid  3729] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3729] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3729] write(5, "13", 2)           = 2
[   89.939533][ T3729] loop0: detected capacity change from 0 to 64
[   89.941518][ T3640] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[   89.968949][ T3729] FAULT_INJECTION: forcing a failure.
[   89.968949][ T3729] name failslab, interval 1, probability 0, space 0, times 0
[   89.982541][ T3729] CPU: 1 PID: 3729 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   89.992978][ T3729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   90.003018][ T3729] Call Trace:
[   90.006286][ T3729]  <TASK>
[   90.009206][ T3729]  dump_stack_lvl+0x1b1/0x28e
[   90.013883][ T3729]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   90.019359][ T3729]  ? panic+0x710/0x710
[   90.023428][ T3729]  ? __might_sleep+0xc0/0xc0
[   90.028022][ T3729]  ? __mutex_lock_common+0x45f/0x26e0
[   90.033399][ T3729]  should_fail_ex+0x395/0x4c0
[   90.038084][ T3729]  ? hfs_find_init+0x8b/0x1e0
[   90.042848][ T3729]  should_failslab+0x5/0x20
[   90.047360][ T3729]  __kmem_cache_alloc_node+0x69/0x310
[   90.052738][ T3729]  ? hfs_find_init+0x8b/0x1e0
[   90.057413][ T3729]  __kmalloc+0x9e/0x1a0
[   90.061574][ T3729]  hfs_find_init+0x8b/0x1e0
[   90.066081][ T3729]  hfs_extend_file+0x2f8/0x1420
[   90.070937][ T3729]  ? hfs_get_block+0xbb0/0xbb0
[   90.075699][ T3729]  ? lru_cache_disable+0x30/0x30
[   90.080634][ T3729]  ? __might_sleep+0xc0/0xc0
[   90.085238][ T3729]  hfs_get_block+0x3fc/0xbb0
[   90.089854][ T3729]  ? hfs_free_extents+0x420/0x420
[   90.094884][ T3729]  ? do_raw_spin_unlock+0x134/0x8a0
[   90.100089][ T3729]  ? create_page_buffers+0x244/0x4b0
[   90.105377][ T3729]  __block_write_begin_int+0x54c/0x1a80
[   90.110941][ T3729]  ? hfs_free_extents+0x420/0x420
[   90.115961][ T3729]  ? page_zero_new_buffers+0x940/0x940
[   90.121423][ T3729]  ? PageHeadHuge+0x8a/0x1d0
[   90.126014][ T3729]  ? hfs_free_extents+0x420/0x420
[   90.131033][ T3729]  block_write_begin+0x93/0x1e0
[   90.135884][ T3729]  ? cont_write_begin+0x5e5/0x860
[   90.140909][ T3729]  ? hfs_free_extents+0x420/0x420
[   90.145928][ T3729]  cont_write_begin+0x606/0x860
[   90.150794][ T3729]  ? fault_in_readable+0x1d5/0x310
[   90.155917][ T3729]  ? generic_cont_expand_simple+0x250/0x250
[   90.161806][ T3729]  ? fault_in_readable+0x219/0x310
[   90.166917][ T3729]  ? fault_in_safe_writeable+0x240/0x240
[   90.172569][ T3729]  hfs_write_begin+0x86/0xd0
[   90.177155][ T3729]  ? hfs_free_extents+0x420/0x420
[   90.182178][ T3729]  generic_perform_write+0x2e4/0x5e0
[   90.187471][ T3729]  ? __block_commit_write+0x420/0x420
[   90.192842][ T3729]  ? generic_file_direct_write+0x610/0x610
[   90.198658][ T3729]  ? __file_remove_privs+0x6c0/0x6c0
[   90.203941][ T3729]  ? generic_write_checks+0x15c/0x1c0
[   90.209319][ T3729]  __generic_file_write_iter+0x176/0x400
[   90.214953][ T3729]  generic_file_write_iter+0xab/0x310
[   90.220323][ T3729]  vfs_write+0x7dc/0xc50
[   90.224574][ T3729]  ? file_end_write+0x230/0x230
[   90.229422][ T3729]  ? ptrace_stop+0x74d/0x970
[   90.234024][ T3729]  ? _raw_spin_unlock_irq+0x2a/0x40
[   90.239226][ T3729]  ? __fdget_pos+0x252/0x2e0
[   90.243819][ T3729]  ksys_write+0x177/0x2a0
[   90.248150][ T3729]  ? __ia32_sys_read+0x80/0x80
[   90.252912][ T3729]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   90.258896][ T3729]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   90.264875][ T3729]  do_syscall_64+0x3d/0xb0
[   90.269284][ T3729]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   90.275257][ T3729] RIP: 0033:0x7f0fa5191c89
[   90.279667][ T3729] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   90.299357][ T3729] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   90.307766][ T3729] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   90.315731][ T3729] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   90.323781][ T3729] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   90.331744][ T3729] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  3729] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3729] exit_group(0)               = ?
[pid  3729] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3729, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./88", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./88/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./88/binderfs")                 = 0
umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./88/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./88/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./88/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./88")                           = 0
mkdir("./89", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3730
./strace-static-x86_64: Process 3730 attached
[pid  3730] chdir("./89")               = 0
[pid  3730] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3730] setpgid(0, 0)               = 0
[pid  3730] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3730] write(3, "1000", 4)         = 4
[pid  3730] close(3)                    = 0
[pid  3730] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3730] memfd_create("syzkaller", 0) = 3
[pid  3730] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3730] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3730] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3730] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   90.339793][ T3729] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000058
[   90.347785][ T3729]  </TASK>
[pid  3730] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3730] close(3)                    = 0
[pid  3730] mkdir("./file0", 0777)      = 0
[pid  3730] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3730] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3730] chdir("./file0")            = 0
[pid  3730] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3730] close(4)                    = 0
[pid  3730] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3730] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3730] write(5, "13", 2)           = 2
[   90.388522][ T3730] loop0: detected capacity change from 0 to 64
[   90.410200][ T3730] FAULT_INJECTION: forcing a failure.
[   90.410200][ T3730] name failslab, interval 1, probability 0, space 0, times 0
[   90.423140][ T3730] CPU: 1 PID: 3730 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   90.433561][ T3730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   90.443601][ T3730] Call Trace:
[   90.446884][ T3730]  <TASK>
[   90.449919][ T3730]  dump_stack_lvl+0x1b1/0x28e
[   90.454684][ T3730]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   90.460139][ T3730]  ? panic+0x710/0x710
[   90.464207][ T3730]  ? __might_sleep+0xc0/0xc0
[   90.468800][ T3730]  ? __mutex_lock_common+0x45f/0x26e0
[   90.474182][ T3730]  should_fail_ex+0x395/0x4c0
[   90.478864][ T3730]  ? hfs_find_init+0x8b/0x1e0
[   90.483544][ T3730]  should_failslab+0x5/0x20
[   90.488053][ T3730]  __kmem_cache_alloc_node+0x69/0x310
[   90.493422][ T3730]  ? rcu_lock_release+0x5/0x20
[   90.498184][ T3730]  ? hfs_find_init+0x8b/0x1e0
[   90.502867][ T3730]  __kmalloc+0x9e/0x1a0
[   90.507033][ T3730]  hfs_find_init+0x8b/0x1e0
[   90.511538][ T3730]  hfs_extend_file+0x2f8/0x1420
[   90.516384][ T3730]  ? xas_find+0x937/0xa60
[   90.520720][ T3730]  ? hfs_get_block+0xbb0/0xbb0
[   90.525480][ T3730]  ? filemap_get_folios+0x557/0x830
[   90.530677][ T3730]  ? find_lock_entries+0xf60/0xf60
[   90.535800][ T3730]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[   90.541708][ T3730]  hfs_get_block+0x3fc/0xbb0
[   90.546307][ T3730]  ? hfs_free_extents+0x420/0x420
[   90.551333][ T3730]  ? do_raw_spin_unlock+0x134/0x8a0
[   90.556536][ T3730]  ? create_page_buffers+0x244/0x4b0
[   90.561823][ T3730]  __block_write_begin_int+0x54c/0x1a80
[   90.567394][ T3730]  ? hfs_free_extents+0x420/0x420
[   90.572414][ T3730]  ? page_zero_new_buffers+0x940/0x940
[   90.577873][ T3730]  ? PageHeadHuge+0x8a/0x1d0
[   90.582462][ T3730]  ? hfs_free_extents+0x420/0x420
[   90.587485][ T3730]  block_write_begin+0x93/0x1e0
[   90.592335][ T3730]  ? cont_write_begin+0x5e5/0x860
[   90.597361][ T3730]  ? hfs_free_extents+0x420/0x420
[   90.602383][ T3730]  cont_write_begin+0x606/0x860
[   90.607236][ T3730]  ? fault_in_readable+0x1d5/0x310
[   90.612356][ T3730]  ? generic_cont_expand_simple+0x250/0x250
[   90.618247][ T3730]  ? fault_in_readable+0x219/0x310
[   90.623356][ T3730]  ? fault_in_safe_writeable+0x240/0x240
[   90.628995][ T3730]  hfs_write_begin+0x86/0xd0
[   90.633582][ T3730]  ? hfs_free_extents+0x420/0x420
[   90.638606][ T3730]  generic_perform_write+0x2e4/0x5e0
[   90.643904][ T3730]  ? __block_commit_write+0x420/0x420
[   90.649279][ T3730]  ? generic_file_direct_write+0x610/0x610
[   90.655080][ T3730]  ? __file_remove_privs+0x6c0/0x6c0
[   90.660360][ T3730]  ? generic_write_checks+0x15c/0x1c0
[   90.665764][ T3730]  __generic_file_write_iter+0x176/0x400
[   90.671402][ T3730]  generic_file_write_iter+0xab/0x310
[   90.676773][ T3730]  vfs_write+0x7dc/0xc50
[   90.681021][ T3730]  ? file_end_write+0x230/0x230
[   90.685866][ T3730]  ? ptrace_stop+0x74d/0x970
[   90.690461][ T3730]  ? _raw_spin_unlock_irq+0x2a/0x40
[   90.695660][ T3730]  ? __fdget_pos+0x252/0x2e0
[   90.700250][ T3730]  ksys_write+0x177/0x2a0
[   90.704580][ T3730]  ? __ia32_sys_read+0x80/0x80
[   90.709342][ T3730]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   90.715322][ T3730]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   90.721302][ T3730]  do_syscall_64+0x3d/0xb0
[   90.725716][ T3730]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   90.731605][ T3730] RIP: 0033:0x7f0fa5191c89
[   90.736016][ T3730] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   90.755617][ T3730] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   90.764027][ T3730] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   90.771991][ T3730] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   90.779957][ T3730] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3730] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3730] exit_group(0)               = ?
[pid  3730] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3730, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./89", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./89/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./89/binderfs")                 = 0
umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./89/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./89/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./89/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./89")                           = 0
mkdir("./90", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3731
./strace-static-x86_64: Process 3731 attached
[pid  3731] chdir("./90")               = 0
[pid  3731] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3731] setpgid(0, 0)               = 0
[pid  3731] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3731] write(3, "1000", 4)         = 4
[pid  3731] close(3)                    = 0
[pid  3731] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3731] memfd_create("syzkaller", 0) = 3
[pid  3731] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[   90.787923][ T3730] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   90.795884][ T3730] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000059
[   90.803862][ T3730]  </TASK>
[pid  3731] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3731] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3731] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3731] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3731] close(3)                    = 0
[pid  3731] mkdir("./file0", 0777)      = 0
[pid  3731] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3731] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3731] chdir("./file0")            = 0
[pid  3731] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3731] close(4)                    = 0
[pid  3731] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3731] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3731] write(5, "13", 2)           = 2
[   90.854460][ T3731] loop0: detected capacity change from 0 to 64
[   90.889205][ T3731] FAULT_INJECTION: forcing a failure.
[   90.889205][ T3731] name failslab, interval 1, probability 0, space 0, times 0
[   90.902141][ T3731] CPU: 1 PID: 3731 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   90.912543][ T3731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   90.922579][ T3731] Call Trace:
[   90.925840][ T3731]  <TASK>
[   90.928756][ T3731]  dump_stack_lvl+0x1b1/0x28e
[   90.933423][ T3731]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   90.938864][ T3731]  ? panic+0x710/0x710
[   90.942924][ T3731]  ? __might_sleep+0xc0/0xc0
[   90.947582][ T3731]  ? __mutex_lock_common+0x45f/0x26e0
[   90.952942][ T3731]  should_fail_ex+0x395/0x4c0
[   90.957608][ T3731]  ? hfs_find_init+0x8b/0x1e0
[   90.962283][ T3731]  should_failslab+0x5/0x20
[   90.966771][ T3731]  __kmem_cache_alloc_node+0x69/0x310
[   90.972137][ T3731]  ? hfs_find_init+0x8b/0x1e0
[   90.976803][ T3731]  __kmalloc+0x9e/0x1a0
[   90.980952][ T3731]  hfs_find_init+0x8b/0x1e0
[   90.985442][ T3731]  hfs_extend_file+0x2f8/0x1420
[   90.990286][ T3731]  ? hfs_get_block+0xbb0/0xbb0
[   90.995035][ T3731]  ? lru_cache_disable+0x30/0x30
[   90.999958][ T3731]  ? __might_sleep+0xc0/0xc0
[   91.004545][ T3731]  hfs_get_block+0x3fc/0xbb0
[   91.009126][ T3731]  ? hfs_free_extents+0x420/0x420
[   91.014132][ T3731]  ? do_raw_spin_unlock+0x134/0x8a0
[   91.019325][ T3731]  ? create_page_buffers+0x244/0x4b0
[   91.024600][ T3731]  __block_write_begin_int+0x54c/0x1a80
[   91.030151][ T3731]  ? hfs_free_extents+0x420/0x420
[   91.035157][ T3731]  ? page_zero_new_buffers+0x940/0x940
[   91.040604][ T3731]  ? PageHeadHuge+0x8a/0x1d0
[   91.045181][ T3731]  ? hfs_free_extents+0x420/0x420
[   91.050196][ T3731]  block_write_begin+0x93/0x1e0
[   91.055030][ T3731]  ? cont_write_begin+0x5e5/0x860
[   91.060124][ T3731]  ? hfs_free_extents+0x420/0x420
[   91.065136][ T3731]  cont_write_begin+0x606/0x860
[   91.069975][ T3731]  ? fault_in_readable+0x1d5/0x310
[   91.075074][ T3731]  ? generic_cont_expand_simple+0x250/0x250
[   91.080952][ T3731]  ? fault_in_readable+0x219/0x310
[   91.086048][ T3731]  ? fault_in_safe_writeable+0x240/0x240
[   91.091670][ T3731]  hfs_write_begin+0x86/0xd0
[   91.096243][ T3731]  ? hfs_free_extents+0x420/0x420
[   91.101252][ T3731]  generic_perform_write+0x2e4/0x5e0
[   91.106532][ T3731]  ? __block_commit_write+0x420/0x420
[   91.111890][ T3731]  ? generic_file_direct_write+0x610/0x610
[   91.117681][ T3731]  ? __file_remove_privs+0x6c0/0x6c0
[   91.122950][ T3731]  ? generic_write_checks+0x15c/0x1c0
[   91.128313][ T3731]  __generic_file_write_iter+0x176/0x400
[   91.133935][ T3731]  generic_file_write_iter+0xab/0x310
[   91.139294][ T3731]  vfs_write+0x7dc/0xc50
[   91.143526][ T3731]  ? file_end_write+0x230/0x230
[   91.148361][ T3731]  ? ptrace_stop+0x74d/0x970
[   91.152942][ T3731]  ? _raw_spin_unlock_irq+0x2a/0x40
[   91.158131][ T3731]  ? __fdget_pos+0x252/0x2e0
[   91.162711][ T3731]  ksys_write+0x177/0x2a0
[   91.167025][ T3731]  ? __ia32_sys_read+0x80/0x80
[   91.171780][ T3731]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   91.177755][ T3731]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   91.183729][ T3731]  do_syscall_64+0x3d/0xb0
[   91.188134][ T3731]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   91.194011][ T3731] RIP: 0033:0x7f0fa5191c89
[   91.198412][ T3731] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   91.218000][ T3731] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   91.226397][ T3731] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   91.234352][ T3731] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   91.242309][ T3731] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3731] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3731] exit_group(0)               = ?
[pid  3731] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3731, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./90", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./90/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./90/binderfs")                 = 0
umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./90/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./90/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./90/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./90")                           = 0
mkdir("./91", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3732
./strace-static-x86_64: Process 3732 attached
[pid  3732] chdir("./91")               = 0
[pid  3732] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3732] setpgid(0, 0)               = 0
[pid  3732] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3732] write(3, "1000", 4)         = 4
[pid  3732] close(3)                    = 0
[   91.250264][ T3731] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   91.258221][ T3731] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000005a
[   91.266186][ T3731]  </TASK>
[pid  3732] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3732] memfd_create("syzkaller", 0) = 3
[pid  3732] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3732] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3732] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3732] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3732] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3732] close(3)                    = 0
[pid  3732] mkdir("./file0", 0777)      = 0
[pid  3732] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3732] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3732] chdir("./file0")            = 0
[pid  3732] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3732] close(4)                    = 0
[pid  3732] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3732] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3732] write(5, "13", 2)           = 2
[   91.322664][ T3732] loop0: detected capacity change from 0 to 64
[   91.349827][ T3732] FAULT_INJECTION: forcing a failure.
[   91.349827][ T3732] name failslab, interval 1, probability 0, space 0, times 0
[   91.363034][ T3732] CPU: 0 PID: 3732 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   91.373733][ T3732] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   91.383805][ T3732] Call Trace:
[   91.387088][ T3732]  <TASK>
[   91.390021][ T3732]  dump_stack_lvl+0x1b1/0x28e
[   91.394705][ T3732]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   91.400156][ T3732]  ? panic+0x710/0x710
[   91.404229][ T3732]  ? __might_sleep+0xc0/0xc0
[   91.408826][ T3732]  ? __mutex_lock_common+0x45f/0x26e0
[   91.414207][ T3732]  should_fail_ex+0x395/0x4c0
[   91.418889][ T3732]  ? hfs_find_init+0x8b/0x1e0
[   91.423560][ T3732]  should_failslab+0x5/0x20
[   91.428071][ T3732]  __kmem_cache_alloc_node+0x69/0x310
[   91.433453][ T3732]  ? hfs_find_init+0x8b/0x1e0
[   91.438502][ T3732]  __kmalloc+0x9e/0x1a0
[   91.442654][ T3732]  hfs_find_init+0x8b/0x1e0
[   91.447152][ T3732]  hfs_extend_file+0x2f8/0x1420
[   91.452000][ T3732]  ? hfs_get_block+0xbb0/0xbb0
[   91.456768][ T3732]  ? lru_cache_disable+0x30/0x30
[   91.461706][ T3732]  ? __might_sleep+0xc0/0xc0
[   91.466316][ T3732]  hfs_get_block+0x3fc/0xbb0
[   91.470923][ T3732]  ? hfs_free_extents+0x420/0x420
[   91.475944][ T3732]  ? do_raw_spin_unlock+0x134/0x8a0
[   91.481157][ T3732]  ? create_page_buffers+0x244/0x4b0
[   91.486435][ T3732]  __block_write_begin_int+0x54c/0x1a80
[   91.491987][ T3732]  ? hfs_free_extents+0x420/0x420
[   91.496998][ T3732]  ? page_zero_new_buffers+0x940/0x940
[   91.502454][ T3732]  ? PageHeadHuge+0x8a/0x1d0
[   91.507038][ T3732]  ? hfs_free_extents+0x420/0x420
[   91.512049][ T3732]  block_write_begin+0x93/0x1e0
[   91.516892][ T3732]  ? cont_write_begin+0x5e5/0x860
[   91.521909][ T3732]  ? hfs_free_extents+0x420/0x420
[   91.526936][ T3732]  cont_write_begin+0x606/0x860
[   91.531798][ T3732]  ? fault_in_readable+0x1d5/0x310
[   91.536902][ T3732]  ? generic_cont_expand_simple+0x250/0x250
[   91.543082][ T3732]  ? fault_in_readable+0x219/0x310
[   91.548204][ T3732]  ? fault_in_safe_writeable+0x240/0x240
[   91.553834][ T3732]  hfs_write_begin+0x86/0xd0
[   91.558426][ T3732]  ? hfs_free_extents+0x420/0x420
[   91.563456][ T3732]  generic_perform_write+0x2e4/0x5e0
[   91.568738][ T3732]  ? __block_commit_write+0x420/0x420
[   91.574101][ T3732]  ? generic_file_direct_write+0x610/0x610
[   91.579897][ T3732]  ? __file_remove_privs+0x6c0/0x6c0
[   91.585173][ T3732]  ? generic_write_checks+0x15c/0x1c0
[   91.590541][ T3732]  __generic_file_write_iter+0x176/0x400
[   91.596176][ T3732]  generic_file_write_iter+0xab/0x310
[   91.601553][ T3732]  vfs_write+0x7dc/0xc50
[   91.605809][ T3732]  ? file_end_write+0x230/0x230
[   91.610661][ T3732]  ? ptrace_stop+0x74d/0x970
[   91.615274][ T3732]  ? _raw_spin_unlock_irq+0x2a/0x40
[   91.620490][ T3732]  ? __fdget_pos+0x252/0x2e0
[   91.625086][ T3732]  ksys_write+0x177/0x2a0
[   91.629453][ T3732]  ? __ia32_sys_read+0x80/0x80
[   91.634232][ T3732]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   91.640211][ T3732]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   91.646205][ T3732]  do_syscall_64+0x3d/0xb0
[   91.650634][ T3732]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   91.656517][ T3732] RIP: 0033:0x7f0fa5191c89
[   91.660925][ T3732] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   91.680530][ T3732] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   91.688954][ T3732] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   91.696924][ T3732] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   91.704912][ T3732] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   91.712882][ T3732] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  3732] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3732] exit_group(0)               = ?
[pid  3732] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3732, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./91", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./91/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./91/binderfs")                 = 0
umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./91/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./91/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./91/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./91")                           = 0
mkdir("./92", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3733
./strace-static-x86_64: Process 3733 attached
[pid  3733] chdir("./92")               = 0
[pid  3733] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3733] setpgid(0, 0)               = 0
[pid  3733] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3733] write(3, "1000", 4)         = 4
[pid  3733] close(3)                    = 0
[pid  3733] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3733] memfd_create("syzkaller", 0) = 3
[pid  3733] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[   91.720859][ T3732] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000005b
[   91.728851][ T3732]  </TASK>
[pid  3733] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3733] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3733] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3733] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3733] close(3)                    = 0
[pid  3733] mkdir("./file0", 0777)      = 0
[pid  3733] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3733] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3733] chdir("./file0")            = 0
[pid  3733] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3733] close(4)                    = 0
[pid  3733] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3733] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3733] write(5, "13", 2)           = 2
[   91.788686][ T3733] loop0: detected capacity change from 0 to 64
[   91.821588][ T3733] FAULT_INJECTION: forcing a failure.
[   91.821588][ T3733] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   91.834739][ T3733] CPU: 0 PID: 3733 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   91.845324][ T3733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   91.855393][ T3733] Call Trace:
[   91.858679][ T3733]  <TASK>
[   91.861601][ T3733]  dump_stack_lvl+0x1b1/0x28e
[   91.866285][ T3733]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   91.871758][ T3733]  ? panic+0x710/0x710
[   91.875839][ T3733]  ? hfs_free_extents+0x420/0x420
[   91.880870][ T3733]  ? PageHeadHuge+0x8a/0x1d0
[   91.885470][ T3733]  should_fail_ex+0x395/0x4c0
[   91.890163][ T3733]  copy_page_from_iter_atomic+0x217/0x1140
[   91.895975][ T3733]  ? generic_cont_expand_simple+0x250/0x250
[   91.901882][ T3733]  ? pipe_zero+0x200/0x200
[   91.906306][ T3733]  ? hfs_write_begin+0x86/0xd0
[   91.911066][ T3733]  ? hfs_free_extents+0x420/0x420
[   91.916089][ T3733]  ? hfs_write_begin+0x9e/0xd0
[   91.920850][ T3733]  generic_perform_write+0x35a/0x5e0
[   91.926141][ T3733]  ? __block_commit_write+0x420/0x420
[   91.931527][ T3733]  ? generic_file_direct_write+0x610/0x610
[   91.937338][ T3733]  ? __file_remove_privs+0x6c0/0x6c0
[   91.942625][ T3733]  ? generic_write_checks+0x15c/0x1c0
[   91.948006][ T3733]  __generic_file_write_iter+0x176/0x400
[   91.953642][ T3733]  generic_file_write_iter+0xab/0x310
[   91.959018][ T3733]  vfs_write+0x7dc/0xc50
[   91.963285][ T3733]  ? file_end_write+0x230/0x230
[   91.968137][ T3733]  ? ptrace_stop+0x74d/0x970
[   91.972738][ T3733]  ? _raw_spin_unlock_irq+0x2a/0x40
[   91.977939][ T3733]  ? __fdget_pos+0x252/0x2e0
[   91.982533][ T3733]  ksys_write+0x177/0x2a0
[   91.986866][ T3733]  ? __ia32_sys_read+0x80/0x80
[   91.991631][ T3733]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   91.997614][ T3733]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   92.003595][ T3733]  do_syscall_64+0x3d/0xb0
[   92.008005][ T3733]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   92.013905][ T3733] RIP: 0033:0x7f0fa5191c89
[   92.018317][ T3733] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid  3733] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid  3733] exit_group(0)               = ?
[pid  3733] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3733, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./92", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./92/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./92/binderfs")                 = 0
umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./92/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[   92.037940][ T3733] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   92.046354][ T3733] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   92.054320][ T3733] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   92.062286][ T3733] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   92.070253][ T3733] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   92.078217][ T3733] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000005c
[   92.086198][ T3733]  </TASK>
openat(AT_FDCWD, "./92/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./92/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./92")                           = 0
mkdir("./93", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3734
./strace-static-x86_64: Process 3734 attached
[pid  3734] chdir("./93")               = 0
[pid  3734] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3734] setpgid(0, 0)               = 0
[pid  3734] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3734] write(3, "1000", 4)         = 4
[pid  3734] close(3)                    = 0
[pid  3734] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3734] memfd_create("syzkaller", 0) = 3
[pid  3734] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3734] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3734] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3734] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3734] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3734] close(3)                    = 0
[pid  3734] mkdir("./file0", 0777)      = 0
[pid  3734] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3734] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3734] chdir("./file0")            = 0
[pid  3734] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3734] close(4)                    = 0
[pid  3734] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3734] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3734] write(5, "13", 2)           = 2
[   92.153500][ T3734] loop0: detected capacity change from 0 to 64
[   92.173575][ T3734] FAULT_INJECTION: forcing a failure.
[   92.173575][ T3734] name failslab, interval 1, probability 0, space 0, times 0
[   92.191343][ T3734] CPU: 0 PID: 3734 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   92.201788][ T3734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   92.211833][ T3734] Call Trace:
[   92.215098][ T3734]  <TASK>
[   92.218019][ T3734]  dump_stack_lvl+0x1b1/0x28e
[   92.222691][ T3734]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   92.228137][ T3734]  ? panic+0x710/0x710
[   92.232192][ T3734]  ? __might_sleep+0xc0/0xc0
[   92.236765][ T3734]  ? __mutex_lock_common+0x45f/0x26e0
[   92.242132][ T3734]  should_fail_ex+0x395/0x4c0
[   92.246799][ T3734]  ? hfs_find_init+0x8b/0x1e0
[   92.251466][ T3734]  should_failslab+0x5/0x20
[   92.255958][ T3734]  __kmem_cache_alloc_node+0x69/0x310
[   92.261318][ T3734]  ? rcu_lock_release+0x5/0x20
[   92.266070][ T3734]  ? hfs_find_init+0x8b/0x1e0
[   92.270735][ T3734]  __kmalloc+0x9e/0x1a0
[   92.274879][ T3734]  hfs_find_init+0x8b/0x1e0
[   92.279370][ T3734]  hfs_extend_file+0x2f8/0x1420
[   92.284208][ T3734]  ? xas_find+0x937/0xa60
[   92.288531][ T3734]  ? hfs_get_block+0xbb0/0xbb0
[   92.293354][ T3734]  ? filemap_get_folios+0x557/0x830
[   92.298549][ T3734]  ? find_lock_entries+0xf60/0xf60
[   92.303650][ T3734]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[   92.309539][ T3734]  hfs_get_block+0x3fc/0xbb0
[   92.314220][ T3734]  ? hfs_free_extents+0x420/0x420
[   92.319229][ T3734]  ? do_raw_spin_unlock+0x134/0x8a0
[   92.324418][ T3734]  ? create_page_buffers+0x244/0x4b0
[   92.329706][ T3734]  __block_write_begin_int+0x54c/0x1a80
[   92.335281][ T3734]  ? hfs_free_extents+0x420/0x420
[   92.340290][ T3734]  ? page_zero_new_buffers+0x940/0x940
[   92.345737][ T3734]  ? PageHeadHuge+0x8a/0x1d0
[   92.350317][ T3734]  ? hfs_free_extents+0x420/0x420
[   92.355324][ T3734]  block_write_begin+0x93/0x1e0
[   92.360162][ T3734]  ? cont_write_begin+0x5e5/0x860
[   92.365171][ T3734]  ? hfs_free_extents+0x420/0x420
[   92.370268][ T3734]  cont_write_begin+0x606/0x860
[   92.375115][ T3734]  ? fault_in_readable+0x1d5/0x310
[   92.380301][ T3734]  ? generic_cont_expand_simple+0x250/0x250
[   92.386182][ T3734]  ? fault_in_readable+0x219/0x310
[   92.391368][ T3734]  ? fault_in_safe_writeable+0x240/0x240
[   92.397062][ T3734]  hfs_write_begin+0x86/0xd0
[   92.401659][ T3734]  ? hfs_free_extents+0x420/0x420
[   92.406699][ T3734]  generic_perform_write+0x2e4/0x5e0
[   92.411987][ T3734]  ? __block_commit_write+0x420/0x420
[   92.417705][ T3734]  ? generic_file_direct_write+0x610/0x610
[   92.423502][ T3734]  ? __file_remove_privs+0x6c0/0x6c0
[   92.428797][ T3734]  ? generic_write_checks+0x15c/0x1c0
[   92.434181][ T3734]  __generic_file_write_iter+0x176/0x400
[   92.439834][ T3734]  generic_file_write_iter+0xab/0x310
[   92.445208][ T3734]  vfs_write+0x7dc/0xc50
[   92.449448][ T3734]  ? file_end_write+0x230/0x230
[   92.454286][ T3734]  ? ptrace_stop+0x74d/0x970
[   92.458873][ T3734]  ? _raw_spin_unlock_irq+0x2a/0x40
[   92.464064][ T3734]  ? __fdget_pos+0x252/0x2e0
[   92.468643][ T3734]  ksys_write+0x177/0x2a0
[   92.472964][ T3734]  ? __ia32_sys_read+0x80/0x80
[   92.477714][ T3734]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   92.483685][ T3734]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   92.489652][ T3734]  do_syscall_64+0x3d/0xb0
[   92.494055][ T3734]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   92.500021][ T3734] RIP: 0033:0x7f0fa5191c89
[   92.504425][ T3734] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   92.524025][ T3734] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   92.532428][ T3734] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   92.540386][ T3734] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid  3734] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3734] exit_group(0)               = ?
[pid  3734] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3734, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./93", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./93/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./93/binderfs")                 = 0
umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./93/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./93/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./93/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./93")                           = 0
mkdir("./94", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3735
./strace-static-x86_64: Process 3735 attached
[pid  3735] chdir("./94")               = 0
[pid  3735] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3735] setpgid(0, 0)               = 0
[pid  3735] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3735] write(3, "1000", 4)         = 4
[pid  3735] close(3)                    = 0
[pid  3735] symlink("/dev/binderfs", "./binderfs") = 0
[   92.548340][ T3734] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   92.556295][ T3734] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   92.564252][ T3734] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000005d
[   92.572223][ T3734]  </TASK>
[pid  3735] memfd_create("syzkaller", 0) = 3
[pid  3735] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3735] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3735] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3735] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3735] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3735] close(3)                    = 0
[pid  3735] mkdir("./file0", 0777)      = 0
[pid  3735] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3735] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3735] chdir("./file0")            = 0
[pid  3735] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3735] close(4)                    = 0
[pid  3735] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3735] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3735] write(5, "13", 2)           = 2
[   92.621269][ T3735] loop0: detected capacity change from 0 to 64
[   92.639974][ T3735] FAULT_INJECTION: forcing a failure.
[   92.639974][ T3735] name failslab, interval 1, probability 0, space 0, times 0
[   92.653306][ T3735] CPU: 0 PID: 3735 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   92.663740][ T3735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   92.673781][ T3735] Call Trace:
[   92.677046][ T3735]  <TASK>
[   92.679965][ T3735]  dump_stack_lvl+0x1b1/0x28e
[   92.684637][ T3735]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   92.690081][ T3735]  ? panic+0x710/0x710
[   92.694137][ T3735]  ? __might_sleep+0xc0/0xc0
[   92.698709][ T3735]  ? __mutex_lock_common+0x45f/0x26e0
[   92.704073][ T3735]  should_fail_ex+0x395/0x4c0
[   92.708740][ T3735]  ? hfs_find_init+0x8b/0x1e0
[   92.713407][ T3735]  should_failslab+0x5/0x20
[   92.717898][ T3735]  __kmem_cache_alloc_node+0x69/0x310
[   92.723256][ T3735]  ? rcu_lock_release+0x5/0x20
[   92.728011][ T3735]  ? hfs_find_init+0x8b/0x1e0
[   92.732677][ T3735]  __kmalloc+0x9e/0x1a0
[   92.736822][ T3735]  hfs_find_init+0x8b/0x1e0
[   92.741317][ T3735]  hfs_extend_file+0x2f8/0x1420
[   92.746156][ T3735]  ? xas_find+0x937/0xa60
[   92.750480][ T3735]  ? hfs_get_block+0xbb0/0xbb0
[   92.755247][ T3735]  ? filemap_get_folios+0x557/0x830
[   92.760435][ T3735]  ? find_lock_entries+0xf60/0xf60
[   92.765536][ T3735]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[   92.771424][ T3735]  hfs_get_block+0x3fc/0xbb0
[   92.776012][ T3735]  ? hfs_free_extents+0x420/0x420
[   92.781019][ T3735]  ? do_raw_spin_unlock+0x134/0x8a0
[   92.786209][ T3735]  ? create_page_buffers+0x244/0x4b0
[   92.791488][ T3735]  __block_write_begin_int+0x54c/0x1a80
[   92.797036][ T3735]  ? hfs_free_extents+0x420/0x420
[   92.802047][ T3735]  ? page_zero_new_buffers+0x940/0x940
[   92.807494][ T3735]  ? PageHeadHuge+0x8a/0x1d0
[   92.812074][ T3735]  ? hfs_free_extents+0x420/0x420
[   92.817081][ T3735]  block_write_begin+0x93/0x1e0
[   92.821918][ T3735]  ? cont_write_begin+0x5e5/0x860
[   92.826937][ T3735]  ? hfs_free_extents+0x420/0x420
[   92.831945][ T3735]  cont_write_begin+0x606/0x860
[   92.836785][ T3735]  ? fault_in_readable+0x1d5/0x310
[   92.841885][ T3735]  ? generic_cont_expand_simple+0x250/0x250
[   92.847763][ T3735]  ? fault_in_readable+0x219/0x310
[   92.852862][ T3735]  ? fault_in_safe_writeable+0x240/0x240
[   92.858487][ T3735]  hfs_write_begin+0x86/0xd0
[   92.863061][ T3735]  ? hfs_free_extents+0x420/0x420
[   92.868076][ T3735]  generic_perform_write+0x2e4/0x5e0
[   92.873356][ T3735]  ? __block_commit_write+0x420/0x420
[   92.878718][ T3735]  ? generic_file_direct_write+0x610/0x610
[   92.884513][ T3735]  ? __file_remove_privs+0x6c0/0x6c0
[   92.889785][ T3735]  ? generic_write_checks+0x15c/0x1c0
[   92.895147][ T3735]  __generic_file_write_iter+0x176/0x400
[   92.900779][ T3735]  generic_file_write_iter+0xab/0x310
[   92.906143][ T3735]  vfs_write+0x7dc/0xc50
[   92.910383][ T3735]  ? file_end_write+0x230/0x230
[   92.915219][ T3735]  ? ptrace_stop+0x74d/0x970
[   92.919805][ T3735]  ? _raw_spin_unlock_irq+0x2a/0x40
[   92.924993][ T3735]  ? __fdget_pos+0x252/0x2e0
[   92.929579][ T3735]  ksys_write+0x177/0x2a0
[   92.933905][ T3735]  ? __ia32_sys_read+0x80/0x80
[   92.938658][ T3735]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   92.944634][ T3735]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   92.950603][ T3735]  do_syscall_64+0x3d/0xb0
[   92.955003][ T3735]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   92.960886][ T3735] RIP: 0033:0x7f0fa5191c89
[   92.965384][ T3735] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   92.984971][ T3735] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   92.993383][ T3735] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   93.001361][ T3735] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   93.009320][ T3735] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3735] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3735] exit_group(0)               = ?
[pid  3735] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3735, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./94", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./94/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./94/binderfs")                 = 0
umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./94/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./94/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./94/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./94")                           = 0
mkdir("./95", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3737
./strace-static-x86_64: Process 3737 attached
[pid  3737] chdir("./95")               = 0
[pid  3737] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3737] setpgid(0, 0)               = 0
[pid  3737] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3737] write(3, "1000", 4)         = 4
[pid  3737] close(3)                    = 0
[pid  3737] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3737] memfd_create("syzkaller", 0) = 3
[pid  3737] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3737] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3737] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3737] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   93.017279][ T3735] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   93.025235][ T3735] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000005e
[   93.033204][ T3735]  </TASK>
[pid  3737] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3737] close(3)                    = 0
[pid  3737] mkdir("./file0", 0777)      = 0
[pid  3737] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3737] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3737] chdir("./file0")            = 0
[pid  3737] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3737] close(4)                    = 0
[pid  3737] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3737] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3737] write(5, "13", 2)           = 2
[   93.069596][ T3737] loop0: detected capacity change from 0 to 64
[   93.073017][ T3640] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[   93.095636][ T3737] FAULT_INJECTION: forcing a failure.
[   93.095636][ T3737] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   93.109000][ T3737] CPU: 0 PID: 3737 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   93.119425][ T3737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   93.129562][ T3737] Call Trace:
[   93.132855][ T3737]  <TASK>
[   93.135779][ T3737]  dump_stack_lvl+0x1b1/0x28e
[   93.140459][ T3737]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   93.145917][ T3737]  ? panic+0x710/0x710
[   93.150000][ T3737]  ? do_anonymous_page+0xd4a/0x1150
[   93.155208][ T3737]  ? mark_lock+0x9a/0x350
[   93.159529][ T3737]  should_fail_ex+0x395/0x4c0
[   93.164213][ T3737]  prepare_alloc_pages+0x1d7/0x5a0
[   93.169357][ T3737]  __alloc_pages+0x161/0x560
[   93.173975][ T3737]  ? zone_statistics+0x160/0x160
[   93.179032][ T3737]  ? rcu_lock_release+0x5/0x20
[   93.183819][ T3737]  ? alloc_pages+0x520/0x7b0
[   93.188429][ T3737]  ? xas_descend+0x1f3/0x400
[   93.193035][ T3737]  folio_alloc+0x1a/0x50
[   93.197284][ T3737]  filemap_alloc_folio+0x7e/0x1c0
[   93.202313][ T3737]  __filemap_get_folio+0x898/0x1260
[   93.207521][ T3737]  ? page_cache_prev_miss+0x4e0/0x4e0
[   93.212896][ T3737]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[   93.218874][ T3737]  ? print_irqtrace_events+0x220/0x220
[   93.224332][ T3737]  pagecache_get_page+0x28/0x260
[   93.229305][ T3737]  ? hfs_free_extents+0x420/0x420
[   93.234501][ T3737]  block_write_begin+0x2e/0x1e0
[   93.239353][ T3737]  ? cont_write_begin+0x5e5/0x860
[   93.244387][ T3737]  ? hfs_free_extents+0x420/0x420
[   93.249413][ T3737]  cont_write_begin+0x606/0x860
[   93.254269][ T3737]  ? fault_in_readable+0x1d5/0x310
[   93.259470][ T3737]  ? generic_cont_expand_simple+0x250/0x250
[   93.265450][ T3737]  ? fault_in_readable+0x219/0x310
[   93.270567][ T3737]  ? fault_in_safe_writeable+0x240/0x240
[   93.276216][ T3737]  hfs_write_begin+0x86/0xd0
[   93.280804][ T3737]  ? hfs_free_extents+0x420/0x420
[   93.285848][ T3737]  generic_perform_write+0x2e4/0x5e0
[   93.291141][ T3737]  ? __block_commit_write+0x420/0x420
[   93.296538][ T3737]  ? generic_file_direct_write+0x610/0x610
[   93.302366][ T3737]  ? __file_remove_privs+0x6c0/0x6c0
[   93.307661][ T3737]  ? generic_write_checks+0x15c/0x1c0
[   93.313046][ T3737]  __generic_file_write_iter+0x176/0x400
[   93.318688][ T3737]  generic_file_write_iter+0xab/0x310
[   93.324063][ T3737]  vfs_write+0x7dc/0xc50
[   93.328315][ T3737]  ? file_end_write+0x230/0x230
[   93.333163][ T3737]  ? ptrace_stop+0x74d/0x970
[   93.338109][ T3737]  ? _raw_spin_unlock_irq+0x2a/0x40
[   93.343312][ T3737]  ? __fdget_pos+0x252/0x2e0
[   93.347906][ T3737]  ksys_write+0x177/0x2a0
[   93.352243][ T3737]  ? __ia32_sys_read+0x80/0x80
[   93.357080][ T3737]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   93.363087][ T3737]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   93.369081][ T3737]  do_syscall_64+0x3d/0xb0
[   93.373501][ T3737]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   93.379394][ T3737] RIP: 0033:0x7f0fa5191c89
[   93.383901][ T3737] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   93.403600][ T3737] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   93.412011][ T3737] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[pid  3737] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3737] exit_group(0)               = ?
[pid  3737] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3737, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./95", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./95/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./95/binderfs")                 = 0
umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./95/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./95/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./95/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./95")                           = 0
mkdir("./96", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3738
./strace-static-x86_64: Process 3738 attached
[pid  3738] chdir("./96")               = 0
[pid  3738] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3738] setpgid(0, 0)               = 0
[pid  3738] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3738] write(3, "1000", 4)         = 4
[pid  3738] close(3)                    = 0
[pid  3738] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3738] memfd_create("syzkaller", 0) = 3
[pid  3738] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3738] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3738] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3738] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   93.419977][ T3737] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   93.427946][ T3737] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   93.435914][ T3737] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   93.443881][ T3737] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000005f
[   93.451861][ T3737]  </TASK>
[pid  3738] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3738] close(3)                    = 0
[pid  3738] mkdir("./file0", 0777)      = 0
[pid  3738] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3738] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3738] chdir("./file0")            = 0
[pid  3738] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3738] close(4)                    = 0
[pid  3738] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3738] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3738] write(5, "13", 2)           = 2
[   93.500233][ T3738] loop0: detected capacity change from 0 to 64
[   93.526697][ T3738] FAULT_INJECTION: forcing a failure.
[   93.526697][ T3738] name failslab, interval 1, probability 0, space 0, times 0
[   93.540431][ T3738] CPU: 0 PID: 3738 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   93.550957][ T3738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   93.561106][ T3738] Call Trace:
[   93.564381][ T3738]  <TASK>
[   93.567303][ T3738]  dump_stack_lvl+0x1b1/0x28e
[   93.571983][ T3738]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   93.577433][ T3738]  ? panic+0x710/0x710
[   93.581505][ T3738]  ? __might_sleep+0xc0/0xc0
[   93.586084][ T3738]  ? __mutex_lock_common+0x45f/0x26e0
[   93.591454][ T3738]  should_fail_ex+0x395/0x4c0
[   93.596140][ T3738]  ? hfs_find_init+0x8b/0x1e0
[   93.600839][ T3738]  should_failslab+0x5/0x20
[   93.605343][ T3738]  __kmem_cache_alloc_node+0x69/0x310
[   93.610706][ T3738]  ? rcu_lock_release+0x5/0x20
[   93.615471][ T3738]  ? hfs_find_init+0x8b/0x1e0
[   93.620161][ T3738]  __kmalloc+0x9e/0x1a0
[   93.624343][ T3738]  hfs_find_init+0x8b/0x1e0
[   93.628864][ T3738]  hfs_extend_file+0x2f8/0x1420
[   93.633702][ T3738]  ? xas_find+0x937/0xa60
[   93.638051][ T3738]  ? hfs_get_block+0xbb0/0xbb0
[   93.642821][ T3738]  ? filemap_get_folios+0x557/0x830
[   93.648013][ T3738]  ? find_lock_entries+0xf60/0xf60
[   93.653125][ T3738]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[   93.659039][ T3738]  hfs_get_block+0x3fc/0xbb0
[   93.663629][ T3738]  ? hfs_free_extents+0x420/0x420
[   93.668639][ T3738]  ? do_raw_spin_unlock+0x134/0x8a0
[   93.673851][ T3738]  ? create_page_buffers+0x244/0x4b0
[   93.679149][ T3738]  __block_write_begin_int+0x54c/0x1a80
[   93.684701][ T3738]  ? hfs_free_extents+0x420/0x420
[   93.689717][ T3738]  ? page_zero_new_buffers+0x940/0x940
[   93.695168][ T3738]  ? PageHeadHuge+0x8a/0x1d0
[   93.699753][ T3738]  ? hfs_free_extents+0x420/0x420
[   93.704773][ T3738]  block_write_begin+0x93/0x1e0
[   93.709627][ T3738]  ? cont_write_begin+0x5e5/0x860
[   93.714662][ T3738]  ? hfs_free_extents+0x420/0x420
[   93.719672][ T3738]  cont_write_begin+0x606/0x860
[   93.724523][ T3738]  ? fault_in_readable+0x1d5/0x310
[   93.729645][ T3738]  ? generic_cont_expand_simple+0x250/0x250
[   93.735539][ T3738]  ? fault_in_readable+0x219/0x310
[   93.740660][ T3738]  ? fault_in_safe_writeable+0x240/0x240
[   93.746378][ T3738]  hfs_write_begin+0x86/0xd0
[   93.750966][ T3738]  ? hfs_free_extents+0x420/0x420
[   93.755998][ T3738]  generic_perform_write+0x2e4/0x5e0
[   93.761282][ T3738]  ? __block_commit_write+0x420/0x420
[   93.766649][ T3738]  ? generic_file_direct_write+0x610/0x610
[   93.772459][ T3738]  ? __file_remove_privs+0x6c0/0x6c0
[   93.777760][ T3738]  ? generic_write_checks+0x15c/0x1c0
[   93.783135][ T3738]  __generic_file_write_iter+0x176/0x400
[   93.788865][ T3738]  generic_file_write_iter+0xab/0x310
[   93.794237][ T3738]  vfs_write+0x7dc/0xc50
[   93.798488][ T3738]  ? file_end_write+0x230/0x230
[   93.803356][ T3738]  ? ptrace_stop+0x74d/0x970
[   93.807956][ T3738]  ? _raw_spin_unlock_irq+0x2a/0x40
[   93.813156][ T3738]  ? __fdget_pos+0x252/0x2e0
[   93.817770][ T3738]  ksys_write+0x177/0x2a0
[   93.822099][ T3738]  ? __ia32_sys_read+0x80/0x80
[   93.826856][ T3738]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   93.832836][ T3738]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   93.838819][ T3738]  do_syscall_64+0x3d/0xb0
[   93.843246][ T3738]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   93.849128][ T3738] RIP: 0033:0x7f0fa5191c89
[   93.853533][ T3738] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   93.873144][ T3738] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   93.881587][ T3738] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   93.889566][ T3738] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid  3738] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3738] exit_group(0)               = ?
[pid  3738] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3738, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./96", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./96/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./96/binderfs")                 = 0
umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./96/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./96/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./96/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./96")                           = 0
mkdir("./97", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3739
./strace-static-x86_64: Process 3739 attached
[   93.897535][ T3738] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   93.905496][ T3738] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   93.913457][ T3738] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000060
[   93.921452][ T3738]  </TASK>
[pid  3739] chdir("./97")               = 0
[pid  3739] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3739] setpgid(0, 0)               = 0
[pid  3739] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3739] write(3, "1000", 4)         = 4
[pid  3739] close(3)                    = 0
[pid  3739] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3739] memfd_create("syzkaller", 0) = 3
[pid  3739] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3739] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3739] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3739] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3739] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3739] close(3)                    = 0
[pid  3739] mkdir("./file0", 0777)      = 0
[pid  3739] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3739] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3739] chdir("./file0")            = 0
[pid  3739] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3739] close(4)                    = 0
[pid  3739] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3739] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3739] write(5, "13", 2)           = 2
[pid  3739] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid  3739] exit_group(0)               = ?
[pid  3739] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3739, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./97", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./97/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./97/binderfs")                 = 0
umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./97/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./97/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
[   93.985818][ T3739] loop0: detected capacity change from 0 to 64
rmdir("./97/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./97")                           = 0
mkdir("./98", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3740 attached
 <unfinished ...>
[pid  3740] chdir("./98")               = 0
[pid  3740] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3740] setpgid(0, 0)               = 0
[pid  3740] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3740] write(3, "1000", 4)         = 4
[pid  3740] close(3 <unfinished ...>
[pid  3638] <... clone resumed>, child_tidptr=0x555555b7f5d0) = 3740
[pid  3740] <... close resumed>)        = 0
[pid  3740] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3740] memfd_create("syzkaller", 0) = 3
[pid  3740] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3740] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3740] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3740] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3740] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3740] close(3)                    = 0
[pid  3740] mkdir("./file0", 0777)      = 0
[pid  3740] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3740] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3740] chdir("./file0")            = 0
[pid  3740] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3740] close(4)                    = 0
[pid  3740] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3740] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3740] write(5, "13", 2)           = 2
[   94.067582][ T3740] loop0: detected capacity change from 0 to 64
[   94.091822][ T3740] FAULT_INJECTION: forcing a failure.
[   94.091822][ T3740] name failslab, interval 1, probability 0, space 0, times 0
[   94.104562][ T3740] CPU: 1 PID: 3740 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   94.114998][ T3740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   94.125048][ T3740] Call Trace:
[   94.128321][ T3740]  <TASK>
[   94.131242][ T3740]  dump_stack_lvl+0x1b1/0x28e
[   94.135928][ T3740]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   94.141406][ T3740]  ? panic+0x710/0x710
[   94.145487][ T3740]  ? __might_sleep+0xc0/0xc0
[   94.150076][ T3740]  ? __mutex_lock_common+0x45f/0x26e0
[   94.155480][ T3740]  should_fail_ex+0x395/0x4c0
[   94.160164][ T3740]  ? hfs_find_init+0x8b/0x1e0
[   94.164841][ T3740]  should_failslab+0x5/0x20
[   94.169337][ T3740]  __kmem_cache_alloc_node+0x69/0x310
[   94.174702][ T3740]  ? rcu_lock_release+0x5/0x20
[   94.179460][ T3740]  ? hfs_find_init+0x8b/0x1e0
[   94.184129][ T3740]  __kmalloc+0x9e/0x1a0
[   94.188279][ T3740]  hfs_find_init+0x8b/0x1e0
[   94.192776][ T3740]  hfs_extend_file+0x2f8/0x1420
[   94.197624][ T3740]  ? xas_find+0x937/0xa60
[   94.201990][ T3740]  ? hfs_get_block+0xbb0/0xbb0
[   94.206748][ T3740]  ? filemap_get_folios+0x557/0x830
[   94.211943][ T3740]  ? find_lock_entries+0xf60/0xf60
[   94.217062][ T3740]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[   94.222972][ T3740]  hfs_get_block+0x3fc/0xbb0
[   94.227573][ T3740]  ? hfs_free_extents+0x420/0x420
[   94.232590][ T3740]  ? do_raw_spin_unlock+0x134/0x8a0
[   94.237801][ T3740]  ? create_page_buffers+0x244/0x4b0
[   94.243115][ T3740]  __block_write_begin_int+0x54c/0x1a80
[   94.248719][ T3740]  ? hfs_free_extents+0x420/0x420
[   94.253757][ T3740]  ? page_zero_new_buffers+0x940/0x940
[   94.259211][ T3740]  ? PageHeadHuge+0x8a/0x1d0
[   94.263811][ T3740]  ? hfs_free_extents+0x420/0x420
[   94.268841][ T3740]  block_write_begin+0x93/0x1e0
[   94.273683][ T3740]  ? cont_write_begin+0x5e5/0x860
[   94.278701][ T3740]  ? hfs_free_extents+0x420/0x420
[   94.283717][ T3740]  cont_write_begin+0x606/0x860
[   94.288576][ T3740]  ? fault_in_readable+0x1d5/0x310
[   94.293703][ T3740]  ? generic_cont_expand_simple+0x250/0x250
[   94.299597][ T3740]  ? fault_in_readable+0x219/0x310
[   94.304723][ T3740]  ? fault_in_safe_writeable+0x240/0x240
[   94.310352][ T3740]  hfs_write_begin+0x86/0xd0
[   94.314946][ T3740]  ? hfs_free_extents+0x420/0x420
[   94.319972][ T3740]  generic_perform_write+0x2e4/0x5e0
[   94.325255][ T3740]  ? __block_commit_write+0x420/0x420
[   94.330623][ T3740]  ? generic_file_direct_write+0x610/0x610
[   94.336424][ T3740]  ? __file_remove_privs+0x6c0/0x6c0
[   94.341787][ T3740]  ? generic_write_checks+0x15c/0x1c0
[   94.347157][ T3740]  __generic_file_write_iter+0x176/0x400
[   94.352788][ T3740]  generic_file_write_iter+0xab/0x310
[   94.358156][ T3740]  vfs_write+0x7dc/0xc50
[   94.362395][ T3740]  ? file_end_write+0x230/0x230
[   94.367239][ T3740]  ? ptrace_stop+0x74d/0x970
[   94.371825][ T3740]  ? _raw_spin_unlock_irq+0x2a/0x40
[   94.377014][ T3740]  ? __fdget_pos+0x252/0x2e0
[   94.381599][ T3740]  ksys_write+0x177/0x2a0
[   94.385931][ T3740]  ? __ia32_sys_read+0x80/0x80
[   94.390702][ T3740]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   94.396700][ T3740]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   94.402678][ T3740]  do_syscall_64+0x3d/0xb0
[   94.407094][ T3740]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   94.412989][ T3740] RIP: 0033:0x7f0fa5191c89
[   94.417429][ T3740] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   94.437130][ T3740] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   94.445548][ T3740] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   94.453527][ T3740] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   94.461523][ T3740] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3740] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3740] exit_group(0)               = ?
[pid  3740] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3740, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./98", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./98/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./98/binderfs")                 = 0
umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./98/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./98/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./98/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./98")                           = 0
mkdir("./99", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
[   94.469488][ T3740] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   94.477455][ T3740] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000062
[   94.485455][ T3740]  </TASK>
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3742
./strace-static-x86_64: Process 3742 attached
[pid  3742] chdir("./99")               = 0
[pid  3742] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3742] setpgid(0, 0)               = 0
[pid  3742] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3742] write(3, "1000", 4)         = 4
[pid  3742] close(3)                    = 0
[pid  3742] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3742] memfd_create("syzkaller", 0) = 3
[pid  3742] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3742] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3742] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3742] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3742] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3742] close(3)                    = 0
[pid  3742] mkdir("./file0", 0777)      = 0
[pid  3742] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3742] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3742] chdir("./file0")            = 0
[pid  3742] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3742] close(4)                    = 0
[pid  3742] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3742] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3742] write(5, "13", 2)           = 2
[   94.547029][ T3742] loop0: detected capacity change from 0 to 64
[   94.578691][ T3742] FAULT_INJECTION: forcing a failure.
[   94.578691][ T3742] name failslab, interval 1, probability 0, space 0, times 0
[   94.591776][ T3742] CPU: 0 PID: 3742 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   94.602227][ T3742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   94.612297][ T3742] Call Trace:
[   94.615582][ T3742]  <TASK>
[   94.618504][ T3742]  dump_stack_lvl+0x1b1/0x28e
[   94.623179][ T3742]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   94.628635][ T3742]  ? panic+0x710/0x710
[   94.632712][ T3742]  ? __might_sleep+0xc0/0xc0
[   94.637303][ T3742]  ? __mutex_lock_common+0x45f/0x26e0
[   94.642670][ T3742]  should_fail_ex+0x395/0x4c0
[   94.647351][ T3742]  ? hfs_find_init+0x8b/0x1e0
[   94.652022][ T3742]  should_failslab+0x5/0x20
[   94.656616][ T3742]  __kmem_cache_alloc_node+0x69/0x310
[   94.662002][ T3742]  ? hfs_find_init+0x8b/0x1e0
[   94.666679][ T3742]  __kmalloc+0x9e/0x1a0
[   94.670859][ T3742]  hfs_find_init+0x8b/0x1e0
[   94.675375][ T3742]  hfs_extend_file+0x2f8/0x1420
[   94.680220][ T3742]  ? hfs_get_block+0xbb0/0xbb0
[   94.684990][ T3742]  ? lru_cache_disable+0x30/0x30
[   94.690022][ T3742]  ? __might_sleep+0xc0/0xc0
[   94.694611][ T3742]  hfs_get_block+0x3fc/0xbb0
[   94.699214][ T3742]  ? hfs_free_extents+0x420/0x420
[   94.704245][ T3742]  ? do_raw_spin_unlock+0x134/0x8a0
[   94.709456][ T3742]  ? create_page_buffers+0x244/0x4b0
[   94.714847][ T3742]  __block_write_begin_int+0x54c/0x1a80
[   94.720402][ T3742]  ? hfs_free_extents+0x420/0x420
[   94.729669][ T3742]  ? page_zero_new_buffers+0x940/0x940
[   94.735133][ T3742]  ? PageHeadHuge+0x8a/0x1d0
[   94.739733][ T3742]  ? hfs_free_extents+0x420/0x420
[   94.744748][ T3742]  block_write_begin+0x93/0x1e0
[   94.749607][ T3742]  ? cont_write_begin+0x5e5/0x860
[   94.754622][ T3742]  ? hfs_free_extents+0x420/0x420
[   94.759640][ T3742]  cont_write_begin+0x606/0x860
[   94.764494][ T3742]  ? fault_in_readable+0x1d5/0x310
[   94.769630][ T3742]  ? generic_cont_expand_simple+0x250/0x250
[   94.775550][ T3742]  ? fault_in_readable+0x219/0x310
[   94.780675][ T3742]  ? fault_in_safe_writeable+0x240/0x240
[   94.786304][ T3742]  hfs_write_begin+0x86/0xd0
[   94.790890][ T3742]  ? hfs_free_extents+0x420/0x420
[   94.795929][ T3742]  generic_perform_write+0x2e4/0x5e0
[   94.801221][ T3742]  ? __block_commit_write+0x420/0x420
[   94.806595][ T3742]  ? generic_file_direct_write+0x610/0x610
[   94.812417][ T3742]  ? __file_remove_privs+0x6c0/0x6c0
[   94.817716][ T3742]  ? generic_write_checks+0x15c/0x1c0
[   94.823083][ T3742]  __generic_file_write_iter+0x176/0x400
[   94.828720][ T3742]  generic_file_write_iter+0xab/0x310
[   94.834258][ T3742]  vfs_write+0x7dc/0xc50
[   94.838498][ T3742]  ? file_end_write+0x230/0x230
[   94.843340][ T3742]  ? ptrace_stop+0x74d/0x970
[   94.847939][ T3742]  ? _raw_spin_unlock_irq+0x2a/0x40
[   94.853158][ T3742]  ? __fdget_pos+0x252/0x2e0
[   94.857751][ T3742]  ksys_write+0x177/0x2a0
[   94.862082][ T3742]  ? __ia32_sys_read+0x80/0x80
[   94.866930][ T3742]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   94.872917][ T3742]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   94.878897][ T3742]  do_syscall_64+0x3d/0xb0
[   94.883311][ T3742]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   94.889198][ T3742] RIP: 0033:0x7f0fa5191c89
[   94.893868][ T3742] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   94.913552][ T3742] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   94.921962][ T3742] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   94.929933][ T3742] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   94.937992][ T3742] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3742] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3742] exit_group(0)               = ?
[pid  3742] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3742, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./99", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./99/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./99/binderfs")                 = 0
umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./99/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./99/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./99/file0")                     = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./99")                           = 0
mkdir("./100", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
[   94.945965][ T3742] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   94.953932][ T3742] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000063
[   94.961916][ T3742]  </TASK>
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3745
./strace-static-x86_64: Process 3745 attached
[pid  3745] chdir("./100")              = 0
[pid  3745] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3745] setpgid(0, 0)               = 0
[pid  3745] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3745] write(3, "1000", 4)         = 4
[pid  3745] close(3)                    = 0
[pid  3745] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3745] memfd_create("syzkaller", 0) = 3
[pid  3745] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3745] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3745] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3745] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3745] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3745] close(3)                    = 0
[pid  3745] mkdir("./file0", 0777)      = 0
[pid  3745] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3745] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3745] chdir("./file0")            = 0
[pid  3745] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3745] close(4)                    = 0
[pid  3745] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3745] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3745] write(5, "13", 2)           = 2
[   95.031206][ T3745] loop0: detected capacity change from 0 to 64
[   95.048098][ T3745] FAULT_INJECTION: forcing a failure.
[   95.048098][ T3745] name failslab, interval 1, probability 0, space 0, times 0
[   95.067141][ T3745] CPU: 0 PID: 3745 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   95.077753][ T3745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   95.087793][ T3745] Call Trace:
[   95.091060][ T3745]  <TASK>
[   95.093979][ T3745]  dump_stack_lvl+0x1b1/0x28e
[   95.098649][ T3745]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   95.104094][ T3745]  ? panic+0x710/0x710
[   95.108164][ T3745]  ? __might_sleep+0xc0/0xc0
[   95.112743][ T3745]  ? __mutex_lock_common+0x45f/0x26e0
[   95.118108][ T3745]  should_fail_ex+0x395/0x4c0
[   95.122771][ T3745]  ? hfs_find_init+0x8b/0x1e0
[   95.127432][ T3745]  should_failslab+0x5/0x20
[   95.131924][ T3745]  __kmem_cache_alloc_node+0x69/0x310
[   95.137301][ T3745]  ? rcu_lock_release+0x5/0x20
[   95.142140][ T3745]  ? hfs_find_init+0x8b/0x1e0
[   95.146802][ T3745]  __kmalloc+0x9e/0x1a0
[   95.150953][ T3745]  hfs_find_init+0x8b/0x1e0
[   95.155535][ T3745]  hfs_extend_file+0x2f8/0x1420
[   95.160371][ T3745]  ? xas_find+0x937/0xa60
[   95.164960][ T3745]  ? hfs_get_block+0xbb0/0xbb0
[   95.169720][ T3745]  ? filemap_get_folios+0x557/0x830
[   95.174910][ T3745]  ? find_lock_entries+0xf60/0xf60
[   95.180021][ T3745]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[   95.185911][ T3745]  hfs_get_block+0x3fc/0xbb0
[   95.190503][ T3745]  ? hfs_free_extents+0x420/0x420
[   95.195511][ T3745]  ? do_raw_spin_unlock+0x134/0x8a0
[   95.200720][ T3745]  ? create_page_buffers+0x244/0x4b0
[   95.206021][ T3745]  __block_write_begin_int+0x54c/0x1a80
[   95.211573][ T3745]  ? hfs_free_extents+0x420/0x420
[   95.216577][ T3745]  ? page_zero_new_buffers+0x940/0x940
[   95.222020][ T3745]  ? PageHeadHuge+0x8a/0x1d0
[   95.226596][ T3745]  ? hfs_free_extents+0x420/0x420
[   95.231602][ T3745]  block_write_begin+0x93/0x1e0
[   95.236437][ T3745]  ? cont_write_begin+0x5e5/0x860
[   95.241454][ T3745]  ? hfs_free_extents+0x420/0x420
[   95.246462][ T3745]  cont_write_begin+0x606/0x860
[   95.251390][ T3745]  ? fault_in_readable+0x1d5/0x310
[   95.256491][ T3745]  ? generic_cont_expand_simple+0x250/0x250
[   95.262368][ T3745]  ? fault_in_readable+0x219/0x310
[   95.267483][ T3745]  ? fault_in_safe_writeable+0x240/0x240
[   95.273122][ T3745]  hfs_write_begin+0x86/0xd0
[   95.277704][ T3745]  ? hfs_free_extents+0x420/0x420
[   95.282716][ T3745]  generic_perform_write+0x2e4/0x5e0
[   95.287989][ T3745]  ? __block_commit_write+0x420/0x420
[   95.293347][ T3745]  ? generic_file_direct_write+0x610/0x610
[   95.299137][ T3745]  ? __file_remove_privs+0x6c0/0x6c0
[   95.304404][ T3745]  ? generic_write_checks+0x15c/0x1c0
[   95.309769][ T3745]  __generic_file_write_iter+0x176/0x400
[   95.315391][ T3745]  generic_file_write_iter+0xab/0x310
[   95.320748][ T3745]  vfs_write+0x7dc/0xc50
[   95.324981][ T3745]  ? file_end_write+0x230/0x230
[   95.329923][ T3745]  ? ptrace_stop+0x74d/0x970
[   95.334508][ T3745]  ? _raw_spin_unlock_irq+0x2a/0x40
[   95.339693][ T3745]  ? __fdget_pos+0x252/0x2e0
[   95.344269][ T3745]  ksys_write+0x177/0x2a0
[   95.348587][ T3745]  ? __ia32_sys_read+0x80/0x80
[   95.353335][ T3745]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   95.359300][ T3745]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   95.365266][ T3745]  do_syscall_64+0x3d/0xb0
[   95.369671][ T3745]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   95.375548][ T3745] RIP: 0033:0x7f0fa5191c89
[   95.379947][ T3745] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   95.399706][ T3745] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   95.408104][ T3745] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   95.416059][ T3745] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   95.424013][ T3745] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3745] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3745] exit_group(0)               = ?
[pid  3745] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3745, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./100", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./100/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./100/binderfs")                = 0
umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./100/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./100/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./100/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./100")                          = 0
mkdir("./101", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3747
[   95.431968][ T3745] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   95.439918][ T3745] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000064
[   95.447881][ T3745]  </TASK>
./strace-static-x86_64: Process 3747 attached
[pid  3747] chdir("./101")              = 0
[pid  3747] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3747] setpgid(0, 0)               = 0
[pid  3747] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3747] write(3, "1000", 4)         = 4
[pid  3747] close(3)                    = 0
[pid  3747] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3747] memfd_create("syzkaller", 0) = 3
[pid  3747] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3747] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3747] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3747] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3747] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3747] close(3)                    = 0
[pid  3747] mkdir("./file0", 0777)      = 0
[pid  3747] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3747] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3747] chdir("./file0")            = 0
[pid  3747] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3747] close(4)                    = 0
[pid  3747] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3747] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3747] write(5, "13", 2)           = 2
[   95.506483][ T3747] loop0: detected capacity change from 0 to 64
[   95.532843][ T3747] FAULT_INJECTION: forcing a failure.
[   95.532843][ T3747] name failslab, interval 1, probability 0, space 0, times 0
[   95.546035][ T3747] CPU: 0 PID: 3747 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   95.556446][ T3747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   95.566491][ T3747] Call Trace:
[   95.569757][ T3747]  <TASK>
[   95.572675][ T3747]  dump_stack_lvl+0x1b1/0x28e
[   95.577429][ T3747]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   95.582965][ T3747]  ? panic+0x710/0x710
[   95.587107][ T3747]  ? __might_sleep+0xc0/0xc0
[   95.591678][ T3747]  ? __mutex_lock_common+0x45f/0x26e0
[   95.597127][ T3747]  should_fail_ex+0x395/0x4c0
[   95.601797][ T3747]  ? hfs_find_init+0x8b/0x1e0
[   95.606463][ T3747]  should_failslab+0x5/0x20
[   95.610953][ T3747]  __kmem_cache_alloc_node+0x69/0x310
[   95.616312][ T3747]  ? hfs_find_init+0x8b/0x1e0
[   95.620973][ T3747]  __kmalloc+0x9e/0x1a0
[   95.625117][ T3747]  hfs_find_init+0x8b/0x1e0
[   95.629608][ T3747]  hfs_extend_file+0x2f8/0x1420
[   95.634449][ T3747]  ? hfs_get_block+0xbb0/0xbb0
[   95.639199][ T3747]  ? lru_cache_disable+0x30/0x30
[   95.644208][ T3747]  ? __might_sleep+0xc0/0xc0
[   95.648795][ T3747]  hfs_get_block+0x3fc/0xbb0
[   95.653378][ T3747]  ? hfs_free_extents+0x420/0x420
[   95.658397][ T3747]  ? do_raw_spin_unlock+0x134/0x8a0
[   95.663594][ T3747]  ? create_page_buffers+0x244/0x4b0
[   95.668956][ T3747]  __block_write_begin_int+0x54c/0x1a80
[   95.674503][ T3747]  ? hfs_free_extents+0x420/0x420
[   95.679598][ T3747]  ? page_zero_new_buffers+0x940/0x940
[   95.685042][ T3747]  ? PageHeadHuge+0x8a/0x1d0
[   95.689619][ T3747]  ? hfs_free_extents+0x420/0x420
[   95.694623][ T3747]  block_write_begin+0x93/0x1e0
[   95.699457][ T3747]  ? cont_write_begin+0x5e5/0x860
[   95.704468][ T3747]  ? hfs_free_extents+0x420/0x420
[   95.709476][ T3747]  cont_write_begin+0x606/0x860
[   95.714318][ T3747]  ? fault_in_readable+0x1d5/0x310
[   95.719417][ T3747]  ? generic_cont_expand_simple+0x250/0x250
[   95.725297][ T3747]  ? fault_in_readable+0x219/0x310
[   95.730391][ T3747]  ? fault_in_safe_writeable+0x240/0x240
[   95.736014][ T3747]  hfs_write_begin+0x86/0xd0
[   95.740587][ T3747]  ? hfs_free_extents+0x420/0x420
[   95.745599][ T3747]  generic_perform_write+0x2e4/0x5e0
[   95.750883][ T3747]  ? __block_commit_write+0x420/0x420
[   95.756257][ T3747]  ? generic_file_direct_write+0x610/0x610
[   95.762048][ T3747]  ? __file_remove_privs+0x6c0/0x6c0
[   95.767316][ T3747]  ? generic_write_checks+0x15c/0x1c0
[   95.772676][ T3747]  __generic_file_write_iter+0x176/0x400
[   95.778301][ T3747]  generic_file_write_iter+0xab/0x310
[   95.783658][ T3747]  vfs_write+0x7dc/0xc50
[   95.787893][ T3747]  ? file_end_write+0x230/0x230
[   95.792726][ T3747]  ? ptrace_stop+0x74d/0x970
[   95.797307][ T3747]  ? _raw_spin_unlock_irq+0x2a/0x40
[   95.802495][ T3747]  ? __fdget_pos+0x252/0x2e0
[   95.807071][ T3747]  ksys_write+0x177/0x2a0
[   95.811391][ T3747]  ? __ia32_sys_read+0x80/0x80
[   95.816139][ T3747]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   95.822104][ T3747]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   95.828070][ T3747]  do_syscall_64+0x3d/0xb0
[   95.832468][ T3747]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   95.838351][ T3747] RIP: 0033:0x7f0fa5191c89
[   95.842750][ T3747] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   95.862347][ T3747] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   95.870773][ T3747] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   95.878728][ T3747] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   95.886683][ T3747] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   95.894635][ T3747] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  3747] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3747] exit_group(0)               = ?
[pid  3747] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3747, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./101", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./101/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./101/binderfs")                = 0
umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./101/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./101/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./101/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./101")                          = 0
mkdir("./102", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3748
./strace-static-x86_64: Process 3748 attached
[pid  3748] chdir("./102")              = 0
[pid  3748] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3748] setpgid(0, 0)               = 0
[pid  3748] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3748] write(3, "1000", 4)         = 4
[pid  3748] close(3)                    = 0
[pid  3748] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3748] memfd_create("syzkaller", 0) = 3
[pid  3748] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3748] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3748] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3748] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   95.902598][ T3747] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000065
[   95.910592][ T3747]  </TASK>
[pid  3748] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3748] close(3)                    = 0
[pid  3748] mkdir("./file0", 0777)      = 0
[pid  3748] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3748] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3748] chdir("./file0")            = 0
[pid  3748] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3748] close(4)                    = 0
[pid  3748] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3748] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3748] write(5, "13", 2)           = 2
[   95.956000][ T3748] loop0: detected capacity change from 0 to 64
[   95.983697][ T3748] FAULT_INJECTION: forcing a failure.
[   95.983697][ T3748] name failslab, interval 1, probability 0, space 0, times 0
[   95.997773][ T3748] CPU: 0 PID: 3748 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   96.008207][ T3748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   96.018245][ T3748] Call Trace:
[   96.021512][ T3748]  <TASK>
[   96.024432][ T3748]  dump_stack_lvl+0x1b1/0x28e
[   96.029100][ T3748]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   96.034542][ T3748]  ? panic+0x710/0x710
[   96.038603][ T3748]  ? __might_sleep+0xc0/0xc0
[   96.043184][ T3748]  ? __mutex_lock_common+0x45f/0x26e0
[   96.049241][ T3748]  should_fail_ex+0x395/0x4c0
[   96.053922][ T3748]  ? hfs_find_init+0x8b/0x1e0
[   96.058599][ T3748]  should_failslab+0x5/0x20
[   96.063102][ T3748]  __kmem_cache_alloc_node+0x69/0x310
[   96.068469][ T3748]  ? rcu_lock_release+0x5/0x20
[   96.073234][ T3748]  ? hfs_find_init+0x8b/0x1e0
[   96.077912][ T3748]  __kmalloc+0x9e/0x1a0
[   96.082072][ T3748]  hfs_find_init+0x8b/0x1e0
[   96.086576][ T3748]  hfs_extend_file+0x2f8/0x1420
[   96.091421][ T3748]  ? xas_find+0x937/0xa60
[   96.095755][ T3748]  ? hfs_get_block+0xbb0/0xbb0
[   96.100517][ T3748]  ? filemap_get_folios+0x557/0x830
[   96.105715][ T3748]  ? find_lock_entries+0xf60/0xf60
[   96.110833][ T3748]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[   96.116734][ T3748]  hfs_get_block+0x3fc/0xbb0
[   96.121335][ T3748]  ? hfs_free_extents+0x420/0x420
[   96.126379][ T3748]  ? do_raw_spin_unlock+0x134/0x8a0
[   96.131579][ T3748]  ? create_page_buffers+0x244/0x4b0
[   96.136865][ T3748]  __block_write_begin_int+0x54c/0x1a80
[   96.142425][ T3748]  ? hfs_free_extents+0x420/0x420
[   96.147443][ T3748]  ? page_zero_new_buffers+0x940/0x940
[   96.152903][ T3748]  ? PageHeadHuge+0x8a/0x1d0
[   96.157495][ T3748]  ? hfs_free_extents+0x420/0x420
[   96.162515][ T3748]  block_write_begin+0x93/0x1e0
[   96.167361][ T3748]  ? cont_write_begin+0x5e5/0x860
[   96.172383][ T3748]  ? hfs_free_extents+0x420/0x420
[   96.177403][ T3748]  cont_write_begin+0x606/0x860
[   96.182258][ T3748]  ? fault_in_readable+0x1d5/0x310
[   96.187373][ T3748]  ? generic_cont_expand_simple+0x250/0x250
[   96.193261][ T3748]  ? fault_in_readable+0x219/0x310
[   96.198371][ T3748]  ? fault_in_safe_writeable+0x240/0x240
[   96.204010][ T3748]  hfs_write_begin+0x86/0xd0
[   96.208590][ T3748]  ? hfs_free_extents+0x420/0x420
[   96.213610][ T3748]  generic_perform_write+0x2e4/0x5e0
[   96.218899][ T3748]  ? __block_commit_write+0x420/0x420
[   96.224358][ T3748]  ? generic_file_direct_write+0x610/0x610
[   96.230162][ T3748]  ? __file_remove_privs+0x6c0/0x6c0
[   96.235444][ T3748]  ? generic_write_checks+0x15c/0x1c0
[   96.240825][ T3748]  __generic_file_write_iter+0x176/0x400
[   96.246461][ T3748]  generic_file_write_iter+0xab/0x310
[   96.251830][ T3748]  vfs_write+0x7dc/0xc50
[   96.256599][ T3748]  ? file_end_write+0x230/0x230
[   96.261442][ T3748]  ? ptrace_stop+0x74d/0x970
[   96.266038][ T3748]  ? _raw_spin_unlock_irq+0x2a/0x40
[   96.271236][ T3748]  ? __fdget_pos+0x252/0x2e0
[   96.275830][ T3748]  ksys_write+0x177/0x2a0
[   96.280177][ T3748]  ? __ia32_sys_read+0x80/0x80
[   96.284942][ T3748]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   96.291009][ T3748]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   96.296985][ T3748]  do_syscall_64+0x3d/0xb0
[   96.301398][ T3748]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   96.307373][ T3748] RIP: 0033:0x7f0fa5191c89
[   96.311782][ T3748] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   96.331646][ T3748] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   96.340055][ T3748] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   96.348022][ T3748] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid  3748] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3748] exit_group(0)               = ?
[pid  3748] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3748, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./102", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./102/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./102/binderfs")                = 0
umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./102/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./102/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./102/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./102")                          = 0
mkdir("./103", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3750
./strace-static-x86_64: Process 3750 attached
[   96.356071][ T3748] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   96.364040][ T3748] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   96.372009][ T3748] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000066
[   96.380004][ T3748]  </TASK>
[pid  3750] chdir("./103")              = 0
[pid  3750] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3750] setpgid(0, 0)               = 0
[pid  3750] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3750] write(3, "1000", 4)         = 4
[pid  3750] close(3)                    = 0
[pid  3750] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3750] memfd_create("syzkaller", 0) = 3
[pid  3750] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3750] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3750] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3750] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3750] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3750] close(3)                    = 0
[pid  3750] mkdir("./file0", 0777)      = 0
[pid  3750] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3750] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3750] chdir("./file0")            = 0
[pid  3750] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3750] close(4)                    = 0
[pid  3750] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3750] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3750] write(5, "13", 2)           = 2
[   96.428514][ T3750] loop0: detected capacity change from 0 to 64
[   96.429520][ T3640] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[   96.471743][ T3750] FAULT_INJECTION: forcing a failure.
[   96.471743][ T3750] name failslab, interval 1, probability 0, space 0, times 0
[   96.484474][ T3750] CPU: 1 PID: 3750 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   96.494903][ T3750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   96.504981][ T3750] Call Trace:
[   96.508260][ T3750]  <TASK>
[   96.511185][ T3750]  dump_stack_lvl+0x1b1/0x28e
[   96.515870][ T3750]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   96.521321][ T3750]  ? panic+0x710/0x710
[   96.525389][ T3750]  ? __might_sleep+0xc0/0xc0
[   96.529972][ T3750]  ? __mutex_lock_common+0x45f/0x26e0
[   96.535349][ T3750]  should_fail_ex+0x395/0x4c0
[   96.540025][ T3750]  ? hfs_find_init+0x8b/0x1e0
[   96.544703][ T3750]  should_failslab+0x5/0x20
[   96.549202][ T3750]  __kmem_cache_alloc_node+0x69/0x310
[   96.554581][ T3750]  ? hfs_find_init+0x8b/0x1e0
[   96.559257][ T3750]  __kmalloc+0x9e/0x1a0
[   96.563417][ T3750]  hfs_find_init+0x8b/0x1e0
[   96.567921][ T3750]  hfs_extend_file+0x2f8/0x1420
[   96.572777][ T3750]  ? hfs_get_block+0xbb0/0xbb0
[   96.577539][ T3750]  ? lru_cache_disable+0x30/0x30
[   96.582472][ T3750]  ? __might_sleep+0xc0/0xc0
[   96.587074][ T3750]  hfs_get_block+0x3fc/0xbb0
[   96.591674][ T3750]  ? hfs_free_extents+0x420/0x420
[   96.596690][ T3750]  ? do_raw_spin_unlock+0x134/0x8a0
[   96.601892][ T3750]  ? create_page_buffers+0x244/0x4b0
[   96.607180][ T3750]  __block_write_begin_int+0x54c/0x1a80
[   96.612750][ T3750]  ? hfs_free_extents+0x420/0x420
[   96.617770][ T3750]  ? page_zero_new_buffers+0x940/0x940
[   96.623233][ T3750]  ? PageHeadHuge+0x8a/0x1d0
[   96.627824][ T3750]  ? hfs_free_extents+0x420/0x420
[   96.633015][ T3750]  block_write_begin+0x93/0x1e0
[   96.637864][ T3750]  ? cont_write_begin+0x5e5/0x860
[   96.642893][ T3750]  ? hfs_free_extents+0x420/0x420
[   96.647915][ T3750]  cont_write_begin+0x606/0x860
[   96.652767][ T3750]  ? fault_in_readable+0x1d5/0x310
[   96.657883][ T3750]  ? generic_cont_expand_simple+0x250/0x250
[   96.663773][ T3750]  ? fault_in_readable+0x219/0x310
[   96.668883][ T3750]  ? fault_in_safe_writeable+0x240/0x240
[   96.674526][ T3750]  hfs_write_begin+0x86/0xd0
[   96.679108][ T3750]  ? hfs_free_extents+0x420/0x420
[   96.684141][ T3750]  generic_perform_write+0x2e4/0x5e0
[   96.689430][ T3750]  ? __block_commit_write+0x420/0x420
[   96.694800][ T3750]  ? generic_file_direct_write+0x610/0x610
[   96.700602][ T3750]  ? __file_remove_privs+0x6c0/0x6c0
[   96.705885][ T3750]  ? generic_write_checks+0x15c/0x1c0
[   96.711287][ T3750]  __generic_file_write_iter+0x176/0x400
[   96.716921][ T3750]  generic_file_write_iter+0xab/0x310
[   96.722292][ T3750]  vfs_write+0x7dc/0xc50
[   96.726539][ T3750]  ? file_end_write+0x230/0x230
[   96.731393][ T3750]  ? ptrace_stop+0x74d/0x970
[   96.735987][ T3750]  ? _raw_spin_unlock_irq+0x2a/0x40
[   96.741188][ T3750]  ? __fdget_pos+0x252/0x2e0
[   96.745782][ T3750]  ksys_write+0x177/0x2a0
[   96.750114][ T3750]  ? __ia32_sys_read+0x80/0x80
[   96.754875][ T3750]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   96.760854][ T3750]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   96.766831][ T3750]  do_syscall_64+0x3d/0xb0
[   96.771243][ T3750]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   96.777131][ T3750] RIP: 0033:0x7f0fa5191c89
[   96.781544][ T3750] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   96.801140][ T3750] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   96.809569][ T3750] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[pid  3750] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3750] exit_group(0)               = ?
[pid  3750] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3750, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./103", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./103/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./103/binderfs")                = 0
umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./103/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./103/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./103/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./103")                          = 0
mkdir("./104", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3751
./strace-static-x86_64: Process 3751 attached
[pid  3751] chdir("./104")              = 0
[pid  3751] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3751] setpgid(0, 0)               = 0
[pid  3751] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3751] write(3, "1000", 4)         = 4
[pid  3751] close(3)                    = 0
[pid  3751] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3751] memfd_create("syzkaller", 0) = 3
[pid  3751] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3751] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3751] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3751] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   96.817532][ T3750] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   96.825497][ T3750] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   96.833461][ T3750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   96.841423][ T3750] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000067
[   96.849402][ T3750]  </TASK>
[pid  3751] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3751] close(3)                    = 0
[pid  3751] mkdir("./file0", 0777)      = 0
[pid  3751] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3751] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3751] chdir("./file0")            = 0
[pid  3751] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3751] close(4)                    = 0
[pid  3751] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3751] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3751] write(5, "13", 2)           = 2
[   96.900349][ T3751] loop0: detected capacity change from 0 to 64
[   96.926691][ T3751] FAULT_INJECTION: forcing a failure.
[   96.926691][ T3751] name failslab, interval 1, probability 0, space 0, times 0
[   96.939325][ T3751] CPU: 1 PID: 3751 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   96.949730][ T3751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   96.959778][ T3751] Call Trace:
[   96.963062][ T3751]  <TASK>
[   96.965987][ T3751]  dump_stack_lvl+0x1b1/0x28e
[   96.970673][ T3751]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   96.976129][ T3751]  ? panic+0x710/0x710
[   96.980199][ T3751]  ? __might_sleep+0xc0/0xc0
[   96.984782][ T3751]  ? __mutex_lock_common+0x45f/0x26e0
[   96.990157][ T3751]  should_fail_ex+0x395/0x4c0
[   96.994838][ T3751]  ? hfs_find_init+0x8b/0x1e0
[   96.999513][ T3751]  should_failslab+0x5/0x20
[   97.004013][ T3751]  __kmem_cache_alloc_node+0x69/0x310
[   97.009380][ T3751]  ? rcu_lock_release+0x5/0x20
[   97.014142][ T3751]  ? hfs_find_init+0x8b/0x1e0
[   97.018821][ T3751]  __kmalloc+0x9e/0x1a0
[   97.022985][ T3751]  hfs_find_init+0x8b/0x1e0
[   97.027490][ T3751]  hfs_extend_file+0x2f8/0x1420
[   97.032341][ T3751]  ? xas_find+0x937/0xa60
[   97.036681][ T3751]  ? hfs_get_block+0xbb0/0xbb0
[   97.041439][ T3751]  ? filemap_get_folios+0x557/0x830
[   97.046636][ T3751]  ? find_lock_entries+0xf60/0xf60
[   97.051758][ T3751]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[   97.057656][ T3751]  hfs_get_block+0x3fc/0xbb0
[   97.062255][ T3751]  ? hfs_free_extents+0x420/0x420
[   97.067272][ T3751]  ? do_raw_spin_unlock+0x134/0x8a0
[   97.072475][ T3751]  ? create_page_buffers+0x244/0x4b0
[   97.077765][ T3751]  __block_write_begin_int+0x54c/0x1a80
[   97.083345][ T3751]  ? hfs_free_extents+0x420/0x420
[   97.088359][ T3751]  ? page_zero_new_buffers+0x940/0x940
[   97.093819][ T3751]  ? PageHeadHuge+0x8a/0x1d0
[   97.098410][ T3751]  ? hfs_free_extents+0x420/0x420
[   97.103426][ T3751]  block_write_begin+0x93/0x1e0
[   97.108794][ T3751]  ? cont_write_begin+0x5e5/0x860
[   97.113815][ T3751]  ? hfs_free_extents+0x420/0x420
[   97.118833][ T3751]  cont_write_begin+0x606/0x860
[   97.123687][ T3751]  ? fault_in_readable+0x1d5/0x310
[   97.128803][ T3751]  ? generic_cont_expand_simple+0x250/0x250
[   97.134708][ T3751]  ? fault_in_readable+0x219/0x310
[   97.139845][ T3751]  ? fault_in_safe_writeable+0x240/0x240
[   97.145522][ T3751]  hfs_write_begin+0x86/0xd0
[   97.150207][ T3751]  ? hfs_free_extents+0x420/0x420
[   97.155259][ T3751]  generic_perform_write+0x2e4/0x5e0
[   97.160561][ T3751]  ? __block_commit_write+0x420/0x420
[   97.165948][ T3751]  ? generic_file_direct_write+0x610/0x610
[   97.171771][ T3751]  ? __file_remove_privs+0x6c0/0x6c0
[   97.177064][ T3751]  ? generic_write_checks+0x15c/0x1c0
[   97.182450][ T3751]  __generic_file_write_iter+0x176/0x400
[   97.188098][ T3751]  generic_file_write_iter+0xab/0x310
[   97.193481][ T3751]  vfs_write+0x7dc/0xc50
[   97.197752][ T3751]  ? file_end_write+0x230/0x230
[   97.202619][ T3751]  ? ptrace_stop+0x74d/0x970
[   97.207231][ T3751]  ? _raw_spin_unlock_irq+0x2a/0x40
[   97.212434][ T3751]  ? __fdget_pos+0x252/0x2e0
[   97.217046][ T3751]  ksys_write+0x177/0x2a0
[   97.221384][ T3751]  ? __ia32_sys_read+0x80/0x80
[   97.226152][ T3751]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   97.232222][ T3751]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   97.238203][ T3751]  do_syscall_64+0x3d/0xb0
[   97.242614][ T3751]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   97.248508][ T3751] RIP: 0033:0x7f0fa5191c89
[   97.252917][ T3751] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   97.272516][ T3751] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   97.280925][ T3751] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   97.291492][ T3751] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid  3751] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3751] exit_group(0)               = ?
[pid  3751] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3751, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./104", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./104/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./104/binderfs")                = 0
umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./104/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./104/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[   97.299458][ T3751] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   97.307423][ T3751] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   97.315387][ T3751] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000068
[   97.323369][ T3751]  </TASK>
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./104/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./104")                          = 0
mkdir("./105", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3752
./strace-static-x86_64: Process 3752 attached
[pid  3752] chdir("./105")              = 0
[pid  3752] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3752] setpgid(0, 0)               = 0
[pid  3752] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3752] write(3, "1000", 4)         = 4
[pid  3752] close(3)                    = 0
[pid  3752] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3752] memfd_create("syzkaller", 0) = 3
[pid  3752] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3752] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3752] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3752] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3752] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3752] close(3)                    = 0
[pid  3752] mkdir("./file0", 0777)      = 0
[pid  3752] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3752] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3752] chdir("./file0")            = 0
[pid  3752] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3752] close(4)                    = 0
[pid  3752] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3752] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3752] write(5, "13", 2)           = 2
[   97.389030][ T3752] loop0: detected capacity change from 0 to 64
[   97.409199][ T3752] FAULT_INJECTION: forcing a failure.
[   97.409199][ T3752] name failslab, interval 1, probability 0, space 0, times 0
[   97.422479][ T3752] CPU: 0 PID: 3752 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   97.432952][ T3752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   97.443001][ T3752] Call Trace:
[   97.446270][ T3752]  <TASK>
[   97.449196][ T3752]  dump_stack_lvl+0x1b1/0x28e
[   97.453882][ T3752]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   97.459354][ T3752]  ? panic+0x710/0x710
[   97.463416][ T3752]  ? __might_sleep+0xc0/0xc0
[   97.468001][ T3752]  ? __mutex_lock_common+0x45f/0x26e0
[   97.473389][ T3752]  should_fail_ex+0x395/0x4c0
[   97.478078][ T3752]  ? hfs_find_init+0x8b/0x1e0
[   97.482770][ T3752]  should_failslab+0x5/0x20
[   97.487276][ T3752]  __kmem_cache_alloc_node+0x69/0x310
[   97.492645][ T3752]  ? rcu_lock_release+0x5/0x20
[   97.497408][ T3752]  ? hfs_find_init+0x8b/0x1e0
[   97.502088][ T3752]  __kmalloc+0x9e/0x1a0
[   97.506252][ T3752]  hfs_find_init+0x8b/0x1e0
[   97.510756][ T3752]  hfs_extend_file+0x2f8/0x1420
[   97.515603][ T3752]  ? xas_find+0x937/0xa60
[   97.519940][ T3752]  ? hfs_get_block+0xbb0/0xbb0
[   97.524697][ T3752]  ? filemap_get_folios+0x557/0x830
[   97.529895][ T3752]  ? find_lock_entries+0xf60/0xf60
[   97.535007][ T3752]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[   97.540912][ T3752]  hfs_get_block+0x3fc/0xbb0
[   97.545514][ T3752]  ? hfs_free_extents+0x420/0x420
[   97.550530][ T3752]  ? do_raw_spin_unlock+0x134/0x8a0
[   97.555732][ T3752]  ? create_page_buffers+0x244/0x4b0
[   97.561046][ T3752]  __block_write_begin_int+0x54c/0x1a80
[   97.566615][ T3752]  ? hfs_free_extents+0x420/0x420
[   97.571632][ T3752]  ? page_zero_new_buffers+0x940/0x940
[   97.577350][ T3752]  ? PageHeadHuge+0x8a/0x1d0
[   97.581941][ T3752]  ? hfs_free_extents+0x420/0x420
[   97.586967][ T3752]  block_write_begin+0x93/0x1e0
[   97.591812][ T3752]  ? cont_write_begin+0x5e5/0x860
[   97.596831][ T3752]  ? hfs_free_extents+0x420/0x420
[   97.601849][ T3752]  cont_write_begin+0x606/0x860
[   97.606701][ T3752]  ? fault_in_readable+0x1d5/0x310
[   97.611813][ T3752]  ? generic_cont_expand_simple+0x250/0x250
[   97.617700][ T3752]  ? fault_in_readable+0x219/0x310
[   97.622815][ T3752]  ? fault_in_safe_writeable+0x240/0x240
[   97.628456][ T3752]  hfs_write_begin+0x86/0xd0
[   97.633041][ T3752]  ? hfs_free_extents+0x420/0x420
[   97.638068][ T3752]  generic_perform_write+0x2e4/0x5e0
[   97.643357][ T3752]  ? __block_commit_write+0x420/0x420
[   97.648727][ T3752]  ? generic_file_direct_write+0x610/0x610
[   97.654532][ T3752]  ? __file_remove_privs+0x6c0/0x6c0
[   97.659814][ T3752]  ? generic_write_checks+0x15c/0x1c0
[   97.665190][ T3752]  __generic_file_write_iter+0x176/0x400
[   97.670831][ T3752]  generic_file_write_iter+0xab/0x310
[   97.676201][ T3752]  vfs_write+0x7dc/0xc50
[   97.680450][ T3752]  ? file_end_write+0x230/0x230
[   97.685293][ T3752]  ? ptrace_stop+0x74d/0x970
[   97.689889][ T3752]  ? _raw_spin_unlock_irq+0x2a/0x40
[   97.695086][ T3752]  ? __fdget_pos+0x252/0x2e0
[   97.699674][ T3752]  ksys_write+0x177/0x2a0
[   97.704004][ T3752]  ? __ia32_sys_read+0x80/0x80
[   97.708773][ T3752]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   97.714751][ T3752]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   97.720727][ T3752]  do_syscall_64+0x3d/0xb0
[   97.725138][ T3752]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   97.731026][ T3752] RIP: 0033:0x7f0fa5191c89
[   97.735443][ T3752] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   97.755044][ T3752] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   97.763538][ T3752] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   97.771500][ T3752] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   97.779465][ T3752] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3752] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3752] exit_group(0)               = ?
[pid  3752] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3752, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./105", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./105/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./105/binderfs")                = 0
umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./105/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./105/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./105/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./105")                          = 0
mkdir("./106", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
[   97.787428][ T3752] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   97.795389][ T3752] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000069
[   97.803368][ T3752]  </TASK>
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3753
./strace-static-x86_64: Process 3753 attached
[pid  3753] chdir("./106")              = 0
[pid  3753] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3753] setpgid(0, 0)               = 0
[pid  3753] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3753] write(3, "1000", 4)         = 4
[pid  3753] close(3)                    = 0
[pid  3753] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3753] memfd_create("syzkaller", 0) = 3
[pid  3753] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3753] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3753] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3753] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3753] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3753] close(3)                    = 0
[pid  3753] mkdir("./file0", 0777)      = 0
[pid  3753] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3753] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3753] chdir("./file0")            = 0
[pid  3753] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3753] close(4)                    = 0
[pid  3753] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3753] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3753] write(5, "13", 2)           = 2
[   97.870491][ T3753] loop0: detected capacity change from 0 to 64
[   97.895299][ T3753] FAULT_INJECTION: forcing a failure.
[   97.895299][ T3753] name failslab, interval 1, probability 0, space 0, times 0
[   97.908058][ T3753] CPU: 1 PID: 3753 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   97.918478][ T3753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   97.928526][ T3753] Call Trace:
[   97.931805][ T3753]  <TASK>
[   97.934738][ T3753]  dump_stack_lvl+0x1b1/0x28e
[   97.939496][ T3753]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   97.944945][ T3753]  ? panic+0x710/0x710
[   97.949010][ T3753]  ? __might_sleep+0xc0/0xc0
[   97.953594][ T3753]  ? __mutex_lock_common+0x45f/0x26e0
[   97.958980][ T3753]  should_fail_ex+0x395/0x4c0
[   97.963651][ T3753]  ? hfs_find_init+0x8b/0x1e0
[   97.968325][ T3753]  should_failslab+0x5/0x20
[   97.972817][ T3753]  __kmem_cache_alloc_node+0x69/0x310
[   97.978186][ T3753]  ? hfs_find_init+0x8b/0x1e0
[   97.982853][ T3753]  __kmalloc+0x9e/0x1a0
[   97.987006][ T3753]  hfs_find_init+0x8b/0x1e0
[   97.991502][ T3753]  hfs_extend_file+0x2f8/0x1420
[   97.996367][ T3753]  ? hfs_get_block+0xbb0/0xbb0
[   98.001139][ T3753]  ? lru_cache_disable+0x30/0x30
[   98.006073][ T3753]  ? __might_sleep+0xc0/0xc0
[   98.010684][ T3753]  hfs_get_block+0x3fc/0xbb0
[   98.015363][ T3753]  ? hfs_free_extents+0x420/0x420
[   98.020371][ T3753]  ? do_raw_spin_unlock+0x134/0x8a0
[   98.025562][ T3753]  ? create_page_buffers+0x244/0x4b0
[   98.030849][ T3753]  __block_write_begin_int+0x54c/0x1a80
[   98.036440][ T3753]  ? hfs_free_extents+0x420/0x420
[   98.041474][ T3753]  ? page_zero_new_buffers+0x940/0x940
[   98.046925][ T3753]  ? PageHeadHuge+0x8a/0x1d0
[   98.051522][ T3753]  ? hfs_free_extents+0x420/0x420
[   98.056548][ T3753]  block_write_begin+0x93/0x1e0
[   98.061395][ T3753]  ? cont_write_begin+0x5e5/0x860
[   98.066414][ T3753]  ? hfs_free_extents+0x420/0x420
[   98.071444][ T3753]  cont_write_begin+0x606/0x860
[   98.076308][ T3753]  ? fault_in_readable+0x1d5/0x310
[   98.081430][ T3753]  ? generic_cont_expand_simple+0x250/0x250
[   98.087329][ T3753]  ? fault_in_readable+0x219/0x310
[   98.092449][ T3753]  ? fault_in_safe_writeable+0x240/0x240
[   98.098075][ T3753]  hfs_write_begin+0x86/0xd0
[   98.102652][ T3753]  ? hfs_free_extents+0x420/0x420
[   98.107667][ T3753]  generic_perform_write+0x2e4/0x5e0
[   98.112947][ T3753]  ? __block_commit_write+0x420/0x420
[   98.118312][ T3753]  ? generic_file_direct_write+0x610/0x610
[   98.124111][ T3753]  ? __file_remove_privs+0x6c0/0x6c0
[   98.129382][ T3753]  ? generic_write_checks+0x15c/0x1c0
[   98.134750][ T3753]  __generic_file_write_iter+0x176/0x400
[   98.140377][ T3753]  generic_file_write_iter+0xab/0x310
[   98.145828][ T3753]  vfs_write+0x7dc/0xc50
[   98.150063][ T3753]  ? file_end_write+0x230/0x230
[   98.154908][ T3753]  ? ptrace_stop+0x74d/0x970
[   98.159503][ T3753]  ? _raw_spin_unlock_irq+0x2a/0x40
[   98.164713][ T3753]  ? __fdget_pos+0x252/0x2e0
[   98.169325][ T3753]  ksys_write+0x177/0x2a0
[   98.173660][ T3753]  ? __ia32_sys_read+0x80/0x80
[   98.178438][ T3753]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   98.184452][ T3753]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   98.190455][ T3753]  do_syscall_64+0x3d/0xb0
[   98.194865][ T3753]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   98.200751][ T3753] RIP: 0033:0x7f0fa5191c89
[   98.205172][ T3753] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   98.224831][ T3753] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   98.233256][ T3753] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   98.241233][ T3753] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   98.249210][ T3753] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   98.257173][ T3753] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  3753] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3753] exit_group(0)               = ?
[pid  3753] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3753, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./106", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./106/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./106/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./106/binderfs")                = 0
umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./106/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./106/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./106/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./106")                          = 0
mkdir("./107", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
[   98.265140][ T3753] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000006a
[   98.273139][ T3753]  </TASK>
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3754 attached
, child_tidptr=0x555555b7f5d0) = 3754
[pid  3754] chdir("./107")              = 0
[pid  3754] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3754] setpgid(0, 0)               = 0
[pid  3754] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3754] write(3, "1000", 4)         = 4
[pid  3754] close(3)                    = 0
[pid  3754] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3754] memfd_create("syzkaller", 0) = 3
[pid  3754] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3754] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3754] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3754] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3754] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3754] close(3)                    = 0
[pid  3754] mkdir("./file0", 0777)      = 0
[pid  3754] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3754] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3754] chdir("./file0")            = 0
[pid  3754] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3754] close(4)                    = 0
[pid  3754] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3754] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3754] write(5, "13", 2)           = 2
[   98.331755][ T3754] loop0: detected capacity change from 0 to 64
[   98.363772][ T3754] FAULT_INJECTION: forcing a failure.
[   98.363772][ T3754] name failslab, interval 1, probability 0, space 0, times 0
[   98.376640][ T3754] CPU: 0 PID: 3754 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   98.388979][ T3754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   98.399038][ T3754] Call Trace:
[   98.402311][ T3754]  <TASK>
[   98.405295][ T3754]  dump_stack_lvl+0x1b1/0x28e
[   98.409965][ T3754]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   98.415425][ T3754]  ? panic+0x710/0x710
[   98.419522][ T3754]  ? __might_sleep+0xc0/0xc0
[   98.424118][ T3754]  ? __mutex_lock_common+0x45f/0x26e0
[   98.429490][ T3754]  should_fail_ex+0x395/0x4c0
[   98.434258][ T3754]  ? hfs_find_init+0x8b/0x1e0
[   98.438936][ T3754]  should_failslab+0x5/0x20
[   98.443446][ T3754]  __kmem_cache_alloc_node+0x69/0x310
[   98.448836][ T3754]  ? hfs_find_init+0x8b/0x1e0
[   98.453508][ T3754]  __kmalloc+0x9e/0x1a0
[   98.457797][ T3754]  hfs_find_init+0x8b/0x1e0
[   98.462372][ T3754]  hfs_extend_file+0x2f8/0x1420
[   98.467248][ T3754]  ? hfs_get_block+0xbb0/0xbb0
[   98.472025][ T3754]  ? lru_cache_disable+0x30/0x30
[   98.476964][ T3754]  ? __might_sleep+0xc0/0xc0
[   98.481580][ T3754]  hfs_get_block+0x3fc/0xbb0
[   98.486177][ T3754]  ? hfs_free_extents+0x420/0x420
[   98.491194][ T3754]  ? do_raw_spin_unlock+0x134/0x8a0
[   98.496467][ T3754]  ? create_page_buffers+0x244/0x4b0
[   98.501779][ T3754]  __block_write_begin_int+0x54c/0x1a80
[   98.507336][ T3754]  ? hfs_free_extents+0x420/0x420
[   98.512349][ T3754]  ? page_zero_new_buffers+0x940/0x940
[   98.517799][ T3754]  ? PageHeadHuge+0x8a/0x1d0
[   98.522404][ T3754]  ? hfs_free_extents+0x420/0x420
[   98.527435][ T3754]  block_write_begin+0x93/0x1e0
[   98.532281][ T3754]  ? cont_write_begin+0x5e5/0x860
[   98.537295][ T3754]  ? hfs_free_extents+0x420/0x420
[   98.542318][ T3754]  cont_write_begin+0x606/0x860
[   98.547185][ T3754]  ? fault_in_readable+0x1d5/0x310
[   98.552289][ T3754]  ? generic_cont_expand_simple+0x250/0x250
[   98.558172][ T3754]  ? fault_in_readable+0x219/0x310
[   98.563274][ T3754]  ? fault_in_safe_writeable+0x240/0x240
[   98.568900][ T3754]  hfs_write_begin+0x86/0xd0
[   98.573477][ T3754]  ? hfs_free_extents+0x420/0x420
[   98.578489][ T3754]  generic_perform_write+0x2e4/0x5e0
[   98.583774][ T3754]  ? __block_commit_write+0x420/0x420
[   98.589140][ T3754]  ? generic_file_direct_write+0x610/0x610
[   98.594960][ T3754]  ? __file_remove_privs+0x6c0/0x6c0
[   98.600235][ T3754]  ? generic_write_checks+0x15c/0x1c0
[   98.605608][ T3754]  __generic_file_write_iter+0x176/0x400
[   98.611240][ T3754]  generic_file_write_iter+0xab/0x310
[   98.616605][ T3754]  vfs_write+0x7dc/0xc50
[   98.620862][ T3754]  ? file_end_write+0x230/0x230
[   98.625713][ T3754]  ? ptrace_stop+0x74d/0x970
[   98.630322][ T3754]  ? _raw_spin_unlock_irq+0x2a/0x40
[   98.635541][ T3754]  ? __fdget_pos+0x252/0x2e0
[   98.640138][ T3754]  ksys_write+0x177/0x2a0
[   98.644479][ T3754]  ? __ia32_sys_read+0x80/0x80
[   98.649231][ T3754]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   98.655218][ T3754]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   98.661208][ T3754]  do_syscall_64+0x3d/0xb0
[   98.665627][ T3754]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   98.671514][ T3754] RIP: 0033:0x7f0fa5191c89
[   98.675932][ T3754] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   98.695530][ T3754] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   98.703932][ T3754] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   98.711891][ T3754] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   98.719862][ T3754] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3754] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3754] exit_group(0)               = ?
[pid  3754] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3754, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./107", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./107/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./107/binderfs")                = 0
umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./107/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./107/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./107/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./107")                          = 0
mkdir("./108", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3755
./strace-static-x86_64: Process 3755 attached
[   98.727836][ T3754] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   98.735810][ T3754] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000006b
[   98.743783][ T3754]  </TASK>
[pid  3755] chdir("./108")              = 0
[pid  3755] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3755] setpgid(0, 0)               = 0
[pid  3755] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3755] write(3, "1000", 4)         = 4
[pid  3755] close(3)                    = 0
[pid  3755] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3755] memfd_create("syzkaller", 0) = 3
[pid  3755] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3755] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3755] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3755] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3755] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3755] close(3)                    = 0
[pid  3755] mkdir("./file0", 0777)      = 0
[pid  3755] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3755] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3755] chdir("./file0")            = 0
[pid  3755] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3755] close(4)                    = 0
[pid  3755] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3755] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3755] write(5, "13", 2)           = 2
[   98.807475][ T3755] loop0: detected capacity change from 0 to 64
[   98.837884][ T3755] FAULT_INJECTION: forcing a failure.
[   98.837884][ T3755] name failslab, interval 1, probability 0, space 0, times 0
[   98.850749][ T3755] CPU: 0 PID: 3755 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   98.861180][ T3755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   98.871224][ T3755] Call Trace:
[   98.874503][ T3755]  <TASK>
[   98.877427][ T3755]  dump_stack_lvl+0x1b1/0x28e
[   98.882102][ T3755]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   98.887728][ T3755]  ? panic+0x710/0x710
[   98.891804][ T3755]  ? __might_sleep+0xc0/0xc0
[   98.896386][ T3755]  ? __mutex_lock_common+0x45f/0x26e0
[   98.901853][ T3755]  should_fail_ex+0x395/0x4c0
[   98.906533][ T3755]  ? hfs_find_init+0x8b/0x1e0
[   98.911221][ T3755]  should_failslab+0x5/0x20
[   98.916242][ T3755]  __kmem_cache_alloc_node+0x69/0x310
[   98.921616][ T3755]  ? hfs_find_init+0x8b/0x1e0
[   98.926294][ T3755]  __kmalloc+0x9e/0x1a0
[   98.930450][ T3755]  hfs_find_init+0x8b/0x1e0
[   98.934954][ T3755]  hfs_extend_file+0x2f8/0x1420
[   98.939815][ T3755]  ? hfs_get_block+0xbb0/0xbb0
[   98.944580][ T3755]  ? lru_cache_disable+0x30/0x30
[   98.949517][ T3755]  ? __might_sleep+0xc0/0xc0
[   98.954122][ T3755]  hfs_get_block+0x3fc/0xbb0
[   98.958723][ T3755]  ? hfs_free_extents+0x420/0x420
[   98.963742][ T3755]  ? do_raw_spin_unlock+0x134/0x8a0
[   98.969036][ T3755]  ? create_page_buffers+0x244/0x4b0
[   98.974336][ T3755]  __block_write_begin_int+0x54c/0x1a80
[   98.979920][ T3755]  ? hfs_free_extents+0x420/0x420
[   98.984938][ T3755]  ? page_zero_new_buffers+0x940/0x940
[   98.990483][ T3755]  ? PageHeadHuge+0x8a/0x1d0
[   98.995071][ T3755]  ? hfs_free_extents+0x420/0x420
[   99.000091][ T3755]  block_write_begin+0x93/0x1e0
[   99.004940][ T3755]  ? cont_write_begin+0x5e5/0x860
[   99.009964][ T3755]  ? hfs_free_extents+0x420/0x420
[   99.014986][ T3755]  cont_write_begin+0x606/0x860
[   99.019872][ T3755]  ? fault_in_readable+0x1d5/0x310
[   99.025071][ T3755]  ? generic_cont_expand_simple+0x250/0x250
[   99.030965][ T3755]  ? fault_in_readable+0x219/0x310
[   99.036082][ T3755]  ? fault_in_safe_writeable+0x240/0x240
[   99.041722][ T3755]  hfs_write_begin+0x86/0xd0
[   99.046304][ T3755]  ? hfs_free_extents+0x420/0x420
[   99.051416][ T3755]  generic_perform_write+0x2e4/0x5e0
[   99.056911][ T3755]  ? __block_commit_write+0x420/0x420
[   99.062283][ T3755]  ? generic_file_direct_write+0x610/0x610
[   99.068090][ T3755]  ? __file_remove_privs+0x6c0/0x6c0
[   99.073376][ T3755]  ? generic_write_checks+0x15c/0x1c0
[   99.078758][ T3755]  __generic_file_write_iter+0x176/0x400
[   99.084397][ T3755]  generic_file_write_iter+0xab/0x310
[   99.089776][ T3755]  vfs_write+0x7dc/0xc50
[   99.094027][ T3755]  ? file_end_write+0x230/0x230
[   99.098871][ T3755]  ? ptrace_stop+0x74d/0x970
[   99.103469][ T3755]  ? _raw_spin_unlock_irq+0x2a/0x40
[   99.108669][ T3755]  ? __fdget_pos+0x252/0x2e0
[   99.113260][ T3755]  ksys_write+0x177/0x2a0
[   99.117593][ T3755]  ? __ia32_sys_read+0x80/0x80
[   99.122357][ T3755]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   99.128338][ T3755]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   99.134319][ T3755]  do_syscall_64+0x3d/0xb0
[   99.138731][ T3755]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   99.144619][ T3755] RIP: 0033:0x7f0fa5191c89
[   99.149031][ T3755] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   99.168636][ T3755] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   99.177044][ T3755] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   99.185025][ T3755] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   99.193003][ T3755] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[   99.200983][ T3755] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  3755] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3755] exit_group(0)               = ?
[pid  3755] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3755, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./108", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./108/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./108/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./108/binderfs")                = 0
umount2("./108/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./108/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./108/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./108/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./108/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./108/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./108")                          = 0
mkdir("./109", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3756
./strace-static-x86_64: Process 3756 attached
[pid  3756] chdir("./109")              = 0
[pid  3756] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3756] setpgid(0, 0)               = 0
[pid  3756] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3756] write(3, "1000", 4)         = 4
[pid  3756] close(3)                    = 0
[pid  3756] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3756] memfd_create("syzkaller", 0) = 3
[pid  3756] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[   99.208957][ T3755] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000006c
[   99.216957][ T3755]  </TASK>
[pid  3756] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3756] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3756] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3756] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3756] close(3)                    = 0
[pid  3756] mkdir("./file0", 0777)      = 0
[pid  3756] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3756] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3756] chdir("./file0")            = 0
[pid  3756] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3756] close(4)                    = 0
[pid  3756] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3756] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3756] write(5, "13", 2)           = 2
[   99.274033][ T3756] loop0: detected capacity change from 0 to 64
[   99.306713][ T3756] FAULT_INJECTION: forcing a failure.
[   99.306713][ T3756] name failslab, interval 1, probability 0, space 0, times 0
[   99.320105][ T3756] CPU: 0 PID: 3756 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   99.330625][ T3756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   99.340693][ T3756] Call Trace:
[   99.343963][ T3756]  <TASK>
[   99.346887][ T3756]  dump_stack_lvl+0x1b1/0x28e
[   99.351556][ T3756]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   99.357006][ T3756]  ? panic+0x710/0x710
[   99.361076][ T3756]  ? __might_sleep+0xc0/0xc0
[   99.365670][ T3756]  ? __mutex_lock_common+0x45f/0x26e0
[   99.371037][ T3756]  should_fail_ex+0x395/0x4c0
[   99.375724][ T3756]  ? hfs_find_init+0x8b/0x1e0
[   99.380421][ T3756]  should_failslab+0x5/0x20
[   99.384938][ T3756]  __kmem_cache_alloc_node+0x69/0x310
[   99.390336][ T3756]  ? hfs_find_init+0x8b/0x1e0
[   99.395033][ T3756]  __kmalloc+0x9e/0x1a0
[   99.399185][ T3756]  hfs_find_init+0x8b/0x1e0
[   99.403685][ T3756]  hfs_extend_file+0x2f8/0x1420
[   99.408558][ T3756]  ? hfs_get_block+0xbb0/0xbb0
[   99.413419][ T3756]  ? lru_cache_disable+0x30/0x30
[   99.418360][ T3756]  ? __might_sleep+0xc0/0xc0
[   99.422958][ T3756]  hfs_get_block+0x3fc/0xbb0
[   99.427827][ T3756]  ? hfs_free_extents+0x420/0x420
[   99.432856][ T3756]  ? do_raw_spin_unlock+0x134/0x8a0
[   99.438058][ T3756]  ? create_page_buffers+0x244/0x4b0
[   99.443349][ T3756]  __block_write_begin_int+0x54c/0x1a80
[   99.448931][ T3756]  ? hfs_free_extents+0x420/0x420
[   99.454038][ T3756]  ? page_zero_new_buffers+0x940/0x940
[   99.459494][ T3756]  ? PageHeadHuge+0x8a/0x1d0
[   99.464093][ T3756]  ? hfs_free_extents+0x420/0x420
[   99.469124][ T3756]  block_write_begin+0x93/0x1e0
[   99.473982][ T3756]  ? cont_write_begin+0x5e5/0x860
[   99.479001][ T3756]  ? hfs_free_extents+0x420/0x420
[   99.484013][ T3756]  cont_write_begin+0x606/0x860
[   99.488873][ T3756]  ? fault_in_readable+0x1d5/0x310
[   99.494008][ T3756]  ? generic_cont_expand_simple+0x250/0x250
[   99.499903][ T3756]  ? fault_in_readable+0x219/0x310
[   99.505030][ T3756]  ? fault_in_safe_writeable+0x240/0x240
[   99.510743][ T3756]  hfs_write_begin+0x86/0xd0
[   99.515319][ T3756]  ? hfs_free_extents+0x420/0x420
[   99.520341][ T3756]  generic_perform_write+0x2e4/0x5e0
[   99.525629][ T3756]  ? __block_commit_write+0x420/0x420
[   99.530994][ T3756]  ? generic_file_direct_write+0x610/0x610
[   99.536802][ T3756]  ? __file_remove_privs+0x6c0/0x6c0
[   99.542167][ T3756]  ? generic_write_checks+0x15c/0x1c0
[   99.547533][ T3756]  __generic_file_write_iter+0x176/0x400
[   99.553160][ T3756]  generic_file_write_iter+0xab/0x310
[   99.558527][ T3756]  vfs_write+0x7dc/0xc50
[   99.562768][ T3756]  ? file_end_write+0x230/0x230
[   99.567604][ T3756]  ? ptrace_stop+0x74d/0x970
[   99.572186][ T3756]  ? _raw_spin_unlock_irq+0x2a/0x40
[   99.577379][ T3756]  ? __fdget_pos+0x252/0x2e0
[   99.581962][ T3756]  ksys_write+0x177/0x2a0
[   99.586283][ T3756]  ? __ia32_sys_read+0x80/0x80
[   99.591033][ T3756]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   99.597000][ T3756]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   99.602981][ T3756]  do_syscall_64+0x3d/0xb0
[   99.607405][ T3756]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   99.613285][ T3756] RIP: 0033:0x7f0fa5191c89
[   99.617690][ T3756] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   99.637284][ T3756] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   99.645691][ T3756] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[   99.653666][ T3756] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   99.661622][ T3756] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3756] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3756] exit_group(0)               = ?
[pid  3756] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3756, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./109", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./109/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./109/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./109/binderfs")                = 0
umount2("./109/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./109/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./109/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./109/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./109/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./109/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./109")                          = 0
mkdir("./110", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3757
./strace-static-x86_64: Process 3757 attached
[pid  3757] chdir("./110")              = 0
[pid  3757] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3757] setpgid(0, 0)               = 0
[pid  3757] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3757] write(3, "1000", 4)         = 4
[pid  3757] close(3)                    = 0
[pid  3757] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3757] memfd_create("syzkaller", 0) = 3
[pid  3757] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3757] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3757] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3757] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   99.669582][ T3756] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   99.677545][ T3756] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000006d
[   99.685546][ T3756]  </TASK>
[pid  3757] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3757] close(3)                    = 0
[pid  3757] mkdir("./file0", 0777)      = 0
[pid  3757] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3757] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3757] chdir("./file0")            = 0
[pid  3757] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3757] close(4)                    = 0
[pid  3757] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3757] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3757] write(5, "13", 2)           = 2
[   99.728685][ T3757] loop0: detected capacity change from 0 to 64
[   99.732592][ T3640] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[   99.756374][ T3757] FAULT_INJECTION: forcing a failure.
[   99.756374][ T3757] name failslab, interval 1, probability 0, space 0, times 0
[   99.769335][ T3757] CPU: 1 PID: 3757 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[   99.779737][ T3757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   99.789778][ T3757] Call Trace:
[   99.793045][ T3757]  <TASK>
[   99.795960][ T3757]  dump_stack_lvl+0x1b1/0x28e
[   99.800644][ T3757]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   99.806102][ T3757]  ? panic+0x710/0x710
[   99.810182][ T3757]  ? __might_sleep+0xc0/0xc0
[   99.814762][ T3757]  ? __mutex_lock_common+0x45f/0x26e0
[   99.820136][ T3757]  should_fail_ex+0x395/0x4c0
[   99.824808][ T3757]  ? hfs_find_init+0x8b/0x1e0
[   99.829475][ T3757]  should_failslab+0x5/0x20
[   99.833967][ T3757]  __kmem_cache_alloc_node+0x69/0x310
[   99.839333][ T3757]  ? hfs_find_init+0x8b/0x1e0
[   99.843998][ T3757]  __kmalloc+0x9e/0x1a0
[   99.848146][ T3757]  hfs_find_init+0x8b/0x1e0
[   99.852638][ T3757]  hfs_extend_file+0x2f8/0x1420
[   99.857500][ T3757]  ? hfs_get_block+0xbb0/0xbb0
[   99.862261][ T3757]  ? lru_cache_disable+0x30/0x30
[   99.867201][ T3757]  ? __might_sleep+0xc0/0xc0
[   99.871796][ T3757]  hfs_get_block+0x3fc/0xbb0
[   99.876385][ T3757]  ? hfs_free_extents+0x420/0x420
[   99.881395][ T3757]  ? do_raw_spin_unlock+0x134/0x8a0
[   99.886586][ T3757]  ? create_page_buffers+0x244/0x4b0
[   99.891952][ T3757]  __block_write_begin_int+0x54c/0x1a80
[   99.897511][ T3757]  ? hfs_free_extents+0x420/0x420
[   99.902521][ T3757]  ? page_zero_new_buffers+0x940/0x940
[   99.907965][ T3757]  ? PageHeadHuge+0x8a/0x1d0
[   99.912543][ T3757]  ? hfs_free_extents+0x420/0x420
[   99.917553][ T3757]  block_write_begin+0x93/0x1e0
[   99.922387][ T3757]  ? cont_write_begin+0x5e5/0x860
[   99.927398][ T3757]  ? hfs_free_extents+0x420/0x420
[   99.932411][ T3757]  cont_write_begin+0x606/0x860
[   99.937254][ T3757]  ? fault_in_readable+0x1d5/0x310
[   99.942355][ T3757]  ? generic_cont_expand_simple+0x250/0x250
[   99.948238][ T3757]  ? fault_in_readable+0x219/0x310
[   99.953337][ T3757]  ? fault_in_safe_writeable+0x240/0x240
[   99.958961][ T3757]  hfs_write_begin+0x86/0xd0
[   99.963535][ T3757]  ? hfs_free_extents+0x420/0x420
[   99.968546][ T3757]  generic_perform_write+0x2e4/0x5e0
[   99.973828][ T3757]  ? __block_commit_write+0x420/0x420
[   99.979191][ T3757]  ? generic_file_direct_write+0x610/0x610
[   99.984980][ T3757]  ? __file_remove_privs+0x6c0/0x6c0
[   99.990252][ T3757]  ? generic_write_checks+0x15c/0x1c0
[   99.995613][ T3757]  __generic_file_write_iter+0x176/0x400
[  100.001234][ T3757]  generic_file_write_iter+0xab/0x310
[  100.006593][ T3757]  vfs_write+0x7dc/0xc50
[  100.010846][ T3757]  ? file_end_write+0x230/0x230
[  100.015697][ T3757]  ? ptrace_stop+0x74d/0x970
[  100.020279][ T3757]  ? _raw_spin_unlock_irq+0x2a/0x40
[  100.025467][ T3757]  ? __fdget_pos+0x252/0x2e0
[  100.030046][ T3757]  ksys_write+0x177/0x2a0
[  100.034366][ T3757]  ? __ia32_sys_read+0x80/0x80
[  100.039117][ T3757]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  100.045083][ T3757]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  100.051053][ T3757]  do_syscall_64+0x3d/0xb0
[  100.055459][ T3757]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  100.061348][ T3757] RIP: 0033:0x7f0fa5191c89
[  100.065748][ T3757] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  100.085341][ T3757] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  100.093738][ T3757] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  100.101713][ T3757] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  100.109668][ T3757] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  100.117622][ T3757] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  3757] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3757] exit_group(0)               = ?
[pid  3757] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3757, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./110", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./110/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./110/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./110/binderfs")                = 0
umount2("./110/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./110/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./110/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./110/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./110/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./110/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./110")                          = 0
mkdir("./111", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3758
./strace-static-x86_64: Process 3758 attached
[pid  3758] chdir("./111")              = 0
[pid  3758] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3758] setpgid(0, 0)               = 0
[pid  3758] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3758] write(3, "1000", 4)         = 4
[pid  3758] close(3)                    = 0
[pid  3758] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3758] memfd_create("syzkaller", 0) = 3
[pid  3758] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3758] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3758] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3758] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[  100.125574][ T3757] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000006e
[  100.133540][ T3757]  </TASK>
[pid  3758] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3758] close(3)                    = 0
[pid  3758] mkdir("./file0", 0777)      = 0
[pid  3758] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3758] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3758] chdir("./file0")            = 0
[pid  3758] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3758] close(4)                    = 0
[pid  3758] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3758] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3758] write(5, "13", 2)           = 2
[  100.191078][ T3758] loop0: detected capacity change from 0 to 64
[  100.214788][ T3758] FAULT_INJECTION: forcing a failure.
[  100.214788][ T3758] name failslab, interval 1, probability 0, space 0, times 0
[  100.227897][ T3758] CPU: 0 PID: 3758 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  100.238314][ T3758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  100.248459][ T3758] Call Trace:
[  100.251739][ T3758]  <TASK>
[  100.254659][ T3758]  dump_stack_lvl+0x1b1/0x28e
[  100.259341][ T3758]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  100.264817][ T3758]  ? panic+0x710/0x710
[  100.268906][ T3758]  ? __might_sleep+0xc0/0xc0
[  100.273500][ T3758]  ? __mutex_lock_common+0x45f/0x26e0
[  100.278866][ T3758]  should_fail_ex+0x395/0x4c0
[  100.283554][ T3758]  ? hfs_find_init+0x8b/0x1e0
[  100.288244][ T3758]  should_failslab+0x5/0x20
[  100.292753][ T3758]  __kmem_cache_alloc_node+0x69/0x310
[  100.298131][ T3758]  ? hfs_find_init+0x8b/0x1e0
[  100.302894][ T3758]  __kmalloc+0x9e/0x1a0
[  100.307055][ T3758]  hfs_find_init+0x8b/0x1e0
[  100.311561][ T3758]  hfs_extend_file+0x2f8/0x1420
[  100.316421][ T3758]  ? hfs_get_block+0xbb0/0xbb0
[  100.321181][ T3758]  ? lru_cache_disable+0x30/0x30
[  100.326117][ T3758]  ? __might_sleep+0xc0/0xc0
[  100.330721][ T3758]  hfs_get_block+0x3fc/0xbb0
[  100.335335][ T3758]  ? hfs_free_extents+0x420/0x420
[  100.340364][ T3758]  ? do_raw_spin_unlock+0x134/0x8a0
[  100.345592][ T3758]  ? create_page_buffers+0x244/0x4b0
[  100.350900][ T3758]  __block_write_begin_int+0x54c/0x1a80
[  100.356476][ T3758]  ? hfs_free_extents+0x420/0x420
[  100.361506][ T3758]  ? page_zero_new_buffers+0x940/0x940
[  100.366979][ T3758]  ? PageHeadHuge+0x8a/0x1d0
[  100.371582][ T3758]  ? hfs_free_extents+0x420/0x420
[  100.376615][ T3758]  block_write_begin+0x93/0x1e0
[  100.381469][ T3758]  ? cont_write_begin+0x5e5/0x860
[  100.386493][ T3758]  ? hfs_free_extents+0x420/0x420
[  100.391603][ T3758]  cont_write_begin+0x606/0x860
[  100.396547][ T3758]  ? fault_in_readable+0x1d5/0x310
[  100.401694][ T3758]  ? generic_cont_expand_simple+0x250/0x250
[  100.407593][ T3758]  ? fault_in_readable+0x219/0x310
[  100.412706][ T3758]  ? fault_in_safe_writeable+0x240/0x240
[  100.418380][ T3758]  hfs_write_begin+0x86/0xd0
[  100.423004][ T3758]  ? hfs_free_extents+0x420/0x420
[  100.428059][ T3758]  generic_perform_write+0x2e4/0x5e0
[  100.433370][ T3758]  ? __block_commit_write+0x420/0x420
[  100.438755][ T3758]  ? generic_file_direct_write+0x610/0x610
[  100.444565][ T3758]  ? __file_remove_privs+0x6c0/0x6c0
[  100.449848][ T3758]  ? generic_write_checks+0x15c/0x1c0
[  100.455227][ T3758]  __generic_file_write_iter+0x176/0x400
[  100.460861][ T3758]  generic_file_write_iter+0xab/0x310
[  100.466234][ T3758]  vfs_write+0x7dc/0xc50
[  100.470482][ T3758]  ? file_end_write+0x230/0x230
[  100.475347][ T3758]  ? ptrace_stop+0x74d/0x970
[  100.479946][ T3758]  ? _raw_spin_unlock_irq+0x2a/0x40
[  100.485160][ T3758]  ? __fdget_pos+0x252/0x2e0
[  100.489841][ T3758]  ksys_write+0x177/0x2a0
[  100.494169][ T3758]  ? __ia32_sys_read+0x80/0x80
[  100.499022][ T3758]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  100.505000][ T3758]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  100.510981][ T3758]  do_syscall_64+0x3d/0xb0
[  100.515393][ T3758]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  100.521278][ T3758] RIP: 0033:0x7f0fa5191c89
[  100.525687][ T3758] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  100.545315][ T3758] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  100.553733][ T3758] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  100.561723][ T3758] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  100.569688][ T3758] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  100.577661][ T3758] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  3758] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3758] exit_group(0)               = ?
[pid  3758] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3758, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./111", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./111/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./111/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./111/binderfs")                = 0
umount2("./111/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./111/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./111/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./111/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./111/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./111/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./111")                          = 0
mkdir("./112", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
[  100.585626][ T3758] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000006f
[  100.593611][ T3758]  </TASK>
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3759 attached
, child_tidptr=0x555555b7f5d0) = 3759
[pid  3759] chdir("./112")              = 0
[pid  3759] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3759] setpgid(0, 0)               = 0
[pid  3759] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3759] write(3, "1000", 4)         = 4
[pid  3759] close(3)                    = 0
[pid  3759] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3759] memfd_create("syzkaller", 0) = 3
[pid  3759] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3759] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3759] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3759] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3759] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3759] close(3)                    = 0
[pid  3759] mkdir("./file0", 0777)      = 0
[pid  3759] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3759] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3759] chdir("./file0")            = 0
[pid  3759] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3759] close(4)                    = 0
[pid  3759] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3759] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3759] write(5, "13", 2)           = 2
[  100.654044][ T3759] loop0: detected capacity change from 0 to 64
[  100.675178][ T3759] FAULT_INJECTION: forcing a failure.
[  100.675178][ T3759] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  100.688845][ T3759] CPU: 1 PID: 3759 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  100.699256][ T3759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  100.709298][ T3759] Call Trace:
[  100.712567][ T3759]  <TASK>
[  100.715494][ T3759]  dump_stack_lvl+0x1b1/0x28e
[  100.720174][ T3759]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  100.725630][ T3759]  ? panic+0x710/0x710
[  100.729727][ T3759]  ? do_anonymous_page+0xd4a/0x1150
[  100.734934][ T3759]  ? mark_lock+0x9a/0x350
[  100.739264][ T3759]  should_fail_ex+0x395/0x4c0
[  100.743947][ T3759]  prepare_alloc_pages+0x1d7/0x5a0
[  100.749067][ T3759]  __alloc_pages+0x161/0x560
[  100.753747][ T3759]  ? zone_statistics+0x160/0x160
[  100.758692][ T3759]  ? rcu_lock_release+0x5/0x20
[  100.763458][ T3759]  ? alloc_pages+0x520/0x7b0
[  100.768043][ T3759]  ? xas_descend+0x1f3/0x400
[  100.772633][ T3759]  folio_alloc+0x1a/0x50
[  100.776868][ T3759]  filemap_alloc_folio+0x7e/0x1c0
[  100.781890][ T3759]  __filemap_get_folio+0x898/0x1260
[  100.787174][ T3759]  ? page_cache_prev_miss+0x4e0/0x4e0
[  100.792549][ T3759]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[  100.798541][ T3759]  ? print_irqtrace_events+0x220/0x220
[  100.804024][ T3759]  pagecache_get_page+0x28/0x260
[  100.808975][ T3759]  ? hfs_free_extents+0x420/0x420
[  100.814003][ T3759]  block_write_begin+0x2e/0x1e0
[  100.818865][ T3759]  ? cont_write_begin+0x5e5/0x860
[  100.823920][ T3759]  ? hfs_free_extents+0x420/0x420
[  100.828944][ T3759]  cont_write_begin+0x606/0x860
[  100.833803][ T3759]  ? fault_in_readable+0x1d5/0x310
[  100.838920][ T3759]  ? generic_cont_expand_simple+0x250/0x250
[  100.844813][ T3759]  ? fault_in_readable+0x219/0x310
[  100.849922][ T3759]  ? fault_in_safe_writeable+0x240/0x240
[  100.855559][ T3759]  hfs_write_begin+0x86/0xd0
[  100.860142][ T3759]  ? hfs_free_extents+0x420/0x420
[  100.865167][ T3759]  generic_perform_write+0x2e4/0x5e0
[  100.870458][ T3759]  ? __block_commit_write+0x420/0x420
[  100.875830][ T3759]  ? generic_file_direct_write+0x610/0x610
[  100.881632][ T3759]  ? __file_remove_privs+0x6c0/0x6c0
[  100.886915][ T3759]  ? generic_write_checks+0x15c/0x1c0
[  100.892293][ T3759]  __generic_file_write_iter+0x176/0x400
[  100.897929][ T3759]  generic_file_write_iter+0xab/0x310
[  100.903302][ T3759]  vfs_write+0x7dc/0xc50
[  100.907551][ T3759]  ? file_end_write+0x230/0x230
[  100.912394][ T3759]  ? ptrace_stop+0x74d/0x970
[  100.916987][ T3759]  ? _raw_spin_unlock_irq+0x2a/0x40
[  100.922187][ T3759]  ? __fdget_pos+0x252/0x2e0
[  100.926782][ T3759]  ksys_write+0x177/0x2a0
[  100.931115][ T3759]  ? __ia32_sys_read+0x80/0x80
[  100.935875][ T3759]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  100.941857][ T3759]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  100.947834][ T3759]  do_syscall_64+0x3d/0xb0
[  100.952247][ T3759]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  100.958133][ T3759] RIP: 0033:0x7f0fa5191c89
[  100.962545][ T3759] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  100.982143][ T3759] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  100.990549][ T3759] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[pid  3759] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3759] exit_group(0)               = ?
[pid  3759] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3759, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./112", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./112", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./112/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./112/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./112/binderfs")                = 0
umount2("./112/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./112/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./112/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./112/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./112/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./112/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./112")                          = 0
mkdir("./113", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3760
./strace-static-x86_64: Process 3760 attached
[pid  3760] chdir("./113")              = 0
[pid  3760] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3760] setpgid(0, 0)               = 0
[pid  3760] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3760] write(3, "1000", 4)         = 4
[pid  3760] close(3)                    = 0
[pid  3760] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3760] memfd_create("syzkaller", 0) = 3
[  100.998513][ T3759] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  101.006477][ T3759] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  101.014441][ T3759] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  101.022403][ T3759] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000070
[  101.030384][ T3759]  </TASK>
[pid  3760] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3760] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3760] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3760] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3760] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3760] close(3)                    = 0
[pid  3760] mkdir("./file0", 0777)      = 0
[pid  3760] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3760] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3760] chdir("./file0")            = 0
[pid  3760] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3760] close(4)                    = 0
[pid  3760] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3760] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3760] write(5, "13", 2)           = 2
[  101.095898][ T3760] loop0: detected capacity change from 0 to 64
[  101.129573][ T3760] FAULT_INJECTION: forcing a failure.
[  101.129573][ T3760] name failslab, interval 1, probability 0, space 0, times 0
[  101.142348][ T3760] CPU: 0 PID: 3760 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  101.152770][ T3760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  101.162812][ T3760] Call Trace:
[  101.166081][ T3760]  <TASK>
[  101.168999][ T3760]  dump_stack_lvl+0x1b1/0x28e
[  101.173685][ T3760]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  101.179149][ T3760]  ? panic+0x710/0x710
[  101.183208][ T3760]  ? __might_sleep+0xc0/0xc0
[  101.187788][ T3760]  ? __mutex_lock_common+0x45f/0x26e0
[  101.193157][ T3760]  should_fail_ex+0x395/0x4c0
[  101.197830][ T3760]  ? hfs_find_init+0x8b/0x1e0
[  101.202530][ T3760]  should_failslab+0x5/0x20
[  101.207040][ T3760]  __kmem_cache_alloc_node+0x69/0x310
[  101.212416][ T3760]  ? hfs_find_init+0x8b/0x1e0
[  101.217102][ T3760]  __kmalloc+0x9e/0x1a0
[  101.221251][ T3760]  hfs_find_init+0x8b/0x1e0
[  101.225745][ T3760]  hfs_extend_file+0x2f8/0x1420
[  101.230592][ T3760]  ? hfs_get_block+0xbb0/0xbb0
[  101.235356][ T3760]  ? lru_cache_disable+0x30/0x30
[  101.240280][ T3760]  ? __might_sleep+0xc0/0xc0
[  101.244871][ T3760]  hfs_get_block+0x3fc/0xbb0
[  101.249456][ T3760]  ? hfs_free_extents+0x420/0x420
[  101.254474][ T3760]  ? do_raw_spin_unlock+0x134/0x8a0
[  101.259681][ T3760]  ? create_page_buffers+0x244/0x4b0
[  101.264970][ T3760]  __block_write_begin_int+0x54c/0x1a80
[  101.270536][ T3760]  ? hfs_free_extents+0x420/0x420
[  101.275553][ T3760]  ? page_zero_new_buffers+0x940/0x940
[  101.281008][ T3760]  ? PageHeadHuge+0x8a/0x1d0
[  101.285599][ T3760]  ? hfs_free_extents+0x420/0x420
[  101.290638][ T3760]  block_write_begin+0x93/0x1e0
[  101.295510][ T3760]  ? cont_write_begin+0x5e5/0x860
[  101.300562][ T3760]  ? hfs_free_extents+0x420/0x420
[  101.305599][ T3760]  cont_write_begin+0x606/0x860
[  101.310464][ T3760]  ? fault_in_readable+0x1d5/0x310
[  101.315583][ T3760]  ? generic_cont_expand_simple+0x250/0x250
[  101.321474][ T3760]  ? fault_in_readable+0x219/0x310
[  101.326582][ T3760]  ? fault_in_safe_writeable+0x240/0x240
[  101.332229][ T3760]  hfs_write_begin+0x86/0xd0
[  101.336821][ T3760]  ? hfs_free_extents+0x420/0x420
[  101.341845][ T3760]  generic_perform_write+0x2e4/0x5e0
[  101.347140][ T3760]  ? __block_commit_write+0x420/0x420
[  101.352512][ T3760]  ? generic_file_direct_write+0x610/0x610
[  101.358334][ T3760]  ? __file_remove_privs+0x6c0/0x6c0
[  101.363642][ T3760]  ? generic_write_checks+0x15c/0x1c0
[  101.369028][ T3760]  __generic_file_write_iter+0x176/0x400
[  101.374673][ T3760]  generic_file_write_iter+0xab/0x310
[  101.380053][ T3760]  vfs_write+0x7dc/0xc50
[  101.384312][ T3760]  ? file_end_write+0x230/0x230
[  101.389163][ T3760]  ? ptrace_stop+0x74d/0x970
[  101.393766][ T3760]  ? _raw_spin_unlock_irq+0x2a/0x40
[  101.398968][ T3760]  ? __fdget_pos+0x252/0x2e0
[  101.403569][ T3760]  ksys_write+0x177/0x2a0
[  101.407908][ T3760]  ? __ia32_sys_read+0x80/0x80
[  101.412676][ T3760]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  101.418654][ T3760]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  101.424637][ T3760]  do_syscall_64+0x3d/0xb0
[  101.429047][ T3760]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  101.434932][ T3760] RIP: 0033:0x7f0fa5191c89
[  101.439340][ T3760] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  101.459198][ T3760] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  101.467609][ T3760] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  101.475599][ T3760] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  101.483572][ T3760] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3760] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3760] exit_group(0)               = ?
[pid  3760] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3760, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./113", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./113", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./113/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./113/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./113/binderfs")                = 0
umount2("./113/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./113/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./113/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./113/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./113/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./113/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./113")                          = 0
mkdir("./114", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3761
./strace-static-x86_64: Process 3761 attached
[pid  3761] chdir("./114")              = 0
[pid  3761] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3761] setpgid(0, 0)               = 0
[pid  3761] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3761] write(3, "1000", 4)         = 4
[pid  3761] close(3)                    = 0
[pid  3761] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3761] memfd_create("syzkaller", 0) = 3
[pid  3761] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3761] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[  101.491539][ T3760] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  101.499499][ T3760] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000071
[  101.507477][ T3760]  </TASK>
[pid  3761] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3761] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3761] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3761] close(3)                    = 0
[pid  3761] mkdir("./file0", 0777)      = 0
[pid  3761] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3761] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3761] chdir("./file0")            = 0
[pid  3761] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3761] close(4)                    = 0
[pid  3761] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3761] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3761] write(5, "13", 2)           = 2
[  101.545332][ T3761] loop0: detected capacity change from 0 to 64
[  101.546617][ T3640] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  101.582190][ T3761] FAULT_INJECTION: forcing a failure.
[  101.582190][ T3761] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  101.595687][ T3761] CPU: 1 PID: 3761 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  101.606122][ T3761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  101.616201][ T3761] Call Trace:
[  101.619486][ T3761]  <TASK>
[  101.622407][ T3761]  dump_stack_lvl+0x1b1/0x28e
[  101.627082][ T3761]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  101.632531][ T3761]  ? panic+0x710/0x710
[  101.636604][ T3761]  ? do_anonymous_page+0xd4a/0x1150
[  101.641810][ T3761]  ? mark_lock+0x9a/0x350
[  101.646154][ T3761]  should_fail_ex+0x395/0x4c0
[  101.650840][ T3761]  prepare_alloc_pages+0x1d7/0x5a0
[  101.655973][ T3761]  __alloc_pages+0x161/0x560
[  101.660577][ T3761]  ? zone_statistics+0x160/0x160
[  101.665513][ T3761]  ? rcu_lock_release+0x5/0x20
[  101.670267][ T3761]  ? alloc_pages+0x520/0x7b0
[  101.674844][ T3761]  ? xas_descend+0x1f3/0x400
[  101.679424][ T3761]  folio_alloc+0x1a/0x50
[  101.683658][ T3761]  filemap_alloc_folio+0x7e/0x1c0
[  101.688696][ T3761]  __filemap_get_folio+0x898/0x1260
[  101.693907][ T3761]  ? page_cache_prev_miss+0x4e0/0x4e0
[  101.699290][ T3761]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[  101.705280][ T3761]  ? print_irqtrace_events+0x220/0x220
[  101.710749][ T3761]  pagecache_get_page+0x28/0x260
[  101.715691][ T3761]  ? hfs_free_extents+0x420/0x420
[  101.720704][ T3761]  block_write_begin+0x2e/0x1e0
[  101.725550][ T3761]  ? cont_write_begin+0x5e5/0x860
[  101.730572][ T3761]  ? hfs_free_extents+0x420/0x420
[  101.735596][ T3761]  cont_write_begin+0x606/0x860
[  101.740458][ T3761]  ? fault_in_readable+0x1d5/0x310
[  101.745562][ T3761]  ? generic_cont_expand_simple+0x250/0x250
[  101.751445][ T3761]  ? fault_in_readable+0x219/0x310
[  101.756549][ T3761]  ? fault_in_safe_writeable+0x240/0x240
[  101.762189][ T3761]  hfs_write_begin+0x86/0xd0
[  101.766765][ T3761]  ? hfs_free_extents+0x420/0x420
[  101.771777][ T3761]  generic_perform_write+0x2e4/0x5e0
[  101.777058][ T3761]  ? __block_commit_write+0x420/0x420
[  101.782428][ T3761]  ? generic_file_direct_write+0x610/0x610
[  101.788237][ T3761]  ? __file_remove_privs+0x6c0/0x6c0
[  101.793510][ T3761]  ? generic_write_checks+0x15c/0x1c0
[  101.798889][ T3761]  __generic_file_write_iter+0x176/0x400
[  101.804538][ T3761]  generic_file_write_iter+0xab/0x310
[  101.809913][ T3761]  vfs_write+0x7dc/0xc50
[  101.814169][ T3761]  ? file_end_write+0x230/0x230
[  101.819006][ T3761]  ? ptrace_stop+0x74d/0x970
[  101.823606][ T3761]  ? _raw_spin_unlock_irq+0x2a/0x40
[  101.828822][ T3761]  ? __fdget_pos+0x252/0x2e0
[  101.833416][ T3761]  ksys_write+0x177/0x2a0
[  101.837827][ T3761]  ? __ia32_sys_read+0x80/0x80
[  101.842580][ T3761]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  101.848562][ T3761]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  101.854532][ T3761]  do_syscall_64+0x3d/0xb0
[  101.858942][ T3761]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  101.864841][ T3761] RIP: 0033:0x7f0fa5191c89
[  101.869262][ T3761] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  101.888859][ T3761] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid  3761] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3761] exit_group(0)               = ?
[pid  3761] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3761, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./114", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./114", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./114/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./114/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./114/binderfs")                = 0
umount2("./114/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./114/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./114/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./114/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./114/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./114/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./114")                          = 0
mkdir("./115", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
[  101.897268][ T3761] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  101.905232][ T3761] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  101.913197][ T3761] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  101.921165][ T3761] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  101.929141][ T3761] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000072
[  101.937119][ T3761]  </TASK>
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3762
./strace-static-x86_64: Process 3762 attached
[pid  3762] chdir("./115")              = 0
[pid  3762] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3762] setpgid(0, 0)               = 0
[pid  3762] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3762] write(3, "1000", 4)         = 4
[pid  3762] close(3)                    = 0
[pid  3762] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3762] memfd_create("syzkaller", 0) = 3
[pid  3762] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3762] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3762] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3762] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3762] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3762] close(3)                    = 0
[pid  3762] mkdir("./file0", 0777)      = 0
[pid  3762] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3762] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3762] chdir("./file0")            = 0
[pid  3762] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3762] close(4)                    = 0
[pid  3762] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3762] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3762] write(5, "13", 2)           = 2
[  101.993282][ T3762] loop0: detected capacity change from 0 to 64
[  102.015695][ T3762] FAULT_INJECTION: forcing a failure.
[  102.015695][ T3762] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  102.028793][ T3762] CPU: 1 PID: 3762 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  102.039195][ T3762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  102.049245][ T3762] Call Trace:
[  102.052520][ T3762]  <TASK>
[  102.055445][ T3762]  dump_stack_lvl+0x1b1/0x28e
[  102.060125][ T3762]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  102.065582][ T3762]  ? panic+0x710/0x710
[  102.069647][ T3762]  ? hfs_free_extents+0x420/0x420
[  102.074674][ T3762]  ? PageHeadHuge+0x8a/0x1d0
[  102.079273][ T3762]  should_fail_ex+0x395/0x4c0
[  102.083971][ T3762]  copy_page_from_iter_atomic+0x217/0x1140
[  102.089787][ T3762]  ? generic_cont_expand_simple+0x250/0x250
[  102.095691][ T3762]  ? pipe_zero+0x200/0x200
[  102.100118][ T3762]  ? hfs_write_begin+0x86/0xd0
[  102.104876][ T3762]  ? hfs_free_extents+0x420/0x420
[  102.109891][ T3762]  ? hfs_write_begin+0x9e/0xd0
[  102.114651][ T3762]  generic_perform_write+0x35a/0x5e0
[  102.119950][ T3762]  ? __block_commit_write+0x420/0x420
[  102.125321][ T3762]  ? generic_file_direct_write+0x610/0x610
[  102.131124][ T3762]  ? __file_remove_privs+0x6c0/0x6c0
[  102.136410][ T3762]  ? generic_write_checks+0x15c/0x1c0
[  102.141876][ T3762]  __generic_file_write_iter+0x176/0x400
[  102.147514][ T3762]  generic_file_write_iter+0xab/0x310
[  102.152888][ T3762]  vfs_write+0x7dc/0xc50
[  102.157138][ T3762]  ? file_end_write+0x230/0x230
[  102.161988][ T3762]  ? ptrace_stop+0x74d/0x970
[  102.166588][ T3762]  ? _raw_spin_unlock_irq+0x2a/0x40
[  102.171795][ T3762]  ? __fdget_pos+0x252/0x2e0
[  102.176391][ T3762]  ksys_write+0x177/0x2a0
[  102.180731][ T3762]  ? __ia32_sys_read+0x80/0x80
[  102.185496][ T3762]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  102.191582][ T3762]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  102.197580][ T3762]  do_syscall_64+0x3d/0xb0
[  102.202006][ T3762]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  102.207922][ T3762] RIP: 0033:0x7f0fa5191c89
[  102.212357][ T3762] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  102.231986][ T3762] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid  3762] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid  3762] exit_group(0)               = ?
[pid  3762] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3762, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./115", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./115", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./115/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./115/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./115/binderfs")                = 0
umount2("./115/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./115/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./115/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./115/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./115/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./115/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./115")                          = 0
mkdir("./116", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3763 attached
, child_tidptr=0x555555b7f5d0) = 3763
[pid  3763] chdir("./116")              = 0
[pid  3763] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3763] setpgid(0, 0)               = 0
[  102.240412][ T3762] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  102.248554][ T3762] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  102.256532][ T3762] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  102.264502][ T3762] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  102.272469][ T3762] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000073
[  102.280448][ T3762]  </TASK>
[pid  3763] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3763] write(3, "1000", 4)         = 4
[pid  3763] close(3)                    = 0
[pid  3763] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3763] memfd_create("syzkaller", 0) = 3
[pid  3763] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3763] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3763] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3763] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3763] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3763] close(3)                    = 0
[pid  3763] mkdir("./file0", 0777)      = 0
[pid  3763] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3763] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3763] chdir("./file0")            = 0
[pid  3763] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3763] close(4)                    = 0
[pid  3763] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3763] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3763] write(5, "13", 2)           = 2
[  102.337602][ T3763] loop0: detected capacity change from 0 to 64
[  102.368695][ T3763] FAULT_INJECTION: forcing a failure.
[  102.368695][ T3763] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  102.382082][ T3763] CPU: 1 PID: 3763 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  102.392515][ T3763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  102.402586][ T3763] Call Trace:
[  102.405880][ T3763]  <TASK>
[  102.408813][ T3763]  dump_stack_lvl+0x1b1/0x28e
[  102.413520][ T3763]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  102.418969][ T3763]  ? panic+0x710/0x710
[  102.423029][ T3763]  ? do_anonymous_page+0xd4a/0x1150
[  102.428238][ T3763]  ? mark_lock+0x9a/0x350
[  102.432591][ T3763]  should_fail_ex+0x395/0x4c0
[  102.437286][ T3763]  prepare_alloc_pages+0x1d7/0x5a0
[  102.442413][ T3763]  __alloc_pages+0x161/0x560
[  102.447021][ T3763]  ? zone_statistics+0x160/0x160
[  102.451957][ T3763]  ? rcu_lock_release+0x5/0x20
[  102.456724][ T3763]  ? alloc_pages+0x520/0x7b0
[  102.461325][ T3763]  ? xas_descend+0x1f3/0x400
[  102.465922][ T3763]  folio_alloc+0x1a/0x50
[  102.470160][ T3763]  filemap_alloc_folio+0x7e/0x1c0
[  102.475200][ T3763]  __filemap_get_folio+0x898/0x1260
[  102.480418][ T3763]  ? page_cache_prev_miss+0x4e0/0x4e0
[  102.485786][ T3763]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[  102.491782][ T3763]  ? print_irqtrace_events+0x220/0x220
[  102.497275][ T3763]  pagecache_get_page+0x28/0x260
[  102.502228][ T3763]  ? hfs_free_extents+0x420/0x420
[  102.507245][ T3763]  block_write_begin+0x2e/0x1e0
[  102.512092][ T3763]  ? cont_write_begin+0x5e5/0x860
[  102.517111][ T3763]  ? hfs_free_extents+0x420/0x420
[  102.522137][ T3763]  cont_write_begin+0x606/0x860
[  102.527008][ T3763]  ? fault_in_readable+0x1d5/0x310
[  102.532132][ T3763]  ? generic_cont_expand_simple+0x250/0x250
[  102.538028][ T3763]  ? fault_in_readable+0x219/0x310
[  102.543149][ T3763]  ? fault_in_safe_writeable+0x240/0x240
[  102.548788][ T3763]  hfs_write_begin+0x86/0xd0
[  102.553374][ T3763]  ? hfs_free_extents+0x420/0x420
[  102.558395][ T3763]  generic_perform_write+0x2e4/0x5e0
[  102.563705][ T3763]  ? __block_commit_write+0x420/0x420
[  102.569105][ T3763]  ? generic_file_direct_write+0x610/0x610
[  102.574924][ T3763]  ? __file_remove_privs+0x6c0/0x6c0
[  102.580215][ T3763]  ? generic_write_checks+0x15c/0x1c0
[  102.585619][ T3763]  __generic_file_write_iter+0x176/0x400
[  102.591369][ T3763]  generic_file_write_iter+0xab/0x310
[  102.596759][ T3763]  vfs_write+0x7dc/0xc50
[  102.601036][ T3763]  ? file_end_write+0x230/0x230
[  102.605894][ T3763]  ? ptrace_stop+0x74d/0x970
[  102.610500][ T3763]  ? _raw_spin_unlock_irq+0x2a/0x40
[  102.615716][ T3763]  ? __fdget_pos+0x252/0x2e0
[  102.620312][ T3763]  ksys_write+0x177/0x2a0
[  102.624639][ T3763]  ? __ia32_sys_read+0x80/0x80
[  102.629399][ T3763]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  102.635390][ T3763]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  102.641383][ T3763]  do_syscall_64+0x3d/0xb0
[  102.645789][ T3763]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  102.651682][ T3763] RIP: 0033:0x7f0fa5191c89
[  102.656127][ T3763] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  102.675741][ T3763] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid  3763] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3763] exit_group(0)               = ?
[pid  3763] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3763, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./116", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./116", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./116/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./116/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./116/binderfs")                = 0
umount2("./116/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./116/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./116/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./116/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./116/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./116/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./116")                          = 0
mkdir("./117", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
[  102.684149][ T3763] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  102.692114][ T3763] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  102.700085][ T3763] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  102.708067][ T3763] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  102.716032][ T3763] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000074
[  102.724010][ T3763]  </TASK>
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3764
./strace-static-x86_64: Process 3764 attached
[pid  3764] chdir("./117")              = 0
[pid  3764] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3764] setpgid(0, 0)               = 0
[pid  3764] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3764] write(3, "1000", 4)         = 4
[pid  3764] close(3)                    = 0
[pid  3764] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3764] memfd_create("syzkaller", 0) = 3
[pid  3764] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3764] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3764] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3764] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3764] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3764] close(3)                    = 0
[pid  3764] mkdir("./file0", 0777)      = 0
[pid  3764] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3764] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3764] chdir("./file0")            = 0
[pid  3764] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3764] close(4)                    = 0
[pid  3764] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3764] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3764] write(5, "13", 2)           = 2
[  102.787302][ T3764] loop0: detected capacity change from 0 to 64
[  102.818451][ T3764] FAULT_INJECTION: forcing a failure.
[  102.818451][ T3764] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  102.831929][ T3764] CPU: 1 PID: 3764 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  102.842372][ T3764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  102.852435][ T3764] Call Trace:
[  102.855714][ T3764]  <TASK>
[  102.858639][ T3764]  dump_stack_lvl+0x1b1/0x28e
[  102.863318][ T3764]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  102.868801][ T3764]  ? panic+0x710/0x710
[  102.872898][ T3764]  ? do_anonymous_page+0xd4a/0x1150
[  102.878203][ T3764]  ? mark_lock+0x9a/0x350
[  102.882565][ T3764]  should_fail_ex+0x395/0x4c0
[  102.887370][ T3764]  prepare_alloc_pages+0x1d7/0x5a0
[  102.892514][ T3764]  __alloc_pages+0x161/0x560
[  102.897122][ T3764]  ? zone_statistics+0x160/0x160
[  102.902067][ T3764]  ? rcu_lock_release+0x5/0x20
[  102.906875][ T3764]  ? alloc_pages+0x520/0x7b0
[  102.911492][ T3764]  ? xas_descend+0x1f3/0x400
[  102.916109][ T3764]  folio_alloc+0x1a/0x50
[  102.920363][ T3764]  filemap_alloc_folio+0x7e/0x1c0
[  102.925394][ T3764]  __filemap_get_folio+0x898/0x1260
[  102.930604][ T3764]  ? page_cache_prev_miss+0x4e0/0x4e0
[  102.936006][ T3764]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[  102.942094][ T3764]  ? print_irqtrace_events+0x220/0x220
[  102.947575][ T3764]  pagecache_get_page+0x28/0x260
[  102.952535][ T3764]  ? hfs_free_extents+0x420/0x420
[  102.957575][ T3764]  block_write_begin+0x2e/0x1e0
[  102.962449][ T3764]  ? cont_write_begin+0x5e5/0x860
[  102.967511][ T3764]  ? hfs_free_extents+0x420/0x420
[  102.972577][ T3764]  cont_write_begin+0x606/0x860
[  102.977473][ T3764]  ? fault_in_readable+0x1d5/0x310
[  102.982603][ T3764]  ? generic_cont_expand_simple+0x250/0x250
[  102.988518][ T3764]  ? fault_in_readable+0x219/0x310
[  102.993639][ T3764]  ? fault_in_safe_writeable+0x240/0x240
[  102.999282][ T3764]  hfs_write_begin+0x86/0xd0
[  103.003872][ T3764]  ? hfs_free_extents+0x420/0x420
[  103.008906][ T3764]  generic_perform_write+0x2e4/0x5e0
[  103.014200][ T3764]  ? __block_commit_write+0x420/0x420
[  103.019581][ T3764]  ? generic_file_direct_write+0x610/0x610
[  103.025391][ T3764]  ? __file_remove_privs+0x6c0/0x6c0
[  103.030680][ T3764]  ? generic_write_checks+0x15c/0x1c0
[  103.036063][ T3764]  __generic_file_write_iter+0x176/0x400
[  103.041708][ T3764]  generic_file_write_iter+0xab/0x310
[  103.047105][ T3764]  vfs_write+0x7dc/0xc50
[  103.051376][ T3764]  ? file_end_write+0x230/0x230
[  103.056254][ T3764]  ? ptrace_stop+0x74d/0x970
[  103.060873][ T3764]  ? _raw_spin_unlock_irq+0x2a/0x40
[  103.066092][ T3764]  ? __fdget_pos+0x252/0x2e0
[  103.070697][ T3764]  ksys_write+0x177/0x2a0
[  103.075035][ T3764]  ? __ia32_sys_read+0x80/0x80
[  103.079802][ T3764]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  103.085960][ T3764]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  103.091940][ T3764]  do_syscall_64+0x3d/0xb0
[  103.096378][ T3764]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  103.102305][ T3764] RIP: 0033:0x7f0fa5191c89
[  103.106731][ T3764] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  103.126354][ T3764] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid  3764] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3764] exit_group(0)               = ?
[pid  3764] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3764, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./117", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./117", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./117/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./117/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./117/binderfs")                = 0
umount2("./117/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./117/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./117/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./117/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./117/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./117/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
[  103.134859][ T3764] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  103.142845][ T3764] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  103.150825][ T3764] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  103.158806][ T3764] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  103.166774][ T3764] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000075
[  103.174758][ T3764]  </TASK>
rmdir("./117")                          = 0
mkdir("./118", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3765
./strace-static-x86_64: Process 3765 attached
[pid  3765] chdir("./118")              = 0
[pid  3765] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3765] setpgid(0, 0)               = 0
[pid  3765] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3765] write(3, "1000", 4)         = 4
[pid  3765] close(3)                    = 0
[pid  3765] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3765] memfd_create("syzkaller", 0) = 3
[pid  3765] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3765] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3765] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3765] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3765] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3765] close(3)                    = 0
[pid  3765] mkdir("./file0", 0777)      = 0
[pid  3765] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3765] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3765] chdir("./file0")            = 0
[pid  3765] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3765] close(4)                    = 0
[pid  3765] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3765] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3765] write(5, "13", 2)           = 2
[  103.256527][ T3765] loop0: detected capacity change from 0 to 64
[  103.297876][ T3765] FAULT_INJECTION: forcing a failure.
[  103.297876][ T3765] name failslab, interval 1, probability 0, space 0, times 0
[  103.311030][ T3765] CPU: 1 PID: 3765 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  103.321496][ T3765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  103.331574][ T3765] Call Trace:
[  103.334852][ T3765]  <TASK>
[  103.337784][ T3765]  dump_stack_lvl+0x1b1/0x28e
[  103.342501][ T3765]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  103.347992][ T3765]  ? panic+0x710/0x710
[  103.352088][ T3765]  ? __might_sleep+0xc0/0xc0
[  103.356692][ T3765]  ? __mutex_lock_common+0x45f/0x26e0
[  103.362067][ T3765]  should_fail_ex+0x395/0x4c0
[  103.366743][ T3765]  ? hfs_find_init+0x8b/0x1e0
[  103.371429][ T3765]  should_failslab+0x5/0x20
[  103.375946][ T3765]  __kmem_cache_alloc_node+0x69/0x310
[  103.381325][ T3765]  ? hfs_find_init+0x8b/0x1e0
[  103.385998][ T3765]  __kmalloc+0x9e/0x1a0
[  103.390152][ T3765]  hfs_find_init+0x8b/0x1e0
[  103.394652][ T3765]  hfs_extend_file+0x2f8/0x1420
[  103.399501][ T3765]  ? hfs_get_block+0xbb0/0xbb0
[  103.404262][ T3765]  ? lru_cache_disable+0x30/0x30
[  103.409191][ T3765]  ? __might_sleep+0xc0/0xc0
[  103.413789][ T3765]  hfs_get_block+0x3fc/0xbb0
[  103.418403][ T3765]  ? hfs_free_extents+0x420/0x420
[  103.423439][ T3765]  ? do_raw_spin_unlock+0x134/0x8a0
[  103.428633][ T3765]  ? create_page_buffers+0x244/0x4b0
[  103.433917][ T3765]  __block_write_begin_int+0x54c/0x1a80
[  103.439476][ T3765]  ? hfs_free_extents+0x420/0x420
[  103.444501][ T3765]  ? page_zero_new_buffers+0x940/0x940
[  103.449984][ T3765]  ? PageHeadHuge+0x8a/0x1d0
[  103.454609][ T3765]  ? hfs_free_extents+0x420/0x420
[  103.459631][ T3765]  block_write_begin+0x93/0x1e0
[  103.464494][ T3765]  ? cont_write_begin+0x5e5/0x860
[  103.469540][ T3765]  ? hfs_free_extents+0x420/0x420
[  103.474555][ T3765]  cont_write_begin+0x606/0x860
[  103.479413][ T3765]  ? fault_in_readable+0x1d5/0x310
[  103.484531][ T3765]  ? generic_cont_expand_simple+0x250/0x250
[  103.490423][ T3765]  ? fault_in_readable+0x219/0x310
[  103.495544][ T3765]  ? fault_in_safe_writeable+0x240/0x240
[  103.501182][ T3765]  hfs_write_begin+0x86/0xd0
[  103.505763][ T3765]  ? hfs_free_extents+0x420/0x420
[  103.510779][ T3765]  generic_perform_write+0x2e4/0x5e0
[  103.516088][ T3765]  ? __block_commit_write+0x420/0x420
[  103.521488][ T3765]  ? generic_file_direct_write+0x610/0x610
[  103.527308][ T3765]  ? __file_remove_privs+0x6c0/0x6c0
[  103.532600][ T3765]  ? generic_write_checks+0x15c/0x1c0
[  103.537999][ T3765]  __generic_file_write_iter+0x176/0x400
[  103.543663][ T3765]  generic_file_write_iter+0xab/0x310
[  103.549059][ T3765]  vfs_write+0x7dc/0xc50
[  103.553321][ T3765]  ? file_end_write+0x230/0x230
[  103.558163][ T3765]  ? ptrace_stop+0x74d/0x970
[  103.562768][ T3765]  ? _raw_spin_unlock_irq+0x2a/0x40
[  103.567977][ T3765]  ? __fdget_pos+0x252/0x2e0
[  103.572566][ T3765]  ksys_write+0x177/0x2a0
[  103.576915][ T3765]  ? __ia32_sys_read+0x80/0x80
[  103.581756][ T3765]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  103.587728][ T3765]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  103.593701][ T3765]  do_syscall_64+0x3d/0xb0
[  103.598111][ T3765]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  103.604004][ T3765] RIP: 0033:0x7f0fa5191c89
[  103.608425][ T3765] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  103.628200][ T3765] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  103.636610][ T3765] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[pid  3765] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3765] exit_group(0)               = ?
[pid  3765] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3765, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./118", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./118", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./118/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./118/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./118/binderfs")                = 0
umount2("./118/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./118/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./118/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./118/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./118/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./118/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./118")                          = 0
mkdir("./119", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3766
./strace-static-x86_64: Process 3766 attached
[pid  3766] chdir("./119")              = 0
[pid  3766] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3766] setpgid(0, 0)               = 0
[pid  3766] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3766] write(3, "1000", 4)         = 4
[pid  3766] close(3)                    = 0
[pid  3766] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3766] memfd_create("syzkaller", 0) = 3
[pid  3766] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[  103.644576][ T3765] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  103.652535][ T3765] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  103.660506][ T3765] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  103.668491][ T3765] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000076
[  103.676479][ T3765]  </TASK>
[pid  3766] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3766] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3766] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3766] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3766] close(3)                    = 0
[pid  3766] mkdir("./file0", 0777)      = 0
[pid  3766] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3766] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3766] chdir("./file0")            = 0
[pid  3766] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3766] close(4)                    = 0
[pid  3766] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3766] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3766] write(5, "13", 2)           = 2
[  103.735317][ T3766] loop0: detected capacity change from 0 to 64
[  103.770600][ T3766] FAULT_INJECTION: forcing a failure.
[  103.770600][ T3766] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  103.783726][ T3766] CPU: 1 PID: 3766 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  103.794125][ T3766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  103.804173][ T3766] Call Trace:
[  103.807460][ T3766]  <TASK>
[  103.810392][ T3766]  dump_stack_lvl+0x1b1/0x28e
[  103.815068][ T3766]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  103.820514][ T3766]  ? panic+0x710/0x710
[  103.824571][ T3766]  ? hfs_free_extents+0x420/0x420
[  103.829589][ T3766]  ? PageHeadHuge+0x8a/0x1d0
[  103.834171][ T3766]  should_fail_ex+0x395/0x4c0
[  103.838841][ T3766]  copy_page_from_iter_atomic+0x217/0x1140
[  103.844660][ T3766]  ? generic_cont_expand_simple+0x250/0x250
[  103.850567][ T3766]  ? pipe_zero+0x200/0x200
[  103.854980][ T3766]  ? hfs_write_begin+0x86/0xd0
[  103.859738][ T3766]  ? hfs_free_extents+0x420/0x420
[  103.864768][ T3766]  ? hfs_write_begin+0x9e/0xd0
[  103.869526][ T3766]  generic_perform_write+0x35a/0x5e0
[  103.874821][ T3766]  ? __block_commit_write+0x420/0x420
[  103.880214][ T3766]  ? generic_file_direct_write+0x610/0x610
[  103.886031][ T3766]  ? __file_remove_privs+0x6c0/0x6c0
[  103.891315][ T3766]  ? generic_write_checks+0x15c/0x1c0
[  103.896711][ T3766]  __generic_file_write_iter+0x176/0x400
[  103.902368][ T3766]  generic_file_write_iter+0xab/0x310
[  103.907767][ T3766]  vfs_write+0x7dc/0xc50
[  103.912038][ T3766]  ? file_end_write+0x230/0x230
[  103.916898][ T3766]  ? ptrace_stop+0x74d/0x970
[  103.921503][ T3766]  ? _raw_spin_unlock_irq+0x2a/0x40
[  103.926712][ T3766]  ? __fdget_pos+0x252/0x2e0
[  103.931309][ T3766]  ksys_write+0x177/0x2a0
[  103.935650][ T3766]  ? __ia32_sys_read+0x80/0x80
[  103.940411][ T3766]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  103.946393][ T3766]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  103.952390][ T3766]  do_syscall_64+0x3d/0xb0
[  103.956802][ T3766]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  103.962684][ T3766] RIP: 0033:0x7f0fa5191c89
[  103.967101][ T3766] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  103.986722][ T3766] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  103.995217][ T3766] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  104.003204][ T3766] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  104.011174][ T3766] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  104.019152][ T3766] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  104.027114][ T3766] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000077
[pid  3766] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid  3766] exit_group(0)               = ?
[pid  3766] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3766, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./119", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./119", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./119/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./119/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./119/binderfs")                = 0
umount2("./119/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./119/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./119/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./119/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./119/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./119/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./119")                          = 0
mkdir("./120", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
[  104.035099][ T3766]  </TASK>
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3767
./strace-static-x86_64: Process 3767 attached
[pid  3767] chdir("./120")              = 0
[pid  3767] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3767] setpgid(0, 0)               = 0
[pid  3767] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3767] write(3, "1000", 4)         = 4
[pid  3767] close(3)                    = 0
[pid  3767] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3767] memfd_create("syzkaller", 0) = 3
[pid  3767] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3767] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3767] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3767] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3767] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3767] close(3)                    = 0
[pid  3767] mkdir("./file0", 0777)      = 0
[pid  3767] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3767] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3767] chdir("./file0")            = 0
[pid  3767] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3767] close(4)                    = 0
[pid  3767] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3767] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3767] write(5, "13", 2)           = 2
[  104.094687][ T3767] loop0: detected capacity change from 0 to 64
[  104.125558][ T3767] FAULT_INJECTION: forcing a failure.
[  104.125558][ T3767] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  104.138699][ T3767] CPU: 1 PID: 3767 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  104.149103][ T3767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  104.159162][ T3767] Call Trace:
[  104.162439][ T3767]  <TASK>
[  104.165365][ T3767]  dump_stack_lvl+0x1b1/0x28e
[  104.170051][ T3767]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  104.175550][ T3767]  ? panic+0x710/0x710
[  104.179636][ T3767]  ? hfs_free_extents+0x420/0x420
[  104.184663][ T3767]  ? PageHeadHuge+0x8a/0x1d0
[  104.189269][ T3767]  should_fail_ex+0x395/0x4c0
[  104.193964][ T3767]  copy_page_from_iter_atomic+0x217/0x1140
[  104.199792][ T3767]  ? generic_cont_expand_simple+0x250/0x250
[  104.205697][ T3767]  ? pipe_zero+0x200/0x200
[  104.210125][ T3767]  ? hfs_write_begin+0x86/0xd0
[  104.214885][ T3767]  ? hfs_free_extents+0x420/0x420
[  104.219908][ T3767]  ? hfs_write_begin+0x9e/0xd0
[  104.224673][ T3767]  generic_perform_write+0x35a/0x5e0
[  104.229963][ T3767]  ? __block_commit_write+0x420/0x420
[  104.235341][ T3767]  ? generic_file_direct_write+0x610/0x610
[  104.241151][ T3767]  ? __file_remove_privs+0x6c0/0x6c0
[  104.246437][ T3767]  ? generic_write_checks+0x15c/0x1c0
[  104.251817][ T3767]  __generic_file_write_iter+0x176/0x400
[  104.257454][ T3767]  generic_file_write_iter+0xab/0x310
[  104.262830][ T3767]  vfs_write+0x7dc/0xc50
[  104.267091][ T3767]  ? file_end_write+0x230/0x230
[  104.271939][ T3767]  ? ptrace_stop+0x74d/0x970
[  104.276541][ T3767]  ? _raw_spin_unlock_irq+0x2a/0x40
[  104.281751][ T3767]  ? __fdget_pos+0x252/0x2e0
[  104.286343][ T3767]  ksys_write+0x177/0x2a0
[  104.290681][ T3767]  ? __ia32_sys_read+0x80/0x80
[  104.295447][ T3767]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  104.301430][ T3767]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  104.307502][ T3767]  do_syscall_64+0x3d/0xb0
[  104.311916][ T3767]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  104.317810][ T3767] RIP: 0033:0x7f0fa5191c89
[  104.322222][ T3767] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid  3767] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid  3767] exit_group(0)               = ?
[pid  3767] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3767, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./120", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./120", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./120/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./120/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./120/binderfs")                = 0
umount2("./120/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./120/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./120/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./120/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./120/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./120/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
[  104.341910][ T3767] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  104.350322][ T3767] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  104.358299][ T3767] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  104.366273][ T3767] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  104.374241][ T3767] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  104.382207][ T3767] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000078
[  104.390191][ T3767]  </TASK>
rmdir("./120")                          = 0
mkdir("./121", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3768
./strace-static-x86_64: Process 3768 attached
[pid  3768] chdir("./121")              = 0
[pid  3768] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3768] setpgid(0, 0)               = 0
[pid  3768] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3768] write(3, "1000", 4)         = 4
[pid  3768] close(3)                    = 0
[pid  3768] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3768] memfd_create("syzkaller", 0) = 3
[pid  3768] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3768] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3768] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3768] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3768] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3768] close(3)                    = 0
[pid  3768] mkdir("./file0", 0777)      = 0
[pid  3768] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3768] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3768] chdir("./file0")            = 0
[pid  3768] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3768] close(4)                    = 0
[pid  3768] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3768] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3768] write(5, "13", 2)           = 2
[  104.445621][ T3768] loop0: detected capacity change from 0 to 64
[  104.467922][ T3768] FAULT_INJECTION: forcing a failure.
[  104.467922][ T3768] name failslab, interval 1, probability 0, space 0, times 0
[  104.484051][ T3768] CPU: 0 PID: 3768 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  104.494505][ T3768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  104.504561][ T3768] Call Trace:
[  104.507842][ T3768]  <TASK>
[  104.510776][ T3768]  dump_stack_lvl+0x1b1/0x28e
[  104.515540][ T3768]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  104.520989][ T3768]  ? panic+0x710/0x710
[  104.525049][ T3768]  ? __might_sleep+0xc0/0xc0
[  104.529625][ T3768]  ? __mutex_lock_common+0x45f/0x26e0
[  104.535072][ T3768]  should_fail_ex+0x395/0x4c0
[  104.539784][ T3768]  ? hfs_find_init+0x8b/0x1e0
[  104.544462][ T3768]  should_failslab+0x5/0x20
[  104.548972][ T3768]  __kmem_cache_alloc_node+0x69/0x310
[  104.554358][ T3768]  ? rcu_lock_release+0x5/0x20
[  104.559119][ T3768]  ? hfs_find_init+0x8b/0x1e0
[  104.563788][ T3768]  __kmalloc+0x9e/0x1a0
[  104.567938][ T3768]  hfs_find_init+0x8b/0x1e0
[  104.572433][ T3768]  hfs_extend_file+0x2f8/0x1420
[  104.577270][ T3768]  ? xas_find+0x937/0xa60
[  104.581605][ T3768]  ? hfs_get_block+0xbb0/0xbb0
[  104.586355][ T3768]  ? filemap_get_folios+0x557/0x830
[  104.591544][ T3768]  ? find_lock_entries+0xf60/0xf60
[  104.596672][ T3768]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  104.602592][ T3768]  hfs_get_block+0x3fc/0xbb0
[  104.607185][ T3768]  ? hfs_free_extents+0x420/0x420
[  104.612213][ T3768]  ? do_raw_spin_unlock+0x134/0x8a0
[  104.617432][ T3768]  ? create_page_buffers+0x244/0x4b0
[  104.622724][ T3768]  __block_write_begin_int+0x54c/0x1a80
[  104.628282][ T3768]  ? hfs_free_extents+0x420/0x420
[  104.633302][ T3768]  ? page_zero_new_buffers+0x940/0x940
[  104.638761][ T3768]  ? PageHeadHuge+0x8a/0x1d0
[  104.643342][ T3768]  ? hfs_free_extents+0x420/0x420
[  104.648351][ T3768]  block_write_begin+0x93/0x1e0
[  104.653192][ T3768]  ? cont_write_begin+0x5e5/0x860
[  104.658290][ T3768]  ? hfs_free_extents+0x420/0x420
[  104.663324][ T3768]  cont_write_begin+0x606/0x860
[  104.668188][ T3768]  ? fault_in_readable+0x1d5/0x310
[  104.673551][ T3768]  ? generic_cont_expand_simple+0x250/0x250
[  104.679704][ T3768]  ? fault_in_readable+0x219/0x310
[  104.684826][ T3768]  ? fault_in_safe_writeable+0x240/0x240
[  104.690453][ T3768]  hfs_write_begin+0x86/0xd0
[  104.695032][ T3768]  ? hfs_free_extents+0x420/0x420
[  104.700047][ T3768]  generic_perform_write+0x2e4/0x5e0
[  104.705332][ T3768]  ? __block_commit_write+0x420/0x420
[  104.710693][ T3768]  ? generic_file_direct_write+0x610/0x610
[  104.716497][ T3768]  ? __file_remove_privs+0x6c0/0x6c0
[  104.721781][ T3768]  ? generic_write_checks+0x15c/0x1c0
[  104.727156][ T3768]  __generic_file_write_iter+0x176/0x400
[  104.732789][ T3768]  generic_file_write_iter+0xab/0x310
[  104.738157][ T3768]  vfs_write+0x7dc/0xc50
[  104.742423][ T3768]  ? file_end_write+0x230/0x230
[  104.747273][ T3768]  ? ptrace_stop+0x74d/0x970
[  104.751879][ T3768]  ? _raw_spin_unlock_irq+0x2a/0x40
[  104.757097][ T3768]  ? __fdget_pos+0x252/0x2e0
[  104.762127][ T3768]  ksys_write+0x177/0x2a0
[  104.766451][ T3768]  ? __ia32_sys_read+0x80/0x80
[  104.771208][ T3768]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  104.777194][ T3768]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  104.783181][ T3768]  do_syscall_64+0x3d/0xb0
[  104.787586][ T3768]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  104.793485][ T3768] RIP: 0033:0x7f0fa5191c89
[  104.797912][ T3768] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  104.817560][ T3768] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  104.825971][ T3768] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  104.833943][ T3768] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid  3768] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3768] exit_group(0)               = ?
[pid  3768] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3768, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./121", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./121", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./121/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./121/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./121/binderfs")                = 0
umount2("./121/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./121/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./121/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./121/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./121/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./121/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./121")                          = 0
mkdir("./122", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3769
./strace-static-x86_64: Process 3769 attached
[pid  3769] chdir("./122")              = 0
[  104.841915][ T3768] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  104.849871][ T3768] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  104.857832][ T3768] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000079
[  104.865978][ T3768]  </TASK>
[pid  3769] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3769] setpgid(0, 0)               = 0
[pid  3769] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3769] write(3, "1000", 4)         = 4
[pid  3769] close(3)                    = 0
[pid  3769] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3769] memfd_create("syzkaller", 0) = 3
[pid  3769] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3769] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3769] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3769] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3769] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3769] close(3)                    = 0
[pid  3769] mkdir("./file0", 0777)      = 0
[pid  3769] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3769] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3769] chdir("./file0")            = 0
[pid  3769] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3769] close(4)                    = 0
[pid  3769] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3769] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3769] write(5, "13", 2)           = 2
[  104.922548][ T3769] loop0: detected capacity change from 0 to 64
[  104.950324][ T3769] FAULT_INJECTION: forcing a failure.
[  104.950324][ T3769] name failslab, interval 1, probability 0, space 0, times 0
[  104.963283][ T3769] CPU: 0 PID: 3769 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  104.973775][ T3769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  104.983814][ T3769] Call Trace:
[  104.987079][ T3769]  <TASK>
[  104.989994][ T3769]  dump_stack_lvl+0x1b1/0x28e
[  104.994660][ T3769]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  105.000101][ T3769]  ? panic+0x710/0x710
[  105.004158][ T3769]  ? __might_sleep+0xc0/0xc0
[  105.008730][ T3769]  ? __mutex_lock_common+0x45f/0x26e0
[  105.014115][ T3769]  should_fail_ex+0x395/0x4c0
[  105.018792][ T3769]  ? hfs_find_init+0x8b/0x1e0
[  105.023478][ T3769]  should_failslab+0x5/0x20
[  105.027993][ T3769]  __kmem_cache_alloc_node+0x69/0x310
[  105.033368][ T3769]  ? hfs_find_init+0x8b/0x1e0
[  105.038047][ T3769]  __kmalloc+0x9e/0x1a0
[  105.042210][ T3769]  hfs_find_init+0x8b/0x1e0
[  105.046725][ T3769]  hfs_extend_file+0x2f8/0x1420
[  105.051588][ T3769]  ? hfs_get_block+0xbb0/0xbb0
[  105.056358][ T3769]  ? lru_cache_disable+0x30/0x30
[  105.061299][ T3769]  ? __might_sleep+0xc0/0xc0
[  105.065903][ T3769]  hfs_get_block+0x3fc/0xbb0
[  105.070508][ T3769]  ? hfs_free_extents+0x420/0x420
[  105.075533][ T3769]  ? do_raw_spin_unlock+0x134/0x8a0
[  105.080738][ T3769]  ? create_page_buffers+0x244/0x4b0
[  105.086028][ T3769]  __block_write_begin_int+0x54c/0x1a80
[  105.091593][ T3769]  ? hfs_free_extents+0x420/0x420
[  105.096615][ T3769]  ? page_zero_new_buffers+0x940/0x940
[  105.102071][ T3769]  ? PageHeadHuge+0x8a/0x1d0
[  105.106662][ T3769]  ? hfs_free_extents+0x420/0x420
[  105.111678][ T3769]  block_write_begin+0x93/0x1e0
[  105.116532][ T3769]  ? cont_write_begin+0x5e5/0x860
[  105.121554][ T3769]  ? hfs_free_extents+0x420/0x420
[  105.126576][ T3769]  cont_write_begin+0x606/0x860
[  105.131432][ T3769]  ? fault_in_readable+0x1d5/0x310
[  105.136545][ T3769]  ? generic_cont_expand_simple+0x250/0x250
[  105.142436][ T3769]  ? fault_in_readable+0x219/0x310
[  105.147545][ T3769]  ? fault_in_safe_writeable+0x240/0x240
[  105.153181][ T3769]  hfs_write_begin+0x86/0xd0
[  105.157767][ T3769]  ? hfs_free_extents+0x420/0x420
[  105.162790][ T3769]  generic_perform_write+0x2e4/0x5e0
[  105.168079][ T3769]  ? __block_commit_write+0x420/0x420
[  105.173451][ T3769]  ? generic_file_direct_write+0x610/0x610
[  105.179259][ T3769]  ? __file_remove_privs+0x6c0/0x6c0
[  105.184541][ T3769]  ? generic_write_checks+0x15c/0x1c0
[  105.189919][ T3769]  __generic_file_write_iter+0x176/0x400
[  105.195558][ T3769]  generic_file_write_iter+0xab/0x310
[  105.200948][ T3769]  vfs_write+0x7dc/0xc50
[  105.205211][ T3769]  ? file_end_write+0x230/0x230
[  105.210065][ T3769]  ? ptrace_stop+0x74d/0x970
[  105.214682][ T3769]  ? _raw_spin_unlock_irq+0x2a/0x40
[  105.219898][ T3769]  ? __fdget_pos+0x252/0x2e0
[  105.224494][ T3769]  ksys_write+0x177/0x2a0
[  105.228840][ T3769]  ? __ia32_sys_read+0x80/0x80
[  105.233617][ T3769]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  105.239602][ T3769]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  105.245582][ T3769]  do_syscall_64+0x3d/0xb0
[  105.250012][ T3769]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  105.255913][ T3769] RIP: 0033:0x7f0fa5191c89
[  105.260336][ T3769] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  105.279944][ T3769] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  105.288358][ T3769] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  105.296326][ T3769] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  105.304313][ T3769] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  105.312294][ T3769] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  3769] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3769] exit_group(0)               = ?
[pid  3769] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3769, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./122", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./122", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./122/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./122/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./122/binderfs")                = 0
umount2("./122/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./122/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./122/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./122/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./122/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./122/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./122")                          = 0
mkdir("./123", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3770
./strace-static-x86_64: Process 3770 attached
[pid  3770] chdir("./123")              = 0
[pid  3770] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3770] setpgid(0, 0)               = 0
[pid  3770] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3770] write(3, "1000", 4)         = 4
[pid  3770] close(3)                    = 0
[pid  3770] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3770] memfd_create("syzkaller", 0) = 3
[pid  3770] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3770] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3770] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3770] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3770] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3770] close(3)                    = 0
[pid  3770] mkdir("./file0", 0777)      = 0
[pid  3770] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3770] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3770] chdir("./file0")            = 0
[  105.320349][ T3769] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000007a
[  105.328363][ T3769]  </TASK>
[  105.362197][ T3770] loop0: detected capacity change from 0 to 64
[pid  3770] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3770] close(4)                    = 0
[pid  3770] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3770] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3770] write(5, "13", 2)           = 2
[  105.378938][ T3770] FAULT_INJECTION: forcing a failure.
[  105.378938][ T3770] name failslab, interval 1, probability 0, space 0, times 0
[  105.392498][ T3770] CPU: 0 PID: 3770 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  105.402930][ T3770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  105.412979][ T3770] Call Trace:
[  105.416252][ T3770]  <TASK>
[  105.419175][ T3770]  dump_stack_lvl+0x1b1/0x28e
[  105.423865][ T3770]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  105.429600][ T3770]  ? panic+0x710/0x710
[  105.433676][ T3770]  ? __might_sleep+0xc0/0xc0
[  105.438278][ T3770]  ? __mutex_lock_common+0x45f/0x26e0
[  105.443658][ T3770]  should_fail_ex+0x395/0x4c0
[  105.448346][ T3770]  ? hfs_find_init+0x8b/0x1e0
[  105.453025][ T3770]  should_failslab+0x5/0x20
[  105.457526][ T3770]  __kmem_cache_alloc_node+0x69/0x310
[  105.462888][ T3770]  ? rcu_lock_release+0x5/0x20
[  105.467656][ T3770]  ? hfs_find_init+0x8b/0x1e0
[  105.472342][ T3770]  __kmalloc+0x9e/0x1a0
[  105.476495][ T3770]  hfs_find_init+0x8b/0x1e0
[  105.480990][ T3770]  hfs_extend_file+0x2f8/0x1420
[  105.485840][ T3770]  ? xas_find+0x937/0xa60
[  105.490201][ T3770]  ? hfs_get_block+0xbb0/0xbb0
[  105.494961][ T3770]  ? filemap_get_folios+0x557/0x830
[  105.500152][ T3770]  ? find_lock_entries+0xf60/0xf60
[  105.505276][ T3770]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  105.511183][ T3770]  hfs_get_block+0x3fc/0xbb0
[  105.515788][ T3770]  ? hfs_free_extents+0x420/0x420
[  105.520807][ T3770]  ? do_raw_spin_unlock+0x134/0x8a0
[  105.526017][ T3770]  ? create_page_buffers+0x244/0x4b0
[  105.531310][ T3770]  __block_write_begin_int+0x54c/0x1a80
[  105.536904][ T3770]  ? hfs_free_extents+0x420/0x420
[  105.541933][ T3770]  ? page_zero_new_buffers+0x940/0x940
[  105.547388][ T3770]  ? PageHeadHuge+0x8a/0x1d0
[  105.551986][ T3770]  ? hfs_free_extents+0x420/0x420
[  105.557019][ T3770]  block_write_begin+0x93/0x1e0
[  105.561861][ T3770]  ? cont_write_begin+0x5e5/0x860
[  105.566882][ T3770]  ? hfs_free_extents+0x420/0x420
[  105.571910][ T3770]  cont_write_begin+0x606/0x860
[  105.576775][ T3770]  ? fault_in_readable+0x1d5/0x310
[  105.581897][ T3770]  ? generic_cont_expand_simple+0x250/0x250
[  105.587790][ T3770]  ? fault_in_readable+0x219/0x310
[  105.592911][ T3770]  ? fault_in_safe_writeable+0x240/0x240
[  105.598554][ T3770]  hfs_write_begin+0x86/0xd0
[  105.603149][ T3770]  ? hfs_free_extents+0x420/0x420
[  105.608180][ T3770]  generic_perform_write+0x2e4/0x5e0
[  105.613486][ T3770]  ? __block_commit_write+0x420/0x420
[  105.618852][ T3770]  ? generic_file_direct_write+0x610/0x610
[  105.624657][ T3770]  ? __file_remove_privs+0x6c0/0x6c0
[  105.629949][ T3770]  ? generic_write_checks+0x15c/0x1c0
[  105.635316][ T3770]  __generic_file_write_iter+0x176/0x400
[  105.641031][ T3770]  generic_file_write_iter+0xab/0x310
[  105.646395][ T3770]  vfs_write+0x7dc/0xc50
[  105.650635][ T3770]  ? file_end_write+0x230/0x230
[  105.655473][ T3770]  ? ptrace_stop+0x74d/0x970
[  105.660062][ T3770]  ? _raw_spin_unlock_irq+0x2a/0x40
[  105.665253][ T3770]  ? __fdget_pos+0x252/0x2e0
[  105.669838][ T3770]  ksys_write+0x177/0x2a0
[  105.674199][ T3770]  ? __ia32_sys_read+0x80/0x80
[  105.678966][ T3770]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  105.684939][ T3770]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  105.690922][ T3770]  do_syscall_64+0x3d/0xb0
[  105.695339][ T3770]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  105.701223][ T3770] RIP: 0033:0x7f0fa5191c89
[  105.705635][ T3770] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid  3770] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3770] exit_group(0)               = ?
[pid  3770] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3770, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./123", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./123", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./123/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./123/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./123/binderfs")                = 0
umount2("./123/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./123/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./123/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./123/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./123/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
[  105.725320][ T3770] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  105.733731][ T3770] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  105.741804][ T3770] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  105.749772][ T3770] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  105.757743][ T3770] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  105.765710][ T3770] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000007b
[  105.773698][ T3770]  </TASK>
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./123/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./123")                          = 0
mkdir("./124", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3771
./strace-static-x86_64: Process 3771 attached
[pid  3771] chdir("./124")              = 0
[pid  3771] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3771] setpgid(0, 0)               = 0
[pid  3771] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3771] write(3, "1000", 4)         = 4
[pid  3771] close(3)                    = 0
[pid  3771] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3771] memfd_create("syzkaller", 0) = 3
[pid  3771] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3771] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3771] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3771] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3771] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3771] close(3)                    = 0
[pid  3771] mkdir("./file0", 0777)      = 0
[pid  3771] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3771] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3771] chdir("./file0")            = 0
[pid  3771] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3771] close(4)                    = 0
[pid  3771] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3771] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3771] write(5, "13", 2)           = 2
[  105.836990][ T3771] loop0: detected capacity change from 0 to 64
[  105.870371][ T3771] FAULT_INJECTION: forcing a failure.
[  105.870371][ T3771] name failslab, interval 1, probability 0, space 0, times 0
[  105.883543][ T3771] CPU: 0 PID: 3771 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  105.894003][ T3771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  105.904050][ T3771] Call Trace:
[  105.907374][ T3771]  <TASK>
[  105.910311][ T3771]  dump_stack_lvl+0x1b1/0x28e
[  105.915000][ T3771]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  105.920445][ T3771]  ? panic+0x710/0x710
[  105.924770][ T3771]  ? __might_sleep+0xc0/0xc0
[  105.929349][ T3771]  ? __mutex_lock_common+0x45f/0x26e0
[  105.934722][ T3771]  should_fail_ex+0x395/0x4c0
[  105.939527][ T3771]  ? hfs_find_init+0x8b/0x1e0
[  105.944215][ T3771]  should_failslab+0x5/0x20
[  105.948739][ T3771]  __kmem_cache_alloc_node+0x69/0x310
[  105.954108][ T3771]  ? hfs_find_init+0x8b/0x1e0
[  105.958791][ T3771]  __kmalloc+0x9e/0x1a0
[  105.962978][ T3771]  hfs_find_init+0x8b/0x1e0
[  105.967495][ T3771]  hfs_extend_file+0x2f8/0x1420
[  105.972344][ T3771]  ? hfs_get_block+0xbb0/0xbb0
[  105.977099][ T3771]  ? lru_cache_disable+0x30/0x30
[  105.982029][ T3771]  ? __might_sleep+0xc0/0xc0
[  105.986712][ T3771]  hfs_get_block+0x3fc/0xbb0
[  105.991328][ T3771]  ? hfs_free_extents+0x420/0x420
[  105.996347][ T3771]  ? do_raw_spin_unlock+0x134/0x8a0
[  106.001557][ T3771]  ? create_page_buffers+0x244/0x4b0
[  106.006870][ T3771]  __block_write_begin_int+0x54c/0x1a80
[  106.012470][ T3771]  ? hfs_free_extents+0x420/0x420
[  106.017504][ T3771]  ? page_zero_new_buffers+0x940/0x940
[  106.022954][ T3771]  ? PageHeadHuge+0x8a/0x1d0
[  106.027556][ T3771]  ? hfs_free_extents+0x420/0x420
[  106.032588][ T3771]  block_write_begin+0x93/0x1e0
[  106.037430][ T3771]  ? cont_write_begin+0x5e5/0x860
[  106.042448][ T3771]  ? hfs_free_extents+0x420/0x420
[  106.047461][ T3771]  cont_write_begin+0x606/0x860
[  106.052320][ T3771]  ? fault_in_readable+0x1d5/0x310
[  106.057541][ T3771]  ? generic_cont_expand_simple+0x250/0x250
[  106.063436][ T3771]  ? fault_in_readable+0x219/0x310
[  106.068549][ T3771]  ? fault_in_safe_writeable+0x240/0x240
[  106.074184][ T3771]  hfs_write_begin+0x86/0xd0
[  106.078777][ T3771]  ? hfs_free_extents+0x420/0x420
[  106.083815][ T3771]  generic_perform_write+0x2e4/0x5e0
[  106.089188][ T3771]  ? __block_commit_write+0x420/0x420
[  106.094557][ T3771]  ? generic_file_direct_write+0x610/0x610
[  106.100356][ T3771]  ? __file_remove_privs+0x6c0/0x6c0
[  106.105641][ T3771]  ? generic_write_checks+0x15c/0x1c0
[  106.111018][ T3771]  __generic_file_write_iter+0x176/0x400
[  106.116648][ T3771]  generic_file_write_iter+0xab/0x310
[  106.122015][ T3771]  vfs_write+0x7dc/0xc50
[  106.126266][ T3771]  ? file_end_write+0x230/0x230
[  106.131192][ T3771]  ? ptrace_stop+0x74d/0x970
[  106.135782][ T3771]  ? _raw_spin_unlock_irq+0x2a/0x40
[  106.140988][ T3771]  ? __fdget_pos+0x252/0x2e0
[  106.145595][ T3771]  ksys_write+0x177/0x2a0
[  106.149919][ T3771]  ? __ia32_sys_read+0x80/0x80
[  106.154691][ T3771]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  106.160680][ T3771]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  106.166659][ T3771]  do_syscall_64+0x3d/0xb0
[  106.171069][ T3771]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  106.176960][ T3771] RIP: 0033:0x7f0fa5191c89
[  106.181370][ T3771] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  106.201054][ T3771] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  106.209545][ T3771] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  106.217680][ T3771] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  106.225641][ T3771] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3771] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3771] exit_group(0)               = ?
[pid  3771] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3771, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./124", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./124", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./124/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./124/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./124/binderfs")                = 0
umount2("./124/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./124/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./124/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./124/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./124/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./124/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./124")                          = 0
mkdir("./125", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3772
./strace-static-x86_64: Process 3772 attached
[pid  3772] chdir("./125")              = 0
[pid  3772] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3772] setpgid(0, 0)               = 0
[pid  3772] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3772] write(3, "1000", 4)         = 4
[  106.233604][ T3771] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  106.241575][ T3771] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000007c
[  106.249569][ T3771]  </TASK>
[pid  3772] close(3)                    = 0
[pid  3772] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3772] memfd_create("syzkaller", 0) = 3
[pid  3772] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3772] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3772] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3772] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3772] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3772] close(3)                    = 0
[pid  3772] mkdir("./file0", 0777)      = 0
[pid  3772] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3772] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3772] chdir("./file0")            = 0
[pid  3772] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3772] close(4)                    = 0
[pid  3772] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3772] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3772] write(5, "13", 2)           = 2
[  106.307093][ T3772] loop0: detected capacity change from 0 to 64
[  106.338178][ T3772] FAULT_INJECTION: forcing a failure.
[  106.338178][ T3772] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  106.351788][ T3772] CPU: 0 PID: 3772 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  106.362227][ T3772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  106.372373][ T3772] Call Trace:
[  106.375648][ T3772]  <TASK>
[  106.378568][ T3772]  dump_stack_lvl+0x1b1/0x28e
[  106.383243][ T3772]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  106.388693][ T3772]  ? panic+0x710/0x710
[  106.392751][ T3772]  ? do_anonymous_page+0xd4a/0x1150
[  106.397956][ T3772]  ? mark_lock+0x9a/0x350
[  106.402309][ T3772]  should_fail_ex+0x395/0x4c0
[  106.406998][ T3772]  prepare_alloc_pages+0x1d7/0x5a0
[  106.412107][ T3772]  __alloc_pages+0x161/0x560
[  106.416711][ T3772]  ? zone_statistics+0x160/0x160
[  106.421749][ T3772]  ? rcu_lock_release+0x5/0x20
[  106.426512][ T3772]  ? alloc_pages+0x520/0x7b0
[  106.431119][ T3772]  ? xas_descend+0x1f3/0x400
[  106.435702][ T3772]  folio_alloc+0x1a/0x50
[  106.439930][ T3772]  filemap_alloc_folio+0x7e/0x1c0
[  106.444966][ T3772]  __filemap_get_folio+0x898/0x1260
[  106.450177][ T3772]  ? page_cache_prev_miss+0x4e0/0x4e0
[  106.455543][ T3772]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[  106.461515][ T3772]  ? print_irqtrace_events+0x220/0x220
[  106.466978][ T3772]  pagecache_get_page+0x28/0x260
[  106.471915][ T3772]  ? hfs_free_extents+0x420/0x420
[  106.476939][ T3772]  block_write_begin+0x2e/0x1e0
[  106.481801][ T3772]  ? cont_write_begin+0x5e5/0x860
[  106.486814][ T3772]  ? hfs_free_extents+0x420/0x420
[  106.491835][ T3772]  cont_write_begin+0x606/0x860
[  106.496702][ T3772]  ? fault_in_readable+0x1d5/0x310
[  106.501806][ T3772]  ? generic_cont_expand_simple+0x250/0x250
[  106.507690][ T3772]  ? fault_in_readable+0x219/0x310
[  106.512794][ T3772]  ? fault_in_safe_writeable+0x240/0x240
[  106.518488][ T3772]  hfs_write_begin+0x86/0xd0
[  106.523065][ T3772]  ? hfs_free_extents+0x420/0x420
[  106.528079][ T3772]  generic_perform_write+0x2e4/0x5e0
[  106.533450][ T3772]  ? __block_commit_write+0x420/0x420
[  106.538824][ T3772]  ? generic_file_direct_write+0x610/0x610
[  106.544637][ T3772]  ? __file_remove_privs+0x6c0/0x6c0
[  106.549915][ T3772]  ? generic_write_checks+0x15c/0x1c0
[  106.555295][ T3772]  __generic_file_write_iter+0x176/0x400
[  106.560951][ T3772]  generic_file_write_iter+0xab/0x310
[  106.566345][ T3772]  vfs_write+0x7dc/0xc50
[  106.570614][ T3772]  ? file_end_write+0x230/0x230
[  106.575470][ T3772]  ? ptrace_stop+0x74d/0x970
[  106.580076][ T3772]  ? _raw_spin_unlock_irq+0x2a/0x40
[  106.585284][ T3772]  ? __fdget_pos+0x252/0x2e0
[  106.589878][ T3772]  ksys_write+0x177/0x2a0
[  106.594215][ T3772]  ? __ia32_sys_read+0x80/0x80
[  106.598970][ T3772]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  106.604951][ T3772]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  106.610941][ T3772]  do_syscall_64+0x3d/0xb0
[  106.615345][ T3772]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  106.621237][ T3772] RIP: 0033:0x7f0fa5191c89
[  106.625658][ T3772] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  106.645340][ T3772] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid  3772] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3772] exit_group(0)               = ?
[pid  3772] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3772, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./125", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./125", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./125/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./125/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./125/binderfs")                = 0
umount2("./125/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./125/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./125/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./125/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./125/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./125/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./125")                          = 0
mkdir("./126", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3773
./strace-static-x86_64: Process 3773 attached
[pid  3773] chdir("./126")              = 0
[pid  3773] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3773] setpgid(0, 0)               = 0
[pid  3773] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3773] write(3, "1000", 4)         = 4
[pid  3773] close(3)                    = 0
[pid  3773] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3773] memfd_create("syzkaller", 0) = 3
[pid  3773] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3773] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[  106.653743][ T3772] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  106.661703][ T3772] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  106.669671][ T3772] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  106.677638][ T3772] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  106.685610][ T3772] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000007d
[  106.693583][ T3772]  </TASK>
[pid  3773] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3773] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3773] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3773] close(3)                    = 0
[pid  3773] mkdir("./file0", 0777)      = 0
[pid  3773] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3773] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3773] chdir("./file0")            = 0
[pid  3773] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3773] close(4)                    = 0
[pid  3773] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3773] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3773] write(5, "13", 2)           = 2
[  106.743727][ T3773] loop0: detected capacity change from 0 to 64
[  106.774724][ T3773] FAULT_INJECTION: forcing a failure.
[  106.774724][ T3773] name failslab, interval 1, probability 0, space 0, times 0
[  106.787672][ T3773] CPU: 0 PID: 3773 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  106.798098][ T3773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  106.808145][ T3773] Call Trace:
[  106.811425][ T3773]  <TASK>
[  106.814369][ T3773]  dump_stack_lvl+0x1b1/0x28e
[  106.819050][ T3773]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  106.824513][ T3773]  ? panic+0x710/0x710
[  106.828570][ T3773]  ? __might_sleep+0xc0/0xc0
[  106.833146][ T3773]  ? __mutex_lock_common+0x45f/0x26e0
[  106.838516][ T3773]  should_fail_ex+0x395/0x4c0
[  106.843206][ T3773]  ? hfs_find_init+0x8b/0x1e0
[  106.847896][ T3773]  should_failslab+0x5/0x20
[  106.852389][ T3773]  __kmem_cache_alloc_node+0x69/0x310
[  106.857754][ T3773]  ? hfs_find_init+0x8b/0x1e0
[  106.862434][ T3773]  __kmalloc+0x9e/0x1a0
[  106.866612][ T3773]  hfs_find_init+0x8b/0x1e0
[  106.871120][ T3773]  hfs_extend_file+0x2f8/0x1420
[  106.875985][ T3773]  ? hfs_get_block+0xbb0/0xbb0
[  106.880757][ T3773]  ? lru_cache_disable+0x30/0x30
[  106.885697][ T3773]  ? __might_sleep+0xc0/0xc0
[  106.890306][ T3773]  hfs_get_block+0x3fc/0xbb0
[  106.894895][ T3773]  ? hfs_free_extents+0x420/0x420
[  106.899910][ T3773]  ? do_raw_spin_unlock+0x134/0x8a0
[  106.905120][ T3773]  ? create_page_buffers+0x244/0x4b0
[  106.910422][ T3773]  __block_write_begin_int+0x54c/0x1a80
[  106.916017][ T3773]  ? hfs_free_extents+0x420/0x420
[  106.921415][ T3773]  ? page_zero_new_buffers+0x940/0x940
[  106.926900][ T3773]  ? PageHeadHuge+0x8a/0x1d0
[  106.931501][ T3773]  ? hfs_free_extents+0x420/0x420
[  106.936524][ T3773]  block_write_begin+0x93/0x1e0
[  106.941416][ T3773]  ? cont_write_begin+0x5e5/0x860
[  106.946434][ T3773]  ? hfs_free_extents+0x420/0x420
[  106.951457][ T3773]  cont_write_begin+0x606/0x860
[  106.956324][ T3773]  ? fault_in_readable+0x1d5/0x310
[  106.961430][ T3773]  ? generic_cont_expand_simple+0x250/0x250
[  106.967399][ T3773]  ? fault_in_readable+0x219/0x310
[  106.972503][ T3773]  ? fault_in_safe_writeable+0x240/0x240
[  106.978131][ T3773]  hfs_write_begin+0x86/0xd0
[  106.982710][ T3773]  ? hfs_free_extents+0x420/0x420
[  106.987724][ T3773]  generic_perform_write+0x2e4/0x5e0
[  106.993041][ T3773]  ? __block_commit_write+0x420/0x420
[  106.998418][ T3773]  ? generic_file_direct_write+0x610/0x610
[  107.004234][ T3773]  ? __file_remove_privs+0x6c0/0x6c0
[  107.009511][ T3773]  ? generic_write_checks+0x15c/0x1c0
[  107.014894][ T3773]  __generic_file_write_iter+0x176/0x400
[  107.020540][ T3773]  generic_file_write_iter+0xab/0x310
[  107.025913][ T3773]  vfs_write+0x7dc/0xc50
[  107.030172][ T3773]  ? file_end_write+0x230/0x230
[  107.035008][ T3773]  ? ptrace_stop+0x74d/0x970
[  107.039612][ T3773]  ? _raw_spin_unlock_irq+0x2a/0x40
[  107.044824][ T3773]  ? __fdget_pos+0x252/0x2e0
[  107.049414][ T3773]  ksys_write+0x177/0x2a0
[  107.053741][ T3773]  ? __ia32_sys_read+0x80/0x80
[  107.058507][ T3773]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  107.064490][ T3773]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  107.070469][ T3773]  do_syscall_64+0x3d/0xb0
[  107.074883][ T3773]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  107.080775][ T3773] RIP: 0033:0x7f0fa5191c89
[  107.085190][ T3773] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  107.104792][ T3773] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  107.113203][ T3773] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  107.121171][ T3773] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  107.129143][ T3773] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  107.137113][ T3773] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  3773] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3773] exit_group(0)               = ?
[pid  3773] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3773, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./126", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./126", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./126/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./126/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./126/binderfs")                = 0
umount2("./126/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./126/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./126/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./126/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./126/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./126/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./126")                          = 0
mkdir("./127", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3774
./strace-static-x86_64: Process 3774 attached
[pid  3774] chdir("./127")              = 0
[pid  3774] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3774] setpgid(0, 0)               = 0
[pid  3774] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3774] write(3, "1000", 4)         = 4
[pid  3774] close(3)                    = 0
[pid  3774] symlink("/dev/binderfs", "./binderfs") = 0
[  107.145080][ T3773] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000007e
[  107.153065][ T3773]  </TASK>
[pid  3774] memfd_create("syzkaller", 0) = 3
[pid  3774] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3774] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3774] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3774] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3774] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3774] close(3)                    = 0
[pid  3774] mkdir("./file0", 0777)      = 0
[pid  3774] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3774] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3774] chdir("./file0")            = 0
[pid  3774] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3774] close(4)                    = 0
[pid  3774] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3774] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3774] write(5, "13", 2)           = 2
[  107.212121][ T3774] loop0: detected capacity change from 0 to 64
[  107.242021][ T3774] FAULT_INJECTION: forcing a failure.
[  107.242021][ T3774] name failslab, interval 1, probability 0, space 0, times 0
[  107.254938][ T3774] CPU: 1 PID: 3774 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  107.265354][ T3774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  107.275414][ T3774] Call Trace:
[  107.278697][ T3774]  <TASK>
[  107.281626][ T3774]  dump_stack_lvl+0x1b1/0x28e
[  107.286307][ T3774]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  107.291766][ T3774]  ? panic+0x710/0x710
[  107.295834][ T3774]  ? __might_sleep+0xc0/0xc0
[  107.300455][ T3774]  ? __mutex_lock_common+0x45f/0x26e0
[  107.305859][ T3774]  should_fail_ex+0x395/0x4c0
[  107.310573][ T3774]  ? hfs_find_init+0x8b/0x1e0
[  107.315442][ T3774]  should_failslab+0x5/0x20
[  107.319970][ T3774]  __kmem_cache_alloc_node+0x69/0x310
[  107.325379][ T3774]  ? hfs_find_init+0x8b/0x1e0
[  107.330068][ T3774]  __kmalloc+0x9e/0x1a0
[  107.334242][ T3774]  hfs_find_init+0x8b/0x1e0
[  107.338752][ T3774]  hfs_extend_file+0x2f8/0x1420
[  107.343619][ T3774]  ? hfs_get_block+0xbb0/0xbb0
[  107.348385][ T3774]  ? lru_cache_disable+0x30/0x30
[  107.353357][ T3774]  ? __might_sleep+0xc0/0xc0
[  107.358051][ T3774]  hfs_get_block+0x3fc/0xbb0
[  107.362661][ T3774]  ? hfs_free_extents+0x420/0x420
[  107.367683][ T3774]  ? do_raw_spin_unlock+0x134/0x8a0
[  107.372993][ T3774]  ? create_page_buffers+0x244/0x4b0
[  107.378299][ T3774]  __block_write_begin_int+0x54c/0x1a80
[  107.383879][ T3774]  ? hfs_free_extents+0x420/0x420
[  107.388929][ T3774]  ? page_zero_new_buffers+0x940/0x940
[  107.394401][ T3774]  ? PageHeadHuge+0x8a/0x1d0
[  107.398999][ T3774]  ? hfs_free_extents+0x420/0x420
[  107.404023][ T3774]  block_write_begin+0x93/0x1e0
[  107.408882][ T3774]  ? cont_write_begin+0x5e5/0x860
[  107.413910][ T3774]  ? hfs_free_extents+0x420/0x420
[  107.418933][ T3774]  cont_write_begin+0x606/0x860
[  107.423793][ T3774]  ? fault_in_readable+0x1d5/0x310
[  107.428995][ T3774]  ? generic_cont_expand_simple+0x250/0x250
[  107.434891][ T3774]  ? fault_in_readable+0x219/0x310
[  107.440004][ T3774]  ? fault_in_safe_writeable+0x240/0x240
[  107.445646][ T3774]  hfs_write_begin+0x86/0xd0
[  107.450232][ T3774]  ? hfs_free_extents+0x420/0x420
[  107.455258][ T3774]  generic_perform_write+0x2e4/0x5e0
[  107.460554][ T3774]  ? __block_commit_write+0x420/0x420
[  107.465930][ T3774]  ? generic_file_direct_write+0x610/0x610
[  107.471737][ T3774]  ? __file_remove_privs+0x6c0/0x6c0
[  107.477030][ T3774]  ? generic_write_checks+0x15c/0x1c0
[  107.482417][ T3774]  __generic_file_write_iter+0x176/0x400
[  107.488065][ T3774]  generic_file_write_iter+0xab/0x310
[  107.493444][ T3774]  vfs_write+0x7dc/0xc50
[  107.497697][ T3774]  ? file_end_write+0x230/0x230
[  107.502562][ T3774]  ? ptrace_stop+0x74d/0x970
[  107.507182][ T3774]  ? _raw_spin_unlock_irq+0x2a/0x40
[  107.512399][ T3774]  ? __fdget_pos+0x252/0x2e0
[  107.517005][ T3774]  ksys_write+0x177/0x2a0
[  107.521348][ T3774]  ? __ia32_sys_read+0x80/0x80
[  107.526118][ T3774]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  107.532105][ T3774]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  107.538087][ T3774]  do_syscall_64+0x3d/0xb0
[  107.542503][ T3774]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  107.548393][ T3774] RIP: 0033:0x7f0fa5191c89
[  107.552810][ T3774] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  107.572414][ T3774] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  107.580831][ T3774] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  107.588884][ T3774] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  107.596849][ T3774] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  107.604817][ T3774] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  3774] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3774] exit_group(0)               = ?
[pid  3774] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3774, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./127", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./127", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./127/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./127/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./127/binderfs")                = 0
umount2("./127/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./127/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./127/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./127/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./127/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./127/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./127")                          = 0
mkdir("./128", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3775 attached
, child_tidptr=0x555555b7f5d0) = 3775
[pid  3775] chdir("./128")              = 0
[pid  3775] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3775] setpgid(0, 0)               = 0
[pid  3775] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3775] write(3, "1000", 4)         = 4
[pid  3775] close(3)                    = 0
[pid  3775] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3775] memfd_create("syzkaller", 0) = 3
[pid  3775] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3775] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3775] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3775] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[  107.612787][ T3774] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000007f
[  107.620767][ T3774]  </TASK>
[pid  3775] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3775] close(3)                    = 0
[pid  3775] mkdir("./file0", 0777)      = 0
[pid  3775] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3775] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3775] chdir("./file0")            = 0
[pid  3775] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3775] close(4)                    = 0
[pid  3775] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3775] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3775] write(5, "13", 2)           = 2
[  107.665333][ T3775] loop0: detected capacity change from 0 to 64
[  107.684205][ T3775] FAULT_INJECTION: forcing a failure.
[  107.684205][ T3775] name failslab, interval 1, probability 0, space 0, times 0
[  107.697929][ T3775] CPU: 0 PID: 3775 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  107.708360][ T3775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  107.718408][ T3775] Call Trace:
[  107.721680][ T3775]  <TASK>
[  107.724601][ T3775]  dump_stack_lvl+0x1b1/0x28e
[  107.729277][ T3775]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  107.734744][ T3775]  ? panic+0x710/0x710
[  107.738814][ T3775]  ? __might_sleep+0xc0/0xc0
[  107.743392][ T3775]  ? __mutex_lock_common+0x45f/0x26e0
[  107.748759][ T3775]  should_fail_ex+0x395/0x4c0
[  107.753432][ T3775]  ? hfs_find_init+0x8b/0x1e0
[  107.758125][ T3775]  should_failslab+0x5/0x20
[  107.762618][ T3775]  __kmem_cache_alloc_node+0x69/0x310
[  107.767983][ T3775]  ? rcu_lock_release+0x5/0x20
[  107.772737][ T3775]  ? hfs_find_init+0x8b/0x1e0
[  107.777408][ T3775]  __kmalloc+0x9e/0x1a0
[  107.781558][ T3775]  hfs_find_init+0x8b/0x1e0
[  107.786064][ T3775]  hfs_extend_file+0x2f8/0x1420
[  107.790922][ T3775]  ? xas_find+0x937/0xa60
[  107.795246][ T3775]  ? hfs_get_block+0xbb0/0xbb0
[  107.799995][ T3775]  ? filemap_get_folios+0x557/0x830
[  107.805190][ T3775]  ? find_lock_entries+0xf60/0xf60
[  107.810310][ T3775]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  107.816211][ T3775]  hfs_get_block+0x3fc/0xbb0
[  107.820803][ T3775]  ? hfs_free_extents+0x420/0x420
[  107.825839][ T3775]  ? do_raw_spin_unlock+0x134/0x8a0
[  107.831048][ T3775]  ? create_page_buffers+0x244/0x4b0
[  107.836326][ T3775]  __block_write_begin_int+0x54c/0x1a80
[  107.841880][ T3775]  ? hfs_free_extents+0x420/0x420
[  107.846889][ T3775]  ? page_zero_new_buffers+0x940/0x940
[  107.852338][ T3775]  ? PageHeadHuge+0x8a/0x1d0
[  107.856920][ T3775]  ? hfs_free_extents+0x420/0x420
[  107.861930][ T3775]  block_write_begin+0x93/0x1e0
[  107.866770][ T3775]  ? cont_write_begin+0x5e5/0x860
[  107.871783][ T3775]  ? hfs_free_extents+0x420/0x420
[  107.876806][ T3775]  cont_write_begin+0x606/0x860
[  107.881664][ T3775]  ? fault_in_readable+0x1d5/0x310
[  107.886768][ T3775]  ? generic_cont_expand_simple+0x250/0x250
[  107.892651][ T3775]  ? fault_in_readable+0x219/0x310
[  107.897751][ T3775]  ? fault_in_safe_writeable+0x240/0x240
[  107.903376][ T3775]  hfs_write_begin+0x86/0xd0
[  107.907955][ T3775]  ? hfs_free_extents+0x420/0x420
[  107.912970][ T3775]  generic_perform_write+0x2e4/0x5e0
[  107.918250][ T3775]  ? __block_commit_write+0x420/0x420
[  107.923612][ T3775]  ? generic_file_direct_write+0x610/0x610
[  107.929406][ T3775]  ? __file_remove_privs+0x6c0/0x6c0
[  107.934679][ T3775]  ? generic_write_checks+0x15c/0x1c0
[  107.940047][ T3775]  __generic_file_write_iter+0x176/0x400
[  107.945676][ T3775]  generic_file_write_iter+0xab/0x310
[  107.951041][ T3775]  vfs_write+0x7dc/0xc50
[  107.955282][ T3775]  ? file_end_write+0x230/0x230
[  107.960118][ T3775]  ? ptrace_stop+0x74d/0x970
[  107.964713][ T3775]  ? _raw_spin_unlock_irq+0x2a/0x40
[  107.969916][ T3775]  ? __fdget_pos+0x252/0x2e0
[  107.974510][ T3775]  ksys_write+0x177/0x2a0
[  107.978842][ T3775]  ? __ia32_sys_read+0x80/0x80
[  107.983605][ T3775]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  107.989585][ T3775]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  107.995566][ T3775]  do_syscall_64+0x3d/0xb0
[  107.999984][ T3775]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  108.005871][ T3775] RIP: 0033:0x7f0fa5191c89
[  108.010285][ T3775] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  108.029886][ T3775] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  108.038300][ T3775] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  108.046268][ T3775] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  108.054232][ T3775] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3775] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3775] exit_group(0)               = ?
[pid  3775] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3775, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./128", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./128", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./128/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./128/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./128/binderfs")                = 0
umount2("./128/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./128/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./128/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./128/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./128/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./128/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./128")                          = 0
mkdir("./129", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3776
./strace-static-x86_64: Process 3776 attached
[pid  3776] chdir("./129")              = 0
[pid  3776] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3776] setpgid(0, 0)               = 0
[pid  3776] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3776] write(3, "1000", 4)         = 4
[pid  3776] close(3)                    = 0
[pid  3776] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3776] memfd_create("syzkaller", 0) = 3
[pid  3776] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3776] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3776] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3776] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[  108.062199][ T3775] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  108.070166][ T3775] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000080
[  108.078147][ T3775]  </TASK>
[pid  3776] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3776] close(3)                    = 0
[pid  3776] mkdir("./file0", 0777)      = 0
[pid  3776] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3776] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3776] chdir("./file0")            = 0
[pid  3776] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3776] close(4)                    = 0
[pid  3776] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3776] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3776] write(5, "13", 2)           = 2
[  108.122985][ T3776] loop0: detected capacity change from 0 to 64
[  108.155130][ T3776] FAULT_INJECTION: forcing a failure.
[  108.155130][ T3776] name failslab, interval 1, probability 0, space 0, times 0
[  108.167922][ T3776] CPU: 0 PID: 3776 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  108.178357][ T3776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  108.188427][ T3776] Call Trace:
[  108.191702][ T3776]  <TASK>
[  108.194745][ T3776]  dump_stack_lvl+0x1b1/0x28e
[  108.199431][ T3776]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  108.204894][ T3776]  ? panic+0x710/0x710
[  108.208985][ T3776]  ? __might_sleep+0xc0/0xc0
[  108.213588][ T3776]  ? __mutex_lock_common+0x45f/0x26e0
[  108.218967][ T3776]  should_fail_ex+0x395/0x4c0
[  108.223649][ T3776]  ? hfs_find_init+0x8b/0x1e0
[  108.228335][ T3776]  should_failslab+0x5/0x20
[  108.232851][ T3776]  __kmem_cache_alloc_node+0x69/0x310
[  108.238218][ T3776]  ? hfs_find_init+0x8b/0x1e0
[  108.242896][ T3776]  __kmalloc+0x9e/0x1a0
[  108.247049][ T3776]  hfs_find_init+0x8b/0x1e0
[  108.251546][ T3776]  hfs_extend_file+0x2f8/0x1420
[  108.256394][ T3776]  ? hfs_get_block+0xbb0/0xbb0
[  108.261149][ T3776]  ? lru_cache_disable+0x30/0x30
[  108.266079][ T3776]  ? __might_sleep+0xc0/0xc0
[  108.270709][ T3776]  hfs_get_block+0x3fc/0xbb0
[  108.275328][ T3776]  ? hfs_free_extents+0x420/0x420
[  108.280433][ T3776]  ? do_raw_spin_unlock+0x134/0x8a0
[  108.285633][ T3776]  ? create_page_buffers+0x244/0x4b0
[  108.290918][ T3776]  __block_write_begin_int+0x54c/0x1a80
[  108.296509][ T3776]  ? hfs_free_extents+0x420/0x420
[  108.301546][ T3776]  ? page_zero_new_buffers+0x940/0x940
[  108.307000][ T3776]  ? PageHeadHuge+0x8a/0x1d0
[  108.311606][ T3776]  ? hfs_free_extents+0x420/0x420
[  108.316735][ T3776]  block_write_begin+0x93/0x1e0
[  108.321599][ T3776]  ? cont_write_begin+0x5e5/0x860
[  108.326641][ T3776]  ? hfs_free_extents+0x420/0x420
[  108.331675][ T3776]  cont_write_begin+0x606/0x860
[  108.336535][ T3776]  ? fault_in_readable+0x1d5/0x310
[  108.341654][ T3776]  ? generic_cont_expand_simple+0x250/0x250
[  108.347549][ T3776]  ? fault_in_readable+0x219/0x310
[  108.352657][ T3776]  ? fault_in_safe_writeable+0x240/0x240
[  108.358288][ T3776]  hfs_write_begin+0x86/0xd0
[  108.362871][ T3776]  ? hfs_free_extents+0x420/0x420
[  108.367892][ T3776]  generic_perform_write+0x2e4/0x5e0
[  108.373193][ T3776]  ? __block_commit_write+0x420/0x420
[  108.378590][ T3776]  ? generic_file_direct_write+0x610/0x610
[  108.384409][ T3776]  ? __file_remove_privs+0x6c0/0x6c0
[  108.389697][ T3776]  ? generic_write_checks+0x15c/0x1c0
[  108.395095][ T3776]  __generic_file_write_iter+0x176/0x400
[  108.400771][ T3776]  generic_file_write_iter+0xab/0x310
[  108.406171][ T3776]  vfs_write+0x7dc/0xc50
[  108.410455][ T3776]  ? file_end_write+0x230/0x230
[  108.415317][ T3776]  ? ptrace_stop+0x74d/0x970
[  108.419950][ T3776]  ? _raw_spin_unlock_irq+0x2a/0x40
[  108.425165][ T3776]  ? __fdget_pos+0x252/0x2e0
[  108.429767][ T3776]  ksys_write+0x177/0x2a0
[  108.434112][ T3776]  ? __ia32_sys_read+0x80/0x80
[  108.438868][ T3776]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  108.444854][ T3776]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  108.450862][ T3776]  do_syscall_64+0x3d/0xb0
[  108.455276][ T3776]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  108.461161][ T3776] RIP: 0033:0x7f0fa5191c89
[  108.465571][ T3776] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  108.485184][ T3776] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  108.493612][ T3776] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  108.501589][ T3776] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  108.509584][ T3776] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3776] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3776] exit_group(0)               = ?
[pid  3776] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3776, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./129", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./129", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./129/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./129/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./129/binderfs")                = 0
umount2("./129/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./129/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./129/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./129/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./129/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./129/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./129")                          = 0
mkdir("./130", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3777
./strace-static-x86_64: Process 3777 attached
[pid  3777] chdir("./130")              = 0
[  108.517548][ T3776] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  108.525521][ T3776] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000081
[  108.533671][ T3776]  </TASK>
[pid  3777] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3777] setpgid(0, 0)               = 0
[pid  3777] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3777] write(3, "1000", 4)         = 4
[pid  3777] close(3)                    = 0
[pid  3777] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3777] memfd_create("syzkaller", 0) = 3
[pid  3777] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3777] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3777] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3777] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3777] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3777] close(3)                    = 0
[pid  3777] mkdir("./file0", 0777)      = 0
[pid  3777] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3777] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3777] chdir("./file0")            = 0
[pid  3777] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3777] close(4)                    = 0
[pid  3777] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3777] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3777] write(5, "13", 2)           = 2
[  108.598568][ T3777] loop0: detected capacity change from 0 to 64
[  108.623501][ T3777] FAULT_INJECTION: forcing a failure.
[  108.623501][ T3777] name failslab, interval 1, probability 0, space 0, times 0
[  108.636413][ T3777] CPU: 0 PID: 3777 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  108.646851][ T3777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  108.656910][ T3777] Call Trace:
[  108.660179][ T3777]  <TASK>
[  108.663099][ T3777]  dump_stack_lvl+0x1b1/0x28e
[  108.667775][ T3777]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  108.673238][ T3777]  ? panic+0x710/0x710
[  108.677299][ T3777]  ? __might_sleep+0xc0/0xc0
[  108.681887][ T3777]  ? __mutex_lock_common+0x45f/0x26e0
[  108.687252][ T3777]  should_fail_ex+0x395/0x4c0
[  108.691927][ T3777]  ? hfs_find_init+0x8b/0x1e0
[  108.696608][ T3777]  should_failslab+0x5/0x20
[  108.701112][ T3777]  __kmem_cache_alloc_node+0x69/0x310
[  108.706483][ T3777]  ? rcu_lock_release+0x5/0x20
[  108.711247][ T3777]  ? hfs_find_init+0x8b/0x1e0
[  108.715934][ T3777]  __kmalloc+0x9e/0x1a0
[  108.720103][ T3777]  hfs_find_init+0x8b/0x1e0
[  108.724609][ T3777]  hfs_extend_file+0x2f8/0x1420
[  108.729459][ T3777]  ? xas_find+0x937/0xa60
[  108.733797][ T3777]  ? hfs_get_block+0xbb0/0xbb0
[  108.738555][ T3777]  ? filemap_get_folios+0x557/0x830
[  108.743756][ T3777]  ? find_lock_entries+0xf60/0xf60
[  108.748892][ T3777]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  108.754798][ T3777]  hfs_get_block+0x3fc/0xbb0
[  108.759401][ T3777]  ? hfs_free_extents+0x420/0x420
[  108.764419][ T3777]  ? do_raw_spin_unlock+0x134/0x8a0
[  108.769623][ T3777]  ? create_page_buffers+0x244/0x4b0
[  108.774914][ T3777]  __block_write_begin_int+0x54c/0x1a80
[  108.780487][ T3777]  ? hfs_free_extents+0x420/0x420
[  108.785508][ T3777]  ? page_zero_new_buffers+0x940/0x940
[  108.790969][ T3777]  ? PageHeadHuge+0x8a/0x1d0
[  108.795566][ T3777]  ? hfs_free_extents+0x420/0x420
[  108.800587][ T3777]  block_write_begin+0x93/0x1e0
[  108.805440][ T3777]  ? cont_write_begin+0x5e5/0x860
[  108.810465][ T3777]  ? hfs_free_extents+0x420/0x420
[  108.815575][ T3777]  cont_write_begin+0x606/0x860
[  108.820451][ T3777]  ? fault_in_readable+0x1d5/0x310
[  108.825569][ T3777]  ? generic_cont_expand_simple+0x250/0x250
[  108.831462][ T3777]  ? fault_in_readable+0x219/0x310
[  108.836576][ T3777]  ? fault_in_safe_writeable+0x240/0x240
[  108.842215][ T3777]  hfs_write_begin+0x86/0xd0
[  108.846800][ T3777]  ? hfs_free_extents+0x420/0x420
[  108.851824][ T3777]  generic_perform_write+0x2e4/0x5e0
[  108.857115][ T3777]  ? __block_commit_write+0x420/0x420
[  108.862491][ T3777]  ? generic_file_direct_write+0x610/0x610
[  108.868296][ T3777]  ? __file_remove_privs+0x6c0/0x6c0
[  108.873584][ T3777]  ? generic_write_checks+0x15c/0x1c0
[  108.878965][ T3777]  __generic_file_write_iter+0x176/0x400
[  108.884608][ T3777]  generic_file_write_iter+0xab/0x310
[  108.889986][ T3777]  vfs_write+0x7dc/0xc50
[  108.894236][ T3777]  ? file_end_write+0x230/0x230
[  108.899087][ T3777]  ? ptrace_stop+0x74d/0x970
[  108.903688][ T3777]  ? _raw_spin_unlock_irq+0x2a/0x40
[  108.908896][ T3777]  ? __fdget_pos+0x252/0x2e0
[  108.913491][ T3777]  ksys_write+0x177/0x2a0
[  108.917824][ T3777]  ? __ia32_sys_read+0x80/0x80
[  108.922587][ T3777]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  108.928742][ T3777]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  108.934724][ T3777]  do_syscall_64+0x3d/0xb0
[  108.939144][ T3777]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  108.945031][ T3777] RIP: 0033:0x7f0fa5191c89
[  108.949443][ T3777] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  108.969048][ T3777] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  108.977456][ T3777] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  108.985424][ T3777] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid  3777] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3777] exit_group(0)               = ?
[pid  3777] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3777, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
umount2("./130", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./130", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./130/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./130/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./130/binderfs")                = 0
umount2("./130/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./130/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./130/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./130/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./130/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./130/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./130")                          = 0
mkdir("./131", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3778
./strace-static-x86_64: Process 3778 attached
[pid  3778] chdir("./131")              = 0
[pid  3778] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3778] setpgid(0, 0)               = 0
[pid  3778] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3778] write(3, "1000", 4)         = 4
[pid  3778] close(3)                    = 0
[pid  3778] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3778] memfd_create("syzkaller", 0) = 3
[pid  3778] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[  108.993388][ T3777] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  109.001352][ T3777] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  109.009318][ T3777] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000082
[  109.017300][ T3777]  </TASK>
[pid  3778] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3778] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3778] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3778] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3778] close(3)                    = 0
[pid  3778] mkdir("./file0", 0777)      = 0
[pid  3778] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3778] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3778] chdir("./file0")            = 0
[pid  3778] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3778] close(4)                    = 0
[pid  3778] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3778] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3778] write(5, "13", 2)           = 2
[  109.065376][ T3778] loop0: detected capacity change from 0 to 64
[  109.086050][ T3778] FAULT_INJECTION: forcing a failure.
[  109.086050][ T3778] name failslab, interval 1, probability 0, space 0, times 0
[  109.098818][ T3778] CPU: 0 PID: 3778 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  109.109247][ T3778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  109.119298][ T3778] Call Trace:
[  109.122580][ T3778]  <TASK>
[  109.125502][ T3778]  dump_stack_lvl+0x1b1/0x28e
[  109.130171][ T3778]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  109.135619][ T3778]  ? panic+0x710/0x710
[  109.139680][ T3778]  ? __might_sleep+0xc0/0xc0
[  109.144255][ T3778]  ? __mutex_lock_common+0x45f/0x26e0
[  109.149624][ T3778]  should_fail_ex+0x395/0x4c0
[  109.154298][ T3778]  ? hfs_find_init+0x8b/0x1e0
[  109.158970][ T3778]  should_failslab+0x5/0x20
[  109.163467][ T3778]  __kmem_cache_alloc_node+0x69/0x310
[  109.168842][ T3778]  ? hfs_find_init+0x8b/0x1e0
[  109.173522][ T3778]  __kmalloc+0x9e/0x1a0
[  109.177696][ T3778]  hfs_find_init+0x8b/0x1e0
[  109.182203][ T3778]  hfs_extend_file+0x2f8/0x1420
[  109.187059][ T3778]  ? hfs_get_block+0xbb0/0xbb0
[  109.191819][ T3778]  ? lru_cache_disable+0x30/0x30
[  109.196765][ T3778]  ? __might_sleep+0xc0/0xc0
[  109.201409][ T3778]  hfs_get_block+0x3fc/0xbb0
[  109.206020][ T3778]  ? hfs_free_extents+0x420/0x420
[  109.211040][ T3778]  ? do_raw_spin_unlock+0x134/0x8a0
[  109.216239][ T3778]  ? create_page_buffers+0x244/0x4b0
[  109.221524][ T3778]  __block_write_begin_int+0x54c/0x1a80
[  109.227081][ T3778]  ? hfs_free_extents+0x420/0x420
[  109.232104][ T3778]  ? page_zero_new_buffers+0x940/0x940
[  109.237587][ T3778]  ? PageHeadHuge+0x8a/0x1d0
[  109.242189][ T3778]  ? hfs_free_extents+0x420/0x420
[  109.247213][ T3778]  block_write_begin+0x93/0x1e0
[  109.252075][ T3778]  ? cont_write_begin+0x5e5/0x860
[  109.257092][ T3778]  ? hfs_free_extents+0x420/0x420
[  109.262105][ T3778]  cont_write_begin+0x606/0x860
[  109.266956][ T3778]  ? fault_in_readable+0x1d5/0x310
[  109.272074][ T3778]  ? generic_cont_expand_simple+0x250/0x250
[  109.277978][ T3778]  ? fault_in_readable+0x219/0x310
[  109.283092][ T3778]  ? fault_in_safe_writeable+0x240/0x240
[  109.288758][ T3778]  hfs_write_begin+0x86/0xd0
[  109.293336][ T3778]  ? hfs_free_extents+0x420/0x420
[  109.298350][ T3778]  generic_perform_write+0x2e4/0x5e0
[  109.303646][ T3778]  ? __block_commit_write+0x420/0x420
[  109.309038][ T3778]  ? generic_file_direct_write+0x610/0x610
[  109.314856][ T3778]  ? __file_remove_privs+0x6c0/0x6c0
[  109.320144][ T3778]  ? generic_write_checks+0x15c/0x1c0
[  109.325545][ T3778]  __generic_file_write_iter+0x176/0x400
[  109.331204][ T3778]  generic_file_write_iter+0xab/0x310
[  109.336601][ T3778]  vfs_write+0x7dc/0xc50
[  109.340872][ T3778]  ? file_end_write+0x230/0x230
[  109.345734][ T3778]  ? ptrace_stop+0x74d/0x970
[  109.350337][ T3778]  ? _raw_spin_unlock_irq+0x2a/0x40
[  109.355552][ T3778]  ? __fdget_pos+0x252/0x2e0
[  109.360152][ T3778]  ksys_write+0x177/0x2a0
[  109.364517][ T3778]  ? __ia32_sys_read+0x80/0x80
[  109.369296][ T3778]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  109.375269][ T3778]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  109.381264][ T3778]  do_syscall_64+0x3d/0xb0
[  109.385697][ T3778]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  109.391578][ T3778] RIP: 0033:0x7f0fa5191c89
[  109.396076][ T3778] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid  3778] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3778] exit_group(0)               = ?
[pid  3778] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3778, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./131", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./131", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./131/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./131/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./131/binderfs")                = 0
umount2("./131/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./131/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./131/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./131/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./131/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./131/file0")                    = 0
[  109.415682][ T3778] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  109.424090][ T3778] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  109.432059][ T3778] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  109.440019][ T3778] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  109.448078][ T3778] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  109.456139][ T3778] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000083
[  109.464116][ T3778]  </TASK>
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./131")                          = 0
mkdir("./132", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3779
./strace-static-x86_64: Process 3779 attached
[pid  3779] chdir("./132")              = 0
[pid  3779] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3779] setpgid(0, 0)               = 0
[pid  3779] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3779] write(3, "1000", 4)         = 4
[pid  3779] close(3)                    = 0
[pid  3779] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3779] memfd_create("syzkaller", 0) = 3
[pid  3779] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3779] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3779] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3779] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3779] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3779] close(3)                    = 0
[pid  3779] mkdir("./file0", 0777)      = 0
[pid  3779] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3779] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3779] chdir("./file0")            = 0
[pid  3779] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3779] close(4)                    = 0
[pid  3779] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3779] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3779] write(5, "13", 2)           = 2
[  109.525388][ T3779] loop0: detected capacity change from 0 to 64
[  109.565757][ T3779] FAULT_INJECTION: forcing a failure.
[  109.565757][ T3779] name failslab, interval 1, probability 0, space 0, times 0
[  109.578468][ T3779] CPU: 1 PID: 3779 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  109.588899][ T3779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  109.598981][ T3779] Call Trace:
[  109.602266][ T3779]  <TASK>
[  109.605200][ T3779]  dump_stack_lvl+0x1b1/0x28e
[  109.609880][ T3779]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  109.615336][ T3779]  ? panic+0x710/0x710
[  109.619411][ T3779]  ? __might_sleep+0xc0/0xc0
[  109.623995][ T3779]  ? __mutex_lock_common+0x45f/0x26e0
[  109.629387][ T3779]  should_fail_ex+0x395/0x4c0
[  109.634067][ T3779]  ? hfs_find_init+0x8b/0x1e0
[  109.638748][ T3779]  should_failslab+0x5/0x20
[  109.643251][ T3779]  __kmem_cache_alloc_node+0x69/0x310
[  109.648638][ T3779]  ? hfs_find_init+0x8b/0x1e0
[  109.653316][ T3779]  __kmalloc+0x9e/0x1a0
[  109.657482][ T3779]  hfs_find_init+0x8b/0x1e0
[  109.661992][ T3779]  hfs_extend_file+0x2f8/0x1420
[  109.666877][ T3779]  ? hfs_get_block+0xbb0/0xbb0
[  109.671639][ T3779]  ? lru_cache_disable+0x30/0x30
[  109.676578][ T3779]  ? __might_sleep+0xc0/0xc0
[  109.681183][ T3779]  hfs_get_block+0x3fc/0xbb0
[  109.685784][ T3779]  ? hfs_free_extents+0x420/0x420
[  109.690810][ T3779]  ? do_raw_spin_unlock+0x134/0x8a0
[  109.696019][ T3779]  ? create_page_buffers+0x244/0x4b0
[  109.701310][ T3779]  __block_write_begin_int+0x54c/0x1a80
[  109.706896][ T3779]  ? hfs_free_extents+0x420/0x420
[  109.711917][ T3779]  ? page_zero_new_buffers+0x940/0x940
[  109.717379][ T3779]  ? PageHeadHuge+0x8a/0x1d0
[  109.721970][ T3779]  ? hfs_free_extents+0x420/0x420
[  109.726988][ T3779]  block_write_begin+0x93/0x1e0
[  109.731838][ T3779]  ? cont_write_begin+0x5e5/0x860
[  109.736861][ T3779]  ? hfs_free_extents+0x420/0x420
[  109.741886][ T3779]  cont_write_begin+0x606/0x860
[  109.746743][ T3779]  ? fault_in_readable+0x1d5/0x310
[  109.751859][ T3779]  ? generic_cont_expand_simple+0x250/0x250
[  109.757754][ T3779]  ? fault_in_readable+0x219/0x310
[  109.762876][ T3779]  ? fault_in_safe_writeable+0x240/0x240
[  109.768514][ T3779]  hfs_write_begin+0x86/0xd0
[  109.773098][ T3779]  ? hfs_free_extents+0x420/0x420
[  109.778125][ T3779]  generic_perform_write+0x2e4/0x5e0
[  109.783420][ T3779]  ? __block_commit_write+0x420/0x420
[  109.788795][ T3779]  ? generic_file_direct_write+0x610/0x610
[  109.794598][ T3779]  ? __file_remove_privs+0x6c0/0x6c0
[  109.799970][ T3779]  ? generic_write_checks+0x15c/0x1c0
[  109.805354][ T3779]  __generic_file_write_iter+0x176/0x400
[  109.810993][ T3779]  generic_file_write_iter+0xab/0x310
[  109.816363][ T3779]  vfs_write+0x7dc/0xc50
[  109.820613][ T3779]  ? file_end_write+0x230/0x230
[  109.825461][ T3779]  ? ptrace_stop+0x74d/0x970
[  109.830059][ T3779]  ? _raw_spin_unlock_irq+0x2a/0x40
[  109.835261][ T3779]  ? __fdget_pos+0x252/0x2e0
[  109.839857][ T3779]  ksys_write+0x177/0x2a0
[  109.844189][ T3779]  ? __ia32_sys_read+0x80/0x80
[  109.848957][ T3779]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  109.854938][ T3779]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  109.861004][ T3779]  do_syscall_64+0x3d/0xb0
[  109.865419][ T3779]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  109.871326][ T3779] RIP: 0033:0x7f0fa5191c89
[  109.875741][ T3779] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  109.895353][ T3779] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  109.903763][ T3779] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[pid  3779] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3779] exit_group(0)               = ?
[pid  3779] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3779, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./132", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./132", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./132/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./132/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./132/binderfs")                = 0
umount2("./132/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./132/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./132/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./132/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./132/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./132/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./132")                          = 0
mkdir("./133", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
[  109.911728][ T3779] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  109.919696][ T3779] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  109.927661][ T3779] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  109.935627][ T3779] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000084
[  109.943621][ T3779]  </TASK>
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3780
./strace-static-x86_64: Process 3780 attached
[pid  3780] chdir("./133")              = 0
[pid  3780] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3780] setpgid(0, 0)               = 0
[pid  3780] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3780] write(3, "1000", 4)         = 4
[pid  3780] close(3)                    = 0
[pid  3780] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3780] memfd_create("syzkaller", 0) = 3
[pid  3780] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3780] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3780] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3780] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3780] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3780] close(3)                    = 0
[pid  3780] mkdir("./file0", 0777)      = 0
[pid  3780] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3780] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3780] chdir("./file0")            = 0
[pid  3780] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3780] close(4)                    = 0
[pid  3780] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3780] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3780] write(5, "13", 2)           = 2
[  109.991253][ T3780] loop0: detected capacity change from 0 to 64
[  110.013014][ T3780] FAULT_INJECTION: forcing a failure.
[  110.013014][ T3780] name failslab, interval 1, probability 0, space 0, times 0
[  110.025970][ T3780] CPU: 1 PID: 3780 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  110.036374][ T3780] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  110.046415][ T3780] Call Trace:
[  110.049681][ T3780]  <TASK>
[  110.052601][ T3780]  dump_stack_lvl+0x1b1/0x28e
[  110.057270][ T3780]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  110.062716][ T3780]  ? panic+0x710/0x710
[  110.066773][ T3780]  ? __might_sleep+0xc0/0xc0
[  110.071349][ T3780]  ? __mutex_lock_common+0x45f/0x26e0
[  110.076715][ T3780]  should_fail_ex+0x395/0x4c0
[  110.081381][ T3780]  ? hfs_find_init+0x8b/0x1e0
[  110.086047][ T3780]  should_failslab+0x5/0x20
[  110.090548][ T3780]  __kmem_cache_alloc_node+0x69/0x310
[  110.095927][ T3780]  ? hfs_find_init+0x8b/0x1e0
[  110.100606][ T3780]  __kmalloc+0x9e/0x1a0
[  110.104771][ T3780]  hfs_find_init+0x8b/0x1e0
[  110.109280][ T3780]  hfs_extend_file+0x2f8/0x1420
[  110.114134][ T3780]  ? hfs_get_block+0xbb0/0xbb0
[  110.118909][ T3780]  ? lru_cache_disable+0x30/0x30
[  110.123840][ T3780]  ? __might_sleep+0xc0/0xc0
[  110.128438][ T3780]  hfs_get_block+0x3fc/0xbb0
[  110.133026][ T3780]  ? hfs_free_extents+0x420/0x420
[  110.138032][ T3780]  ? do_raw_spin_unlock+0x134/0x8a0
[  110.143226][ T3780]  ? create_page_buffers+0x244/0x4b0
[  110.148503][ T3780]  __block_write_begin_int+0x54c/0x1a80
[  110.154053][ T3780]  ? hfs_free_extents+0x420/0x420
[  110.159067][ T3780]  ? page_zero_new_buffers+0x940/0x940
[  110.164515][ T3780]  ? PageHeadHuge+0x8a/0x1d0
[  110.169095][ T3780]  ? hfs_free_extents+0x420/0x420
[  110.174103][ T3780]  block_write_begin+0x93/0x1e0
[  110.178941][ T3780]  ? cont_write_begin+0x5e5/0x860
[  110.183955][ T3780]  ? hfs_free_extents+0x420/0x420
[  110.188964][ T3780]  cont_write_begin+0x606/0x860
[  110.193811][ T3780]  ? fault_in_readable+0x1d5/0x310
[  110.198917][ T3780]  ? generic_cont_expand_simple+0x250/0x250
[  110.204799][ T3780]  ? fault_in_readable+0x219/0x310
[  110.209902][ T3780]  ? fault_in_safe_writeable+0x240/0x240
[  110.215529][ T3780]  hfs_write_begin+0x86/0xd0
[  110.220106][ T3780]  ? hfs_free_extents+0x420/0x420
[  110.225116][ T3780]  generic_perform_write+0x2e4/0x5e0
[  110.230394][ T3780]  ? __block_commit_write+0x420/0x420
[  110.235757][ T3780]  ? generic_file_direct_write+0x610/0x610
[  110.241573][ T3780]  ? __file_remove_privs+0x6c0/0x6c0
[  110.246858][ T3780]  ? generic_write_checks+0x15c/0x1c0
[  110.252224][ T3780]  __generic_file_write_iter+0x176/0x400
[  110.257868][ T3780]  generic_file_write_iter+0xab/0x310
[  110.263231][ T3780]  vfs_write+0x7dc/0xc50
[  110.267467][ T3780]  ? file_end_write+0x230/0x230
[  110.272302][ T3780]  ? ptrace_stop+0x74d/0x970
[  110.276886][ T3780]  ? _raw_spin_unlock_irq+0x2a/0x40
[  110.282076][ T3780]  ? __fdget_pos+0x252/0x2e0
[  110.286654][ T3780]  ksys_write+0x177/0x2a0
[  110.290975][ T3780]  ? __ia32_sys_read+0x80/0x80
[  110.295736][ T3780]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  110.301707][ T3780]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  110.307675][ T3780]  do_syscall_64+0x3d/0xb0
[  110.312081][ T3780]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  110.317975][ T3780] RIP: 0033:0x7f0fa5191c89
[  110.322385][ T3780] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid  3780] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3780] exit_group(0)               = ?
[pid  3780] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3780, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./133", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./133", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./133/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./133/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./133/binderfs")                = 0
umount2("./133/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./133/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./133/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./133/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./133/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./133/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./133")                          = 0
mkdir("./134", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3781
./strace-static-x86_64: Process 3781 attached
[pid  3781] chdir("./134")              = 0
[pid  3781] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3781] setpgid(0, 0)               = 0
[pid  3781] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3781] write(3, "1000", 4)         = 4
[pid  3781] close(3)                    = 0
[pid  3781] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3781] memfd_create("syzkaller", 0) = 3
[pid  3781] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[  110.341983][ T3780] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  110.350402][ T3780] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  110.358375][ T3780] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  110.366357][ T3780] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  110.374318][ T3780] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  110.382288][ T3780] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000085
[  110.390271][ T3780]  </TASK>
[pid  3781] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3781] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3781] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3781] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3781] close(3)                    = 0
[pid  3781] mkdir("./file0", 0777)      = 0
[pid  3781] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3781] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3781] chdir("./file0")            = 0
[pid  3781] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3781] close(4)                    = 0
[pid  3781] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3781] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3781] write(5, "13", 2)           = 2
[  110.427773][ T3781] loop0: detected capacity change from 0 to 64
[  110.454417][ T3781] FAULT_INJECTION: forcing a failure.
[  110.454417][ T3781] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  110.467850][ T3781] CPU: 1 PID: 3781 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  110.478284][ T3781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  110.488335][ T3781] Call Trace:
[  110.491606][ T3781]  <TASK>
[  110.494587][ T3781]  dump_stack_lvl+0x1b1/0x28e
[  110.499261][ T3781]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  110.504756][ T3781]  ? panic+0x710/0x710
[  110.508825][ T3781]  ? do_anonymous_page+0xd4a/0x1150
[  110.514028][ T3781]  ? mark_lock+0x9a/0x350
[  110.518357][ T3781]  should_fail_ex+0x395/0x4c0
[  110.523041][ T3781]  prepare_alloc_pages+0x1d7/0x5a0
[  110.528162][ T3781]  __alloc_pages+0x161/0x560
[  110.532758][ T3781]  ? zone_statistics+0x160/0x160
[  110.537702][ T3781]  ? rcu_lock_release+0x5/0x20
[  110.542479][ T3781]  ? alloc_pages+0x520/0x7b0
[  110.547066][ T3781]  ? xas_descend+0x1f3/0x400
[  110.551665][ T3781]  folio_alloc+0x1a/0x50
[  110.555906][ T3781]  filemap_alloc_folio+0x7e/0x1c0
[  110.561040][ T3781]  __filemap_get_folio+0x898/0x1260
[  110.566416][ T3781]  ? page_cache_prev_miss+0x4e0/0x4e0
[  110.571787][ T3781]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[  110.577772][ T3781]  ? print_irqtrace_events+0x220/0x220
[  110.583239][ T3781]  pagecache_get_page+0x28/0x260
[  110.588182][ T3781]  ? hfs_free_extents+0x420/0x420
[  110.593203][ T3781]  block_write_begin+0x2e/0x1e0
[  110.598060][ T3781]  ? cont_write_begin+0x5e5/0x860
[  110.603085][ T3781]  ? hfs_free_extents+0x420/0x420
[  110.608109][ T3781]  cont_write_begin+0x606/0x860
[  110.612968][ T3781]  ? fault_in_readable+0x1d5/0x310
[  110.618080][ T3781]  ? generic_cont_expand_simple+0x250/0x250
[  110.623973][ T3781]  ? fault_in_readable+0x219/0x310
[  110.629086][ T3781]  ? fault_in_safe_writeable+0x240/0x240
[  110.634736][ T3781]  hfs_write_begin+0x86/0xd0
[  110.639332][ T3781]  ? hfs_free_extents+0x420/0x420
[  110.644356][ T3781]  generic_perform_write+0x2e4/0x5e0
[  110.649647][ T3781]  ? __block_commit_write+0x420/0x420
[  110.655025][ T3781]  ? generic_file_direct_write+0x610/0x610
[  110.660834][ T3781]  ? __file_remove_privs+0x6c0/0x6c0
[  110.666123][ T3781]  ? generic_write_checks+0x15c/0x1c0
[  110.671519][ T3781]  __generic_file_write_iter+0x176/0x400
[  110.677156][ T3781]  generic_file_write_iter+0xab/0x310
[  110.682532][ T3781]  vfs_write+0x7dc/0xc50
[  110.686783][ T3781]  ? file_end_write+0x230/0x230
[  110.691648][ T3781]  ? ptrace_stop+0x74d/0x970
[  110.696247][ T3781]  ? _raw_spin_unlock_irq+0x2a/0x40
[  110.701460][ T3781]  ? __fdget_pos+0x252/0x2e0
[  110.706053][ T3781]  ksys_write+0x177/0x2a0
[  110.710386][ T3781]  ? __ia32_sys_read+0x80/0x80
[  110.715148][ T3781]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  110.721129][ T3781]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  110.727111][ T3781]  do_syscall_64+0x3d/0xb0
[  110.731529][ T3781]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  110.737424][ T3781] RIP: 0033:0x7f0fa5191c89
[  110.741925][ T3781] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  110.761530][ T3781] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  110.769946][ T3781] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[pid  3781] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3781] exit_group(0)               = ?
[pid  3781] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3781, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./134", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./134", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./134/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./134/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./134/binderfs")                = 0
umount2("./134/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./134/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./134/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./134/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./134/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./134/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./134")                          = 0
mkdir("./135", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3782
./strace-static-x86_64: Process 3782 attached
[pid  3782] chdir("./135")              = 0
[pid  3782] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3782] setpgid(0, 0)               = 0
[pid  3782] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3782] write(3, "1000", 4)         = 4
[pid  3782] close(3)                    = 0
[pid  3782] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3782] memfd_create("syzkaller", 0) = 3
[pid  3782] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3782] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3782] munmap(0x7f0f9cc00000, 32768) = 0
[  110.777914][ T3781] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  110.785881][ T3781] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  110.793849][ T3781] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  110.801813][ T3781] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000086
[  110.809793][ T3781]  </TASK>
[pid  3782] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3782] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3782] close(3)                    = 0
[pid  3782] mkdir("./file0", 0777)      = 0
[pid  3782] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3782] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3782] chdir("./file0")            = 0
[pid  3782] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3782] close(4)                    = 0
[pid  3782] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3782] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3782] write(5, "13", 2)           = 2
[  110.855824][ T3782] loop0: detected capacity change from 0 to 64
[  110.892610][ T3782] FAULT_INJECTION: forcing a failure.
[  110.892610][ T3782] name failslab, interval 1, probability 0, space 0, times 0
[  110.905735][ T3782] CPU: 0 PID: 3782 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  110.916157][ T3782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  110.926206][ T3782] Call Trace:
[  110.929476][ T3782]  <TASK>
[  110.932394][ T3782]  dump_stack_lvl+0x1b1/0x28e
[  110.937065][ T3782]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  110.942516][ T3782]  ? panic+0x710/0x710
[  110.946603][ T3782]  ? __might_sleep+0xc0/0xc0
[  110.951195][ T3782]  ? __mutex_lock_common+0x45f/0x26e0
[  110.956562][ T3782]  should_fail_ex+0x395/0x4c0
[  110.961234][ T3782]  ? hfs_find_init+0x8b/0x1e0
[  110.965903][ T3782]  should_failslab+0x5/0x20
[  110.970401][ T3782]  __kmem_cache_alloc_node+0x69/0x310
[  110.975766][ T3782]  ? hfs_find_init+0x8b/0x1e0
[  110.980434][ T3782]  __kmalloc+0x9e/0x1a0
[  110.984675][ T3782]  hfs_find_init+0x8b/0x1e0
[  110.989200][ T3782]  hfs_extend_file+0x2f8/0x1420
[  110.994079][ T3782]  ? hfs_get_block+0xbb0/0xbb0
[  110.998838][ T3782]  ? lru_cache_disable+0x30/0x30
[  111.003767][ T3782]  ? __might_sleep+0xc0/0xc0
[  111.008376][ T3782]  hfs_get_block+0x3fc/0xbb0
[  111.012979][ T3782]  ? hfs_free_extents+0x420/0x420
[  111.018001][ T3782]  ? do_raw_spin_unlock+0x134/0x8a0
[  111.023216][ T3782]  ? create_page_buffers+0x244/0x4b0
[  111.028494][ T3782]  __block_write_begin_int+0x54c/0x1a80
[  111.034045][ T3782]  ? hfs_free_extents+0x420/0x420
[  111.039057][ T3782]  ? page_zero_new_buffers+0x940/0x940
[  111.044506][ T3782]  ? PageHeadHuge+0x8a/0x1d0
[  111.049093][ T3782]  ? hfs_free_extents+0x420/0x420
[  111.054109][ T3782]  block_write_begin+0x93/0x1e0
[  111.058949][ T3782]  ? cont_write_begin+0x5e5/0x860
[  111.063965][ T3782]  ? hfs_free_extents+0x420/0x420
[  111.068983][ T3782]  cont_write_begin+0x606/0x860
[  111.073829][ T3782]  ? fault_in_readable+0x1d5/0x310
[  111.078941][ T3782]  ? generic_cont_expand_simple+0x250/0x250
[  111.084824][ T3782]  ? fault_in_readable+0x219/0x310
[  111.090107][ T3782]  ? fault_in_safe_writeable+0x240/0x240
[  111.095756][ T3782]  hfs_write_begin+0x86/0xd0
[  111.100344][ T3782]  ? hfs_free_extents+0x420/0x420
[  111.105367][ T3782]  generic_perform_write+0x2e4/0x5e0
[  111.110659][ T3782]  ? __block_commit_write+0x420/0x420
[  111.116047][ T3782]  ? generic_file_direct_write+0x610/0x610
[  111.121866][ T3782]  ? __file_remove_privs+0x6c0/0x6c0
[  111.127166][ T3782]  ? generic_write_checks+0x15c/0x1c0
[  111.132573][ T3782]  __generic_file_write_iter+0x176/0x400
[  111.138240][ T3782]  generic_file_write_iter+0xab/0x310
[  111.143642][ T3782]  vfs_write+0x7dc/0xc50
[  111.147923][ T3782]  ? file_end_write+0x230/0x230
[  111.152787][ T3782]  ? ptrace_stop+0x74d/0x970
[  111.157385][ T3782]  ? _raw_spin_unlock_irq+0x2a/0x40
[  111.162594][ T3782]  ? __fdget_pos+0x252/0x2e0
[  111.167197][ T3782]  ksys_write+0x177/0x2a0
[  111.171528][ T3782]  ? __ia32_sys_read+0x80/0x80
[  111.176303][ T3782]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  111.182278][ T3782]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  111.188263][ T3782]  do_syscall_64+0x3d/0xb0
[  111.192685][ T3782]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  111.198572][ T3782] RIP: 0033:0x7f0fa5191c89
[  111.202978][ T3782] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  111.222590][ T3782] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  111.231029][ T3782] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  111.239001][ T3782] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  111.247244][ T3782] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3782] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3782] exit_group(0)               = ?
[pid  3782] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3782, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./135", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./135", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./135/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./135/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./135/binderfs")                = 0
umount2("./135/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./135/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./135/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./135/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./135/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./135/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./135")                          = 0
mkdir("./136", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3783
./strace-static-x86_64: Process 3783 attached
[pid  3783] chdir("./136")              = 0
[pid  3783] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3783] setpgid(0, 0)               = 0
[pid  3783] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3783] write(3, "1000", 4)         = 4
[pid  3783] close(3)                    = 0
[pid  3783] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3783] memfd_create("syzkaller", 0) = 3
[pid  3783] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3783] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3783] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3783] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[  111.255219][ T3782] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  111.263181][ T3782] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000087
[  111.271153][ T3782]  </TASK>
[pid  3783] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3783] close(3)                    = 0
[pid  3783] mkdir("./file0", 0777)      = 0
[pid  3783] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3783] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3783] chdir("./file0")            = 0
[pid  3783] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3783] close(4)                    = 0
[pid  3783] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3783] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3783] write(5, "13", 2)           = 2
[  111.306403][ T3783] loop0: detected capacity change from 0 to 64
[  111.310044][ T3640] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  111.338253][ T3783] FAULT_INJECTION: forcing a failure.
[  111.338253][ T3783] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  111.351466][ T3783] CPU: 1 PID: 3783 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  111.361868][ T3783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  111.371919][ T3783] Call Trace:
[  111.375190][ T3783]  <TASK>
[  111.378118][ T3783]  dump_stack_lvl+0x1b1/0x28e
[  111.382808][ T3783]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  111.388267][ T3783]  ? panic+0x710/0x710
[  111.392330][ T3783]  ? hfs_free_extents+0x420/0x420
[  111.397356][ T3783]  ? PageHeadHuge+0x8a/0x1d0
[  111.401951][ T3783]  should_fail_ex+0x395/0x4c0
[  111.406667][ T3783]  copy_page_from_iter_atomic+0x217/0x1140
[  111.412497][ T3783]  ? generic_cont_expand_simple+0x250/0x250
[  111.418407][ T3783]  ? pipe_zero+0x200/0x200
[  111.422844][ T3783]  ? hfs_write_begin+0x86/0xd0
[  111.427623][ T3783]  ? hfs_free_extents+0x420/0x420
[  111.432663][ T3783]  ? hfs_write_begin+0x9e/0xd0
[  111.437446][ T3783]  generic_perform_write+0x35a/0x5e0
[  111.442769][ T3783]  ? __block_commit_write+0x420/0x420
[  111.448156][ T3783]  ? generic_file_direct_write+0x610/0x610
[  111.453965][ T3783]  ? __file_remove_privs+0x6c0/0x6c0
[  111.459249][ T3783]  ? generic_write_checks+0x15c/0x1c0
[  111.464629][ T3783]  __generic_file_write_iter+0x176/0x400
[  111.470268][ T3783]  generic_file_write_iter+0xab/0x310
[  111.475645][ T3783]  vfs_write+0x7dc/0xc50
[  111.479896][ T3783]  ? file_end_write+0x230/0x230
[  111.484748][ T3783]  ? ptrace_stop+0x74d/0x970
[  111.489348][ T3783]  ? _raw_spin_unlock_irq+0x2a/0x40
[  111.494552][ T3783]  ? __fdget_pos+0x252/0x2e0
[  111.499147][ T3783]  ksys_write+0x177/0x2a0
[  111.503477][ T3783]  ? __ia32_sys_read+0x80/0x80
[  111.508243][ T3783]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  111.514224][ T3783]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  111.520207][ T3783]  do_syscall_64+0x3d/0xb0
[  111.524620][ T3783]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  111.530512][ T3783] RIP: 0033:0x7f0fa5191c89
[  111.534924][ T3783] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid  3783] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid  3783] exit_group(0)               = ?
[pid  3783] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3783, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./136", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./136", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./136/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./136/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./136/binderfs")                = 0
umount2("./136/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
[  111.554613][ T3783] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  111.563027][ T3783] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  111.570995][ T3783] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  111.578963][ T3783] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  111.586928][ T3783] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  111.594895][ T3783] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000088
[  111.602893][ T3783]  </TASK>
umount2("./136/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./136/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./136/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./136/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./136/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./136")                          = 0
mkdir("./137", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3784
./strace-static-x86_64: Process 3784 attached
[pid  3784] chdir("./137")              = 0
[pid  3784] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3784] setpgid(0, 0)               = 0
[pid  3784] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3784] write(3, "1000", 4)         = 4
[pid  3784] close(3)                    = 0
[pid  3784] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3784] memfd_create("syzkaller", 0) = 3
[pid  3784] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3784] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3784] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3784] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3784] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3784] close(3)                    = 0
[pid  3784] mkdir("./file0", 0777)      = 0
[pid  3784] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3784] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3784] chdir("./file0")            = 0
[pid  3784] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3784] close(4)                    = 0
[pid  3784] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3784] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3784] write(5, "13", 2)           = 2
[  111.689816][ T3784] loop0: detected capacity change from 0 to 64
[  111.723251][ T3784] FAULT_INJECTION: forcing a failure.
[  111.723251][ T3784] name failslab, interval 1, probability 0, space 0, times 0
[  111.736356][ T3784] CPU: 0 PID: 3784 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  111.746780][ T3784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  111.756819][ T3784] Call Trace:
[  111.760086][ T3784]  <TASK>
[  111.763004][ T3784]  dump_stack_lvl+0x1b1/0x28e
[  111.767676][ T3784]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  111.773121][ T3784]  ? panic+0x710/0x710
[  111.777175][ T3784]  ? __might_sleep+0xc0/0xc0
[  111.781752][ T3784]  ? __mutex_lock_common+0x45f/0x26e0
[  111.787116][ T3784]  should_fail_ex+0x395/0x4c0
[  111.791783][ T3784]  ? hfs_find_init+0x8b/0x1e0
[  111.796450][ T3784]  should_failslab+0x5/0x20
[  111.800946][ T3784]  __kmem_cache_alloc_node+0x69/0x310
[  111.806356][ T3784]  ? hfs_find_init+0x8b/0x1e0
[  111.811041][ T3784]  __kmalloc+0x9e/0x1a0
[  111.815227][ T3784]  hfs_find_init+0x8b/0x1e0
[  111.819746][ T3784]  hfs_extend_file+0x2f8/0x1420
[  111.824595][ T3784]  ? hfs_get_block+0xbb0/0xbb0
[  111.829480][ T3784]  ? lru_cache_disable+0x30/0x30
[  111.834425][ T3784]  ? __might_sleep+0xc0/0xc0
[  111.839021][ T3784]  hfs_get_block+0x3fc/0xbb0
[  111.843628][ T3784]  ? hfs_free_extents+0x420/0x420
[  111.848666][ T3784]  ? do_raw_spin_unlock+0x134/0x8a0
[  111.853867][ T3784]  ? create_page_buffers+0x244/0x4b0
[  111.859160][ T3784]  __block_write_begin_int+0x54c/0x1a80
[  111.864746][ T3784]  ? hfs_free_extents+0x420/0x420
[  111.869780][ T3784]  ? page_zero_new_buffers+0x940/0x940
[  111.875243][ T3784]  ? PageHeadHuge+0x8a/0x1d0
[  111.879846][ T3784]  ? hfs_free_extents+0x420/0x420
[  111.884868][ T3784]  block_write_begin+0x93/0x1e0
[  111.889721][ T3784]  ? cont_write_begin+0x5e5/0x860
[  111.894747][ T3784]  ? hfs_free_extents+0x420/0x420
[  111.899770][ T3784]  cont_write_begin+0x606/0x860
[  111.904627][ T3784]  ? fault_in_readable+0x1d5/0x310
[  111.909745][ T3784]  ? generic_cont_expand_simple+0x250/0x250
[  111.915638][ T3784]  ? fault_in_readable+0x219/0x310
[  111.920760][ T3784]  ? fault_in_safe_writeable+0x240/0x240
[  111.926403][ T3784]  hfs_write_begin+0x86/0xd0
[  111.930990][ T3784]  ? hfs_free_extents+0x420/0x420
[  111.936013][ T3784]  generic_perform_write+0x2e4/0x5e0
[  111.941304][ T3784]  ? __block_commit_write+0x420/0x420
[  111.946681][ T3784]  ? generic_file_direct_write+0x610/0x610
[  111.952485][ T3784]  ? __file_remove_privs+0x6c0/0x6c0
[  111.957767][ T3784]  ? generic_write_checks+0x15c/0x1c0
[  111.963148][ T3784]  __generic_file_write_iter+0x176/0x400
[  111.968784][ T3784]  generic_file_write_iter+0xab/0x310
[  111.974166][ T3784]  vfs_write+0x7dc/0xc50
[  111.978423][ T3784]  ? file_end_write+0x230/0x230
[  111.983271][ T3784]  ? ptrace_stop+0x74d/0x970
[  111.987872][ T3784]  ? _raw_spin_unlock_irq+0x2a/0x40
[  111.993079][ T3784]  ? __fdget_pos+0x252/0x2e0
[  111.997672][ T3784]  ksys_write+0x177/0x2a0
[  112.002003][ T3784]  ? __ia32_sys_read+0x80/0x80
[  112.006765][ T3784]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  112.012746][ T3784]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  112.018729][ T3784]  do_syscall_64+0x3d/0xb0
[  112.023145][ T3784]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  112.029037][ T3784] RIP: 0033:0x7f0fa5191c89
[  112.033448][ T3784] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  112.053047][ T3784] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  112.061456][ T3784] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  112.069423][ T3784] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  112.077390][ T3784] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3784] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3784] exit_group(0)               = ?
[pid  3784] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3784, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./137", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./137", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./137/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./137/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./137/binderfs")                = 0
umount2("./137/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./137/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./137/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./137/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./137/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./137/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./137")                          = 0
mkdir("./138", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
[  112.085355][ T3784] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  112.093320][ T3784] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000089
[  112.101302][ T3784]  </TASK>
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3785
./strace-static-x86_64: Process 3785 attached
[pid  3785] chdir("./138")              = 0
[pid  3785] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3785] setpgid(0, 0)               = 0
[pid  3785] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3785] write(3, "1000", 4)         = 4
[pid  3785] close(3)                    = 0
[pid  3785] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3785] memfd_create("syzkaller", 0) = 3
[pid  3785] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3785] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3785] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3785] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3785] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3785] close(3)                    = 0
[pid  3785] mkdir("./file0", 0777)      = 0
[pid  3785] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3785] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3785] chdir("./file0")            = 0
[pid  3785] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3785] close(4)                    = 0
[pid  3785] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3785] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3785] write(5, "13", 2)           = 2
[  112.168073][ T3785] loop0: detected capacity change from 0 to 64
[  112.200772][ T3785] FAULT_INJECTION: forcing a failure.
[  112.200772][ T3785] name failslab, interval 1, probability 0, space 0, times 0
[  112.213924][ T3785] CPU: 0 PID: 3785 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  112.224337][ T3785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  112.234382][ T3785] Call Trace:
[  112.237661][ T3785]  <TASK>
[  112.240610][ T3785]  dump_stack_lvl+0x1b1/0x28e
[  112.245299][ T3785]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  112.250746][ T3785]  ? panic+0x710/0x710
[  112.254805][ T3785]  ? __might_sleep+0xc0/0xc0
[  112.259388][ T3785]  ? __mutex_lock_common+0x45f/0x26e0
[  112.264755][ T3785]  should_fail_ex+0x395/0x4c0
[  112.269434][ T3785]  ? hfs_find_init+0x8b/0x1e0
[  112.274125][ T3785]  should_failslab+0x5/0x20
[  112.278621][ T3785]  __kmem_cache_alloc_node+0x69/0x310
[  112.283988][ T3785]  ? hfs_find_init+0x8b/0x1e0
[  112.288666][ T3785]  __kmalloc+0x9e/0x1a0
[  112.292860][ T3785]  hfs_find_init+0x8b/0x1e0
[  112.297374][ T3785]  hfs_extend_file+0x2f8/0x1420
[  112.302239][ T3785]  ? hfs_get_block+0xbb0/0xbb0
[  112.307012][ T3785]  ? lru_cache_disable+0x30/0x30
[  112.311946][ T3785]  ? __might_sleep+0xc0/0xc0
[  112.316553][ T3785]  hfs_get_block+0x3fc/0xbb0
[  112.321144][ T3785]  ? hfs_free_extents+0x420/0x420
[  112.326155][ T3785]  ? do_raw_spin_unlock+0x134/0x8a0
[  112.331465][ T3785]  ? create_page_buffers+0x244/0x4b0
[  112.336760][ T3785]  __block_write_begin_int+0x54c/0x1a80
[  112.342353][ T3785]  ? hfs_free_extents+0x420/0x420
[  112.347372][ T3785]  ? page_zero_new_buffers+0x940/0x940
[  112.352827][ T3785]  ? PageHeadHuge+0x8a/0x1d0
[  112.357420][ T3785]  ? hfs_free_extents+0x420/0x420
[  112.362450][ T3785]  block_write_begin+0x93/0x1e0
[  112.367311][ T3785]  ? cont_write_begin+0x5e5/0x860
[  112.372345][ T3785]  ? hfs_free_extents+0x420/0x420
[  112.377362][ T3785]  cont_write_begin+0x606/0x860
[  112.382221][ T3785]  ? fault_in_readable+0x1d5/0x310
[  112.387350][ T3785]  ? generic_cont_expand_simple+0x250/0x250
[  112.393234][ T3785]  ? fault_in_readable+0x219/0x310
[  112.398341][ T3785]  ? fault_in_safe_writeable+0x240/0x240
[  112.403973][ T3785]  hfs_write_begin+0x86/0xd0
[  112.408560][ T3785]  ? hfs_free_extents+0x420/0x420
[  112.413590][ T3785]  generic_perform_write+0x2e4/0x5e0
[  112.419051][ T3785]  ? __block_commit_write+0x420/0x420
[  112.424419][ T3785]  ? generic_file_direct_write+0x610/0x610
[  112.430219][ T3785]  ? __file_remove_privs+0x6c0/0x6c0
[  112.435512][ T3785]  ? generic_write_checks+0x15c/0x1c0
[  112.440882][ T3785]  __generic_file_write_iter+0x176/0x400
[  112.446515][ T3785]  generic_file_write_iter+0xab/0x310
[  112.451879][ T3785]  vfs_write+0x7dc/0xc50
[  112.456119][ T3785]  ? file_end_write+0x230/0x230
[  112.460966][ T3785]  ? ptrace_stop+0x74d/0x970
[  112.465571][ T3785]  ? _raw_spin_unlock_irq+0x2a/0x40
[  112.470773][ T3785]  ? __fdget_pos+0x252/0x2e0
[  112.475378][ T3785]  ksys_write+0x177/0x2a0
[  112.479702][ T3785]  ? __ia32_sys_read+0x80/0x80
[  112.484471][ T3785]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  112.490466][ T3785]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  112.496444][ T3785]  do_syscall_64+0x3d/0xb0
[  112.500860][ T3785]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  112.506782][ T3785] RIP: 0033:0x7f0fa5191c89
[  112.511187][ T3785] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  112.530780][ T3785] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  112.539198][ T3785] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  112.547167][ T3785] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  112.555128][ T3785] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3785] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3785] exit_group(0)               = ?
[pid  3785] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3785, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./138", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./138", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./138/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./138/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./138/binderfs")                = 0
umount2("./138/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./138/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./138/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./138/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./138/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./138/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./138")                          = 0
mkdir("./139", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3786
./strace-static-x86_64: Process 3786 attached
[pid  3786] chdir("./139")              = 0
[pid  3786] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3786] setpgid(0, 0)               = 0
[  112.563090][ T3785] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  112.571057][ T3785] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000008a
[  112.579047][ T3785]  </TASK>
[pid  3786] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3786] write(3, "1000", 4)         = 4
[pid  3786] close(3)                    = 0
[pid  3786] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3786] memfd_create("syzkaller", 0) = 3
[pid  3786] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3786] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3786] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3786] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3786] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3786] close(3)                    = 0
[pid  3786] mkdir("./file0", 0777)      = 0
[pid  3786] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3786] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3786] chdir("./file0")            = 0
[pid  3786] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3786] close(4)                    = 0
[pid  3786] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3786] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3786] write(5, "13", 2)           = 2
[pid  3786] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid  3786] exit_group(0)               = ?
[pid  3786] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3786, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./139", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./139", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./139/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./139/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./139/binderfs")                = 0
umount2("./139/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./139/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./139/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./139/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./139/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[  112.639911][ T3786] loop0: detected capacity change from 0 to 64
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./139/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./139")                          = 0
mkdir("./140", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3787
./strace-static-x86_64: Process 3787 attached
[pid  3787] chdir("./140")              = 0
[pid  3787] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3787] setpgid(0, 0)               = 0
[pid  3787] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3787] write(3, "1000", 4)         = 4
[pid  3787] close(3)                    = 0
[pid  3787] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3787] memfd_create("syzkaller", 0) = 3
[pid  3787] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3787] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3787] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3787] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3787] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3787] close(3)                    = 0
[pid  3787] mkdir("./file0", 0777)      = 0
[pid  3787] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3787] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3787] chdir("./file0")            = 0
[pid  3787] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3787] close(4)                    = 0
[pid  3787] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3787] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3787] write(5, "13", 2)           = 2
[  112.730956][ T3787] loop0: detected capacity change from 0 to 64
[  112.757160][ T3787] FAULT_INJECTION: forcing a failure.
[  112.757160][ T3787] name failslab, interval 1, probability 0, space 0, times 0
[  112.769806][ T3787] CPU: 1 PID: 3787 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  112.780210][ T3787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  112.790259][ T3787] Call Trace:
[  112.793535][ T3787]  <TASK>
[  112.796480][ T3787]  dump_stack_lvl+0x1b1/0x28e
[  112.801168][ T3787]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  112.806623][ T3787]  ? panic+0x710/0x710
[  112.810689][ T3787]  ? __might_sleep+0xc0/0xc0
[  112.815275][ T3787]  ? __mutex_lock_common+0x45f/0x26e0
[  112.820647][ T3787]  should_fail_ex+0x395/0x4c0
[  112.825375][ T3787]  ? hfs_find_init+0x8b/0x1e0
[  112.830064][ T3787]  should_failslab+0x5/0x20
[  112.834562][ T3787]  __kmem_cache_alloc_node+0x69/0x310
[  112.839925][ T3787]  ? rcu_lock_release+0x5/0x20
[  112.844698][ T3787]  ? hfs_find_init+0x8b/0x1e0
[  112.849390][ T3787]  __kmalloc+0x9e/0x1a0
[  112.853542][ T3787]  hfs_find_init+0x8b/0x1e0
[  112.858043][ T3787]  hfs_extend_file+0x2f8/0x1420
[  112.862886][ T3787]  ? xas_find+0x937/0xa60
[  112.867213][ T3787]  ? hfs_get_block+0xbb0/0xbb0
[  112.871968][ T3787]  ? filemap_get_folios+0x557/0x830
[  112.877166][ T3787]  ? find_lock_entries+0xf60/0xf60
[  112.882270][ T3787]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  112.888253][ T3787]  hfs_get_block+0x3fc/0xbb0
[  112.892866][ T3787]  ? hfs_free_extents+0x420/0x420
[  112.897900][ T3787]  ? do_raw_spin_unlock+0x134/0x8a0
[  112.903101][ T3787]  ? create_page_buffers+0x244/0x4b0
[  112.908388][ T3787]  __block_write_begin_int+0x54c/0x1a80
[  112.913942][ T3787]  ? hfs_free_extents+0x420/0x420
[  112.918974][ T3787]  ? page_zero_new_buffers+0x940/0x940
[  112.924454][ T3787]  ? PageHeadHuge+0x8a/0x1d0
[  112.929056][ T3787]  ? hfs_free_extents+0x420/0x420
[  112.934087][ T3787]  block_write_begin+0x93/0x1e0
[  112.938957][ T3787]  ? cont_write_begin+0x5e5/0x860
[  112.944154][ T3787]  ? hfs_free_extents+0x420/0x420
[  112.949200][ T3787]  cont_write_begin+0x606/0x860
[  112.954067][ T3787]  ? fault_in_readable+0x1d5/0x310
[  112.959186][ T3787]  ? generic_cont_expand_simple+0x250/0x250
[  112.965073][ T3787]  ? fault_in_readable+0x219/0x310
[  112.970187][ T3787]  ? fault_in_safe_writeable+0x240/0x240
[  112.975819][ T3787]  hfs_write_begin+0x86/0xd0
[  112.980399][ T3787]  ? hfs_free_extents+0x420/0x420
[  112.985415][ T3787]  generic_perform_write+0x2e4/0x5e0
[  112.990712][ T3787]  ? __block_commit_write+0x420/0x420
[  112.996107][ T3787]  ? generic_file_direct_write+0x610/0x610
[  113.001926][ T3787]  ? __file_remove_privs+0x6c0/0x6c0
[  113.007217][ T3787]  ? generic_write_checks+0x15c/0x1c0
[  113.012619][ T3787]  __generic_file_write_iter+0x176/0x400
[  113.018279][ T3787]  generic_file_write_iter+0xab/0x310
[  113.023760][ T3787]  vfs_write+0x7dc/0xc50
[  113.028035][ T3787]  ? file_end_write+0x230/0x230
[  113.032893][ T3787]  ? ptrace_stop+0x74d/0x970
[  113.037497][ T3787]  ? _raw_spin_unlock_irq+0x2a/0x40
[  113.042710][ T3787]  ? __fdget_pos+0x252/0x2e0
[  113.047308][ T3787]  ksys_write+0x177/0x2a0
[  113.051671][ T3787]  ? __ia32_sys_read+0x80/0x80
[  113.056445][ T3787]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  113.062431][ T3787]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  113.068426][ T3787]  do_syscall_64+0x3d/0xb0
[  113.072835][ T3787]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  113.078718][ T3787] RIP: 0033:0x7f0fa5191c89
[  113.083128][ T3787] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  113.102752][ T3787] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  113.111169][ T3787] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  113.119156][ T3787] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid  3787] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3787] exit_group(0)               = ?
[pid  3787] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3787, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./140", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./140", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./140/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./140/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./140/binderfs")                = 0
umount2("./140/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./140/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./140/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./140/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./140/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./140/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./140")                          = 0
mkdir("./141", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
[  113.127135][ T3787] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  113.135096][ T3787] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  113.143070][ T3787] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000008c
[  113.151076][ T3787]  </TASK>
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3788 attached
, child_tidptr=0x555555b7f5d0) = 3788
[pid  3788] chdir("./141")              = 0
[pid  3788] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3788] setpgid(0, 0)               = 0
[pid  3788] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3788] write(3, "1000", 4)         = 4
[pid  3788] close(3)                    = 0
[pid  3788] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3788] memfd_create("syzkaller", 0) = 3
[pid  3788] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3788] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3788] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3788] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3788] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3788] close(3)                    = 0
[pid  3788] mkdir("./file0", 0777)      = 0
[pid  3788] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3788] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3788] chdir("./file0")            = 0
[pid  3788] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3788] close(4)                    = 0
[pid  3788] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3788] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3788] write(5, "13", 2)           = 2
[  113.211222][ T3788] loop0: detected capacity change from 0 to 64
[  113.241406][ T3788] FAULT_INJECTION: forcing a failure.
[  113.241406][ T3788] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  113.254837][ T3788] CPU: 1 PID: 3788 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  113.265246][ T3788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  113.275298][ T3788] Call Trace:
[  113.278576][ T3788]  <TASK>
[  113.281504][ T3788]  dump_stack_lvl+0x1b1/0x28e
[  113.286187][ T3788]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  113.291642][ T3788]  ? panic+0x710/0x710
[  113.295707][ T3788]  ? do_anonymous_page+0xd4a/0x1150
[  113.300919][ T3788]  ? mark_lock+0x9a/0x350
[  113.305252][ T3788]  should_fail_ex+0x395/0x4c0
[  113.309935][ T3788]  prepare_alloc_pages+0x1d7/0x5a0
[  113.315059][ T3788]  __alloc_pages+0x161/0x560
[  113.319653][ T3788]  ? zone_statistics+0x160/0x160
[  113.324597][ T3788]  ? rcu_lock_release+0x5/0x20
[  113.329357][ T3788]  ? alloc_pages+0x520/0x7b0
[  113.333942][ T3788]  ? xas_descend+0x1f3/0x400
[  113.338537][ T3788]  folio_alloc+0x1a/0x50
[  113.342774][ T3788]  filemap_alloc_folio+0x7e/0x1c0
[  113.347886][ T3788]  __filemap_get_folio+0x898/0x1260
[  113.353097][ T3788]  ? page_cache_prev_miss+0x4e0/0x4e0
[  113.358469][ T3788]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[  113.364448][ T3788]  ? print_irqtrace_events+0x220/0x220
[  113.369907][ T3788]  pagecache_get_page+0x28/0x260
[  113.374843][ T3788]  ? hfs_free_extents+0x420/0x420
[  113.379860][ T3788]  block_write_begin+0x2e/0x1e0
[  113.384708][ T3788]  ? cont_write_begin+0x5e5/0x860
[  113.389739][ T3788]  ? hfs_free_extents+0x420/0x420
[  113.394762][ T3788]  cont_write_begin+0x606/0x860
[  113.399621][ T3788]  ? fault_in_readable+0x1d5/0x310
[  113.404739][ T3788]  ? generic_cont_expand_simple+0x250/0x250
[  113.410635][ T3788]  ? fault_in_readable+0x219/0x310
[  113.415747][ T3788]  ? fault_in_safe_writeable+0x240/0x240
[  113.421385][ T3788]  hfs_write_begin+0x86/0xd0
[  113.425969][ T3788]  ? hfs_free_extents+0x420/0x420
[  113.430998][ T3788]  generic_perform_write+0x2e4/0x5e0
[  113.436307][ T3788]  ? __block_commit_write+0x420/0x420
[  113.441767][ T3788]  ? generic_file_direct_write+0x610/0x610
[  113.447568][ T3788]  ? __file_remove_privs+0x6c0/0x6c0
[  113.452850][ T3788]  ? generic_write_checks+0x15c/0x1c0
[  113.458230][ T3788]  __generic_file_write_iter+0x176/0x400
[  113.463865][ T3788]  generic_file_write_iter+0xab/0x310
[  113.469236][ T3788]  vfs_write+0x7dc/0xc50
[  113.473486][ T3788]  ? file_end_write+0x230/0x230
[  113.478332][ T3788]  ? ptrace_stop+0x74d/0x970
[  113.482928][ T3788]  ? _raw_spin_unlock_irq+0x2a/0x40
[  113.488129][ T3788]  ? __fdget_pos+0x252/0x2e0
[  113.492721][ T3788]  ksys_write+0x177/0x2a0
[  113.497137][ T3788]  ? __ia32_sys_read+0x80/0x80
[  113.501899][ T3788]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  113.507878][ T3788]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  113.513855][ T3788]  do_syscall_64+0x3d/0xb0
[  113.518268][ T3788]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  113.524155][ T3788] RIP: 0033:0x7f0fa5191c89
[  113.528567][ T3788] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  113.548256][ T3788] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid  3788] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3788] exit_group(0)               = ?
[pid  3788] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3788, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./141", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./141", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./141/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./141/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./141/binderfs")                = 0
umount2("./141/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./141/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./141/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./141/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./141/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./141/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./141")                          = 0
mkdir("./142", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
[  113.556665][ T3788] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  113.564630][ T3788] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  113.572595][ T3788] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  113.580560][ T3788] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  113.588525][ T3788] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000008d
[  113.596512][ T3788]  </TASK>
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3789 attached
, child_tidptr=0x555555b7f5d0) = 3789
[pid  3789] chdir("./142")              = 0
[pid  3789] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3789] setpgid(0, 0)               = 0
[pid  3789] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3789] write(3, "1000", 4)         = 4
[pid  3789] close(3)                    = 0
[pid  3789] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3789] memfd_create("syzkaller", 0) = 3
[pid  3789] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3789] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3789] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3789] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3789] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3789] close(3)                    = 0
[pid  3789] mkdir("./file0", 0777)      = 0
[pid  3789] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3789] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3789] chdir("./file0")            = 0
[pid  3789] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3789] close(4)                    = 0
[pid  3789] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3789] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3789] write(5, "13", 2)           = 2
[pid  3789] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid  3789] exit_group(0)               = ?
[pid  3789] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3789, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./142", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./142", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./142/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./142/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./142/binderfs")                = 0
umount2("./142/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./142/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./142/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./142/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./142/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
[  113.664672][ T3789] loop0: detected capacity change from 0 to 64
close(4)                                = 0
rmdir("./142/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./142")                          = 0
mkdir("./143", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3790
./strace-static-x86_64: Process 3790 attached
[pid  3790] chdir("./143")              = 0
[pid  3790] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3790] setpgid(0, 0)               = 0
[pid  3790] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3790] write(3, "1000", 4)         = 4
[pid  3790] close(3)                    = 0
[pid  3790] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3790] memfd_create("syzkaller", 0) = 3
[pid  3790] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3790] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3790] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3790] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3790] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3790] close(3)                    = 0
[pid  3790] mkdir("./file0", 0777)      = 0
[pid  3790] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3790] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3790] chdir("./file0")            = 0
[pid  3790] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3790] close(4)                    = 0
[pid  3790] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3790] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3790] write(5, "13", 2)           = 2
[  113.751341][ T3790] loop0: detected capacity change from 0 to 64
[  113.775234][ T3790] FAULT_INJECTION: forcing a failure.
[  113.775234][ T3790] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  113.788837][ T3790] CPU: 0 PID: 3790 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  113.799243][ T3790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  113.809285][ T3790] Call Trace:
[  113.812555][ T3790]  <TASK>
[  113.815483][ T3790]  dump_stack_lvl+0x1b1/0x28e
[  113.820158][ T3790]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  113.825603][ T3790]  ? panic+0x710/0x710
[  113.829660][ T3790]  ? do_anonymous_page+0xd4a/0x1150
[  113.834851][ T3790]  ? mark_lock+0x9a/0x350
[  113.839174][ T3790]  should_fail_ex+0x395/0x4c0
[  113.843853][ T3790]  prepare_alloc_pages+0x1d7/0x5a0
[  113.848975][ T3790]  __alloc_pages+0x161/0x560
[  113.853570][ T3790]  ? zone_statistics+0x160/0x160
[  113.858520][ T3790]  ? rcu_lock_release+0x5/0x20
[  113.863286][ T3790]  ? alloc_pages+0x520/0x7b0
[  113.867873][ T3790]  ? xas_descend+0x1f3/0x400
[  113.872468][ T3790]  folio_alloc+0x1a/0x50
[  113.876746][ T3790]  filemap_alloc_folio+0x7e/0x1c0
[  113.881774][ T3790]  __filemap_get_folio+0x898/0x1260
[  113.886973][ T3790]  ? page_cache_prev_miss+0x4e0/0x4e0
[  113.892348][ T3790]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[  113.898327][ T3790]  ? print_irqtrace_events+0x220/0x220
[  113.903787][ T3790]  pagecache_get_page+0x28/0x260
[  113.908726][ T3790]  ? hfs_free_extents+0x420/0x420
[  113.913747][ T3790]  block_write_begin+0x2e/0x1e0
[  113.918595][ T3790]  ? cont_write_begin+0x5e5/0x860
[  113.923621][ T3790]  ? hfs_free_extents+0x420/0x420
[  113.928642][ T3790]  cont_write_begin+0x606/0x860
[  113.933507][ T3790]  ? fault_in_readable+0x1d5/0x310
[  113.938644][ T3790]  ? generic_cont_expand_simple+0x250/0x250
[  113.944542][ T3790]  ? fault_in_readable+0x219/0x310
[  113.949743][ T3790]  ? fault_in_safe_writeable+0x240/0x240
[  113.955396][ T3790]  hfs_write_begin+0x86/0xd0
[  113.959982][ T3790]  ? hfs_free_extents+0x420/0x420
[  113.965003][ T3790]  generic_perform_write+0x2e4/0x5e0
[  113.970295][ T3790]  ? __block_commit_write+0x420/0x420
[  113.975668][ T3790]  ? generic_file_direct_write+0x610/0x610
[  113.981476][ T3790]  ? __file_remove_privs+0x6c0/0x6c0
[  113.986761][ T3790]  ? generic_write_checks+0x15c/0x1c0
[  113.992138][ T3790]  __generic_file_write_iter+0x176/0x400
[  113.997773][ T3790]  generic_file_write_iter+0xab/0x310
[  114.003147][ T3790]  vfs_write+0x7dc/0xc50
[  114.007399][ T3790]  ? file_end_write+0x230/0x230
[  114.012253][ T3790]  ? ptrace_stop+0x74d/0x970
[  114.016854][ T3790]  ? _raw_spin_unlock_irq+0x2a/0x40
[  114.022059][ T3790]  ? __fdget_pos+0x252/0x2e0
[  114.026662][ T3790]  ksys_write+0x177/0x2a0
[  114.030993][ T3790]  ? __ia32_sys_read+0x80/0x80
[  114.035757][ T3790]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  114.041739][ T3790]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  114.047721][ T3790]  do_syscall_64+0x3d/0xb0
[  114.052134][ T3790]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  114.058021][ T3790] RIP: 0033:0x7f0fa5191c89
[  114.062437][ T3790] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  114.082043][ T3790] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  114.090453][ T3790] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[pid  3790] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3790] exit_group(0)               = ?
[pid  3790] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3790, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./143", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./143", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./143/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./143/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./143/binderfs")                = 0
umount2("./143/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./143/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./143/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./143/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./143/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./143/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./143")                          = 0
mkdir("./144", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3791
./strace-static-x86_64: Process 3791 attached
[pid  3791] chdir("./144")              = 0
[pid  3791] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3791] setpgid(0, 0)               = 0
[pid  3791] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3791] write(3, "1000", 4)         = 4
[pid  3791] close(3)                    = 0
[pid  3791] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3791] memfd_create("syzkaller", 0) = 3
[pid  3791] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3791] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3791] munmap(0x7f0f9cc00000, 32768) = 0
[  114.098437][ T3790] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  114.106406][ T3790] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  114.114372][ T3790] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  114.122334][ T3790] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000008f
[  114.130316][ T3790]  </TASK>
[pid  3791] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3791] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3791] close(3)                    = 0
[pid  3791] mkdir("./file0", 0777)      = 0
[pid  3791] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3791] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3791] chdir("./file0")            = 0
[pid  3791] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3791] close(4)                    = 0
[pid  3791] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3791] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3791] write(5, "13", 2)           = 2
[  114.164567][ T3791] loop0: detected capacity change from 0 to 64
[  114.189462][ T3791] FAULT_INJECTION: forcing a failure.
[  114.189462][ T3791] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  114.202738][ T3791] CPU: 0 PID: 3791 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  114.213167][ T3791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  114.223222][ T3791] Call Trace:
[  114.226494][ T3791]  <TASK>
[  114.229429][ T3791]  dump_stack_lvl+0x1b1/0x28e
[  114.234117][ T3791]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  114.239567][ T3791]  ? panic+0x710/0x710
[  114.243622][ T3791]  ? hfs_free_extents+0x420/0x420
[  114.248643][ T3791]  ? PageHeadHuge+0x8a/0x1d0
[  114.253238][ T3791]  should_fail_ex+0x395/0x4c0
[  114.257921][ T3791]  copy_page_from_iter_atomic+0x217/0x1140
[  114.263848][ T3791]  ? generic_cont_expand_simple+0x250/0x250
[  114.269758][ T3791]  ? pipe_zero+0x200/0x200
[  114.274194][ T3791]  ? hfs_write_begin+0x86/0xd0
[  114.278965][ T3791]  ? hfs_free_extents+0x420/0x420
[  114.284010][ T3791]  ? hfs_write_begin+0x9e/0xd0
[  114.288791][ T3791]  generic_perform_write+0x35a/0x5e0
[  114.294105][ T3791]  ? __block_commit_write+0x420/0x420
[  114.299489][ T3791]  ? generic_file_direct_write+0x610/0x610
[  114.305300][ T3791]  ? __file_remove_privs+0x6c0/0x6c0
[  114.310586][ T3791]  ? generic_write_checks+0x15c/0x1c0
[  114.315966][ T3791]  __generic_file_write_iter+0x176/0x400
[  114.321605][ T3791]  generic_file_write_iter+0xab/0x310
[  114.326988][ T3791]  vfs_write+0x7dc/0xc50
[  114.331238][ T3791]  ? file_end_write+0x230/0x230
[  114.336092][ T3791]  ? ptrace_stop+0x74d/0x970
[  114.340692][ T3791]  ? _raw_spin_unlock_irq+0x2a/0x40
[  114.345891][ T3791]  ? __fdget_pos+0x252/0x2e0
[  114.350591][ T3791]  ksys_write+0x177/0x2a0
[  114.354934][ T3791]  ? __ia32_sys_read+0x80/0x80
[  114.359703][ T3791]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  114.365700][ T3791]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  114.371691][ T3791]  do_syscall_64+0x3d/0xb0
[  114.376196][ T3791]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  114.382091][ T3791] RIP: 0033:0x7f0fa5191c89
[  114.386512][ T3791] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  114.406119][ T3791] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid  3791] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid  3791] exit_group(0)               = ?
[pid  3791] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3791, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./144", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./144", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./144/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./144/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./144/binderfs")                = 0
umount2("./144/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./144/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./144/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./144/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./144/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./144/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./144")                          = 0
mkdir("./145", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3792
./strace-static-x86_64: Process 3792 attached
[pid  3792] chdir("./145")              = 0
[pid  3792] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3792] setpgid(0, 0)               = 0
[  114.414530][ T3791] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  114.422497][ T3791] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  114.430464][ T3791] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  114.438432][ T3791] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  114.446398][ T3791] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000090
[  114.454379][ T3791]  </TASK>
[pid  3792] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3792] write(3, "1000", 4)         = 4
[pid  3792] close(3)                    = 0
[pid  3792] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3792] memfd_create("syzkaller", 0) = 3
[pid  3792] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3792] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3792] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3792] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3792] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3792] close(3)                    = 0
[pid  3792] mkdir("./file0", 0777)      = 0
[pid  3792] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3792] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3792] chdir("./file0")            = 0
[pid  3792] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3792] close(4)                    = 0
[pid  3792] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3792] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3792] write(5, "13", 2)           = 2
[  114.503990][ T3792] loop0: detected capacity change from 0 to 64
[  114.521352][ T3792] FAULT_INJECTION: forcing a failure.
[  114.521352][ T3792] name failslab, interval 1, probability 0, space 0, times 0
[  114.534736][ T3792] CPU: 0 PID: 3792 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  114.545271][ T3792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  114.555341][ T3792] Call Trace:
[  114.558612][ T3792]  <TASK>
[  114.561533][ T3792]  dump_stack_lvl+0x1b1/0x28e
[  114.566201][ T3792]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  114.571653][ T3792]  ? panic+0x710/0x710
[  114.575712][ T3792]  ? __might_sleep+0xc0/0xc0
[  114.580297][ T3792]  ? __mutex_lock_common+0x45f/0x26e0
[  114.585669][ T3792]  should_fail_ex+0x395/0x4c0
[  114.590353][ T3792]  ? hfs_find_init+0x8b/0x1e0
[  114.595045][ T3792]  should_failslab+0x5/0x20
[  114.599538][ T3792]  __kmem_cache_alloc_node+0x69/0x310
[  114.604901][ T3792]  ? rcu_lock_release+0x5/0x20
[  114.609660][ T3792]  ? hfs_find_init+0x8b/0x1e0
[  114.614344][ T3792]  __kmalloc+0x9e/0x1a0
[  114.618525][ T3792]  hfs_find_init+0x8b/0x1e0
[  114.623054][ T3792]  hfs_extend_file+0x2f8/0x1420
[  114.627891][ T3792]  ? xas_find+0x937/0xa60
[  114.632322][ T3792]  ? hfs_get_block+0xbb0/0xbb0
[  114.637093][ T3792]  ? filemap_get_folios+0x557/0x830
[  114.642359][ T3792]  ? find_lock_entries+0xf60/0xf60
[  114.647478][ T3792]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  114.653382][ T3792]  hfs_get_block+0x3fc/0xbb0
[  114.657984][ T3792]  ? hfs_free_extents+0x420/0x420
[  114.663004][ T3792]  ? do_raw_spin_unlock+0x134/0x8a0
[  114.668208][ T3792]  ? create_page_buffers+0x244/0x4b0
[  114.673499][ T3792]  __block_write_begin_int+0x54c/0x1a80
[  114.679068][ T3792]  ? hfs_free_extents+0x420/0x420
[  114.684089][ T3792]  ? page_zero_new_buffers+0x940/0x940
[  114.689549][ T3792]  ? PageHeadHuge+0x8a/0x1d0
[  114.694145][ T3792]  ? hfs_free_extents+0x420/0x420
[  114.699164][ T3792]  block_write_begin+0x93/0x1e0
[  114.704015][ T3792]  ? cont_write_begin+0x5e5/0x860
[  114.709040][ T3792]  ? hfs_free_extents+0x420/0x420
[  114.714061][ T3792]  cont_write_begin+0x606/0x860
[  114.718921][ T3792]  ? fault_in_readable+0x1d5/0x310
[  114.724035][ T3792]  ? generic_cont_expand_simple+0x250/0x250
[  114.729926][ T3792]  ? fault_in_readable+0x219/0x310
[  114.735039][ T3792]  ? fault_in_safe_writeable+0x240/0x240
[  114.740679][ T3792]  hfs_write_begin+0x86/0xd0
[  114.745263][ T3792]  ? hfs_free_extents+0x420/0x420
[  114.750291][ T3792]  generic_perform_write+0x2e4/0x5e0
[  114.755588][ T3792]  ? __block_commit_write+0x420/0x420
[  114.760960][ T3792]  ? generic_file_direct_write+0x610/0x610
[  114.766766][ T3792]  ? __file_remove_privs+0x6c0/0x6c0
[  114.772049][ T3792]  ? generic_write_checks+0x15c/0x1c0
[  114.777431][ T3792]  __generic_file_write_iter+0x176/0x400
[  114.783073][ T3792]  generic_file_write_iter+0xab/0x310
[  114.788448][ T3792]  vfs_write+0x7dc/0xc50
[  114.792701][ T3792]  ? file_end_write+0x230/0x230
[  114.797552][ T3792]  ? ptrace_stop+0x74d/0x970
[  114.802150][ T3792]  ? _raw_spin_unlock_irq+0x2a/0x40
[  114.807353][ T3792]  ? __fdget_pos+0x252/0x2e0
[  114.811948][ T3792]  ksys_write+0x177/0x2a0
[  114.816281][ T3792]  ? __ia32_sys_read+0x80/0x80
[  114.821048][ T3792]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  114.827027][ T3792]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  114.833008][ T3792]  do_syscall_64+0x3d/0xb0
[  114.837419][ T3792]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  114.843312][ T3792] RIP: 0033:0x7f0fa5191c89
[  114.847722][ T3792] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  114.867326][ T3792] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  114.875737][ T3792] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  114.883703][ T3792] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  114.891698][ T3792] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3792] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3792] exit_group(0)               = ?
[pid  3792] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3792, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./145", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./145", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./145/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./145/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./145/binderfs")                = 0
umount2("./145/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./145/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./145/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./145/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./145/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./145/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./145")                          = 0
mkdir("./146", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3793
./strace-static-x86_64: Process 3793 attached
[pid  3793] chdir("./146")              = 0
[pid  3793] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3793] setpgid(0, 0)               = 0
[pid  3793] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3793] write(3, "1000", 4)         = 4
[pid  3793] close(3)                    = 0
[pid  3793] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3793] memfd_create("syzkaller", 0) = 3
[pid  3793] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3793] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3793] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3793] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[  114.899663][ T3792] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  114.907629][ T3792] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000091
[  114.916130][ T3792]  </TASK>
[pid  3793] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3793] close(3)                    = 0
[pid  3793] mkdir("./file0", 0777)      = 0
[pid  3793] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3793] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3793] chdir("./file0")            = 0
[pid  3793] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3793] close(4)                    = 0
[pid  3793] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3793] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3793] write(5, "13", 2)           = 2
[  114.958614][ T3793] loop0: detected capacity change from 0 to 64
[  114.977706][ T3793] FAULT_INJECTION: forcing a failure.
[  114.977706][ T3793] name failslab, interval 1, probability 0, space 0, times 0
[  114.993030][ T3793] CPU: 0 PID: 3793 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  115.003466][ T3793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  115.013520][ T3793] Call Trace:
[  115.016804][ T3793]  <TASK>
[  115.019728][ T3793]  dump_stack_lvl+0x1b1/0x28e
[  115.024412][ T3793]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  115.029886][ T3793]  ? panic+0x710/0x710
[  115.033977][ T3793]  ? __might_sleep+0xc0/0xc0
[  115.038572][ T3793]  ? __mutex_lock_common+0x45f/0x26e0
[  115.043941][ T3793]  should_fail_ex+0x395/0x4c0
[  115.048612][ T3793]  ? hfs_find_init+0x8b/0x1e0
[  115.053299][ T3793]  should_failslab+0x5/0x20
[  115.057809][ T3793]  __kmem_cache_alloc_node+0x69/0x310
[  115.063170][ T3793]  ? rcu_lock_release+0x5/0x20
[  115.067948][ T3793]  ? hfs_find_init+0x8b/0x1e0
[  115.072637][ T3793]  __kmalloc+0x9e/0x1a0
[  115.076821][ T3793]  hfs_find_init+0x8b/0x1e0
[  115.081333][ T3793]  hfs_extend_file+0x2f8/0x1420
[  115.086185][ T3793]  ? xas_find+0x937/0xa60
[  115.090543][ T3793]  ? hfs_get_block+0xbb0/0xbb0
[  115.095313][ T3793]  ? filemap_get_folios+0x557/0x830
[  115.100503][ T3793]  ? find_lock_entries+0xf60/0xf60
[  115.105620][ T3793]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  115.111527][ T3793]  hfs_get_block+0x3fc/0xbb0
[  115.116115][ T3793]  ? hfs_free_extents+0x420/0x420
[  115.121123][ T3793]  ? do_raw_spin_unlock+0x134/0x8a0
[  115.126327][ T3793]  ? create_page_buffers+0x244/0x4b0
[  115.131639][ T3793]  __block_write_begin_int+0x54c/0x1a80
[  115.137236][ T3793]  ? hfs_free_extents+0x420/0x420
[  115.142278][ T3793]  ? page_zero_new_buffers+0x940/0x940
[  115.147729][ T3793]  ? PageHeadHuge+0x8a/0x1d0
[  115.152332][ T3793]  ? hfs_free_extents+0x420/0x420
[  115.157366][ T3793]  block_write_begin+0x93/0x1e0
[  115.162209][ T3793]  ? cont_write_begin+0x5e5/0x860
[  115.167226][ T3793]  ? hfs_free_extents+0x420/0x420
[  115.172240][ T3793]  cont_write_begin+0x606/0x860
[  115.177107][ T3793]  ? fault_in_readable+0x1d5/0x310
[  115.182241][ T3793]  ? generic_cont_expand_simple+0x250/0x250
[  115.188142][ T3793]  ? fault_in_readable+0x219/0x310
[  115.193274][ T3793]  ? fault_in_safe_writeable+0x240/0x240
[  115.198914][ T3793]  hfs_write_begin+0x86/0xd0
[  115.203497][ T3793]  ? hfs_free_extents+0x420/0x420
[  115.208530][ T3793]  generic_perform_write+0x2e4/0x5e0
[  115.213815][ T3793]  ? __block_commit_write+0x420/0x420
[  115.219187][ T3793]  ? generic_file_direct_write+0x610/0x610
[  115.225001][ T3793]  ? __file_remove_privs+0x6c0/0x6c0
[  115.230303][ T3793]  ? generic_write_checks+0x15c/0x1c0
[  115.235692][ T3793]  __generic_file_write_iter+0x176/0x400
[  115.241342][ T3793]  generic_file_write_iter+0xab/0x310
[  115.246719][ T3793]  vfs_write+0x7dc/0xc50
[  115.250981][ T3793]  ? file_end_write+0x230/0x230
[  115.255820][ T3793]  ? ptrace_stop+0x74d/0x970
[  115.260427][ T3793]  ? _raw_spin_unlock_irq+0x2a/0x40
[  115.265636][ T3793]  ? __fdget_pos+0x252/0x2e0
[  115.270219][ T3793]  ksys_write+0x177/0x2a0
[  115.274542][ T3793]  ? __ia32_sys_read+0x80/0x80
[  115.279296][ T3793]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  115.285280][ T3793]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  115.291258][ T3793]  do_syscall_64+0x3d/0xb0
[  115.295769][ T3793]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  115.301659][ T3793] RIP: 0033:0x7f0fa5191c89
[  115.306080][ T3793] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  115.325677][ T3793] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  115.334080][ T3793] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  115.342044][ T3793] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  115.350004][ T3793] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3793] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3793] exit_group(0)               = ?
[pid  3793] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3793, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./146", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./146", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./146/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./146/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./146/binderfs")                = 0
umount2("./146/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./146/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./146/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./146/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./146/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./146/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./146")                          = 0
mkdir("./147", 0777)                    = 0
[  115.357973][ T3793] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  115.365949][ T3793] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000092
[  115.373927][ T3793]  </TASK>
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3794
./strace-static-x86_64: Process 3794 attached
[pid  3794] chdir("./147")              = 0
[pid  3794] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3794] setpgid(0, 0)               = 0
[pid  3794] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3794] write(3, "1000", 4)         = 4
[pid  3794] close(3)                    = 0
[pid  3794] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3794] memfd_create("syzkaller", 0) = 3
[pid  3794] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3794] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3794] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3794] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3794] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3794] close(3)                    = 0
[pid  3794] mkdir("./file0", 0777)      = 0
[pid  3794] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3794] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3794] chdir("./file0")            = 0
[pid  3794] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3794] close(4)                    = 0
[pid  3794] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3794] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3794] write(5, "13", 2)           = 2
[  115.440440][ T3794] loop0: detected capacity change from 0 to 64
[  115.472042][ T3794] FAULT_INJECTION: forcing a failure.
[  115.472042][ T3794] name failslab, interval 1, probability 0, space 0, times 0
[  115.484953][ T3794] CPU: 1 PID: 3794 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  115.495373][ T3794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  115.505430][ T3794] Call Trace:
[  115.508703][ T3794]  <TASK>
[  115.511627][ T3794]  dump_stack_lvl+0x1b1/0x28e
[  115.516315][ T3794]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  115.521794][ T3794]  ? panic+0x710/0x710
[  115.525894][ T3794]  ? __might_sleep+0xc0/0xc0
[  115.530493][ T3794]  ? __mutex_lock_common+0x45f/0x26e0
[  115.535863][ T3794]  should_fail_ex+0x395/0x4c0
[  115.540536][ T3794]  ? hfs_find_init+0x8b/0x1e0
[  115.545220][ T3794]  should_failslab+0x5/0x20
[  115.549734][ T3794]  __kmem_cache_alloc_node+0x69/0x310
[  115.555103][ T3794]  ? hfs_find_init+0x8b/0x1e0
[  115.559771][ T3794]  __kmalloc+0x9e/0x1a0
[  115.563926][ T3794]  hfs_find_init+0x8b/0x1e0
[  115.568439][ T3794]  hfs_extend_file+0x2f8/0x1420
[  115.573309][ T3794]  ? hfs_get_block+0xbb0/0xbb0
[  115.578075][ T3794]  ? lru_cache_disable+0x30/0x30
[  115.583022][ T3794]  ? __might_sleep+0xc0/0xc0
[  115.587619][ T3794]  hfs_get_block+0x3fc/0xbb0
[  115.592220][ T3794]  ? hfs_free_extents+0x420/0x420
[  115.597240][ T3794]  ? do_raw_spin_unlock+0x134/0x8a0
[  115.602454][ T3794]  ? create_page_buffers+0x244/0x4b0
[  115.607742][ T3794]  __block_write_begin_int+0x54c/0x1a80
[  115.613302][ T3794]  ? hfs_free_extents+0x420/0x420
[  115.618315][ T3794]  ? page_zero_new_buffers+0x940/0x940
[  115.623776][ T3794]  ? PageHeadHuge+0x8a/0x1d0
[  115.628375][ T3794]  ? hfs_free_extents+0x420/0x420
[  115.633473][ T3794]  block_write_begin+0x93/0x1e0
[  115.638316][ T3794]  ? cont_write_begin+0x5e5/0x860
[  115.643333][ T3794]  ? hfs_free_extents+0x420/0x420
[  115.648367][ T3794]  cont_write_begin+0x606/0x860
[  115.653243][ T3794]  ? fault_in_readable+0x1d5/0x310
[  115.658349][ T3794]  ? generic_cont_expand_simple+0x250/0x250
[  115.664240][ T3794]  ? fault_in_readable+0x219/0x310
[  115.669347][ T3794]  ? fault_in_safe_writeable+0x240/0x240
[  115.674981][ T3794]  hfs_write_begin+0x86/0xd0
[  115.679560][ T3794]  ? hfs_free_extents+0x420/0x420
[  115.684578][ T3794]  generic_perform_write+0x2e4/0x5e0
[  115.689860][ T3794]  ? __block_commit_write+0x420/0x420
[  115.695235][ T3794]  ? generic_file_direct_write+0x610/0x610
[  115.701050][ T3794]  ? __file_remove_privs+0x6c0/0x6c0
[  115.706333][ T3794]  ? generic_write_checks+0x15c/0x1c0
[  115.711715][ T3794]  __generic_file_write_iter+0x176/0x400
[  115.717374][ T3794]  generic_file_write_iter+0xab/0x310
[  115.722752][ T3794]  vfs_write+0x7dc/0xc50
[  115.727015][ T3794]  ? file_end_write+0x230/0x230
[  115.731856][ T3794]  ? ptrace_stop+0x74d/0x970
[  115.736459][ T3794]  ? _raw_spin_unlock_irq+0x2a/0x40
[  115.741670][ T3794]  ? __fdget_pos+0x252/0x2e0
[  115.746260][ T3794]  ksys_write+0x177/0x2a0
[  115.750586][ T3794]  ? __ia32_sys_read+0x80/0x80
[  115.755347][ T3794]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  115.761408][ T3794]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  115.767384][ T3794]  do_syscall_64+0x3d/0xb0
[  115.771792][ T3794]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  115.777689][ T3794] RIP: 0033:0x7f0fa5191c89
[  115.782110][ T3794] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  115.801709][ T3794] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  115.810115][ T3794] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  115.818081][ T3794] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  115.826043][ T3794] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  115.834014][ T3794] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  3794] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3794] exit_group(0)               = ?
[pid  3794] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3794, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./147", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./147", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./147/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./147/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./147/binderfs")                = 0
umount2("./147/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./147/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./147/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./147/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./147/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./147/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./147")                          = 0
mkdir("./148", 0777)                    = 0
[  115.842012][ T3794] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000093
[  115.849986][ T3794]  </TASK>
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3795
./strace-static-x86_64: Process 3795 attached
[pid  3795] chdir("./148")              = 0
[pid  3795] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3795] setpgid(0, 0)               = 0
[pid  3795] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3795] write(3, "1000", 4)         = 4
[pid  3795] close(3)                    = 0
[pid  3795] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3795] memfd_create("syzkaller", 0) = 3
[pid  3795] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3795] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3795] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3795] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3795] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3795] close(3)                    = 0
[pid  3795] mkdir("./file0", 0777)      = 0
[pid  3795] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3795] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3795] chdir("./file0")            = 0
[pid  3795] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3795] close(4)                    = 0
[pid  3795] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3795] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3795] write(5, "13", 2)           = 2
[  115.898632][ T3795] loop0: detected capacity change from 0 to 64
[  115.917976][ T3795] FAULT_INJECTION: forcing a failure.
[  115.917976][ T3795] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  115.932372][ T3795] CPU: 0 PID: 3795 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  115.942813][ T3795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  115.952859][ T3795] Call Trace:
[  115.956129][ T3795]  <TASK>
[  115.959050][ T3795]  dump_stack_lvl+0x1b1/0x28e
[  115.963733][ T3795]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  115.969198][ T3795]  ? panic+0x710/0x710
[  115.973254][ T3795]  ? do_anonymous_page+0xd4a/0x1150
[  115.978447][ T3795]  ? mark_lock+0x9a/0x350
[  115.982768][ T3795]  should_fail_ex+0x395/0x4c0
[  115.987439][ T3795]  prepare_alloc_pages+0x1d7/0x5a0
[  115.992548][ T3795]  __alloc_pages+0x161/0x560
[  115.997134][ T3795]  ? zone_statistics+0x160/0x160
[  116.002080][ T3795]  ? rcu_lock_release+0x5/0x20
[  116.006852][ T3795]  ? alloc_pages+0x520/0x7b0
[  116.011429][ T3795]  ? xas_descend+0x1f3/0x400
[  116.016008][ T3795]  folio_alloc+0x1a/0x50
[  116.020246][ T3795]  filemap_alloc_folio+0x7e/0x1c0
[  116.025282][ T3795]  __filemap_get_folio+0x898/0x1260
[  116.030477][ T3795]  ? page_cache_prev_miss+0x4e0/0x4e0
[  116.035839][ T3795]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[  116.041808][ T3795]  ? print_irqtrace_events+0x220/0x220
[  116.047261][ T3795]  pagecache_get_page+0x28/0x260
[  116.052198][ T3795]  ? hfs_free_extents+0x420/0x420
[  116.057211][ T3795]  block_write_begin+0x2e/0x1e0
[  116.062053][ T3795]  ? cont_write_begin+0x5e5/0x860
[  116.067080][ T3795]  ? hfs_free_extents+0x420/0x420
[  116.072106][ T3795]  cont_write_begin+0x606/0x860
[  116.076955][ T3795]  ? fault_in_readable+0x1d5/0x310
[  116.082077][ T3795]  ? generic_cont_expand_simple+0x250/0x250
[  116.087980][ T3795]  ? fault_in_readable+0x219/0x310
[  116.093092][ T3795]  ? fault_in_safe_writeable+0x240/0x240
[  116.098752][ T3795]  hfs_write_begin+0x86/0xd0
[  116.103349][ T3795]  ? hfs_free_extents+0x420/0x420
[  116.108375][ T3795]  generic_perform_write+0x2e4/0x5e0
[  116.113689][ T3795]  ? __block_commit_write+0x420/0x420
[  116.119071][ T3795]  ? generic_file_direct_write+0x610/0x610
[  116.124880][ T3795]  ? __file_remove_privs+0x6c0/0x6c0
[  116.130181][ T3795]  ? generic_write_checks+0x15c/0x1c0
[  116.135578][ T3795]  __generic_file_write_iter+0x176/0x400
[  116.141236][ T3795]  generic_file_write_iter+0xab/0x310
[  116.146633][ T3795]  vfs_write+0x7dc/0xc50
[  116.150904][ T3795]  ? file_end_write+0x230/0x230
[  116.155762][ T3795]  ? ptrace_stop+0x74d/0x970
[  116.160351][ T3795]  ? _raw_spin_unlock_irq+0x2a/0x40
[  116.165567][ T3795]  ? __fdget_pos+0x252/0x2e0
[  116.170163][ T3795]  ksys_write+0x177/0x2a0
[  116.174506][ T3795]  ? __ia32_sys_read+0x80/0x80
[  116.179261][ T3795]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  116.185251][ T3795]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  116.191250][ T3795]  do_syscall_64+0x3d/0xb0
[  116.195659][ T3795]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  116.201539][ T3795] RIP: 0033:0x7f0fa5191c89
[  116.205948][ T3795] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  116.225559][ T3795] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  116.233960][ T3795] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  116.242093][ T3795] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid  3795] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3795] exit_group(0)               = ?
[pid  3795] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3795, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./148", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./148", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./148/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./148/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./148/binderfs")                = 0
umount2("./148/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./148/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./148/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./148/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./148/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./148/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./148")                          = 0
mkdir("./149", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3796
./strace-static-x86_64: Process 3796 attached
[pid  3796] chdir("./149")              = 0
[pid  3796] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3796] setpgid(0, 0)               = 0
[pid  3796] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3796] write(3, "1000", 4)         = 4
[pid  3796] close(3)                    = 0
[pid  3796] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3796] memfd_create("syzkaller", 0) = 3
[pid  3796] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3796] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3796] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3796] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[  116.250051][ T3795] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  116.258018][ T3795] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  116.266086][ T3795] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000094
[  116.274077][ T3795]  </TASK>
[pid  3796] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3796] close(3)                    = 0
[pid  3796] mkdir("./file0", 0777)      = 0
[pid  3796] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3796] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3796] chdir("./file0")            = 0
[pid  3796] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3796] close(4)                    = 0
[pid  3796] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3796] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3796] write(5, "13", 2)           = 2
[  116.326611][ T3796] loop0: detected capacity change from 0 to 64
[  116.355988][ T3796] FAULT_INJECTION: forcing a failure.
[  116.355988][ T3796] name failslab, interval 1, probability 0, space 0, times 0
[  116.368960][ T3796] CPU: 0 PID: 3796 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  116.379389][ T3796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  116.389450][ T3796] Call Trace:
[  116.392719][ T3796]  <TASK>
[  116.395640][ T3796]  dump_stack_lvl+0x1b1/0x28e
[  116.400315][ T3796]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  116.405768][ T3796]  ? panic+0x710/0x710
[  116.409836][ T3796]  ? __might_sleep+0xc0/0xc0
[  116.414412][ T3796]  ? __mutex_lock_common+0x45f/0x26e0
[  116.419781][ T3796]  should_fail_ex+0x395/0x4c0
[  116.424461][ T3796]  ? hfs_find_init+0x8b/0x1e0
[  116.429143][ T3796]  should_failslab+0x5/0x20
[  116.433650][ T3796]  __kmem_cache_alloc_node+0x69/0x310
[  116.439027][ T3796]  ? hfs_find_init+0x8b/0x1e0
[  116.443705][ T3796]  __kmalloc+0x9e/0x1a0
[  116.447868][ T3796]  hfs_find_init+0x8b/0x1e0
[  116.452377][ T3796]  hfs_extend_file+0x2f8/0x1420
[  116.457236][ T3796]  ? hfs_get_block+0xbb0/0xbb0
[  116.462001][ T3796]  ? lru_cache_disable+0x30/0x30
[  116.466937][ T3796]  ? __might_sleep+0xc0/0xc0
[  116.471544][ T3796]  hfs_get_block+0x3fc/0xbb0
[  116.476143][ T3796]  ? hfs_free_extents+0x420/0x420
[  116.481163][ T3796]  ? do_raw_spin_unlock+0x134/0x8a0
[  116.486368][ T3796]  ? create_page_buffers+0x244/0x4b0
[  116.491661][ T3796]  __block_write_begin_int+0x54c/0x1a80
[  116.497227][ T3796]  ? hfs_free_extents+0x420/0x420
[  116.502250][ T3796]  ? page_zero_new_buffers+0x940/0x940
[  116.507709][ T3796]  ? PageHeadHuge+0x8a/0x1d0
[  116.512308][ T3796]  ? hfs_free_extents+0x420/0x420
[  116.517330][ T3796]  block_write_begin+0x93/0x1e0
[  116.522181][ T3796]  ? cont_write_begin+0x5e5/0x860
[  116.527226][ T3796]  ? hfs_free_extents+0x420/0x420
[  116.532248][ T3796]  cont_write_begin+0x606/0x860
[  116.537108][ T3796]  ? fault_in_readable+0x1d5/0x310
[  116.542221][ T3796]  ? generic_cont_expand_simple+0x250/0x250
[  116.548115][ T3796]  ? fault_in_readable+0x219/0x310
[  116.553228][ T3796]  ? fault_in_safe_writeable+0x240/0x240
[  116.558869][ T3796]  hfs_write_begin+0x86/0xd0
[  116.563457][ T3796]  ? hfs_free_extents+0x420/0x420
[  116.568482][ T3796]  generic_perform_write+0x2e4/0x5e0
[  116.573773][ T3796]  ? __block_commit_write+0x420/0x420
[  116.579145][ T3796]  ? generic_file_direct_write+0x610/0x610
[  116.584949][ T3796]  ? __file_remove_privs+0x6c0/0x6c0
[  116.590237][ T3796]  ? generic_write_checks+0x15c/0x1c0
[  116.595618][ T3796]  __generic_file_write_iter+0x176/0x400
[  116.601254][ T3796]  generic_file_write_iter+0xab/0x310
[  116.606627][ T3796]  vfs_write+0x7dc/0xc50
[  116.610879][ T3796]  ? file_end_write+0x230/0x230
[  116.615730][ T3796]  ? ptrace_stop+0x74d/0x970
[  116.620329][ T3796]  ? _raw_spin_unlock_irq+0x2a/0x40
[  116.625532][ T3796]  ? __fdget_pos+0x252/0x2e0
[  116.630129][ T3796]  ksys_write+0x177/0x2a0
[  116.634461][ T3796]  ? __ia32_sys_read+0x80/0x80
[  116.639230][ T3796]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  116.645214][ T3796]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  116.651198][ T3796]  do_syscall_64+0x3d/0xb0
[  116.655612][ T3796]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  116.661500][ T3796] RIP: 0033:0x7f0fa5191c89
[  116.665910][ T3796] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  116.685510][ T3796] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  116.693922][ T3796] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  116.701890][ T3796] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  116.709855][ T3796] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  116.717821][ T3796] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  3796] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3796] exit_group(0)               = ?
[pid  3796] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3796, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./149", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./149", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./149/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./149/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./149/binderfs")                = 0
umount2("./149/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./149/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./149/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./149/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./149/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./149/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./149")                          = 0
mkdir("./150", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3797
./strace-static-x86_64: Process 3797 attached
[pid  3797] chdir("./150")              = 0
[pid  3797] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3797] setpgid(0, 0)               = 0
[pid  3797] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3797] write(3, "1000", 4)         = 4
[pid  3797] close(3)                    = 0
[pid  3797] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3797] memfd_create("syzkaller", 0) = 3
[pid  3797] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3797] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3797] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3797] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3797] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3797] close(3)                    = 0
[pid  3797] mkdir("./file0", 0777)      = 0
[pid  3797] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3797] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3797] chdir("./file0")            = 0
[pid  3797] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3797] close(4)                    = 0
[pid  3797] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3797] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3797] write(5, "13", 2)           = 2
[  116.725787][ T3796] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000095
[  116.733766][ T3796]  </TASK>
[  116.766438][ T3797] loop0: detected capacity change from 0 to 64
[  116.788495][ T3797] FAULT_INJECTION: forcing a failure.
[  116.788495][ T3797] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  116.806155][ T3797] CPU: 0 PID: 3797 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  116.816606][ T3797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  116.826655][ T3797] Call Trace:
[  116.829925][ T3797]  <TASK>
[  116.832849][ T3797]  dump_stack_lvl+0x1b1/0x28e
[  116.837520][ T3797]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  116.842970][ T3797]  ? panic+0x710/0x710
[  116.847026][ T3797]  ? do_anonymous_page+0xd4a/0x1150
[  116.852275][ T3797]  ? mark_lock+0x9a/0x350
[  116.856597][ T3797]  should_fail_ex+0x395/0x4c0
[  116.861285][ T3797]  prepare_alloc_pages+0x1d7/0x5a0
[  116.866415][ T3797]  __alloc_pages+0x161/0x560
[  116.871014][ T3797]  ? zone_statistics+0x160/0x160
[  116.875966][ T3797]  ? rcu_lock_release+0x5/0x20
[  116.880731][ T3797]  ? alloc_pages+0x520/0x7b0
[  116.885318][ T3797]  ? xas_descend+0x1f3/0x400
[  116.889900][ T3797]  folio_alloc+0x1a/0x50
[  116.894140][ T3797]  filemap_alloc_folio+0x7e/0x1c0
[  116.899171][ T3797]  __filemap_get_folio+0x898/0x1260
[  116.904364][ T3797]  ? page_cache_prev_miss+0x4e0/0x4e0
[  116.909734][ T3797]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[  116.915708][ T3797]  ? print_irqtrace_events+0x220/0x220
[  116.921160][ T3797]  pagecache_get_page+0x28/0x260
[  116.926117][ T3797]  ? hfs_free_extents+0x420/0x420
[  116.931149][ T3797]  block_write_begin+0x2e/0x1e0
[  116.935989][ T3797]  ? cont_write_begin+0x5e5/0x860
[  116.941014][ T3797]  ? hfs_free_extents+0x420/0x420
[  116.946045][ T3797]  cont_write_begin+0x606/0x860
[  116.950900][ T3797]  ? fault_in_readable+0x1d5/0x310
[  116.956042][ T3797]  ? generic_cont_expand_simple+0x250/0x250
[  116.961932][ T3797]  ? fault_in_readable+0x219/0x310
[  116.967033][ T3797]  ? fault_in_safe_writeable+0x240/0x240
[  116.972688][ T3797]  hfs_write_begin+0x86/0xd0
[  116.977287][ T3797]  ? hfs_free_extents+0x420/0x420
[  116.982314][ T3797]  generic_perform_write+0x2e4/0x5e0
[  116.987613][ T3797]  ? __block_commit_write+0x420/0x420
[  116.992982][ T3797]  ? generic_file_direct_write+0x610/0x610
[  116.998796][ T3797]  ? __file_remove_privs+0x6c0/0x6c0
[  117.004089][ T3797]  ? generic_write_checks+0x15c/0x1c0
[  117.009471][ T3797]  __generic_file_write_iter+0x176/0x400
[  117.015117][ T3797]  generic_file_write_iter+0xab/0x310
[  117.020498][ T3797]  vfs_write+0x7dc/0xc50
[  117.024752][ T3797]  ? file_end_write+0x230/0x230
[  117.029608][ T3797]  ? ptrace_stop+0x74d/0x970
[  117.034193][ T3797]  ? _raw_spin_unlock_irq+0x2a/0x40
[  117.039386][ T3797]  ? __fdget_pos+0x252/0x2e0
[  117.043981][ T3797]  ksys_write+0x177/0x2a0
[  117.048332][ T3797]  ? __ia32_sys_read+0x80/0x80
[  117.053105][ T3797]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  117.059088][ T3797]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  117.065079][ T3797]  do_syscall_64+0x3d/0xb0
[  117.069482][ T3797]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  117.075362][ T3797] RIP: 0033:0x7f0fa5191c89
[  117.079770][ T3797] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  117.099382][ T3797] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  117.107782][ T3797] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  117.115744][ T3797] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  117.123711][ T3797] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  117.131687][ T3797] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  3797] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3797] exit_group(0)               = ?
[pid  3797] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3797, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
umount2("./150", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./150", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./150/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./150/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./150/binderfs")                = 0
umount2("./150/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./150/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./150/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./150/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./150/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./150/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./150")                          = 0
mkdir("./151", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3798
./strace-static-x86_64: Process 3798 attached
[pid  3798] chdir("./151")              = 0
[pid  3798] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3798] setpgid(0, 0)               = 0
[pid  3798] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3798] write(3, "1000", 4)         = 4
[pid  3798] close(3)                    = 0
[pid  3798] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3798] memfd_create("syzkaller", 0) = 3
[pid  3798] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3798] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3798] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3798] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[  117.139643][ T3797] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000096
[  117.147616][ T3797]  </TASK>
[pid  3798] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3798] close(3)                    = 0
[pid  3798] mkdir("./file0", 0777)      = 0
[pid  3798] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3798] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3798] chdir("./file0")            = 0
[pid  3798] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3798] close(4)                    = 0
[pid  3798] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3798] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3798] write(5, "13", 2)           = 2
[  117.195335][ T3798] loop0: detected capacity change from 0 to 64
[  117.216229][ T3798] FAULT_INJECTION: forcing a failure.
[  117.216229][ T3798] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  117.235646][ T3798] CPU: 0 PID: 3798 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  117.246090][ T3798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  117.256138][ T3798] Call Trace:
[  117.259408][ T3798]  <TASK>
[  117.262329][ T3798]  dump_stack_lvl+0x1b1/0x28e
[  117.267016][ T3798]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  117.272493][ T3798]  ? panic+0x710/0x710
[  117.276568][ T3798]  ? do_anonymous_page+0xd4a/0x1150
[  117.281778][ T3798]  ? mark_lock+0x9a/0x350
[  117.286110][ T3798]  should_fail_ex+0x395/0x4c0
[  117.290796][ T3798]  prepare_alloc_pages+0x1d7/0x5a0
[  117.295927][ T3798]  __alloc_pages+0x161/0x560
[  117.300525][ T3798]  ? zone_statistics+0x160/0x160
[  117.305482][ T3798]  ? rcu_lock_release+0x5/0x20
[  117.310265][ T3798]  ? alloc_pages+0x520/0x7b0
[  117.314854][ T3798]  ? xas_descend+0x1f3/0x400
[  117.319451][ T3798]  folio_alloc+0x1a/0x50
[  117.323710][ T3798]  filemap_alloc_folio+0x7e/0x1c0
[  117.328745][ T3798]  __filemap_get_folio+0x898/0x1260
[  117.333951][ T3798]  ? page_cache_prev_miss+0x4e0/0x4e0
[  117.339338][ T3798]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[  117.345311][ T3798]  ? print_irqtrace_events+0x220/0x220
[  117.350763][ T3798]  pagecache_get_page+0x28/0x260
[  117.355707][ T3798]  ? hfs_free_extents+0x420/0x420
[  117.360723][ T3798]  block_write_begin+0x2e/0x1e0
[  117.365589][ T3798]  ? cont_write_begin+0x5e5/0x860
[  117.370623][ T3798]  ? hfs_free_extents+0x420/0x420
[  117.375661][ T3798]  cont_write_begin+0x606/0x860
[  117.380506][ T3798]  ? fault_in_readable+0x1d5/0x310
[  117.385621][ T3798]  ? generic_cont_expand_simple+0x250/0x250
[  117.391535][ T3798]  ? fault_in_readable+0x219/0x310
[  117.396652][ T3798]  ? fault_in_safe_writeable+0x240/0x240
[  117.402317][ T3798]  hfs_write_begin+0x86/0xd0
[  117.406918][ T3798]  ? hfs_free_extents+0x420/0x420
[  117.411952][ T3798]  generic_perform_write+0x2e4/0x5e0
[  117.417266][ T3798]  ? __block_commit_write+0x420/0x420
[  117.422633][ T3798]  ? generic_file_direct_write+0x610/0x610
[  117.428433][ T3798]  ? __file_remove_privs+0x6c0/0x6c0
[  117.433710][ T3798]  ? generic_write_checks+0x15c/0x1c0
[  117.439081][ T3798]  __generic_file_write_iter+0x176/0x400
[  117.444715][ T3798]  generic_file_write_iter+0xab/0x310
[  117.450082][ T3798]  vfs_write+0x7dc/0xc50
[  117.454323][ T3798]  ? file_end_write+0x230/0x230
[  117.459184][ T3798]  ? ptrace_stop+0x74d/0x970
[  117.463793][ T3798]  ? _raw_spin_unlock_irq+0x2a/0x40
[  117.469008][ T3798]  ? __fdget_pos+0x252/0x2e0
[  117.473605][ T3798]  ksys_write+0x177/0x2a0
[  117.477928][ T3798]  ? __ia32_sys_read+0x80/0x80
[  117.482693][ T3798]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  117.488691][ T3798]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  117.494673][ T3798]  do_syscall_64+0x3d/0xb0
[  117.499257][ T3798]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  117.505169][ T3798] RIP: 0033:0x7f0fa5191c89
[  117.509581][ T3798] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  117.529186][ T3798] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  117.537597][ T3798] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[pid  3798] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3798] exit_group(0)               = ?
[pid  3798] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3798, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./151", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./151", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./151/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./151/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./151/binderfs")                = 0
umount2("./151/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./151/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./151/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./151/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./151/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./151/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./151")                          = 0
mkdir("./152", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3799
./strace-static-x86_64: Process 3799 attached
[pid  3799] chdir("./152")              = 0
[pid  3799] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3799] setpgid(0, 0)               = 0
[pid  3799] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3799] write(3, "1000", 4)         = 4
[  117.545576][ T3798] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  117.553550][ T3798] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  117.561532][ T3798] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  117.569496][ T3798] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000097
[  117.577470][ T3798]  </TASK>
[pid  3799] close(3)                    = 0
[pid  3799] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3799] memfd_create("syzkaller", 0) = 3
[pid  3799] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3799] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3799] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3799] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3799] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3799] close(3)                    = 0
[pid  3799] mkdir("./file0", 0777)      = 0
[pid  3799] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3799] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3799] chdir("./file0")            = 0
[pid  3799] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3799] close(4)                    = 0
[pid  3799] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3799] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3799] write(5, "13", 2)           = 2
[  117.636930][ T3799] loop0: detected capacity change from 0 to 64
[  117.665863][ T3799] FAULT_INJECTION: forcing a failure.
[  117.665863][ T3799] name failslab, interval 1, probability 0, space 0, times 0
[  117.678559][ T3799] CPU: 1 PID: 3799 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  117.688977][ T3799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  117.699028][ T3799] Call Trace:
[  117.702311][ T3799]  <TASK>
[  117.705239][ T3799]  dump_stack_lvl+0x1b1/0x28e
[  117.709922][ T3799]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  117.715378][ T3799]  ? panic+0x710/0x710
[  117.719446][ T3799]  ? __might_sleep+0xc0/0xc0
[  117.724035][ T3799]  ? __mutex_lock_common+0x45f/0x26e0
[  117.729415][ T3799]  should_fail_ex+0x395/0x4c0
[  117.734096][ T3799]  ? hfs_find_init+0x8b/0x1e0
[  117.738782][ T3799]  should_failslab+0x5/0x20
[  117.743286][ T3799]  __kmem_cache_alloc_node+0x69/0x310
[  117.748661][ T3799]  ? hfs_find_init+0x8b/0x1e0
[  117.753341][ T3799]  __kmalloc+0x9e/0x1a0
[  117.757500][ T3799]  hfs_find_init+0x8b/0x1e0
[  117.762010][ T3799]  hfs_extend_file+0x2f8/0x1420
[  117.766867][ T3799]  ? hfs_get_block+0xbb0/0xbb0
[  117.771630][ T3799]  ? lru_cache_disable+0x30/0x30
[  117.776576][ T3799]  ? __might_sleep+0xc0/0xc0
[  117.781183][ T3799]  hfs_get_block+0x3fc/0xbb0
[  117.785782][ T3799]  ? hfs_free_extents+0x420/0x420
[  117.790807][ T3799]  ? do_raw_spin_unlock+0x134/0x8a0
[  117.796019][ T3799]  ? create_page_buffers+0x244/0x4b0
[  117.801312][ T3799]  __block_write_begin_int+0x54c/0x1a80
[  117.806877][ T3799]  ? hfs_free_extents+0x420/0x420
[  117.811896][ T3799]  ? page_zero_new_buffers+0x940/0x940
[  117.817362][ T3799]  ? PageHeadHuge+0x8a/0x1d0
[  117.821960][ T3799]  ? hfs_free_extents+0x420/0x420
[  117.826982][ T3799]  block_write_begin+0x93/0x1e0
[  117.831836][ T3799]  ? cont_write_begin+0x5e5/0x860
[  117.836862][ T3799]  ? hfs_free_extents+0x420/0x420
[  117.841882][ T3799]  cont_write_begin+0x606/0x860
[  117.846787][ T3799]  ? fault_in_readable+0x1d5/0x310
[  117.851903][ T3799]  ? generic_cont_expand_simple+0x250/0x250
[  117.857793][ T3799]  ? fault_in_readable+0x219/0x310
[  117.862905][ T3799]  ? fault_in_safe_writeable+0x240/0x240
[  117.868550][ T3799]  hfs_write_begin+0x86/0xd0
[  117.873140][ T3799]  ? hfs_free_extents+0x420/0x420
[  117.878174][ T3799]  generic_perform_write+0x2e4/0x5e0
[  117.883469][ T3799]  ? __block_commit_write+0x420/0x420
[  117.888844][ T3799]  ? generic_file_direct_write+0x610/0x610
[  117.894647][ T3799]  ? __file_remove_privs+0x6c0/0x6c0
[  117.899951][ T3799]  ? generic_write_checks+0x15c/0x1c0
[  117.905341][ T3799]  __generic_file_write_iter+0x176/0x400
[  117.911004][ T3799]  generic_file_write_iter+0xab/0x310
[  117.916390][ T3799]  vfs_write+0x7dc/0xc50
[  117.920649][ T3799]  ? file_end_write+0x230/0x230
[  117.925525][ T3799]  ? ptrace_stop+0x74d/0x970
[  117.930148][ T3799]  ? _raw_spin_unlock_irq+0x2a/0x40
[  117.935361][ T3799]  ? __fdget_pos+0x252/0x2e0
[  117.939965][ T3799]  ksys_write+0x177/0x2a0
[  117.944312][ T3799]  ? __ia32_sys_read+0x80/0x80
[  117.949096][ T3799]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  117.955083][ T3799]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  117.961064][ T3799]  do_syscall_64+0x3d/0xb0
[  117.965482][ T3799]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  117.971378][ T3799] RIP: 0033:0x7f0fa5191c89
[  117.975789][ T3799] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  117.995391][ T3799] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  118.003805][ T3799] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  118.011773][ T3799] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  118.019740][ T3799] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  118.027709][ T3799] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  3799] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3799] exit_group(0)               = ?
[pid  3799] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3799, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./152", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./152", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./152/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./152/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./152/binderfs")                = 0
umount2("./152/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./152/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./152/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./152/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./152/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./152/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./152")                          = 0
mkdir("./153", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3800
./strace-static-x86_64: Process 3800 attached
[pid  3800] chdir("./153")              = 0
[pid  3800] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3800] setpgid(0, 0)               = 0
[pid  3800] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3800] write(3, "1000", 4)         = 4
[pid  3800] close(3)                    = 0
[pid  3800] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3800] memfd_create("syzkaller", 0) = 3
[pid  3800] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3800] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3800] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3800] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[  118.035675][ T3799] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000098
[  118.043658][ T3799]  </TASK>
[pid  3800] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3800] close(3)                    = 0
[pid  3800] mkdir("./file0", 0777)      = 0
[pid  3800] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3800] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3800] chdir("./file0")            = 0
[pid  3800] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3800] close(4)                    = 0
[pid  3800] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3800] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3800] write(5, "13", 2)           = 2
[  118.090401][ T3800] loop0: detected capacity change from 0 to 64
[  118.092014][ T3640] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  118.118647][ T3800] FAULT_INJECTION: forcing a failure.
[  118.118647][ T3800] name failslab, interval 1, probability 0, space 0, times 0
[  118.131374][ T3800] CPU: 0 PID: 3800 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  118.141802][ T3800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  118.151847][ T3800] Call Trace:
[  118.155117][ T3800]  <TASK>
[  118.158037][ T3800]  dump_stack_lvl+0x1b1/0x28e
[  118.162724][ T3800]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  118.168195][ T3800]  ? panic+0x710/0x710
[  118.172270][ T3800]  ? __might_sleep+0xc0/0xc0
[  118.176856][ T3800]  ? __mutex_lock_common+0x45f/0x26e0
[  118.182239][ T3800]  should_fail_ex+0x395/0x4c0
[  118.186929][ T3800]  ? hfs_find_init+0x8b/0x1e0
[  118.191633][ T3800]  should_failslab+0x5/0x20
[  118.196131][ T3800]  __kmem_cache_alloc_node+0x69/0x310
[  118.201501][ T3800]  ? rcu_lock_release+0x5/0x20
[  118.206260][ T3800]  ? hfs_find_init+0x8b/0x1e0
[  118.210939][ T3800]  __kmalloc+0x9e/0x1a0
[  118.215120][ T3800]  hfs_find_init+0x8b/0x1e0
[  118.219638][ T3800]  hfs_extend_file+0x2f8/0x1420
[  118.224480][ T3800]  ? xas_find+0x937/0xa60
[  118.228839][ T3800]  ? hfs_get_block+0xbb0/0xbb0
[  118.233610][ T3800]  ? filemap_get_folios+0x557/0x830
[  118.238812][ T3800]  ? find_lock_entries+0xf60/0xf60
[  118.243920][ T3800]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  118.249824][ T3800]  hfs_get_block+0x3fc/0xbb0
[  118.254416][ T3800]  ? hfs_free_extents+0x420/0x420
[  118.259441][ T3800]  ? do_raw_spin_unlock+0x134/0x8a0
[  118.264666][ T3800]  ? create_page_buffers+0x244/0x4b0
[  118.269973][ T3800]  __block_write_begin_int+0x54c/0x1a80
[  118.275550][ T3800]  ? hfs_free_extents+0x420/0x420
[  118.280567][ T3800]  ? page_zero_new_buffers+0x940/0x940
[  118.286038][ T3800]  ? PageHeadHuge+0x8a/0x1d0
[  118.290633][ T3800]  ? hfs_free_extents+0x420/0x420
[  118.295658][ T3800]  block_write_begin+0x93/0x1e0
[  118.300521][ T3800]  ? cont_write_begin+0x5e5/0x860
[  118.305538][ T3800]  ? hfs_free_extents+0x420/0x420
[  118.310555][ T3800]  cont_write_begin+0x606/0x860
[  118.315434][ T3800]  ? fault_in_readable+0x1d5/0x310
[  118.320551][ T3800]  ? generic_cont_expand_simple+0x250/0x250
[  118.326454][ T3800]  ? fault_in_readable+0x219/0x310
[  118.331569][ T3800]  ? fault_in_safe_writeable+0x240/0x240
[  118.337214][ T3800]  hfs_write_begin+0x86/0xd0
[  118.341795][ T3800]  ? hfs_free_extents+0x420/0x420
[  118.346810][ T3800]  generic_perform_write+0x2e4/0x5e0
[  118.352107][ T3800]  ? __block_commit_write+0x420/0x420
[  118.357501][ T3800]  ? generic_file_direct_write+0x610/0x610
[  118.363316][ T3800]  ? __file_remove_privs+0x6c0/0x6c0
[  118.368604][ T3800]  ? generic_write_checks+0x15c/0x1c0
[  118.374005][ T3800]  __generic_file_write_iter+0x176/0x400
[  118.379674][ T3800]  generic_file_write_iter+0xab/0x310
[  118.385079][ T3800]  vfs_write+0x7dc/0xc50
[  118.389355][ T3800]  ? file_end_write+0x230/0x230
[  118.394214][ T3800]  ? ptrace_stop+0x74d/0x970
[  118.398804][ T3800]  ? _raw_spin_unlock_irq+0x2a/0x40
[  118.403999][ T3800]  ? __fdget_pos+0x252/0x2e0
[  118.408591][ T3800]  ksys_write+0x177/0x2a0
[  118.412955][ T3800]  ? __ia32_sys_read+0x80/0x80
[  118.417742][ T3800]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  118.423713][ T3800]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  118.429688][ T3800]  do_syscall_64+0x3d/0xb0
[  118.434093][ T3800]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  118.439976][ T3800] RIP: 0033:0x7f0fa5191c89
[  118.444379][ T3800] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  118.463984][ T3800] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  118.472398][ T3800] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  118.480375][ T3800] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid  3800] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3800] exit_group(0)               = ?
[pid  3800] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3800, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./153", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./153", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./153/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./153/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./153/binderfs")                = 0
umount2("./153/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./153/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./153/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./153/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./153/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./153/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./153")                          = 0
mkdir("./154", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
[  118.488351][ T3800] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  118.496398][ T3800] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  118.504357][ T3800] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000099
[  118.512330][ T3800]  </TASK>
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3801 attached
, child_tidptr=0x555555b7f5d0) = 3801
[pid  3801] chdir("./154")              = 0
[pid  3801] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3801] setpgid(0, 0)               = 0
[pid  3801] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3801] write(3, "1000", 4)         = 4
[pid  3801] close(3)                    = 0
[pid  3801] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3801] memfd_create("syzkaller", 0) = 3
[pid  3801] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3801] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3801] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3801] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3801] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3801] close(3)                    = 0
[pid  3801] mkdir("./file0", 0777)      = 0
[pid  3801] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3801] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3801] chdir("./file0")            = 0
[pid  3801] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3801] close(4)                    = 0
[pid  3801] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3801] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3801] write(5, "13", 2)           = 2
[  118.574154][ T3801] loop0: detected capacity change from 0 to 64
[  118.602715][ T3801] FAULT_INJECTION: forcing a failure.
[  118.602715][ T3801] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  118.616039][ T3801] CPU: 1 PID: 3801 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  118.626461][ T3801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  118.636510][ T3801] Call Trace:
[  118.639780][ T3801]  <TASK>
[  118.642709][ T3801]  dump_stack_lvl+0x1b1/0x28e
[  118.647397][ T3801]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  118.652848][ T3801]  ? panic+0x710/0x710
[  118.656903][ T3801]  ? do_anonymous_page+0xd4a/0x1150
[  118.662110][ T3801]  ? mark_lock+0x9a/0x350
[  118.666449][ T3801]  should_fail_ex+0x395/0x4c0
[  118.671120][ T3801]  prepare_alloc_pages+0x1d7/0x5a0
[  118.676228][ T3801]  __alloc_pages+0x161/0x560
[  118.680825][ T3801]  ? zone_statistics+0x160/0x160
[  118.685774][ T3801]  ? rcu_lock_release+0x5/0x20
[  118.690527][ T3801]  ? alloc_pages+0x520/0x7b0
[  118.695120][ T3801]  ? xas_descend+0x1f3/0x400
[  118.699721][ T3801]  folio_alloc+0x1a/0x50
[  118.703955][ T3801]  filemap_alloc_folio+0x7e/0x1c0
[  118.708972][ T3801]  __filemap_get_folio+0x898/0x1260
[  118.714176][ T3801]  ? page_cache_prev_miss+0x4e0/0x4e0
[  118.719565][ T3801]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[  118.725554][ T3801]  ? print_irqtrace_events+0x220/0x220
[  118.731025][ T3801]  pagecache_get_page+0x28/0x260
[  118.735979][ T3801]  ? hfs_free_extents+0x420/0x420
[  118.740999][ T3801]  block_write_begin+0x2e/0x1e0
[  118.745846][ T3801]  ? cont_write_begin+0x5e5/0x860
[  118.750872][ T3801]  ? hfs_free_extents+0x420/0x420
[  118.755901][ T3801]  cont_write_begin+0x606/0x860
[  118.760768][ T3801]  ? fault_in_readable+0x1d5/0x310
[  118.765884][ T3801]  ? generic_cont_expand_simple+0x250/0x250
[  118.771773][ T3801]  ? fault_in_readable+0x219/0x310
[  118.776875][ T3801]  ? fault_in_safe_writeable+0x240/0x240
[  118.782509][ T3801]  hfs_write_begin+0x86/0xd0
[  118.787086][ T3801]  ? hfs_free_extents+0x420/0x420
[  118.792100][ T3801]  generic_perform_write+0x2e4/0x5e0
[  118.797420][ T3801]  ? __block_commit_write+0x420/0x420
[  118.802821][ T3801]  ? generic_file_direct_write+0x610/0x610
[  118.808648][ T3801]  ? __file_remove_privs+0x6c0/0x6c0
[  118.813942][ T3801]  ? generic_write_checks+0x15c/0x1c0
[  118.819347][ T3801]  __generic_file_write_iter+0x176/0x400
[  118.825013][ T3801]  generic_file_write_iter+0xab/0x310
[  118.830408][ T3801]  vfs_write+0x7dc/0xc50
[  118.834681][ T3801]  ? file_end_write+0x230/0x230
[  118.839541][ T3801]  ? ptrace_stop+0x74d/0x970
[  118.844149][ T3801]  ? _raw_spin_unlock_irq+0x2a/0x40
[  118.849360][ T3801]  ? __fdget_pos+0x252/0x2e0
[  118.853955][ T3801]  ksys_write+0x177/0x2a0
[  118.858301][ T3801]  ? __ia32_sys_read+0x80/0x80
[  118.863057][ T3801]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  118.869045][ T3801]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  118.875044][ T3801]  do_syscall_64+0x3d/0xb0
[  118.879452][ T3801]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  118.885333][ T3801] RIP: 0033:0x7f0fa5191c89
[  118.889747][ T3801] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  118.909360][ T3801] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  118.917763][ T3801] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[pid  3801] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3801] exit_group(0)               = ?
[pid  3801] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3801, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./154", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./154", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./154/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./154/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./154/binderfs")                = 0
umount2("./154/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./154/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./154/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./154/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./154/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./154/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./154")                          = 0
mkdir("./155", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3802
[  118.925727][ T3801] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  118.933696][ T3801] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  118.941671][ T3801] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  118.949628][ T3801] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000009a
[  118.957599][ T3801]  </TASK>
./strace-static-x86_64: Process 3802 attached
[pid  3802] chdir("./155")              = 0
[pid  3802] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3802] setpgid(0, 0)               = 0
[pid  3802] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3802] write(3, "1000", 4)         = 4
[pid  3802] close(3)                    = 0
[pid  3802] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3802] memfd_create("syzkaller", 0) = 3
[pid  3802] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3802] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3802] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3802] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3802] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3802] close(3)                    = 0
[pid  3802] mkdir("./file0", 0777)      = 0
[pid  3802] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3802] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3802] chdir("./file0")            = 0
[pid  3802] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3802] close(4)                    = 0
[pid  3802] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3802] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3802] write(5, "13", 2)           = 2
[pid  3802] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid  3802] exit_group(0)               = ?
[pid  3802] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3802, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./155", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./155", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./155/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./155/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./155/binderfs")                = 0
umount2("./155/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./155/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./155/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./155/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./155/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./155/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./155")                          = 0
mkdir("./156", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
[  119.016250][ T3802] loop0: detected capacity change from 0 to 64
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3803 attached
, child_tidptr=0x555555b7f5d0) = 3803
[pid  3803] chdir("./156")              = 0
[pid  3803] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3803] setpgid(0, 0)               = 0
[pid  3803] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3803] write(3, "1000", 4)         = 4
[pid  3803] close(3)                    = 0
[pid  3803] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3803] memfd_create("syzkaller", 0) = 3
[pid  3803] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3803] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3803] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3803] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3803] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3803] close(3)                    = 0
[pid  3803] mkdir("./file0", 0777)      = 0
[pid  3803] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3803] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3803] chdir("./file0")            = 0
[pid  3803] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3803] close(4)                    = 0
[pid  3803] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3803] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3803] write(5, "13", 2)           = 2
[  119.100751][ T3803] loop0: detected capacity change from 0 to 64
[  119.126265][ T3803] FAULT_INJECTION: forcing a failure.
[  119.126265][ T3803] name failslab, interval 1, probability 0, space 0, times 0
[  119.139141][ T3803] CPU: 1 PID: 3803 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  119.149580][ T3803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  119.159629][ T3803] Call Trace:
[  119.162912][ T3803]  <TASK>
[  119.165865][ T3803]  dump_stack_lvl+0x1b1/0x28e
[  119.170553][ T3803]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  119.176003][ T3803]  ? panic+0x710/0x710
[  119.180077][ T3803]  ? __might_sleep+0xc0/0xc0
[  119.184678][ T3803]  ? __mutex_lock_common+0x45f/0x26e0
[  119.190061][ T3803]  should_fail_ex+0x395/0x4c0
[  119.194747][ T3803]  ? hfs_find_init+0x8b/0x1e0
[  119.199434][ T3803]  should_failslab+0x5/0x20
[  119.203940][ T3803]  __kmem_cache_alloc_node+0x69/0x310
[  119.209312][ T3803]  ? rcu_lock_release+0x5/0x20
[  119.214098][ T3803]  ? hfs_find_init+0x8b/0x1e0
[  119.218791][ T3803]  __kmalloc+0x9e/0x1a0
[  119.222970][ T3803]  hfs_find_init+0x8b/0x1e0
[  119.227505][ T3803]  hfs_extend_file+0x2f8/0x1420
[  119.232358][ T3803]  ? xas_find+0x937/0xa60
[  119.236706][ T3803]  ? hfs_get_block+0xbb0/0xbb0
[  119.241480][ T3803]  ? filemap_get_folios+0x557/0x830
[  119.246692][ T3803]  ? find_lock_entries+0xf60/0xf60
[  119.251812][ T3803]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  119.257724][ T3803]  hfs_get_block+0x3fc/0xbb0
[  119.262339][ T3803]  ? hfs_free_extents+0x420/0x420
[  119.267372][ T3803]  ? do_raw_spin_unlock+0x134/0x8a0
[  119.272585][ T3803]  ? create_page_buffers+0x244/0x4b0
[  119.277986][ T3803]  __block_write_begin_int+0x54c/0x1a80
[  119.283580][ T3803]  ? hfs_free_extents+0x420/0x420
[  119.288613][ T3803]  ? page_zero_new_buffers+0x940/0x940
[  119.294081][ T3803]  ? PageHeadHuge+0x8a/0x1d0
[  119.298684][ T3803]  ? hfs_free_extents+0x420/0x420
[  119.303711][ T3803]  block_write_begin+0x93/0x1e0
[  119.308567][ T3803]  ? cont_write_begin+0x5e5/0x860
[  119.313599][ T3803]  ? hfs_free_extents+0x420/0x420
[  119.318628][ T3803]  cont_write_begin+0x606/0x860
[  119.323678][ T3803]  ? fault_in_readable+0x1d5/0x310
[  119.328822][ T3803]  ? generic_cont_expand_simple+0x250/0x250
[  119.334725][ T3803]  ? fault_in_readable+0x219/0x310
[  119.339860][ T3803]  ? fault_in_safe_writeable+0x240/0x240
[  119.345511][ T3803]  hfs_write_begin+0x86/0xd0
[  119.350103][ T3803]  ? hfs_free_extents+0x420/0x420
[  119.355148][ T3803]  generic_perform_write+0x2e4/0x5e0
[  119.360445][ T3803]  ? __block_commit_write+0x420/0x420
[  119.365824][ T3803]  ? generic_file_direct_write+0x610/0x610
[  119.371632][ T3803]  ? __file_remove_privs+0x6c0/0x6c0
[  119.376922][ T3803]  ? generic_write_checks+0x15c/0x1c0
[  119.382308][ T3803]  __generic_file_write_iter+0x176/0x400
[  119.387961][ T3803]  generic_file_write_iter+0xab/0x310
[  119.393345][ T3803]  vfs_write+0x7dc/0xc50
[  119.397599][ T3803]  ? file_end_write+0x230/0x230
[  119.402447][ T3803]  ? ptrace_stop+0x74d/0x970
[  119.407046][ T3803]  ? _raw_spin_unlock_irq+0x2a/0x40
[  119.412277][ T3803]  ? __fdget_pos+0x252/0x2e0
[  119.416874][ T3803]  ksys_write+0x177/0x2a0
[  119.421207][ T3803]  ? __ia32_sys_read+0x80/0x80
[  119.425972][ T3803]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  119.431953][ T3803]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  119.437939][ T3803]  do_syscall_64+0x3d/0xb0
[  119.442352][ T3803]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  119.448242][ T3803] RIP: 0033:0x7f0fa5191c89
[  119.452655][ T3803] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  119.472268][ T3803] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  119.480704][ T3803] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  119.488681][ T3803] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid  3803] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3803] exit_group(0)               = ?
[pid  3803] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3803, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./156", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./156", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./156/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./156/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./156/binderfs")                = 0
umount2("./156/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./156/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./156/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./156/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./156/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./156/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./156")                          = 0
mkdir("./157", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
[  119.496670][ T3803] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  119.504645][ T3803] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  119.512617][ T3803] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000009c
[  119.520613][ T3803]  </TASK>
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3804
./strace-static-x86_64: Process 3804 attached
[pid  3804] chdir("./157")              = 0
[pid  3804] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3804] setpgid(0, 0)               = 0
[pid  3804] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3804] write(3, "1000", 4)         = 4
[pid  3804] close(3)                    = 0
[pid  3804] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3804] memfd_create("syzkaller", 0) = 3
[pid  3804] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3804] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3804] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3804] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3804] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3804] close(3)                    = 0
[pid  3804] mkdir("./file0", 0777)      = 0
[pid  3804] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3804] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3804] chdir("./file0")            = 0
[pid  3804] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3804] close(4)                    = 0
[pid  3804] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3804] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3804] write(5, "13", 2)           = 2
[  119.584244][ T3804] loop0: detected capacity change from 0 to 64
[  119.616687][ T3804] FAULT_INJECTION: forcing a failure.
[  119.616687][ T3804] name failslab, interval 1, probability 0, space 0, times 0
[  119.629395][ T3804] CPU: 1 PID: 3804 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  119.639808][ T3804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  119.649874][ T3804] Call Trace:
[  119.653157][ T3804]  <TASK>
[  119.656089][ T3804]  dump_stack_lvl+0x1b1/0x28e
[  119.660770][ T3804]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  119.666237][ T3804]  ? panic+0x710/0x710
[  119.670314][ T3804]  ? __might_sleep+0xc0/0xc0
[  119.674906][ T3804]  ? __mutex_lock_common+0x45f/0x26e0
[  119.680294][ T3804]  should_fail_ex+0x395/0x4c0
[  119.684979][ T3804]  ? hfs_find_init+0x8b/0x1e0
[  119.689662][ T3804]  should_failslab+0x5/0x20
[  119.694166][ T3804]  __kmem_cache_alloc_node+0x69/0x310
[  119.699542][ T3804]  ? hfs_find_init+0x8b/0x1e0
[  119.704221][ T3804]  __kmalloc+0x9e/0x1a0
[  119.708384][ T3804]  hfs_find_init+0x8b/0x1e0
[  119.712892][ T3804]  hfs_extend_file+0x2f8/0x1420
[  119.717752][ T3804]  ? hfs_get_block+0xbb0/0xbb0
[  119.722515][ T3804]  ? lru_cache_disable+0x30/0x30
[  119.727450][ T3804]  ? __might_sleep+0xc0/0xc0
[  119.732053][ T3804]  hfs_get_block+0x3fc/0xbb0
[  119.736652][ T3804]  ? hfs_free_extents+0x420/0x420
[  119.741672][ T3804]  ? do_raw_spin_unlock+0x134/0x8a0
[  119.746878][ T3804]  ? create_page_buffers+0x244/0x4b0
[  119.752168][ T3804]  __block_write_begin_int+0x54c/0x1a80
[  119.757736][ T3804]  ? hfs_free_extents+0x420/0x420
[  119.762755][ T3804]  ? page_zero_new_buffers+0x940/0x940
[  119.768215][ T3804]  ? PageHeadHuge+0x8a/0x1d0
[  119.772818][ T3804]  ? hfs_free_extents+0x420/0x420
[  119.777840][ T3804]  block_write_begin+0x93/0x1e0
[  119.782689][ T3804]  ? cont_write_begin+0x5e5/0x860
[  119.787712][ T3804]  ? hfs_free_extents+0x420/0x420
[  119.792735][ T3804]  cont_write_begin+0x606/0x860
[  119.797594][ T3804]  ? fault_in_readable+0x1d5/0x310
[  119.802709][ T3804]  ? generic_cont_expand_simple+0x250/0x250
[  119.808600][ T3804]  ? fault_in_readable+0x219/0x310
[  119.813710][ T3804]  ? fault_in_safe_writeable+0x240/0x240
[  119.819350][ T3804]  hfs_write_begin+0x86/0xd0
[  119.823936][ T3804]  ? hfs_free_extents+0x420/0x420
[  119.828963][ T3804]  generic_perform_write+0x2e4/0x5e0
[  119.834258][ T3804]  ? __block_commit_write+0x420/0x420
[  119.839632][ T3804]  ? generic_file_direct_write+0x610/0x610
[  119.845440][ T3804]  ? __file_remove_privs+0x6c0/0x6c0
[  119.850726][ T3804]  ? generic_write_checks+0x15c/0x1c0
[  119.856106][ T3804]  __generic_file_write_iter+0x176/0x400
[  119.861744][ T3804]  generic_file_write_iter+0xab/0x310
[  119.867121][ T3804]  vfs_write+0x7dc/0xc50
[  119.871373][ T3804]  ? file_end_write+0x230/0x230
[  119.876219][ T3804]  ? ptrace_stop+0x74d/0x970
[  119.880826][ T3804]  ? _raw_spin_unlock_irq+0x2a/0x40
[  119.886027][ T3804]  ? __fdget_pos+0x252/0x2e0
[  119.890618][ T3804]  ksys_write+0x177/0x2a0
[  119.894948][ T3804]  ? __ia32_sys_read+0x80/0x80
[  119.899712][ T3804]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  119.905694][ T3804]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  119.911679][ T3804]  do_syscall_64+0x3d/0xb0
[  119.916095][ T3804]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  119.921982][ T3804] RIP: 0033:0x7f0fa5191c89
[  119.926394][ T3804] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  119.945996][ T3804] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  119.954407][ T3804] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  119.962373][ T3804] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  119.970338][ T3804] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3804] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3804] exit_group(0)               = ?
[pid  3804] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3804, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./157", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./157", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./157/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./157/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./157/binderfs")                = 0
umount2("./157/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./157/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./157/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./157/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./157/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./157/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./157")                          = 0
mkdir("./158", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
[  119.978322][ T3804] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  119.986294][ T3804] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000009d
[  119.994302][ T3804]  </TASK>
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3805
./strace-static-x86_64: Process 3805 attached
[pid  3805] chdir("./158")              = 0
[pid  3805] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3805] setpgid(0, 0)               = 0
[pid  3805] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3805] write(3, "1000", 4)         = 4
[pid  3805] close(3)                    = 0
[pid  3805] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3805] memfd_create("syzkaller", 0) = 3
[pid  3805] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3805] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3805] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3805] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3805] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3805] close(3)                    = 0
[pid  3805] mkdir("./file0", 0777)      = 0
[pid  3805] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3805] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3805] chdir("./file0")            = 0
[pid  3805] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3805] close(4)                    = 0
[pid  3805] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3805] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3805] write(5, "13", 2)           = 2
[  120.055065][ T3805] loop0: detected capacity change from 0 to 64
[  120.090328][ T3805] FAULT_INJECTION: forcing a failure.
[  120.090328][ T3805] name failslab, interval 1, probability 0, space 0, times 0
[  120.103878][ T3805] CPU: 0 PID: 3805 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  120.114300][ T3805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  120.124443][ T3805] Call Trace:
[  120.127726][ T3805]  <TASK>
[  120.130650][ T3805]  dump_stack_lvl+0x1b1/0x28e
[  120.135328][ T3805]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  120.140781][ T3805]  ? panic+0x710/0x710
[  120.144860][ T3805]  ? __might_sleep+0xc0/0xc0
[  120.149458][ T3805]  ? __mutex_lock_common+0x45f/0x26e0
[  120.154866][ T3805]  should_fail_ex+0x395/0x4c0
[  120.159558][ T3805]  ? hfs_find_init+0x8b/0x1e0
[  120.164231][ T3805]  should_failslab+0x5/0x20
[  120.168739][ T3805]  __kmem_cache_alloc_node+0x69/0x310
[  120.174134][ T3805]  ? hfs_find_init+0x8b/0x1e0
[  120.178822][ T3805]  __kmalloc+0x9e/0x1a0
[  120.182977][ T3805]  hfs_find_init+0x8b/0x1e0
[  120.187478][ T3805]  hfs_extend_file+0x2f8/0x1420
[  120.192348][ T3805]  ? hfs_get_block+0xbb0/0xbb0
[  120.197126][ T3805]  ? lru_cache_disable+0x30/0x30
[  120.202067][ T3805]  ? __might_sleep+0xc0/0xc0
[  120.206681][ T3805]  hfs_get_block+0x3fc/0xbb0
[  120.211271][ T3805]  ? hfs_free_extents+0x420/0x420
[  120.216284][ T3805]  ? do_raw_spin_unlock+0x134/0x8a0
[  120.221477][ T3805]  ? create_page_buffers+0x244/0x4b0
[  120.226809][ T3805]  __block_write_begin_int+0x54c/0x1a80
[  120.232405][ T3805]  ? hfs_free_extents+0x420/0x420
[  120.237433][ T3805]  ? page_zero_new_buffers+0x940/0x940
[  120.242892][ T3805]  ? PageHeadHuge+0x8a/0x1d0
[  120.247512][ T3805]  ? hfs_free_extents+0x420/0x420
[  120.252543][ T3805]  block_write_begin+0x93/0x1e0
[  120.257596][ T3805]  ? cont_write_begin+0x5e5/0x860
[  120.262623][ T3805]  ? hfs_free_extents+0x420/0x420
[  120.267654][ T3805]  cont_write_begin+0x606/0x860
[  120.272501][ T3805]  ? fault_in_readable+0x1d5/0x310
[  120.277618][ T3805]  ? generic_cont_expand_simple+0x250/0x250
[  120.283522][ T3805]  ? fault_in_readable+0x219/0x310
[  120.288635][ T3805]  ? fault_in_safe_writeable+0x240/0x240
[  120.294300][ T3805]  hfs_write_begin+0x86/0xd0
[  120.298901][ T3805]  ? hfs_free_extents+0x420/0x420
[  120.303935][ T3805]  generic_perform_write+0x2e4/0x5e0
[  120.309239][ T3805]  ? __block_commit_write+0x420/0x420
[  120.314632][ T3805]  ? generic_file_direct_write+0x610/0x610
[  120.320440][ T3805]  ? __file_remove_privs+0x6c0/0x6c0
[  120.325736][ T3805]  ? generic_write_checks+0x15c/0x1c0
[  120.331230][ T3805]  __generic_file_write_iter+0x176/0x400
[  120.336867][ T3805]  generic_file_write_iter+0xab/0x310
[  120.342258][ T3805]  vfs_write+0x7dc/0xc50
[  120.347364][ T3805]  ? file_end_write+0x230/0x230
[  120.352211][ T3805]  ? ptrace_stop+0x74d/0x970
[  120.356827][ T3805]  ? _raw_spin_unlock_irq+0x2a/0x40
[  120.362128][ T3805]  ? __fdget_pos+0x252/0x2e0
[  120.366735][ T3805]  ksys_write+0x177/0x2a0
[  120.371069][ T3805]  ? __ia32_sys_read+0x80/0x80
[  120.375830][ T3805]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  120.381814][ T3805]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  120.387806][ T3805]  do_syscall_64+0x3d/0xb0
[  120.392239][ T3805]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  120.398129][ T3805] RIP: 0033:0x7f0fa5191c89
[  120.402543][ T3805] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  120.422178][ T3805] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  120.430588][ T3805] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  120.438569][ T3805] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  120.446570][ T3805] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3805] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3805] exit_group(0)               = ?
[pid  3805] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3805, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./158", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./158", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./158/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./158/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./158/binderfs")                = 0
umount2("./158/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./158/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./158/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./158/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./158/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./158/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./158")                          = 0
mkdir("./159", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
[  120.454550][ T3805] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  120.462513][ T3805] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000009e
[  120.470485][ T3805]  </TASK>
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3806 attached
, child_tidptr=0x555555b7f5d0) = 3806
[pid  3806] chdir("./159")              = 0
[pid  3806] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3806] setpgid(0, 0)               = 0
[pid  3806] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3806] write(3, "1000", 4)         = 4
[pid  3806] close(3)                    = 0
[pid  3806] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3806] memfd_create("syzkaller", 0) = 3
[pid  3806] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3806] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3806] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3806] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3806] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3806] close(3)                    = 0
[pid  3806] mkdir("./file0", 0777)      = 0
[pid  3806] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3806] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3806] chdir("./file0")            = 0
[pid  3806] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3806] close(4)                    = 0
[pid  3806] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3806] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3806] write(5, "13", 2)           = 2
[  120.528927][ T3806] loop0: detected capacity change from 0 to 64
[  120.547523][ T3806] FAULT_INJECTION: forcing a failure.
[  120.547523][ T3806] name failslab, interval 1, probability 0, space 0, times 0
[  120.563844][ T3806] CPU: 0 PID: 3806 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  120.574279][ T3806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  120.584318][ T3806] Call Trace:
[  120.587580][ T3806]  <TASK>
[  120.590497][ T3806]  dump_stack_lvl+0x1b1/0x28e
[  120.595164][ T3806]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  120.600607][ T3806]  ? panic+0x710/0x710
[  120.604660][ T3806]  ? __might_sleep+0xc0/0xc0
[  120.609235][ T3806]  ? __mutex_lock_common+0x45f/0x26e0
[  120.614616][ T3806]  should_fail_ex+0x395/0x4c0
[  120.619329][ T3806]  ? hfs_find_init+0x8b/0x1e0
[  120.624018][ T3806]  should_failslab+0x5/0x20
[  120.628538][ T3806]  __kmem_cache_alloc_node+0x69/0x310
[  120.633922][ T3806]  ? rcu_lock_release+0x5/0x20
[  120.638699][ T3806]  ? hfs_find_init+0x8b/0x1e0
[  120.643365][ T3806]  __kmalloc+0x9e/0x1a0
[  120.647598][ T3806]  hfs_find_init+0x8b/0x1e0
[  120.652093][ T3806]  hfs_extend_file+0x2f8/0x1420
[  120.656936][ T3806]  ? xas_find+0x937/0xa60
[  120.661266][ T3806]  ? hfs_get_block+0xbb0/0xbb0
[  120.666014][ T3806]  ? filemap_get_folios+0x557/0x830
[  120.671205][ T3806]  ? find_lock_entries+0xf60/0xf60
[  120.676305][ T3806]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  120.682211][ T3806]  hfs_get_block+0x3fc/0xbb0
[  120.686820][ T3806]  ? hfs_free_extents+0x420/0x420
[  120.691827][ T3806]  ? do_raw_spin_unlock+0x134/0x8a0
[  120.697026][ T3806]  ? create_page_buffers+0x244/0x4b0
[  120.702305][ T3806]  __block_write_begin_int+0x54c/0x1a80
[  120.707857][ T3806]  ? hfs_free_extents+0x420/0x420
[  120.712875][ T3806]  ? page_zero_new_buffers+0x940/0x940
[  120.718336][ T3806]  ? PageHeadHuge+0x8a/0x1d0
[  120.722936][ T3806]  ? hfs_free_extents+0x420/0x420
[  120.727952][ T3806]  block_write_begin+0x93/0x1e0
[  120.732806][ T3806]  ? cont_write_begin+0x5e5/0x860
[  120.737818][ T3806]  ? hfs_free_extents+0x420/0x420
[  120.742840][ T3806]  cont_write_begin+0x606/0x860
[  120.747701][ T3806]  ? fault_in_readable+0x1d5/0x310
[  120.752804][ T3806]  ? generic_cont_expand_simple+0x250/0x250
[  120.758706][ T3806]  ? fault_in_readable+0x219/0x310
[  120.763818][ T3806]  ? fault_in_safe_writeable+0x240/0x240
[  120.769448][ T3806]  hfs_write_begin+0x86/0xd0
[  120.774024][ T3806]  ? hfs_free_extents+0x420/0x420
[  120.779038][ T3806]  generic_perform_write+0x2e4/0x5e0
[  120.784345][ T3806]  ? __block_commit_write+0x420/0x420
[  120.789739][ T3806]  ? generic_file_direct_write+0x610/0x610
[  120.795555][ T3806]  ? __file_remove_privs+0x6c0/0x6c0
[  120.800838][ T3806]  ? generic_write_checks+0x15c/0x1c0
[  120.806233][ T3806]  __generic_file_write_iter+0x176/0x400
[  120.811894][ T3806]  generic_file_write_iter+0xab/0x310
[  120.817285][ T3806]  vfs_write+0x7dc/0xc50
[  120.821552][ T3806]  ? file_end_write+0x230/0x230
[  120.826390][ T3806]  ? ptrace_stop+0x74d/0x970
[  120.830993][ T3806]  ? _raw_spin_unlock_irq+0x2a/0x40
[  120.836201][ T3806]  ? __fdget_pos+0x252/0x2e0
[  120.840791][ T3806]  ksys_write+0x177/0x2a0
[  120.845129][ T3806]  ? __ia32_sys_read+0x80/0x80
[  120.849899][ T3806]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  120.855877][ T3806]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  120.861849][ T3806]  do_syscall_64+0x3d/0xb0
[  120.866253][ T3806]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  120.872142][ T3806] RIP: 0033:0x7f0fa5191c89
[  120.876559][ T3806] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  120.896148][ T3806] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  120.904552][ T3806] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  120.912609][ T3806] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  120.920570][ T3806] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3806] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3806] exit_group(0)               = ?
[pid  3806] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3806, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./159", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./159", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./159/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./159/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./159/binderfs")                = 0
umount2("./159/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./159/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./159/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./159/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./159/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./159/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./159")                          = 0
mkdir("./160", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3807
./strace-static-x86_64: Process 3807 attached
[pid  3807] chdir("./160")              = 0
[pid  3807] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3807] setpgid(0, 0)               = 0
[pid  3807] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3807] write(3, "1000", 4)         = 4
[pid  3807] close(3)                    = 0
[pid  3807] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3807] memfd_create("syzkaller", 0) = 3
[pid  3807] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3807] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3807] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3807] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[  120.928539][ T3806] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  120.936539][ T3806] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000009f
[  120.944529][ T3806]  </TASK>
[pid  3807] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3807] close(3)                    = 0
[pid  3807] mkdir("./file0", 0777)      = 0
[pid  3807] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3807] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3807] chdir("./file0")            = 0
[pid  3807] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3807] close(4)                    = 0
[pid  3807] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3807] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3807] write(5, "13", 2)           = 2
[  120.977186][ T3807] loop0: detected capacity change from 0 to 64
[  120.980370][ T3640] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  121.006423][ T3807] FAULT_INJECTION: forcing a failure.
[  121.006423][ T3807] name failslab, interval 1, probability 0, space 0, times 0
[  121.019106][ T3807] CPU: 0 PID: 3807 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  121.029516][ T3807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  121.039585][ T3807] Call Trace:
[  121.042871][ T3807]  <TASK>
[  121.045791][ T3807]  dump_stack_lvl+0x1b1/0x28e
[  121.050460][ T3807]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  121.055905][ T3807]  ? panic+0x710/0x710
[  121.059961][ T3807]  ? __might_sleep+0xc0/0xc0
[  121.064536][ T3807]  ? __mutex_lock_common+0x45f/0x26e0
[  121.069901][ T3807]  should_fail_ex+0x395/0x4c0
[  121.074574][ T3807]  ? hfs_find_init+0x8b/0x1e0
[  121.079257][ T3807]  should_failslab+0x5/0x20
[  121.083763][ T3807]  __kmem_cache_alloc_node+0x69/0x310
[  121.089146][ T3807]  ? hfs_find_init+0x8b/0x1e0
[  121.093820][ T3807]  __kmalloc+0x9e/0x1a0
[  121.097979][ T3807]  hfs_find_init+0x8b/0x1e0
[  121.102483][ T3807]  hfs_extend_file+0x2f8/0x1420
[  121.107341][ T3807]  ? hfs_get_block+0xbb0/0xbb0
[  121.112105][ T3807]  ? lru_cache_disable+0x30/0x30
[  121.117038][ T3807]  ? __might_sleep+0xc0/0xc0
[  121.121663][ T3807]  hfs_get_block+0x3fc/0xbb0
[  121.126260][ T3807]  ? hfs_free_extents+0x420/0x420
[  121.131277][ T3807]  ? do_raw_spin_unlock+0x134/0x8a0
[  121.136566][ T3807]  ? create_page_buffers+0x244/0x4b0
[  121.141871][ T3807]  __block_write_begin_int+0x54c/0x1a80
[  121.147436][ T3807]  ? hfs_free_extents+0x420/0x420
[  121.152454][ T3807]  ? page_zero_new_buffers+0x940/0x940
[  121.157909][ T3807]  ? PageHeadHuge+0x8a/0x1d0
[  121.162502][ T3807]  ? hfs_free_extents+0x420/0x420
[  121.167518][ T3807]  block_write_begin+0x93/0x1e0
[  121.172368][ T3807]  ? cont_write_begin+0x5e5/0x860
[  121.177393][ T3807]  ? hfs_free_extents+0x420/0x420
[  121.182412][ T3807]  cont_write_begin+0x606/0x860
[  121.187269][ T3807]  ? fault_in_readable+0x1d5/0x310
[  121.192380][ T3807]  ? generic_cont_expand_simple+0x250/0x250
[  121.198305][ T3807]  ? fault_in_readable+0x219/0x310
[  121.203432][ T3807]  ? fault_in_safe_writeable+0x240/0x240
[  121.209078][ T3807]  hfs_write_begin+0x86/0xd0
[  121.213670][ T3807]  ? hfs_free_extents+0x420/0x420
[  121.218710][ T3807]  generic_perform_write+0x2e4/0x5e0
[  121.224012][ T3807]  ? __block_commit_write+0x420/0x420
[  121.229400][ T3807]  ? generic_file_direct_write+0x610/0x610
[  121.235209][ T3807]  ? __file_remove_privs+0x6c0/0x6c0
[  121.240493][ T3807]  ? generic_write_checks+0x15c/0x1c0
[  121.245874][ T3807]  __generic_file_write_iter+0x176/0x400
[  121.251517][ T3807]  generic_file_write_iter+0xab/0x310
[  121.256888][ T3807]  vfs_write+0x7dc/0xc50
[  121.261140][ T3807]  ? file_end_write+0x230/0x230
[  121.265986][ T3807]  ? ptrace_stop+0x74d/0x970
[  121.270582][ T3807]  ? _raw_spin_unlock_irq+0x2a/0x40
[  121.275784][ T3807]  ? __fdget_pos+0x252/0x2e0
[  121.280461][ T3807]  ksys_write+0x177/0x2a0
[  121.284796][ T3807]  ? __ia32_sys_read+0x80/0x80
[  121.289557][ T3807]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  121.295537][ T3807]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  121.301514][ T3807]  do_syscall_64+0x3d/0xb0
[  121.306017][ T3807]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  121.311904][ T3807] RIP: 0033:0x7f0fa5191c89
[  121.316315][ T3807] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  121.335919][ T3807] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  121.344325][ T3807] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  121.352310][ T3807] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  121.360302][ T3807] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  121.368268][ T3807] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  3807] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3807] exit_group(0)               = ?
[pid  3807] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3807, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./160", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./160", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./160/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./160/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./160/binderfs")                = 0
umount2("./160/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./160/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./160/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./160/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./160/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./160/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./160")                          = 0
mkdir("./161", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3808
./strace-static-x86_64: Process 3808 attached
[pid  3808] chdir("./161")              = 0
[pid  3808] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3808] setpgid(0, 0)               = 0
[pid  3808] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3808] write(3, "1000", 4)         = 4
[pid  3808] close(3)                    = 0
[pid  3808] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3808] memfd_create("syzkaller", 0) = 3
[pid  3808] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3808] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3808] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3808] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[  121.376229][ T3807] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000a0
[  121.384209][ T3807]  </TASK>
[pid  3808] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3808] close(3)                    = 0
[pid  3808] mkdir("./file0", 0777)      = 0
[pid  3808] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3808] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3808] chdir("./file0")            = 0
[pid  3808] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3808] close(4)                    = 0
[pid  3808] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3808] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3808] write(5, "13", 2)           = 2
[  121.431274][ T3808] loop0: detected capacity change from 0 to 64
[  121.453467][ T3808] FAULT_INJECTION: forcing a failure.
[  121.453467][ T3808] name failslab, interval 1, probability 0, space 0, times 0
[  121.466788][ T3808] CPU: 0 PID: 3808 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  121.477195][ T3808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  121.487410][ T3808] Call Trace:
[  121.490677][ T3808]  <TASK>
[  121.493595][ T3808]  dump_stack_lvl+0x1b1/0x28e
[  121.498261][ T3808]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  121.503700][ T3808]  ? panic+0x710/0x710
[  121.507753][ T3808]  ? __might_sleep+0xc0/0xc0
[  121.512324][ T3808]  ? __mutex_lock_common+0x45f/0x26e0
[  121.517685][ T3808]  should_fail_ex+0x395/0x4c0
[  121.522351][ T3808]  ? hfs_find_init+0x8b/0x1e0
[  121.527020][ T3808]  should_failslab+0x5/0x20
[  121.531534][ T3808]  __kmem_cache_alloc_node+0x69/0x310
[  121.536889][ T3808]  ? rcu_lock_release+0x5/0x20
[  121.541653][ T3808]  ? hfs_find_init+0x8b/0x1e0
[  121.546317][ T3808]  __kmalloc+0x9e/0x1a0
[  121.550469][ T3808]  hfs_find_init+0x8b/0x1e0
[  121.554962][ T3808]  hfs_extend_file+0x2f8/0x1420
[  121.559796][ T3808]  ? xas_find+0x937/0xa60
[  121.564116][ T3808]  ? hfs_get_block+0xbb0/0xbb0
[  121.568859][ T3808]  ? filemap_get_folios+0x557/0x830
[  121.574046][ T3808]  ? find_lock_entries+0xf60/0xf60
[  121.579145][ T3808]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  121.585038][ T3808]  hfs_get_block+0x3fc/0xbb0
[  121.589650][ T3808]  ? hfs_free_extents+0x420/0x420
[  121.594659][ T3808]  ? do_raw_spin_unlock+0x134/0x8a0
[  121.599852][ T3808]  ? create_page_buffers+0x244/0x4b0
[  121.605147][ T3808]  __block_write_begin_int+0x54c/0x1a80
[  121.610693][ T3808]  ? hfs_free_extents+0x420/0x420
[  121.615701][ T3808]  ? page_zero_new_buffers+0x940/0x940
[  121.621150][ T3808]  ? PageHeadHuge+0x8a/0x1d0
[  121.625728][ T3808]  ? hfs_free_extents+0x420/0x420
[  121.630735][ T3808]  block_write_begin+0x93/0x1e0
[  121.635576][ T3808]  ? cont_write_begin+0x5e5/0x860
[  121.640590][ T3808]  ? hfs_free_extents+0x420/0x420
[  121.645597][ T3808]  cont_write_begin+0x606/0x860
[  121.650440][ T3808]  ? fault_in_readable+0x1d5/0x310
[  121.655551][ T3808]  ? generic_cont_expand_simple+0x250/0x250
[  121.661430][ T3808]  ? fault_in_readable+0x219/0x310
[  121.666525][ T3808]  ? fault_in_safe_writeable+0x240/0x240
[  121.672150][ T3808]  hfs_write_begin+0x86/0xd0
[  121.676725][ T3808]  ? hfs_free_extents+0x420/0x420
[  121.681736][ T3808]  generic_perform_write+0x2e4/0x5e0
[  121.687013][ T3808]  ? __block_commit_write+0x420/0x420
[  121.692370][ T3808]  ? generic_file_direct_write+0x610/0x610
[  121.698162][ T3808]  ? __file_remove_privs+0x6c0/0x6c0
[  121.703433][ T3808]  ? generic_write_checks+0x15c/0x1c0
[  121.708794][ T3808]  __generic_file_write_iter+0x176/0x400
[  121.714417][ T3808]  generic_file_write_iter+0xab/0x310
[  121.719772][ T3808]  vfs_write+0x7dc/0xc50
[  121.724008][ T3808]  ? file_end_write+0x230/0x230
[  121.728841][ T3808]  ? ptrace_stop+0x74d/0x970
[  121.733423][ T3808]  ? _raw_spin_unlock_irq+0x2a/0x40
[  121.738612][ T3808]  ? __fdget_pos+0x252/0x2e0
[  121.743191][ T3808]  ksys_write+0x177/0x2a0
[  121.747510][ T3808]  ? __ia32_sys_read+0x80/0x80
[  121.752261][ T3808]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  121.758232][ T3808]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  121.764196][ T3808]  do_syscall_64+0x3d/0xb0
[  121.768596][ T3808]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  121.774475][ T3808] RIP: 0033:0x7f0fa5191c89
[  121.778872][ T3808] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  121.798547][ T3808] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  121.806943][ T3808] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  121.814897][ T3808] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  121.822852][ T3808] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3808] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3808] exit_group(0)               = ?
[pid  3808] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3808, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./161", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./161", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./161/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./161/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./161/binderfs")                = 0
umount2("./161/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./161/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./161/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./161/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./161/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./161/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./161")                          = 0
mkdir("./162", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3809
./strace-static-x86_64: Process 3809 attached
[pid  3809] chdir("./162")              = 0
[pid  3809] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3809] setpgid(0, 0)               = 0
[pid  3809] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3809] write(3, "1000", 4)         = 4
[pid  3809] close(3)                    = 0
[pid  3809] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3809] memfd_create("syzkaller", 0) = 3
[pid  3809] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3809] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[  121.830822][ T3808] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  121.838868][ T3808] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000a1
[  121.847011][ T3808]  </TASK>
[pid  3809] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3809] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3809] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3809] close(3)                    = 0
[pid  3809] mkdir("./file0", 0777)      = 0
[pid  3809] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3809] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3809] chdir("./file0")            = 0
[pid  3809] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3809] close(4)                    = 0
[pid  3809] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3809] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3809] write(5, "13", 2)           = 2
[  121.882214][ T3809] loop0: detected capacity change from 0 to 64
[  121.901597][ T3809] FAULT_INJECTION: forcing a failure.
[  121.901597][ T3809] name failslab, interval 1, probability 0, space 0, times 0
[  121.914430][ T3809] CPU: 1 PID: 3809 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  121.924864][ T3809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  121.934910][ T3809] Call Trace:
[  121.938180][ T3809]  <TASK>
[  121.941110][ T3809]  dump_stack_lvl+0x1b1/0x28e
[  121.945793][ T3809]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  121.951265][ T3809]  ? panic+0x710/0x710
[  121.955343][ T3809]  ? __might_sleep+0xc0/0xc0
[  121.959926][ T3809]  ? __mutex_lock_common+0x45f/0x26e0
[  121.965311][ T3809]  should_fail_ex+0x395/0x4c0
[  121.969991][ T3809]  ? hfs_find_init+0x8b/0x1e0
[  121.974679][ T3809]  should_failslab+0x5/0x20
[  121.979173][ T3809]  __kmem_cache_alloc_node+0x69/0x310
[  121.984537][ T3809]  ? hfs_find_init+0x8b/0x1e0
[  121.989206][ T3809]  __kmalloc+0x9e/0x1a0
[  121.993354][ T3809]  hfs_find_init+0x8b/0x1e0
[  121.997865][ T3809]  hfs_extend_file+0x2f8/0x1420
[  122.002728][ T3809]  ? hfs_get_block+0xbb0/0xbb0
[  122.007493][ T3809]  ? lru_cache_disable+0x30/0x30
[  122.012437][ T3809]  ? __might_sleep+0xc0/0xc0
[  122.017048][ T3809]  hfs_get_block+0x3fc/0xbb0
[  122.021657][ T3809]  ? hfs_free_extents+0x420/0x420
[  122.026676][ T3809]  ? do_raw_spin_unlock+0x134/0x8a0
[  122.031888][ T3809]  ? create_page_buffers+0x244/0x4b0
[  122.037174][ T3809]  __block_write_begin_int+0x54c/0x1a80
[  122.042725][ T3809]  ? hfs_free_extents+0x420/0x420
[  122.047736][ T3809]  ? page_zero_new_buffers+0x940/0x940
[  122.053182][ T3809]  ? PageHeadHuge+0x8a/0x1d0
[  122.057763][ T3809]  ? hfs_free_extents+0x420/0x420
[  122.062775][ T3809]  block_write_begin+0x93/0x1e0
[  122.067620][ T3809]  ? cont_write_begin+0x5e5/0x860
[  122.072641][ T3809]  ? hfs_free_extents+0x420/0x420
[  122.077672][ T3809]  cont_write_begin+0x606/0x860
[  122.082559][ T3809]  ? fault_in_readable+0x1d5/0x310
[  122.087665][ T3809]  ? generic_cont_expand_simple+0x250/0x250
[  122.093547][ T3809]  ? fault_in_readable+0x219/0x310
[  122.098649][ T3809]  ? fault_in_safe_writeable+0x240/0x240
[  122.104277][ T3809]  hfs_write_begin+0x86/0xd0
[  122.108857][ T3809]  ? hfs_free_extents+0x420/0x420
[  122.113870][ T3809]  generic_perform_write+0x2e4/0x5e0
[  122.119153][ T3809]  ? __block_commit_write+0x420/0x420
[  122.124526][ T3809]  ? generic_file_direct_write+0x610/0x610
[  122.130339][ T3809]  ? __file_remove_privs+0x6c0/0x6c0
[  122.135623][ T3809]  ? generic_write_checks+0x15c/0x1c0
[  122.141003][ T3809]  __generic_file_write_iter+0x176/0x400
[  122.146831][ T3809]  generic_file_write_iter+0xab/0x310
[  122.152265][ T3809]  vfs_write+0x7dc/0xc50
[  122.156513][ T3809]  ? file_end_write+0x230/0x230
[  122.161357][ T3809]  ? ptrace_stop+0x74d/0x970
[  122.165972][ T3809]  ? _raw_spin_unlock_irq+0x2a/0x40
[  122.171188][ T3809]  ? __fdget_pos+0x252/0x2e0
[  122.175783][ T3809]  ksys_write+0x177/0x2a0
[  122.180123][ T3809]  ? __ia32_sys_read+0x80/0x80
[  122.184878][ T3809]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  122.190862][ T3809]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  122.196853][ T3809]  do_syscall_64+0x3d/0xb0
[  122.201260][ T3809]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  122.207239][ T3809] RIP: 0033:0x7f0fa5191c89
[  122.211660][ T3809] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid  3809] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3809] exit_group(0)               = ?
[pid  3809] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3809, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./162", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./162", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./162/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./162/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./162/binderfs")                = 0
umount2("./162/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./162/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./162/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./162/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./162/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./162/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./162")                          = 0
mkdir("./163", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
[  122.231256][ T3809] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  122.239662][ T3809] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  122.247626][ T3809] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  122.255662][ T3809] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  122.263632][ T3809] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  122.271610][ T3809] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000a2
[  122.279754][ T3809]  </TASK>
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3810 attached
 <unfinished ...>
[pid  3810] chdir("./163" <unfinished ...>
[pid  3638] <... clone resumed>, child_tidptr=0x555555b7f5d0) = 3810
[pid  3810] <... chdir resumed>)        = 0
[pid  3810] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3810] setpgid(0, 0)               = 0
[pid  3810] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3810] write(3, "1000", 4)         = 4
[pid  3810] close(3)                    = 0
[pid  3810] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3810] memfd_create("syzkaller", 0) = 3
[pid  3810] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3810] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3810] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3810] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3810] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3810] close(3)                    = 0
[pid  3810] mkdir("./file0", 0777)      = 0
[pid  3810] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3810] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3810] chdir("./file0")            = 0
[pid  3810] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3810] close(4)                    = 0
[pid  3810] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3810] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3810] write(5, "13", 2)           = 2
[  122.327370][ T3810] loop0: detected capacity change from 0 to 64
[  122.352860][ T3810] FAULT_INJECTION: forcing a failure.
[  122.352860][ T3810] name failslab, interval 1, probability 0, space 0, times 0
[  122.365557][ T3810] CPU: 1 PID: 3810 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  122.375964][ T3810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  122.386016][ T3810] Call Trace:
[  122.389289][ T3810]  <TASK>
[  122.392217][ T3810]  dump_stack_lvl+0x1b1/0x28e
[  122.396901][ T3810]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  122.402358][ T3810]  ? panic+0x710/0x710
[  122.406431][ T3810]  ? __might_sleep+0xc0/0xc0
[  122.411020][ T3810]  ? __mutex_lock_common+0x45f/0x26e0
[  122.416401][ T3810]  should_fail_ex+0x395/0x4c0
[  122.421086][ T3810]  ? hfs_find_init+0x8b/0x1e0
[  122.425766][ T3810]  should_failslab+0x5/0x20
[  122.430274][ T3810]  __kmem_cache_alloc_node+0x69/0x310
[  122.435649][ T3810]  ? rcu_lock_release+0x5/0x20
[  122.440415][ T3810]  ? hfs_find_init+0x8b/0x1e0
[  122.445091][ T3810]  __kmalloc+0x9e/0x1a0
[  122.449250][ T3810]  hfs_find_init+0x8b/0x1e0
[  122.453761][ T3810]  hfs_extend_file+0x2f8/0x1420
[  122.458609][ T3810]  ? xas_find+0x937/0xa60
[  122.462963][ T3810]  ? hfs_get_block+0xbb0/0xbb0
[  122.467721][ T3810]  ? filemap_get_folios+0x557/0x830
[  122.472921][ T3810]  ? find_lock_entries+0xf60/0xf60
[  122.478038][ T3810]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  122.483940][ T3810]  hfs_get_block+0x3fc/0xbb0
[  122.488552][ T3810]  ? hfs_free_extents+0x420/0x420
[  122.493574][ T3810]  ? do_raw_spin_unlock+0x134/0x8a0
[  122.498784][ T3810]  ? create_page_buffers+0x244/0x4b0
[  122.504084][ T3810]  __block_write_begin_int+0x54c/0x1a80
[  122.509652][ T3810]  ? hfs_free_extents+0x420/0x420
[  122.514674][ T3810]  ? page_zero_new_buffers+0x940/0x940
[  122.520134][ T3810]  ? PageHeadHuge+0x8a/0x1d0
[  122.524814][ T3810]  ? hfs_free_extents+0x420/0x420
[  122.529845][ T3810]  block_write_begin+0x93/0x1e0
[  122.534697][ T3810]  ? cont_write_begin+0x5e5/0x860
[  122.539725][ T3810]  ? hfs_free_extents+0x420/0x420
[  122.544747][ T3810]  cont_write_begin+0x606/0x860
[  122.549610][ T3810]  ? fault_in_readable+0x1d5/0x310
[  122.554728][ T3810]  ? generic_cont_expand_simple+0x250/0x250
[  122.560625][ T3810]  ? fault_in_readable+0x219/0x310
[  122.565742][ T3810]  ? fault_in_safe_writeable+0x240/0x240
[  122.571381][ T3810]  hfs_write_begin+0x86/0xd0
[  122.575965][ T3810]  ? hfs_free_extents+0x420/0x420
[  122.580991][ T3810]  generic_perform_write+0x2e4/0x5e0
[  122.586288][ T3810]  ? __block_commit_write+0x420/0x420
[  122.591661][ T3810]  ? generic_file_direct_write+0x610/0x610
[  122.597468][ T3810]  ? __file_remove_privs+0x6c0/0x6c0
[  122.602758][ T3810]  ? generic_write_checks+0x15c/0x1c0
[  122.610047][ T3810]  __generic_file_write_iter+0x176/0x400
[  122.615686][ T3810]  generic_file_write_iter+0xab/0x310
[  122.621062][ T3810]  vfs_write+0x7dc/0xc50
[  122.625314][ T3810]  ? file_end_write+0x230/0x230
[  122.630163][ T3810]  ? ptrace_stop+0x74d/0x970
[  122.634761][ T3810]  ? _raw_spin_unlock_irq+0x2a/0x40
[  122.639967][ T3810]  ? __fdget_pos+0x252/0x2e0
[  122.644564][ T3810]  ksys_write+0x177/0x2a0
[  122.648904][ T3810]  ? __ia32_sys_read+0x80/0x80
[  122.653671][ T3810]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  122.659657][ T3810]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  122.665671][ T3810]  do_syscall_64+0x3d/0xb0
[  122.670086][ T3810]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  122.675995][ T3810] RIP: 0033:0x7f0fa5191c89
[  122.680410][ T3810] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  122.700011][ T3810] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  122.708423][ T3810] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  122.716402][ T3810] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid  3810] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3810] exit_group(0)               = ?
[pid  3810] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3810, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./163", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./163", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./163/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./163/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./163/binderfs")                = 0
umount2("./163/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./163/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./163/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./163/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./163/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./163/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./163")                          = 0
mkdir("./164", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3811
./strace-static-x86_64: Process 3811 attached
[pid  3811] chdir("./164")              = 0
[pid  3811] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3811] setpgid(0, 0)               = 0
[pid  3811] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3811] write(3, "1000", 4)         = 4
[pid  3811] close(3)                    = 0
[pid  3811] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3811] memfd_create("syzkaller", 0) = 3
[pid  3811] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[  122.724377][ T3810] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  122.732356][ T3810] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  122.740325][ T3810] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000a3
[  122.748308][ T3810]  </TASK>
[pid  3811] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3811] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3811] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3811] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3811] close(3)                    = 0
[pid  3811] mkdir("./file0", 0777)      = 0
[pid  3811] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3811] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3811] chdir("./file0")            = 0
[pid  3811] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3811] close(4)                    = 0
[pid  3811] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3811] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3811] write(5, "13", 2)           = 2
[  122.799895][ T3811] loop0: detected capacity change from 0 to 64
[  122.803859][ T3640] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  122.823473][ T3811] FAULT_INJECTION: forcing a failure.
[  122.823473][ T3811] name failslab, interval 1, probability 0, space 0, times 0
[  122.840182][ T3811] CPU: 0 PID: 3811 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  122.850625][ T3811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  122.860673][ T3811] Call Trace:
[  122.863957][ T3811]  <TASK>
[  122.866899][ T3811]  dump_stack_lvl+0x1b1/0x28e
[  122.871572][ T3811]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  122.877022][ T3811]  ? panic+0x710/0x710
[  122.881091][ T3811]  ? __might_sleep+0xc0/0xc0
[  122.885675][ T3811]  ? __mutex_lock_common+0x45f/0x26e0
[  122.891055][ T3811]  should_fail_ex+0x395/0x4c0
[  122.895751][ T3811]  ? hfs_find_init+0x8b/0x1e0
[  122.900426][ T3811]  should_failslab+0x5/0x20
[  122.904922][ T3811]  __kmem_cache_alloc_node+0x69/0x310
[  122.910286][ T3811]  ? rcu_lock_release+0x5/0x20
[  122.915054][ T3811]  ? hfs_find_init+0x8b/0x1e0
[  122.919776][ T3811]  __kmalloc+0x9e/0x1a0
[  122.923939][ T3811]  hfs_find_init+0x8b/0x1e0
[  122.928441][ T3811]  hfs_extend_file+0x2f8/0x1420
[  122.933284][ T3811]  ? xas_find+0x937/0xa60
[  122.937626][ T3811]  ? hfs_get_block+0xbb0/0xbb0
[  122.942394][ T3811]  ? filemap_get_folios+0x557/0x830
[  122.947626][ T3811]  ? find_lock_entries+0xf60/0xf60
[  122.952764][ T3811]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  122.958679][ T3811]  hfs_get_block+0x3fc/0xbb0
[  122.963294][ T3811]  ? hfs_free_extents+0x420/0x420
[  122.968314][ T3811]  ? do_raw_spin_unlock+0x134/0x8a0
[  122.973615][ T3811]  ? create_page_buffers+0x244/0x4b0
[  122.978895][ T3811]  __block_write_begin_int+0x54c/0x1a80
[  122.984448][ T3811]  ? hfs_free_extents+0x420/0x420
[  122.989463][ T3811]  ? page_zero_new_buffers+0x940/0x940
[  122.994916][ T3811]  ? PageHeadHuge+0x8a/0x1d0
[  122.999500][ T3811]  ? hfs_free_extents+0x420/0x420
[  123.004519][ T3811]  block_write_begin+0x93/0x1e0
[  123.009362][ T3811]  ? cont_write_begin+0x5e5/0x860
[  123.014379][ T3811]  ? hfs_free_extents+0x420/0x420
[  123.019398][ T3811]  cont_write_begin+0x606/0x860
[  123.024249][ T3811]  ? fault_in_readable+0x1d5/0x310
[  123.029353][ T3811]  ? generic_cont_expand_simple+0x250/0x250
[  123.035237][ T3811]  ? fault_in_readable+0x219/0x310
[  123.040342][ T3811]  ? fault_in_safe_writeable+0x240/0x240
[  123.045978][ T3811]  hfs_write_begin+0x86/0xd0
[  123.050560][ T3811]  ? hfs_free_extents+0x420/0x420
[  123.055603][ T3811]  generic_perform_write+0x2e4/0x5e0
[  123.060981][ T3811]  ? __block_commit_write+0x420/0x420
[  123.066377][ T3811]  ? generic_file_direct_write+0x610/0x610
[  123.072200][ T3811]  ? __file_remove_privs+0x6c0/0x6c0
[  123.077500][ T3811]  ? generic_write_checks+0x15c/0x1c0
[  123.082871][ T3811]  __generic_file_write_iter+0x176/0x400
[  123.088504][ T3811]  generic_file_write_iter+0xab/0x310
[  123.093876][ T3811]  vfs_write+0x7dc/0xc50
[  123.098121][ T3811]  ? file_end_write+0x230/0x230
[  123.102972][ T3811]  ? ptrace_stop+0x74d/0x970
[  123.107569][ T3811]  ? _raw_spin_unlock_irq+0x2a/0x40
[  123.112762][ T3811]  ? __fdget_pos+0x252/0x2e0
[  123.117348][ T3811]  ksys_write+0x177/0x2a0
[  123.121683][ T3811]  ? __ia32_sys_read+0x80/0x80
[  123.126452][ T3811]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  123.132441][ T3811]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  123.138420][ T3811]  do_syscall_64+0x3d/0xb0
[  123.142842][ T3811]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  123.148741][ T3811] RIP: 0033:0x7f0fa5191c89
[  123.153148][ T3811] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  123.172754][ T3811] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  123.181170][ T3811] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  123.189141][ T3811] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid  3811] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3811] exit_group(0)               = ?
[pid  3811] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3811, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./164", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./164", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./164/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./164/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./164/binderfs")                = 0
umount2("./164/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./164/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./164/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./164/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./164/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./164/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./164")                          = 0
mkdir("./165", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
[  123.197114][ T3811] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  123.205091][ T3811] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  123.213052][ T3811] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000a4
[  123.221024][ T3811]  </TASK>
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3812 attached
, child_tidptr=0x555555b7f5d0) = 3812
[pid  3812] chdir("./165")              = 0
[pid  3812] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3812] setpgid(0, 0)               = 0
[pid  3812] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3812] write(3, "1000", 4)         = 4
[pid  3812] close(3)                    = 0
[pid  3812] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3812] memfd_create("syzkaller", 0) = 3
[pid  3812] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3812] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3812] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3812] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3812] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3812] close(3)                    = 0
[pid  3812] mkdir("./file0", 0777)      = 0
[pid  3812] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3812] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3812] chdir("./file0")            = 0
[pid  3812] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3812] close(4)                    = 0
[pid  3812] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3812] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3812] write(5, "13", 2)           = 2
[  123.274086][ T3812] loop0: detected capacity change from 0 to 64
[  123.300561][ T3812] FAULT_INJECTION: forcing a failure.
[  123.300561][ T3812] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  123.313711][ T3812] CPU: 0 PID: 3812 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  123.324130][ T3812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  123.334179][ T3812] Call Trace:
[  123.337466][ T3812]  <TASK>
[  123.340402][ T3812]  dump_stack_lvl+0x1b1/0x28e
[  123.345076][ T3812]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  123.350525][ T3812]  ? panic+0x710/0x710
[  123.354583][ T3812]  ? hfs_free_extents+0x420/0x420
[  123.359606][ T3812]  ? PageHeadHuge+0x8a/0x1d0
[  123.364193][ T3812]  should_fail_ex+0x395/0x4c0
[  123.368864][ T3812]  copy_page_from_iter_atomic+0x217/0x1140
[  123.374703][ T3812]  ? generic_cont_expand_simple+0x250/0x250
[  123.380620][ T3812]  ? pipe_zero+0x200/0x200
[  123.385033][ T3812]  ? hfs_write_begin+0x86/0xd0
[  123.389790][ T3812]  ? hfs_free_extents+0x420/0x420
[  123.394804][ T3812]  ? hfs_write_begin+0x9e/0xd0
[  123.399575][ T3812]  generic_perform_write+0x35a/0x5e0
[  123.404887][ T3812]  ? __block_commit_write+0x420/0x420
[  123.410253][ T3812]  ? generic_file_direct_write+0x610/0x610
[  123.416060][ T3812]  ? __file_remove_privs+0x6c0/0x6c0
[  123.421356][ T3812]  ? generic_write_checks+0x15c/0x1c0
[  123.426726][ T3812]  __generic_file_write_iter+0x176/0x400
[  123.432358][ T3812]  generic_file_write_iter+0xab/0x310
[  123.437721][ T3812]  vfs_write+0x7dc/0xc50
[  123.441966][ T3812]  ? file_end_write+0x230/0x230
[  123.446808][ T3812]  ? ptrace_stop+0x74d/0x970
[  123.451393][ T3812]  ? _raw_spin_unlock_irq+0x2a/0x40
[  123.456586][ T3812]  ? __fdget_pos+0x252/0x2e0
[  123.461168][ T3812]  ksys_write+0x177/0x2a0
[  123.465491][ T3812]  ? __ia32_sys_read+0x80/0x80
[  123.470249][ T3812]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  123.476221][ T3812]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  123.482205][ T3812]  do_syscall_64+0x3d/0xb0
[  123.486626][ T3812]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  123.492507][ T3812] RIP: 0033:0x7f0fa5191c89
[  123.496910][ T3812] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  123.516525][ T3812] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid  3812] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid  3812] exit_group(0)               = ?
[pid  3812] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3812, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./165", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./165", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./165/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./165/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./165/binderfs")                = 0
umount2("./165/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./165/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./165/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./165/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./165/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./165/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./165")                          = 0
mkdir("./166", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3813
./strace-static-x86_64: Process 3813 attached
[pid  3813] chdir("./166")              = 0
[pid  3813] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3813] setpgid(0, 0)               = 0
[pid  3813] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[  123.524966][ T3812] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  123.532962][ T3812] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  123.540943][ T3812] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  123.548902][ T3812] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  123.556882][ T3812] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000a5
[  123.564880][ T3812]  </TASK>
[pid  3813] write(3, "1000", 4)         = 4
[pid  3813] close(3)                    = 0
[pid  3813] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3813] memfd_create("syzkaller", 0) = 3
[pid  3813] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3813] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3813] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3813] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3813] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3813] close(3)                    = 0
[pid  3813] mkdir("./file0", 0777)      = 0
[pid  3813] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3813] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3813] chdir("./file0")            = 0
[pid  3813] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3813] close(4)                    = 0
[pid  3813] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3813] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3813] write(5, "13", 2)           = 2
[  123.614691][ T3813] loop0: detected capacity change from 0 to 64
[  123.645004][ T3813] FAULT_INJECTION: forcing a failure.
[  123.645004][ T3813] name failslab, interval 1, probability 0, space 0, times 0
[  123.657726][ T3813] CPU: 1 PID: 3813 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  123.668146][ T3813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  123.678202][ T3813] Call Trace:
[  123.681483][ T3813]  <TASK>
[  123.684420][ T3813]  dump_stack_lvl+0x1b1/0x28e
[  123.689100][ T3813]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  123.694554][ T3813]  ? panic+0x710/0x710
[  123.698713][ T3813]  ? __might_sleep+0xc0/0xc0
[  123.703303][ T3813]  ? __mutex_lock_common+0x45f/0x26e0
[  123.708683][ T3813]  should_fail_ex+0x395/0x4c0
[  123.713362][ T3813]  ? hfs_find_init+0x8b/0x1e0
[  123.718043][ T3813]  should_failslab+0x5/0x20
[  123.722546][ T3813]  __kmem_cache_alloc_node+0x69/0x310
[  123.727925][ T3813]  ? hfs_find_init+0x8b/0x1e0
[  123.732606][ T3813]  __kmalloc+0x9e/0x1a0
[  123.736765][ T3813]  hfs_find_init+0x8b/0x1e0
[  123.741272][ T3813]  hfs_extend_file+0x2f8/0x1420
[  123.746130][ T3813]  ? hfs_get_block+0xbb0/0xbb0
[  123.750897][ T3813]  ? lru_cache_disable+0x30/0x30
[  123.755834][ T3813]  ? __might_sleep+0xc0/0xc0
[  123.760446][ T3813]  hfs_get_block+0x3fc/0xbb0
[  123.765050][ T3813]  ? hfs_free_extents+0x420/0x420
[  123.770073][ T3813]  ? do_raw_spin_unlock+0x134/0x8a0
[  123.775281][ T3813]  ? create_page_buffers+0x244/0x4b0
[  123.780572][ T3813]  __block_write_begin_int+0x54c/0x1a80
[  123.786140][ T3813]  ? hfs_free_extents+0x420/0x420
[  123.791160][ T3813]  ? page_zero_new_buffers+0x940/0x940
[  123.796620][ T3813]  ? PageHeadHuge+0x8a/0x1d0
[  123.801216][ T3813]  ? hfs_free_extents+0x420/0x420
[  123.806277][ T3813]  block_write_begin+0x93/0x1e0
[  123.811139][ T3813]  ? cont_write_begin+0x5e5/0x860
[  123.816174][ T3813]  ? hfs_free_extents+0x420/0x420
[  123.821212][ T3813]  cont_write_begin+0x606/0x860
[  123.826091][ T3813]  ? fault_in_readable+0x1d5/0x310
[  123.831217][ T3813]  ? generic_cont_expand_simple+0x250/0x250
[  123.837118][ T3813]  ? fault_in_readable+0x219/0x310
[  123.842239][ T3813]  ? fault_in_safe_writeable+0x240/0x240
[  123.847893][ T3813]  hfs_write_begin+0x86/0xd0
[  123.852502][ T3813]  ? hfs_free_extents+0x420/0x420
[  123.857552][ T3813]  generic_perform_write+0x2e4/0x5e0
[  123.862856][ T3813]  ? __block_commit_write+0x420/0x420
[  123.868248][ T3813]  ? generic_file_direct_write+0x610/0x610
[  123.874062][ T3813]  ? __file_remove_privs+0x6c0/0x6c0
[  123.879350][ T3813]  ? generic_write_checks+0x15c/0x1c0
[  123.884734][ T3813]  __generic_file_write_iter+0x176/0x400
[  123.890371][ T3813]  generic_file_write_iter+0xab/0x310
[  123.895749][ T3813]  vfs_write+0x7dc/0xc50
[  123.900003][ T3813]  ? file_end_write+0x230/0x230
[  123.904851][ T3813]  ? ptrace_stop+0x74d/0x970
[  123.909453][ T3813]  ? _raw_spin_unlock_irq+0x2a/0x40
[  123.914655][ T3813]  ? __fdget_pos+0x252/0x2e0
[  123.919248][ T3813]  ksys_write+0x177/0x2a0
[  123.923582][ T3813]  ? __ia32_sys_read+0x80/0x80
[  123.928346][ T3813]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  123.934329][ T3813]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  123.940326][ T3813]  do_syscall_64+0x3d/0xb0
[  123.944744][ T3813]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  123.950634][ T3813] RIP: 0033:0x7f0fa5191c89
[  123.955047][ T3813] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  123.974675][ T3813] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  123.983098][ T3813] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  123.991072][ T3813] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  123.999050][ T3813] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  124.007027][ T3813] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  3813] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3813] exit_group(0)               = ?
[pid  3813] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3813, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./166", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./166", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./166/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./166/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./166/binderfs")                = 0
umount2("./166/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./166/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./166/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./166/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./166/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./166/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./166")                          = 0
mkdir("./167", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3814
./strace-static-x86_64: Process 3814 attached
[pid  3814] chdir("./167")              = 0
[  124.015013][ T3813] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000a6
[  124.023014][ T3813]  </TASK>
[pid  3814] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3814] setpgid(0, 0)               = 0
[pid  3814] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3814] write(3, "1000", 4)         = 4
[pid  3814] close(3)                    = 0
[pid  3814] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3814] memfd_create("syzkaller", 0) = 3
[pid  3814] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3814] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3814] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3814] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3814] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3814] close(3)                    = 0
[pid  3814] mkdir("./file0", 0777)      = 0
[pid  3814] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3814] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3814] chdir("./file0")            = 0
[pid  3814] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3814] close(4)                    = 0
[pid  3814] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3814] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3814] write(5, "13", 2)           = 2
[  124.089609][ T3814] loop0: detected capacity change from 0 to 64
[  124.115416][ T3814] FAULT_INJECTION: forcing a failure.
[  124.115416][ T3814] name failslab, interval 1, probability 0, space 0, times 0
[  124.128078][ T3814] CPU: 1 PID: 3814 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  124.138492][ T3814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  124.148562][ T3814] Call Trace:
[  124.151875][ T3814]  <TASK>
[  124.154806][ T3814]  dump_stack_lvl+0x1b1/0x28e
[  124.159487][ T3814]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  124.164948][ T3814]  ? panic+0x710/0x710
[  124.169022][ T3814]  ? __might_sleep+0xc0/0xc0
[  124.173611][ T3814]  ? __mutex_lock_common+0x45f/0x26e0
[  124.178990][ T3814]  should_fail_ex+0x395/0x4c0
[  124.183669][ T3814]  ? hfs_find_init+0x8b/0x1e0
[  124.188349][ T3814]  should_failslab+0x5/0x20
[  124.192852][ T3814]  __kmem_cache_alloc_node+0x69/0x310
[  124.198220][ T3814]  ? rcu_lock_release+0x5/0x20
[  124.202994][ T3814]  ? hfs_find_init+0x8b/0x1e0
[  124.207671][ T3814]  __kmalloc+0x9e/0x1a0
[  124.211830][ T3814]  hfs_find_init+0x8b/0x1e0
[  124.216345][ T3814]  hfs_extend_file+0x2f8/0x1420
[  124.221196][ T3814]  ? xas_find+0x937/0xa60
[  124.225537][ T3814]  ? hfs_get_block+0xbb0/0xbb0
[  124.230293][ T3814]  ? filemap_get_folios+0x557/0x830
[  124.235495][ T3814]  ? find_lock_entries+0xf60/0xf60
[  124.240611][ T3814]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  124.246514][ T3814]  hfs_get_block+0x3fc/0xbb0
[  124.251113][ T3814]  ? hfs_free_extents+0x420/0x420
[  124.256134][ T3814]  ? do_raw_spin_unlock+0x134/0x8a0
[  124.261340][ T3814]  ? create_page_buffers+0x244/0x4b0
[  124.266631][ T3814]  __block_write_begin_int+0x54c/0x1a80
[  124.272201][ T3814]  ? hfs_free_extents+0x420/0x420
[  124.277219][ T3814]  ? page_zero_new_buffers+0x940/0x940
[  124.282678][ T3814]  ? PageHeadHuge+0x8a/0x1d0
[  124.287272][ T3814]  ? hfs_free_extents+0x420/0x420
[  124.292290][ T3814]  block_write_begin+0x93/0x1e0
[  124.297141][ T3814]  ? cont_write_begin+0x5e5/0x860
[  124.302165][ T3814]  ? hfs_free_extents+0x420/0x420
[  124.307190][ T3814]  cont_write_begin+0x606/0x860
[  124.312048][ T3814]  ? fault_in_readable+0x1d5/0x310
[  124.317164][ T3814]  ? generic_cont_expand_simple+0x250/0x250
[  124.323059][ T3814]  ? fault_in_readable+0x219/0x310
[  124.328170][ T3814]  ? fault_in_safe_writeable+0x240/0x240
[  124.333811][ T3814]  hfs_write_begin+0x86/0xd0
[  124.338400][ T3814]  ? hfs_free_extents+0x420/0x420
[  124.343429][ T3814]  generic_perform_write+0x2e4/0x5e0
[  124.348724][ T3814]  ? __block_commit_write+0x420/0x420
[  124.354096][ T3814]  ? generic_file_direct_write+0x610/0x610
[  124.359899][ T3814]  ? __file_remove_privs+0x6c0/0x6c0
[  124.365200][ T3814]  ? generic_write_checks+0x15c/0x1c0
[  124.370579][ T3814]  __generic_file_write_iter+0x176/0x400
[  124.376224][ T3814]  generic_file_write_iter+0xab/0x310
[  124.381599][ T3814]  vfs_write+0x7dc/0xc50
[  124.385849][ T3814]  ? file_end_write+0x230/0x230
[  124.390698][ T3814]  ? ptrace_stop+0x74d/0x970
[  124.395320][ T3814]  ? _raw_spin_unlock_irq+0x2a/0x40
[  124.400552][ T3814]  ? __fdget_pos+0x252/0x2e0
[  124.405166][ T3814]  ksys_write+0x177/0x2a0
[  124.409513][ T3814]  ? __ia32_sys_read+0x80/0x80
[  124.414281][ T3814]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  124.420281][ T3814]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  124.426261][ T3814]  do_syscall_64+0x3d/0xb0
[  124.430676][ T3814]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  124.436673][ T3814] RIP: 0033:0x7f0fa5191c89
[  124.441104][ T3814] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  124.460718][ T3814] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  124.469147][ T3814] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  124.477129][ T3814] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid  3814] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3814] exit_group(0)               = ?
[pid  3814] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3814, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./167", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./167", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./167/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./167/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./167/binderfs")                = 0
umount2("./167/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./167/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./167/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./167/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./167/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
[  124.485107][ T3814] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  124.493090][ T3814] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  124.501074][ T3814] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000a7
[  124.509089][ T3814]  </TASK>
close(4)                                = 0
rmdir("./167/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./167")                          = 0
mkdir("./168", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3815
./strace-static-x86_64: Process 3815 attached
[pid  3815] chdir("./168")              = 0
[pid  3815] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3815] setpgid(0, 0)               = 0
[pid  3815] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3815] write(3, "1000", 4)         = 4
[pid  3815] close(3)                    = 0
[pid  3815] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3815] memfd_create("syzkaller", 0) = 3
[pid  3815] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3815] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3815] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3815] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3815] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3815] close(3)                    = 0
[pid  3815] mkdir("./file0", 0777)      = 0
[pid  3815] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3815] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3815] chdir("./file0")            = 0
[pid  3815] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3815] close(4)                    = 0
[pid  3815] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3815] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3815] write(5, "13", 2)           = 2
[  124.579718][ T3815] loop0: detected capacity change from 0 to 64
[  124.613430][ T3815] FAULT_INJECTION: forcing a failure.
[  124.613430][ T3815] name failslab, interval 1, probability 0, space 0, times 0
[  124.626343][ T3815] CPU: 0 PID: 3815 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  124.636755][ T3815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  124.646806][ T3815] Call Trace:
[  124.650082][ T3815]  <TASK>
[  124.653004][ T3815]  dump_stack_lvl+0x1b1/0x28e
[  124.657692][ T3815]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  124.663164][ T3815]  ? panic+0x710/0x710
[  124.667250][ T3815]  ? __might_sleep+0xc0/0xc0
[  124.671858][ T3815]  ? __mutex_lock_common+0x45f/0x26e0
[  124.677232][ T3815]  should_fail_ex+0x395/0x4c0
[  124.681904][ T3815]  ? hfs_find_init+0x8b/0x1e0
[  124.686598][ T3815]  should_failslab+0x5/0x20
[  124.691117][ T3815]  __kmem_cache_alloc_node+0x69/0x310
[  124.696502][ T3815]  ? hfs_find_init+0x8b/0x1e0
[  124.701188][ T3815]  __kmalloc+0x9e/0x1a0
[  124.705339][ T3815]  hfs_find_init+0x8b/0x1e0
[  124.709840][ T3815]  hfs_extend_file+0x2f8/0x1420
[  124.714690][ T3815]  ? hfs_get_block+0xbb0/0xbb0
[  124.719450][ T3815]  ? lru_cache_disable+0x30/0x30
[  124.724379][ T3815]  ? __might_sleep+0xc0/0xc0
[  124.728973][ T3815]  hfs_get_block+0x3fc/0xbb0
[  124.733562][ T3815]  ? hfs_free_extents+0x420/0x420
[  124.738572][ T3815]  ? do_raw_spin_unlock+0x134/0x8a0
[  124.743766][ T3815]  ? create_page_buffers+0x244/0x4b0
[  124.749061][ T3815]  __block_write_begin_int+0x54c/0x1a80
[  124.754644][ T3815]  ? hfs_free_extents+0x420/0x420
[  124.759669][ T3815]  ? page_zero_new_buffers+0x940/0x940
[  124.765133][ T3815]  ? PageHeadHuge+0x8a/0x1d0
[  124.769729][ T3815]  ? hfs_free_extents+0x420/0x420
[  124.774754][ T3815]  block_write_begin+0x93/0x1e0
[  124.779608][ T3815]  ? cont_write_begin+0x5e5/0x860
[  124.784633][ T3815]  ? hfs_free_extents+0x420/0x420
[  124.789656][ T3815]  cont_write_begin+0x606/0x860
[  124.794522][ T3815]  ? fault_in_readable+0x1d5/0x310
[  124.799636][ T3815]  ? generic_cont_expand_simple+0x250/0x250
[  124.805525][ T3815]  ? fault_in_readable+0x219/0x310
[  124.810637][ T3815]  ? fault_in_safe_writeable+0x240/0x240
[  124.816284][ T3815]  hfs_write_begin+0x86/0xd0
[  124.820869][ T3815]  ? hfs_free_extents+0x420/0x420
[  124.825893][ T3815]  generic_perform_write+0x2e4/0x5e0
[  124.831186][ T3815]  ? __block_commit_write+0x420/0x420
[  124.836558][ T3815]  ? generic_file_direct_write+0x610/0x610
[  124.842362][ T3815]  ? __file_remove_privs+0x6c0/0x6c0
[  124.847649][ T3815]  ? generic_write_checks+0x15c/0x1c0
[  124.853031][ T3815]  __generic_file_write_iter+0x176/0x400
[  124.858670][ T3815]  generic_file_write_iter+0xab/0x310
[  124.864041][ T3815]  vfs_write+0x7dc/0xc50
[  124.868296][ T3815]  ? file_end_write+0x230/0x230
[  124.873143][ T3815]  ? ptrace_stop+0x74d/0x970
[  124.877742][ T3815]  ? _raw_spin_unlock_irq+0x2a/0x40
[  124.882944][ T3815]  ? __fdget_pos+0x252/0x2e0
[  124.887536][ T3815]  ksys_write+0x177/0x2a0
[  124.891867][ T3815]  ? __ia32_sys_read+0x80/0x80
[  124.896633][ T3815]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  124.902614][ T3815]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  124.908594][ T3815]  do_syscall_64+0x3d/0xb0
[  124.913007][ T3815]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  124.918898][ T3815] RIP: 0033:0x7f0fa5191c89
[  124.923394][ T3815] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  124.942994][ T3815] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  124.951436][ T3815] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  124.959403][ T3815] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  124.967367][ T3815] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3815] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3815] exit_group(0)               = ?
[pid  3815] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3815, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./168", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./168", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./168/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./168/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./168/binderfs")                = 0
umount2("./168/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./168/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./168/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./168/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./168/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./168/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./168")                          = 0
mkdir("./169", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3816
./strace-static-x86_64: Process 3816 attached
[  124.975333][ T3815] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  124.983319][ T3815] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000a8
[  124.991300][ T3815]  </TASK>
[pid  3816] chdir("./169")              = 0
[pid  3816] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3816] setpgid(0, 0)               = 0
[pid  3816] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3816] write(3, "1000", 4)         = 4
[pid  3816] close(3)                    = 0
[pid  3816] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3816] memfd_create("syzkaller", 0) = 3
[pid  3816] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3816] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3816] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3816] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3816] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3816] close(3)                    = 0
[pid  3816] mkdir("./file0", 0777)      = 0
[pid  3816] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3816] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3816] chdir("./file0")            = 0
[pid  3816] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3816] close(4)                    = 0
[pid  3816] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3816] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3816] write(5, "13", 2)           = 2
[  125.052473][ T3816] loop0: detected capacity change from 0 to 64
[  125.075182][ T3816] FAULT_INJECTION: forcing a failure.
[  125.075182][ T3816] name failslab, interval 1, probability 0, space 0, times 0
[  125.087918][ T3816] CPU: 0 PID: 3816 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  125.098402][ T3816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  125.108455][ T3816] Call Trace:
[  125.111734][ T3816]  <TASK>
[  125.114659][ T3816]  dump_stack_lvl+0x1b1/0x28e
[  125.119341][ T3816]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  125.124828][ T3816]  ? panic+0x710/0x710
[  125.128948][ T3816]  ? __might_sleep+0xc0/0xc0
[  125.133550][ T3816]  ? __mutex_lock_common+0x45f/0x26e0
[  125.138935][ T3816]  should_fail_ex+0x395/0x4c0
[  125.143626][ T3816]  ? hfs_find_init+0x8b/0x1e0
[  125.148304][ T3816]  should_failslab+0x5/0x20
[  125.152814][ T3816]  __kmem_cache_alloc_node+0x69/0x310
[  125.158279][ T3816]  ? rcu_lock_release+0x5/0x20
[  125.163056][ T3816]  ? hfs_find_init+0x8b/0x1e0
[  125.167735][ T3816]  __kmalloc+0x9e/0x1a0
[  125.171919][ T3816]  hfs_find_init+0x8b/0x1e0
[  125.176434][ T3816]  hfs_extend_file+0x2f8/0x1420
[  125.181274][ T3816]  ? xas_find+0x937/0xa60
[  125.185616][ T3816]  ? hfs_get_block+0xbb0/0xbb0
[  125.190388][ T3816]  ? filemap_get_folios+0x557/0x830
[  125.195600][ T3816]  ? find_lock_entries+0xf60/0xf60
[  125.200726][ T3816]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  125.206632][ T3816]  hfs_get_block+0x3fc/0xbb0
[  125.211246][ T3816]  ? hfs_free_extents+0x420/0x420
[  125.216265][ T3816]  ? do_raw_spin_unlock+0x134/0x8a0
[  125.221474][ T3816]  ? create_page_buffers+0x244/0x4b0
[  125.226766][ T3816]  __block_write_begin_int+0x54c/0x1a80
[  125.232330][ T3816]  ? hfs_free_extents+0x420/0x420
[  125.237347][ T3816]  ? page_zero_new_buffers+0x940/0x940
[  125.242823][ T3816]  ? PageHeadHuge+0x8a/0x1d0
[  125.247444][ T3816]  ? hfs_free_extents+0x420/0x420
[  125.252481][ T3816]  block_write_begin+0x93/0x1e0
[  125.257348][ T3816]  ? cont_write_begin+0x5e5/0x860
[  125.262379][ T3816]  ? hfs_free_extents+0x420/0x420
[  125.267418][ T3816]  cont_write_begin+0x606/0x860
[  125.272274][ T3816]  ? fault_in_readable+0x1d5/0x310
[  125.277389][ T3816]  ? generic_cont_expand_simple+0x250/0x250
[  125.283291][ T3816]  ? fault_in_readable+0x219/0x310
[  125.288404][ T3816]  ? fault_in_safe_writeable+0x240/0x240
[  125.294066][ T3816]  hfs_write_begin+0x86/0xd0
[  125.298664][ T3816]  ? hfs_free_extents+0x420/0x420
[  125.303696][ T3816]  generic_perform_write+0x2e4/0x5e0
[  125.309101][ T3816]  ? __block_commit_write+0x420/0x420
[  125.314489][ T3816]  ? generic_file_direct_write+0x610/0x610
[  125.320318][ T3816]  ? __file_remove_privs+0x6c0/0x6c0
[  125.325623][ T3816]  ? generic_write_checks+0x15c/0x1c0
[  125.331017][ T3816]  __generic_file_write_iter+0x176/0x400
[  125.336678][ T3816]  generic_file_write_iter+0xab/0x310
[  125.342072][ T3816]  vfs_write+0x7dc/0xc50
[  125.346344][ T3816]  ? file_end_write+0x230/0x230
[  125.351196][ T3816]  ? ptrace_stop+0x74d/0x970
[  125.355787][ T3816]  ? _raw_spin_unlock_irq+0x2a/0x40
[  125.360983][ T3816]  ? __fdget_pos+0x252/0x2e0
[  125.365576][ T3816]  ksys_write+0x177/0x2a0
[  125.369928][ T3816]  ? __ia32_sys_read+0x80/0x80
[  125.374703][ T3816]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  125.380769][ T3816]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  125.386760][ T3816]  do_syscall_64+0x3d/0xb0
[  125.391165][ T3816]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  125.397052][ T3816] RIP: 0033:0x7f0fa5191c89
[  125.401457][ T3816] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  125.421086][ T3816] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  125.429489][ T3816] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  125.437464][ T3816] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  125.445437][ T3816] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3816] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3816] exit_group(0)               = ?
[pid  3816] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3816, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./169", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./169", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./169/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./169/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./169/binderfs")                = 0
umount2("./169/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./169/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./169/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./169/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./169/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./169/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./169")                          = 0
mkdir("./170", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3817
./strace-static-x86_64: Process 3817 attached
[pid  3817] chdir("./170")              = 0
[pid  3817] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3817] setpgid(0, 0)               = 0
[pid  3817] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3817] write(3, "1000", 4)         = 4
[pid  3817] close(3)                    = 0
[pid  3817] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3817] memfd_create("syzkaller", 0) = 3
[pid  3817] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3817] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3817] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3817] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[  125.453419][ T3816] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  125.461375][ T3816] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000a9
[  125.469344][ T3816]  </TASK>
[pid  3817] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3817] close(3)                    = 0
[pid  3817] mkdir("./file0", 0777)      = 0
[pid  3817] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3817] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3817] chdir("./file0")            = 0
[pid  3817] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3817] close(4)                    = 0
[pid  3817] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3817] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3817] write(5, "13", 2)           = 2
[  125.513984][ T3817] loop0: detected capacity change from 0 to 64
[  125.544053][ T3817] FAULT_INJECTION: forcing a failure.
[  125.544053][ T3817] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  125.557512][ T3817] CPU: 1 PID: 3817 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  125.567946][ T3817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  125.577992][ T3817] Call Trace:
[  125.581267][ T3817]  <TASK>
[  125.584194][ T3817]  dump_stack_lvl+0x1b1/0x28e
[  125.588877][ T3817]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  125.594331][ T3817]  ? panic+0x710/0x710
[  125.598393][ T3817]  ? do_anonymous_page+0xd4a/0x1150
[  125.603590][ T3817]  ? mark_lock+0x9a/0x350
[  125.607917][ T3817]  should_fail_ex+0x395/0x4c0
[  125.612599][ T3817]  prepare_alloc_pages+0x1d7/0x5a0
[  125.617723][ T3817]  __alloc_pages+0x161/0x560
[  125.622319][ T3817]  ? zone_statistics+0x160/0x160
[  125.627269][ T3817]  ? rcu_lock_release+0x5/0x20
[  125.632032][ T3817]  ? alloc_pages+0x520/0x7b0
[  125.636616][ T3817]  ? xas_descend+0x1f3/0x400
[  125.641205][ T3817]  folio_alloc+0x1a/0x50
[  125.645459][ T3817]  filemap_alloc_folio+0x7e/0x1c0
[  125.650496][ T3817]  __filemap_get_folio+0x898/0x1260
[  125.655714][ T3817]  ? page_cache_prev_miss+0x4e0/0x4e0
[  125.661102][ T3817]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[  125.667086][ T3817]  ? print_irqtrace_events+0x220/0x220
[  125.672561][ T3817]  pagecache_get_page+0x28/0x260
[  125.677505][ T3817]  ? hfs_free_extents+0x420/0x420
[  125.682526][ T3817]  block_write_begin+0x2e/0x1e0
[  125.687381][ T3817]  ? cont_write_begin+0x5e5/0x860
[  125.692417][ T3817]  ? hfs_free_extents+0x420/0x420
[  125.697441][ T3817]  cont_write_begin+0x606/0x860
[  125.702300][ T3817]  ? fault_in_readable+0x1d5/0x310
[  125.707416][ T3817]  ? generic_cont_expand_simple+0x250/0x250
[  125.713313][ T3817]  ? fault_in_readable+0x219/0x310
[  125.718423][ T3817]  ? fault_in_safe_writeable+0x240/0x240
[  125.724058][ T3817]  hfs_write_begin+0x86/0xd0
[  125.728642][ T3817]  ? hfs_free_extents+0x420/0x420
[  125.733667][ T3817]  generic_perform_write+0x2e4/0x5e0
[  125.738960][ T3817]  ? __block_commit_write+0x420/0x420
[  125.744333][ T3817]  ? generic_file_direct_write+0x610/0x610
[  125.750136][ T3817]  ? __file_remove_privs+0x6c0/0x6c0
[  125.755423][ T3817]  ? generic_write_checks+0x15c/0x1c0
[  125.760803][ T3817]  __generic_file_write_iter+0x176/0x400
[  125.766442][ T3817]  generic_file_write_iter+0xab/0x310
[  125.771825][ T3817]  vfs_write+0x7dc/0xc50
[  125.776072][ T3817]  ? file_end_write+0x230/0x230
[  125.780916][ T3817]  ? ptrace_stop+0x74d/0x970
[  125.785598][ T3817]  ? _raw_spin_unlock_irq+0x2a/0x40
[  125.790803][ T3817]  ? __fdget_pos+0x252/0x2e0
[  125.795401][ T3817]  ksys_write+0x177/0x2a0
[  125.799733][ T3817]  ? __ia32_sys_read+0x80/0x80
[  125.804503][ T3817]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  125.810483][ T3817]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  125.816460][ T3817]  do_syscall_64+0x3d/0xb0
[  125.820872][ T3817]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  125.826845][ T3817] RIP: 0033:0x7f0fa5191c89
[  125.831256][ T3817] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  125.850854][ T3817] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid  3817] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3817] exit_group(0)               = ?
[pid  3817] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3817, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./170", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./170", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./170/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./170/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./170/binderfs")                = 0
umount2("./170/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./170/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./170/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./170/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./170/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./170/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./170")                          = 0
mkdir("./171", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3818
./strace-static-x86_64: Process 3818 attached
[pid  3818] chdir("./171")              = 0
[pid  3818] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3818] setpgid(0, 0)               = 0
[pid  3818] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3818] write(3, "1000", 4)         = 4
[pid  3818] close(3)                    = 0
[pid  3818] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3818] memfd_create("syzkaller", 0) = 3
[pid  3818] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3818] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3818] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3818] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[  125.859263][ T3817] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  125.867229][ T3817] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  125.875193][ T3817] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  125.883162][ T3817] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  125.891123][ T3817] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000aa
[  125.899105][ T3817]  </TASK>
[pid  3818] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3818] close(3)                    = 0
[pid  3818] mkdir("./file0", 0777)      = 0
[pid  3818] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3818] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3818] chdir("./file0")            = 0
[pid  3818] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3818] close(4)                    = 0
[pid  3818] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3818] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3818] write(5, "13", 2)           = 2
[  125.943643][ T3818] loop0: detected capacity change from 0 to 64
[  125.964932][ T3818] FAULT_INJECTION: forcing a failure.
[  125.964932][ T3818] name failslab, interval 1, probability 0, space 0, times 0
[  125.978802][ T3818] CPU: 1 PID: 3818 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  125.989248][ T3818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  125.999321][ T3818] Call Trace:
[  126.002604][ T3818]  <TASK>
[  126.005525][ T3818]  dump_stack_lvl+0x1b1/0x28e
[  126.010204][ T3818]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  126.015670][ T3818]  ? panic+0x710/0x710
[  126.019749][ T3818]  ? __might_sleep+0xc0/0xc0
[  126.024342][ T3818]  ? __mutex_lock_common+0x45f/0x26e0
[  126.029755][ T3818]  should_fail_ex+0x395/0x4c0
[  126.034454][ T3818]  ? hfs_find_init+0x8b/0x1e0
[  126.039145][ T3818]  should_failslab+0x5/0x20
[  126.043664][ T3818]  __kmem_cache_alloc_node+0x69/0x310
[  126.049041][ T3818]  ? rcu_lock_release+0x5/0x20
[  126.053811][ T3818]  ? hfs_find_init+0x8b/0x1e0
[  126.058499][ T3818]  __kmalloc+0x9e/0x1a0
[  126.062661][ T3818]  hfs_find_init+0x8b/0x1e0
[  126.067171][ T3818]  hfs_extend_file+0x2f8/0x1420
[  126.072019][ T3818]  ? xas_find+0x937/0xa60
[  126.076354][ T3818]  ? hfs_get_block+0xbb0/0xbb0
[  126.081113][ T3818]  ? filemap_get_folios+0x557/0x830
[  126.086317][ T3818]  ? find_lock_entries+0xf60/0xf60
[  126.091427][ T3818]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  126.097327][ T3818]  hfs_get_block+0x3fc/0xbb0
[  126.101925][ T3818]  ? hfs_free_extents+0x420/0x420
[  126.106946][ T3818]  ? do_raw_spin_unlock+0x134/0x8a0
[  126.112159][ T3818]  ? create_page_buffers+0x244/0x4b0
[  126.117457][ T3818]  __block_write_begin_int+0x54c/0x1a80
[  126.123052][ T3818]  ? hfs_free_extents+0x420/0x420
[  126.128090][ T3818]  ? page_zero_new_buffers+0x940/0x940
[  126.133558][ T3818]  ? PageHeadHuge+0x8a/0x1d0
[  126.138169][ T3818]  ? hfs_free_extents+0x420/0x420
[  126.143244][ T3818]  block_write_begin+0x93/0x1e0
[  126.148111][ T3818]  ? cont_write_begin+0x5e5/0x860
[  126.153140][ T3818]  ? hfs_free_extents+0x420/0x420
[  126.158175][ T3818]  cont_write_begin+0x606/0x860
[  126.163041][ T3818]  ? fault_in_readable+0x1d5/0x310
[  126.168159][ T3818]  ? generic_cont_expand_simple+0x250/0x250
[  126.174056][ T3818]  ? fault_in_readable+0x219/0x310
[  126.179171][ T3818]  ? fault_in_safe_writeable+0x240/0x240
[  126.184901][ T3818]  hfs_write_begin+0x86/0xd0
[  126.189502][ T3818]  ? hfs_free_extents+0x420/0x420
[  126.194547][ T3818]  generic_perform_write+0x2e4/0x5e0
[  126.199843][ T3818]  ? __block_commit_write+0x420/0x420
[  126.205229][ T3818]  ? generic_file_direct_write+0x610/0x610
[  126.211042][ T3818]  ? __file_remove_privs+0x6c0/0x6c0
[  126.216333][ T3818]  ? generic_write_checks+0x15c/0x1c0
[  126.221720][ T3818]  __generic_file_write_iter+0x176/0x400
[  126.227359][ T3818]  generic_file_write_iter+0xab/0x310
[  126.232736][ T3818]  vfs_write+0x7dc/0xc50
[  126.236988][ T3818]  ? file_end_write+0x230/0x230
[  126.241836][ T3818]  ? ptrace_stop+0x74d/0x970
[  126.246607][ T3818]  ? _raw_spin_unlock_irq+0x2a/0x40
[  126.251809][ T3818]  ? __fdget_pos+0x252/0x2e0
[  126.256401][ T3818]  ksys_write+0x177/0x2a0
[  126.260735][ T3818]  ? __ia32_sys_read+0x80/0x80
[  126.265496][ T3818]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  126.271474][ T3818]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  126.277456][ T3818]  do_syscall_64+0x3d/0xb0
[  126.281879][ T3818]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  126.287767][ T3818] RIP: 0033:0x7f0fa5191c89
[  126.292177][ T3818] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  126.311780][ T3818] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  126.320189][ T3818] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  126.328198][ T3818] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  126.336188][ T3818] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3818] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3818] exit_group(0)               = ?
[pid  3818] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3818, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./171", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./171", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./171/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./171/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./171/binderfs")                = 0
umount2("./171/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./171/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./171/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./171/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./171/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./171/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./171")                          = 0
mkdir("./172", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3819
./strace-static-x86_64: Process 3819 attached
[pid  3819] chdir("./172")              = 0
[pid  3819] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[  126.344173][ T3818] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  126.352155][ T3818] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000ab
[  126.360160][ T3818]  </TASK>
[pid  3819] setpgid(0, 0)               = 0
[pid  3819] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3819] write(3, "1000", 4)         = 4
[pid  3819] close(3)                    = 0
[pid  3819] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3819] memfd_create("syzkaller", 0) = 3
[pid  3819] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3819] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3819] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3819] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3819] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3819] close(3)                    = 0
[pid  3819] mkdir("./file0", 0777)      = 0
[pid  3819] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3819] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3819] chdir("./file0")            = 0
[pid  3819] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3819] close(4)                    = 0
[pid  3819] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3819] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3819] write(5, "13", 2)           = 2
[  126.421502][ T3819] loop0: detected capacity change from 0 to 64
[  126.450039][ T3819] FAULT_INJECTION: forcing a failure.
[  126.450039][ T3819] name failslab, interval 1, probability 0, space 0, times 0
[  126.463061][ T3819] CPU: 1 PID: 3819 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  126.473667][ T3819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  126.483812][ T3819] Call Trace:
[  126.487095][ T3819]  <TASK>
[  126.490016][ T3819]  dump_stack_lvl+0x1b1/0x28e
[  126.494702][ T3819]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  126.500204][ T3819]  ? panic+0x710/0x710
[  126.504291][ T3819]  ? __might_sleep+0xc0/0xc0
[  126.508885][ T3819]  ? __mutex_lock_common+0x45f/0x26e0
[  126.514253][ T3819]  should_fail_ex+0x395/0x4c0
[  126.518923][ T3819]  ? hfs_find_init+0x8b/0x1e0
[  126.523638][ T3819]  should_failslab+0x5/0x20
[  126.528151][ T3819]  __kmem_cache_alloc_node+0x69/0x310
[  126.533527][ T3819]  ? hfs_find_init+0x8b/0x1e0
[  126.538218][ T3819]  __kmalloc+0x9e/0x1a0
[  126.542370][ T3819]  hfs_find_init+0x8b/0x1e0
[  126.546871][ T3819]  hfs_extend_file+0x2f8/0x1420
[  126.551719][ T3819]  ? hfs_get_block+0xbb0/0xbb0
[  126.556520][ T3819]  ? lru_cache_disable+0x30/0x30
[  126.561447][ T3819]  ? __might_sleep+0xc0/0xc0
[  126.566038][ T3819]  hfs_get_block+0x3fc/0xbb0
[  126.570645][ T3819]  ? hfs_free_extents+0x420/0x420
[  126.575672][ T3819]  ? do_raw_spin_unlock+0x134/0x8a0
[  126.580874][ T3819]  ? create_page_buffers+0x244/0x4b0
[  126.586163][ T3819]  __block_write_begin_int+0x54c/0x1a80
[  126.591715][ T3819]  ? hfs_free_extents+0x420/0x420
[  126.596740][ T3819]  ? page_zero_new_buffers+0x940/0x940
[  126.602219][ T3819]  ? PageHeadHuge+0x8a/0x1d0
[  126.606827][ T3819]  ? hfs_free_extents+0x420/0x420
[  126.611851][ T3819]  block_write_begin+0x93/0x1e0
[  126.616709][ T3819]  ? cont_write_begin+0x5e5/0x860
[  126.621733][ T3819]  ? hfs_free_extents+0x420/0x420
[  126.626756][ T3819]  cont_write_begin+0x606/0x860
[  126.631602][ T3819]  ? fault_in_readable+0x1d5/0x310
[  126.636717][ T3819]  ? generic_cont_expand_simple+0x250/0x250
[  126.642625][ T3819]  ? fault_in_readable+0x219/0x310
[  126.647738][ T3819]  ? fault_in_safe_writeable+0x240/0x240
[  126.653397][ T3819]  hfs_write_begin+0x86/0xd0
[  126.657991][ T3819]  ? hfs_free_extents+0x420/0x420
[  126.663015][ T3819]  generic_perform_write+0x2e4/0x5e0
[  126.668317][ T3819]  ? __block_commit_write+0x420/0x420
[  126.673701][ T3819]  ? generic_file_direct_write+0x610/0x610
[  126.679512][ T3819]  ? __file_remove_privs+0x6c0/0x6c0
[  126.684805][ T3819]  ? generic_write_checks+0x15c/0x1c0
[  126.690172][ T3819]  __generic_file_write_iter+0x176/0x400
[  126.695799][ T3819]  generic_file_write_iter+0xab/0x310
[  126.701164][ T3819]  vfs_write+0x7dc/0xc50
[  126.705401][ T3819]  ? file_end_write+0x230/0x230
[  126.710240][ T3819]  ? ptrace_stop+0x74d/0x970
[  126.714824][ T3819]  ? _raw_spin_unlock_irq+0x2a/0x40
[  126.720017][ T3819]  ? __fdget_pos+0x252/0x2e0
[  126.724597][ T3819]  ksys_write+0x177/0x2a0
[  126.728917][ T3819]  ? __ia32_sys_read+0x80/0x80
[  126.733669][ T3819]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  126.739639][ T3819]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  126.745620][ T3819]  do_syscall_64+0x3d/0xb0
[  126.750040][ T3819]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  126.755922][ T3819] RIP: 0033:0x7f0fa5191c89
[  126.760326][ T3819] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  126.779926][ T3819] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  126.788358][ T3819] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  126.796335][ T3819] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  126.804301][ T3819] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  126.812264][ T3819] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  3819] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3819] exit_group(0)               = ?
[pid  3819] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3819, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./172", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./172", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./172/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./172/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./172/binderfs")                = 0
umount2("./172/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./172/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./172/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./172/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./172/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./172/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./172")                          = 0
mkdir("./173", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3820
./strace-static-x86_64: Process 3820 attached
[pid  3820] chdir("./173")              = 0
[pid  3820] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3820] setpgid(0, 0)               = 0
[pid  3820] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3820] write(3, "1000", 4)         = 4
[pid  3820] close(3)                    = 0
[pid  3820] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3820] memfd_create("syzkaller", 0) = 3
[pid  3820] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3820] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3820] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3820] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[  126.820233][ T3819] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000ac
[  126.828227][ T3819]  </TASK>
[pid  3820] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3820] close(3)                    = 0
[pid  3820] mkdir("./file0", 0777)      = 0
[pid  3820] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3820] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3820] chdir("./file0")            = 0
[pid  3820] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3820] close(4)                    = 0
[pid  3820] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3820] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3820] write(5, "13", 2)           = 2
[  126.881117][ T3820] loop0: detected capacity change from 0 to 64
[  126.901628][ T3820] FAULT_INJECTION: forcing a failure.
[  126.901628][ T3820] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  126.915900][ T3820] CPU: 0 PID: 3820 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  126.926332][ T3820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  126.936380][ T3820] Call Trace:
[  126.939648][ T3820]  <TASK>
[  126.942577][ T3820]  dump_stack_lvl+0x1b1/0x28e
[  126.947278][ T3820]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  126.952729][ T3820]  ? panic+0x710/0x710
[  126.956807][ T3820]  ? do_anonymous_page+0xd4a/0x1150
[  126.962014][ T3820]  ? mark_lock+0x9a/0x350
[  126.966335][ T3820]  should_fail_ex+0x395/0x4c0
[  126.971019][ T3820]  prepare_alloc_pages+0x1d7/0x5a0
[  126.976146][ T3820]  __alloc_pages+0x161/0x560
[  126.980728][ T3820]  ? zone_statistics+0x160/0x160
[  126.985672][ T3820]  ? rcu_lock_release+0x5/0x20
[  126.990434][ T3820]  ? alloc_pages+0x520/0x7b0
[  126.995009][ T3820]  ? xas_descend+0x1f3/0x400
[  126.999607][ T3820]  folio_alloc+0x1a/0x50
[  127.003851][ T3820]  filemap_alloc_folio+0x7e/0x1c0
[  127.008866][ T3820]  __filemap_get_folio+0x898/0x1260
[  127.014066][ T3820]  ? page_cache_prev_miss+0x4e0/0x4e0
[  127.019426][ T3820]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[  127.025397][ T3820]  ? print_irqtrace_events+0x220/0x220
[  127.030860][ T3820]  pagecache_get_page+0x28/0x260
[  127.035784][ T3820]  ? hfs_free_extents+0x420/0x420
[  127.040804][ T3820]  block_write_begin+0x2e/0x1e0
[  127.045662][ T3820]  ? cont_write_begin+0x5e5/0x860
[  127.050675][ T3820]  ? hfs_free_extents+0x420/0x420
[  127.055689][ T3820]  cont_write_begin+0x606/0x860
[  127.060552][ T3820]  ? fault_in_readable+0x1d5/0x310
[  127.065662][ T3820]  ? generic_cont_expand_simple+0x250/0x250
[  127.071545][ T3820]  ? fault_in_readable+0x219/0x310
[  127.076666][ T3820]  ? fault_in_safe_writeable+0x240/0x240
[  127.082322][ T3820]  hfs_write_begin+0x86/0xd0
[  127.086899][ T3820]  ? hfs_free_extents+0x420/0x420
[  127.091921][ T3820]  generic_perform_write+0x2e4/0x5e0
[  127.097220][ T3820]  ? __block_commit_write+0x420/0x420
[  127.102616][ T3820]  ? generic_file_direct_write+0x610/0x610
[  127.108440][ T3820]  ? __file_remove_privs+0x6c0/0x6c0
[  127.113722][ T3820]  ? generic_write_checks+0x15c/0x1c0
[  127.119125][ T3820]  __generic_file_write_iter+0x176/0x400
[  127.124783][ T3820]  generic_file_write_iter+0xab/0x310
[  127.130179][ T3820]  vfs_write+0x7dc/0xc50
[  127.134450][ T3820]  ? file_end_write+0x230/0x230
[  127.139394][ T3820]  ? ptrace_stop+0x74d/0x970
[  127.143996][ T3820]  ? _raw_spin_unlock_irq+0x2a/0x40
[  127.149205][ T3820]  ? __fdget_pos+0x252/0x2e0
[  127.153793][ T3820]  ksys_write+0x177/0x2a0
[  127.158113][ T3820]  ? __ia32_sys_read+0x80/0x80
[  127.162869][ T3820]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  127.168853][ T3820]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  127.174847][ T3820]  do_syscall_64+0x3d/0xb0
[  127.179250][ T3820]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  127.185128][ T3820] RIP: 0033:0x7f0fa5191c89
[  127.189537][ T3820] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  127.209152][ T3820] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  127.217554][ T3820] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[pid  3820] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3820] exit_group(0)               = ?
[pid  3820] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3820, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./173", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./173", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./173/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./173/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./173/binderfs")                = 0
umount2("./173/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./173/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./173/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./173/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./173/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./173/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./173")                          = 0
mkdir("./174", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3821
./strace-static-x86_64: Process 3821 attached
[pid  3821] chdir("./174")              = 0
[pid  3821] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3821] setpgid(0, 0)               = 0
[pid  3821] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3821] write(3, "1000", 4)         = 4
[pid  3821] close(3)                    = 0
[pid  3821] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3821] memfd_create("syzkaller", 0) = 3
[pid  3821] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3821] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3821] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3821] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[  127.225521][ T3820] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  127.233489][ T3820] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  127.241464][ T3820] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  127.249422][ T3820] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000ad
[  127.257391][ T3820]  </TASK>
[pid  3821] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3821] close(3)                    = 0
[pid  3821] mkdir("./file0", 0777)      = 0
[pid  3821] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3821] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3821] chdir("./file0")            = 0
[pid  3821] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3821] close(4)                    = 0
[pid  3821] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3821] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3821] write(5, "13", 2)           = 2
[  127.313479][ T3821] loop0: detected capacity change from 0 to 64
[  127.343138][ T3821] FAULT_INJECTION: forcing a failure.
[  127.343138][ T3821] name failslab, interval 1, probability 0, space 0, times 0
[  127.356212][ T3821] CPU: 0 PID: 3821 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  127.366615][ T3821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  127.376654][ T3821] Call Trace:
[  127.379917][ T3821]  <TASK>
[  127.382836][ T3821]  dump_stack_lvl+0x1b1/0x28e
[  127.387506][ T3821]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  127.392951][ T3821]  ? panic+0x710/0x710
[  127.397012][ T3821]  ? __might_sleep+0xc0/0xc0
[  127.401607][ T3821]  ? __mutex_lock_common+0x45f/0x26e0
[  127.406970][ T3821]  should_fail_ex+0x395/0x4c0
[  127.411639][ T3821]  ? hfs_find_init+0x8b/0x1e0
[  127.416319][ T3821]  should_failslab+0x5/0x20
[  127.420823][ T3821]  __kmem_cache_alloc_node+0x69/0x310
[  127.426197][ T3821]  ? hfs_find_init+0x8b/0x1e0
[  127.431653][ T3821]  __kmalloc+0x9e/0x1a0
[  127.435812][ T3821]  hfs_find_init+0x8b/0x1e0
[  127.440319][ T3821]  hfs_extend_file+0x2f8/0x1420
[  127.445174][ T3821]  ? hfs_get_block+0xbb0/0xbb0
[  127.450021][ T3821]  ? lru_cache_disable+0x30/0x30
[  127.454963][ T3821]  ? __might_sleep+0xc0/0xc0
[  127.459570][ T3821]  hfs_get_block+0x3fc/0xbb0
[  127.464170][ T3821]  ? hfs_free_extents+0x420/0x420
[  127.469189][ T3821]  ? do_raw_spin_unlock+0x134/0x8a0
[  127.474397][ T3821]  ? create_page_buffers+0x244/0x4b0
[  127.479685][ T3821]  __block_write_begin_int+0x54c/0x1a80
[  127.485250][ T3821]  ? hfs_free_extents+0x420/0x420
[  127.490268][ T3821]  ? page_zero_new_buffers+0x940/0x940
[  127.495727][ T3821]  ? PageHeadHuge+0x8a/0x1d0
[  127.500316][ T3821]  ? hfs_free_extents+0x420/0x420
[  127.505337][ T3821]  block_write_begin+0x93/0x1e0
[  127.510188][ T3821]  ? cont_write_begin+0x5e5/0x860
[  127.515212][ T3821]  ? hfs_free_extents+0x420/0x420
[  127.520230][ T3821]  cont_write_begin+0x606/0x860
[  127.525083][ T3821]  ? fault_in_readable+0x1d5/0x310
[  127.530195][ T3821]  ? generic_cont_expand_simple+0x250/0x250
[  127.536087][ T3821]  ? fault_in_readable+0x219/0x310
[  127.541199][ T3821]  ? fault_in_safe_writeable+0x240/0x240
[  127.546843][ T3821]  hfs_write_begin+0x86/0xd0
[  127.551515][ T3821]  ? hfs_free_extents+0x420/0x420
[  127.556537][ T3821]  generic_perform_write+0x2e4/0x5e0
[  127.561834][ T3821]  ? __block_commit_write+0x420/0x420
[  127.567206][ T3821]  ? generic_file_direct_write+0x610/0x610
[  127.573012][ T3821]  ? __file_remove_privs+0x6c0/0x6c0
[  127.578301][ T3821]  ? generic_write_checks+0x15c/0x1c0
[  127.583679][ T3821]  __generic_file_write_iter+0x176/0x400
[  127.589318][ T3821]  generic_file_write_iter+0xab/0x310
[  127.594693][ T3821]  vfs_write+0x7dc/0xc50
[  127.598947][ T3821]  ? file_end_write+0x230/0x230
[  127.603797][ T3821]  ? ptrace_stop+0x74d/0x970
[  127.608485][ T3821]  ? _raw_spin_unlock_irq+0x2a/0x40
[  127.613689][ T3821]  ? __fdget_pos+0x252/0x2e0
[  127.618282][ T3821]  ksys_write+0x177/0x2a0
[  127.622616][ T3821]  ? __ia32_sys_read+0x80/0x80
[  127.627385][ T3821]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  127.633368][ T3821]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  127.639347][ T3821]  do_syscall_64+0x3d/0xb0
[  127.643761][ T3821]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  127.649649][ T3821] RIP: 0033:0x7f0fa5191c89
[  127.654061][ T3821] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  127.673665][ T3821] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  127.682075][ T3821] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  127.690041][ T3821] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  127.698012][ T3821] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  127.705979][ T3821] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  3821] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3821] exit_group(0)               = ?
[pid  3821] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3821, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./174", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./174", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./174/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./174/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./174/binderfs")                = 0
umount2("./174/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./174/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./174/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./174/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./174/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./174/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./174")                          = 0
mkdir("./175", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3822
./strace-static-x86_64: Process 3822 attached
[pid  3822] chdir("./175")              = 0
[pid  3822] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3822] setpgid(0, 0)               = 0
[pid  3822] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3822] write(3, "1000", 4)         = 4
[pid  3822] close(3)                    = 0
[pid  3822] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3822] memfd_create("syzkaller", 0) = 3
[pid  3822] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3822] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3822] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3822] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[  127.713946][ T3821] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000ae
[  127.721959][ T3821]  </TASK>
[pid  3822] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3822] close(3)                    = 0
[pid  3822] mkdir("./file0", 0777)      = 0
[pid  3822] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3822] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3822] chdir("./file0")            = 0
[pid  3822] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3822] close(4)                    = 0
[pid  3822] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3822] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3822] write(5, "13", 2)           = 2
[pid  3822] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid  3822] exit_group(0)               = ?
[pid  3822] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3822, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./175", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./175", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./175/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./175/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./175/binderfs")                = 0
umount2("./175/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./175/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./175/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./175/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./175/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./175/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./175")                          = 0
mkdir("./176", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
[  127.776060][ T3822] loop0: detected capacity change from 0 to 64
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3823 attached
, child_tidptr=0x555555b7f5d0) = 3823
[pid  3823] chdir("./176")              = 0
[pid  3823] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3823] setpgid(0, 0)               = 0
[pid  3823] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3823] write(3, "1000", 4)         = 4
[pid  3823] close(3)                    = 0
[pid  3823] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3823] memfd_create("syzkaller", 0) = 3
[pid  3823] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3823] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3823] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3823] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3823] close(3)                    = 0
[pid  3823] mkdir("./file0", 0777)      = 0
[pid  3823] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3823] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3823] chdir("./file0")            = 0
[pid  3823] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3823] close(4)                    = 0
[pid  3823] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3823] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3823] write(5, "13", 2)           = 2
[  127.848214][ T3823] loop0: detected capacity change from 0 to 64
[  127.881767][ T3823] FAULT_INJECTION: forcing a failure.
[  127.881767][ T3823] name failslab, interval 1, probability 0, space 0, times 0
[  127.894590][ T3823] CPU: 1 PID: 3823 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  127.904995][ T3823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  127.915044][ T3823] Call Trace:
[  127.918323][ T3823]  <TASK>
[  127.921264][ T3823]  dump_stack_lvl+0x1b1/0x28e
[  127.925954][ T3823]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  127.931404][ T3823]  ? panic+0x710/0x710
[  127.935464][ T3823]  ? __might_sleep+0xc0/0xc0
[  127.940050][ T3823]  ? __mutex_lock_common+0x45f/0x26e0
[  127.945426][ T3823]  should_fail_ex+0x395/0x4c0
[  127.950109][ T3823]  ? hfs_find_init+0x8b/0x1e0
[  127.954788][ T3823]  should_failslab+0x5/0x20
[  127.959301][ T3823]  __kmem_cache_alloc_node+0x69/0x310
[  127.964677][ T3823]  ? hfs_find_init+0x8b/0x1e0
[  127.969355][ T3823]  __kmalloc+0x9e/0x1a0
[  127.973517][ T3823]  hfs_find_init+0x8b/0x1e0
[  127.978025][ T3823]  hfs_extend_file+0x2f8/0x1420
[  127.982895][ T3823]  ? hfs_get_block+0xbb0/0xbb0
[  127.987658][ T3823]  ? lru_cache_disable+0x30/0x30
[  127.992595][ T3823]  ? __might_sleep+0xc0/0xc0
[  127.997203][ T3823]  hfs_get_block+0x3fc/0xbb0
[  128.001802][ T3823]  ? hfs_free_extents+0x420/0x420
[  128.006823][ T3823]  ? do_raw_spin_unlock+0x134/0x8a0
[  128.012028][ T3823]  ? create_page_buffers+0x244/0x4b0
[  128.017319][ T3823]  __block_write_begin_int+0x54c/0x1a80
[  128.022888][ T3823]  ? hfs_free_extents+0x420/0x420
[  128.027907][ T3823]  ? page_zero_new_buffers+0x940/0x940
[  128.033371][ T3823]  ? PageHeadHuge+0x8a/0x1d0
[  128.037962][ T3823]  ? hfs_free_extents+0x420/0x420
[  128.042987][ T3823]  block_write_begin+0x93/0x1e0
[  128.047836][ T3823]  ? cont_write_begin+0x5e5/0x860
[  128.052858][ T3823]  ? hfs_free_extents+0x420/0x420
[  128.057880][ T3823]  cont_write_begin+0x606/0x860
[  128.062740][ T3823]  ? fault_in_readable+0x1d5/0x310
[  128.067856][ T3823]  ? generic_cont_expand_simple+0x250/0x250
[  128.073749][ T3823]  ? fault_in_readable+0x219/0x310
[  128.078861][ T3823]  ? fault_in_safe_writeable+0x240/0x240
[  128.084506][ T3823]  hfs_write_begin+0x86/0xd0
[  128.089173][ T3823]  ? hfs_free_extents+0x420/0x420
[  128.094200][ T3823]  generic_perform_write+0x2e4/0x5e0
[  128.099494][ T3823]  ? __block_commit_write+0x420/0x420
[  128.104866][ T3823]  ? generic_file_direct_write+0x610/0x610
[  128.110669][ T3823]  ? __file_remove_privs+0x6c0/0x6c0
[  128.115953][ T3823]  ? generic_write_checks+0x15c/0x1c0
[  128.121335][ T3823]  __generic_file_write_iter+0x176/0x400
[  128.126974][ T3823]  generic_file_write_iter+0xab/0x310
[  128.132347][ T3823]  vfs_write+0x7dc/0xc50
[  128.136596][ T3823]  ? file_end_write+0x230/0x230
[  128.141443][ T3823]  ? ptrace_stop+0x74d/0x970
[  128.146044][ T3823]  ? _raw_spin_unlock_irq+0x2a/0x40
[  128.151249][ T3823]  ? __fdget_pos+0x252/0x2e0
[  128.155843][ T3823]  ksys_write+0x177/0x2a0
[  128.160186][ T3823]  ? __ia32_sys_read+0x80/0x80
[  128.164952][ T3823]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  128.170936][ T3823]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  128.176924][ T3823]  do_syscall_64+0x3d/0xb0
[  128.181349][ T3823]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  128.187237][ T3823] RIP: 0033:0x7f0fa5191c89
[  128.191648][ T3823] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  128.211256][ T3823] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  128.219667][ T3823] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  128.227631][ T3823] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  128.235597][ T3823] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3823] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3823] exit_group(0)               = ?
[pid  3823] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3823, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./176", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./176", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./176/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./176/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./176/binderfs")                = 0
umount2("./176/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./176/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./176/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./176/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./176/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./176/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./176")                          = 0
mkdir("./177", 0777)                    = 0
[  128.243564][ T3823] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  128.251531][ T3823] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000b0
[  128.259514][ T3823]  </TASK>
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3824
./strace-static-x86_64: Process 3824 attached
[pid  3824] chdir("./177")              = 0
[pid  3824] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3824] setpgid(0, 0)               = 0
[pid  3824] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3824] write(3, "1000", 4)         = 4
[pid  3824] close(3)                    = 0
[pid  3824] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3824] memfd_create("syzkaller", 0) = 3
[pid  3824] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3824] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3824] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3824] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3824] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3824] close(3)                    = 0
[pid  3824] mkdir("./file0", 0777)      = 0
[pid  3824] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3824] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3824] chdir("./file0")            = 0
[pid  3824] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3824] close(4)                    = 0
[pid  3824] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3824] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3824] write(5, "13", 2)           = 2
[  128.330777][ T3824] loop0: detected capacity change from 0 to 64
[  128.359116][ T3824] FAULT_INJECTION: forcing a failure.
[  128.359116][ T3824] name failslab, interval 1, probability 0, space 0, times 0
[  128.372349][ T3824] CPU: 1 PID: 3824 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  128.382788][ T3824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  128.392840][ T3824] Call Trace:
[  128.396117][ T3824]  <TASK>
[  128.399048][ T3824]  dump_stack_lvl+0x1b1/0x28e
[  128.403731][ T3824]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  128.409190][ T3824]  ? panic+0x710/0x710
[  128.413264][ T3824]  ? __might_sleep+0xc0/0xc0
[  128.417898][ T3824]  ? __mutex_lock_common+0x45f/0x26e0
[  128.423277][ T3824]  should_fail_ex+0x395/0x4c0
[  128.427960][ T3824]  ? hfs_find_init+0x8b/0x1e0
[  128.432643][ T3824]  should_failslab+0x5/0x20
[  128.437148][ T3824]  __kmem_cache_alloc_node+0x69/0x310
[  128.442545][ T3824]  ? hfs_find_init+0x8b/0x1e0
[  128.447310][ T3824]  __kmalloc+0x9e/0x1a0
[  128.451470][ T3824]  hfs_find_init+0x8b/0x1e0
[  128.455977][ T3824]  hfs_extend_file+0x2f8/0x1420
[  128.460836][ T3824]  ? hfs_get_block+0xbb0/0xbb0
[  128.465599][ T3824]  ? lru_cache_disable+0x30/0x30
[  128.470537][ T3824]  ? __might_sleep+0xc0/0xc0
[  128.475146][ T3824]  hfs_get_block+0x3fc/0xbb0
[  128.479747][ T3824]  ? hfs_free_extents+0x420/0x420
[  128.484770][ T3824]  ? do_raw_spin_unlock+0x134/0x8a0
[  128.489979][ T3824]  ? create_page_buffers+0x244/0x4b0
[  128.495269][ T3824]  __block_write_begin_int+0x54c/0x1a80
[  128.500843][ T3824]  ? hfs_free_extents+0x420/0x420
[  128.505865][ T3824]  ? page_zero_new_buffers+0x940/0x940
[  128.511324][ T3824]  ? PageHeadHuge+0x8a/0x1d0
[  128.515919][ T3824]  ? hfs_free_extents+0x420/0x420
[  128.520941][ T3824]  block_write_begin+0x93/0x1e0
[  128.525792][ T3824]  ? cont_write_begin+0x5e5/0x860
[  128.530820][ T3824]  ? hfs_free_extents+0x420/0x420
[  128.535846][ T3824]  cont_write_begin+0x606/0x860
[  128.540720][ T3824]  ? fault_in_readable+0x1d5/0x310
[  128.545863][ T3824]  ? generic_cont_expand_simple+0x250/0x250
[  128.551773][ T3824]  ? fault_in_readable+0x219/0x310
[  128.556892][ T3824]  ? fault_in_safe_writeable+0x240/0x240
[  128.562538][ T3824]  hfs_write_begin+0x86/0xd0
[  128.567128][ T3824]  ? hfs_free_extents+0x420/0x420
[  128.572153][ T3824]  generic_perform_write+0x2e4/0x5e0
[  128.577449][ T3824]  ? __block_commit_write+0x420/0x420
[  128.582824][ T3824]  ? generic_file_direct_write+0x610/0x610
[  128.588627][ T3824]  ? __file_remove_privs+0x6c0/0x6c0
[  128.593920][ T3824]  ? generic_write_checks+0x15c/0x1c0
[  128.599303][ T3824]  __generic_file_write_iter+0x176/0x400
[  128.604947][ T3824]  generic_file_write_iter+0xab/0x310
[  128.610321][ T3824]  vfs_write+0x7dc/0xc50
[  128.614572][ T3824]  ? file_end_write+0x230/0x230
[  128.619422][ T3824]  ? ptrace_stop+0x74d/0x970
[  128.624025][ T3824]  ? _raw_spin_unlock_irq+0x2a/0x40
[  128.629247][ T3824]  ? __fdget_pos+0x252/0x2e0
[  128.633874][ T3824]  ksys_write+0x177/0x2a0
[  128.638233][ T3824]  ? __ia32_sys_read+0x80/0x80
[  128.643015][ T3824]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  128.649011][ T3824]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  128.655011][ T3824]  do_syscall_64+0x3d/0xb0
[  128.659442][ T3824]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  128.665349][ T3824] RIP: 0033:0x7f0fa5191c89
[  128.669772][ T3824] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  128.689379][ T3824] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  128.697790][ T3824] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  128.705779][ T3824] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  128.713756][ T3824] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  128.721743][ T3824] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  3824] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3824] exit_group(0)               = ?
[pid  3824] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3824, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./177", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./177", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./177/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./177/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./177/binderfs")                = 0
umount2("./177/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./177/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./177/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./177/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./177/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./177/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./177")                          = 0
mkdir("./178", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3825
./strace-static-x86_64: Process 3825 attached
[pid  3825] chdir("./178")              = 0
[pid  3825] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3825] setpgid(0, 0)               = 0
[pid  3825] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3825] write(3, "1000", 4)         = 4
[pid  3825] close(3)                    = 0
[pid  3825] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3825] memfd_create("syzkaller", 0) = 3
[pid  3825] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3825] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3825] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3825] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[  128.729723][ T3824] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000b1
[  128.737716][ T3824]  </TASK>
[pid  3825] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3825] close(3)                    = 0
[pid  3825] mkdir("./file0", 0777)      = 0
[pid  3825] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3825] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3825] chdir("./file0")            = 0
[pid  3825] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3825] close(4)                    = 0
[pid  3825] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3825] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3825] write(5, "13", 2)           = 2
[pid  3825] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid  3825] exit_group(0)               = ?
[pid  3825] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3825, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./178", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./178", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./178/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./178/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./178/binderfs")                = 0
umount2("./178/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./178/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./178/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./178/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./178/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./178/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./178")                          = 0
[  128.779559][ T3825] loop0: detected capacity change from 0 to 64
[  128.783320][ T3640] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
mkdir("./179", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3826 attached
, child_tidptr=0x555555b7f5d0) = 3826
[pid  3826] chdir("./179")              = 0
[pid  3826] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3826] setpgid(0, 0)               = 0
[pid  3826] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3826] write(3, "1000", 4)         = 4
[pid  3826] close(3)                    = 0
[pid  3826] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3826] memfd_create("syzkaller", 0) = 3
[pid  3826] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3826] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3826] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3826] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3826] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3826] close(3)                    = 0
[pid  3826] mkdir("./file0", 0777)      = 0
[pid  3826] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3826] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3826] chdir("./file0")            = 0
[pid  3826] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3826] close(4)                    = 0
[pid  3826] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3826] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3826] write(5, "13", 2)           = 2
[  128.865596][ T3826] loop0: detected capacity change from 0 to 64
[  128.887758][ T3826] FAULT_INJECTION: forcing a failure.
[  128.887758][ T3826] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  128.901138][ T3826] CPU: 1 PID: 3826 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  128.911542][ T3826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  128.921600][ T3826] Call Trace:
[  128.924880][ T3826]  <TASK>
[  128.927821][ T3826]  dump_stack_lvl+0x1b1/0x28e
[  128.932509][ T3826]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  128.937972][ T3826]  ? panic+0x710/0x710
[  128.942054][ T3826]  ? do_anonymous_page+0xd4a/0x1150
[  128.947263][ T3826]  ? mark_lock+0x9a/0x350
[  128.951672][ T3826]  should_fail_ex+0x395/0x4c0
[  128.956357][ T3826]  prepare_alloc_pages+0x1d7/0x5a0
[  128.961502][ T3826]  __alloc_pages+0x161/0x560
[  128.966101][ T3826]  ? zone_statistics+0x160/0x160
[  128.971046][ T3826]  ? rcu_lock_release+0x5/0x20
[  128.975813][ T3826]  ? alloc_pages+0x520/0x7b0
[  128.980405][ T3826]  ? xas_descend+0x1f3/0x400
[  128.985002][ T3826]  folio_alloc+0x1a/0x50
[  128.989242][ T3826]  filemap_alloc_folio+0x7e/0x1c0
[  128.994267][ T3826]  __filemap_get_folio+0x898/0x1260
[  128.999472][ T3826]  ? page_cache_prev_miss+0x4e0/0x4e0
[  129.004846][ T3826]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[  129.010837][ T3826]  ? print_irqtrace_events+0x220/0x220
[  129.016296][ T3826]  pagecache_get_page+0x28/0x260
[  129.021234][ T3826]  ? hfs_free_extents+0x420/0x420
[  129.026253][ T3826]  block_write_begin+0x2e/0x1e0
[  129.031106][ T3826]  ? cont_write_begin+0x5e5/0x860
[  129.036129][ T3826]  ? hfs_free_extents+0x420/0x420
[  129.041154][ T3826]  cont_write_begin+0x606/0x860
[  129.046012][ T3826]  ? fault_in_readable+0x1d5/0x310
[  129.051130][ T3826]  ? generic_cont_expand_simple+0x250/0x250
[  129.057028][ T3826]  ? fault_in_readable+0x219/0x310
[  129.062139][ T3826]  ? fault_in_safe_writeable+0x240/0x240
[  129.067778][ T3826]  hfs_write_begin+0x86/0xd0
[  129.072364][ T3826]  ? hfs_free_extents+0x420/0x420
[  129.077395][ T3826]  generic_perform_write+0x2e4/0x5e0
[  129.082687][ T3826]  ? __block_commit_write+0x420/0x420
[  129.088068][ T3826]  ? generic_file_direct_write+0x610/0x610
[  129.093970][ T3826]  ? __file_remove_privs+0x6c0/0x6c0
[  129.099269][ T3826]  ? generic_write_checks+0x15c/0x1c0
[  129.104678][ T3826]  __generic_file_write_iter+0x176/0x400
[  129.110373][ T3826]  generic_file_write_iter+0xab/0x310
[  129.115748][ T3826]  vfs_write+0x7dc/0xc50
[  129.119998][ T3826]  ? file_end_write+0x230/0x230
[  129.124854][ T3826]  ? ptrace_stop+0x74d/0x970
[  129.129457][ T3826]  ? _raw_spin_unlock_irq+0x2a/0x40
[  129.134661][ T3826]  ? __fdget_pos+0x252/0x2e0
[  129.139262][ T3826]  ksys_write+0x177/0x2a0
[  129.143592][ T3826]  ? __ia32_sys_read+0x80/0x80
[  129.148444][ T3826]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  129.154424][ T3826]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  129.160404][ T3826]  do_syscall_64+0x3d/0xb0
[  129.164821][ T3826]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  129.170709][ T3826] RIP: 0033:0x7f0fa5191c89
[  129.175123][ T3826] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  129.194741][ T3826] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  129.203168][ T3826] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[pid  3826] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3826] exit_group(0)               = ?
[pid  3826] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3826, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./179", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./179", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./179/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./179/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./179/binderfs")                = 0
umount2("./179/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./179/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./179/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./179/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./179/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./179/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./179")                          = 0
mkdir("./180", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3827
./strace-static-x86_64: Process 3827 attached
[  129.211141][ T3826] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  129.219115][ T3826] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  129.227097][ T3826] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  129.235066][ T3826] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000b3
[  129.243055][ T3826]  </TASK>
[pid  3827] chdir("./180")              = 0
[pid  3827] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3827] setpgid(0, 0)               = 0
[pid  3827] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3827] write(3, "1000", 4)         = 4
[pid  3827] close(3)                    = 0
[pid  3827] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3827] memfd_create("syzkaller", 0) = 3
[pid  3827] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3827] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3827] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3827] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3827] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3827] close(3)                    = 0
[pid  3827] mkdir("./file0", 0777)      = 0
[pid  3827] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3827] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3827] chdir("./file0")            = 0
[pid  3827] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3827] close(4)                    = 0
[pid  3827] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3827] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3827] write(5, "13", 2)           = 2
[  129.279626][ T3827] loop0: detected capacity change from 0 to 64
[  129.284035][ T3640] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  129.309634][ T3827] FAULT_INJECTION: forcing a failure.
[  129.309634][ T3827] name failslab, interval 1, probability 0, space 0, times 0
[  129.323104][ T3827] CPU: 0 PID: 3827 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  129.333520][ T3827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  129.343562][ T3827] Call Trace:
[  129.346828][ T3827]  <TASK>
[  129.349747][ T3827]  dump_stack_lvl+0x1b1/0x28e
[  129.354412][ T3827]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  129.359859][ T3827]  ? panic+0x710/0x710
[  129.363917][ T3827]  ? __might_sleep+0xc0/0xc0
[  129.368491][ T3827]  ? __mutex_lock_common+0x45f/0x26e0
[  129.373862][ T3827]  should_fail_ex+0x395/0x4c0
[  129.378527][ T3827]  ? hfs_find_init+0x8b/0x1e0
[  129.383200][ T3827]  should_failslab+0x5/0x20
[  129.387718][ T3827]  __kmem_cache_alloc_node+0x69/0x310
[  129.393108][ T3827]  ? hfs_find_init+0x8b/0x1e0
[  129.397794][ T3827]  __kmalloc+0x9e/0x1a0
[  129.401975][ T3827]  hfs_find_init+0x8b/0x1e0
[  129.406497][ T3827]  hfs_extend_file+0x2f8/0x1420
[  129.411368][ T3827]  ? hfs_get_block+0xbb0/0xbb0
[  129.416137][ T3827]  ? lru_cache_disable+0x30/0x30
[  129.421086][ T3827]  ? __might_sleep+0xc0/0xc0
[  129.425700][ T3827]  hfs_get_block+0x3fc/0xbb0
[  129.430311][ T3827]  ? hfs_free_extents+0x420/0x420
[  129.435348][ T3827]  ? do_raw_spin_unlock+0x134/0x8a0
[  129.440566][ T3827]  ? create_page_buffers+0x244/0x4b0
[  129.445869][ T3827]  __block_write_begin_int+0x54c/0x1a80
[  129.451457][ T3827]  ? hfs_free_extents+0x420/0x420
[  129.456491][ T3827]  ? page_zero_new_buffers+0x940/0x940
[  129.461968][ T3827]  ? PageHeadHuge+0x8a/0x1d0
[  129.466562][ T3827]  ? hfs_free_extents+0x420/0x420
[  129.471585][ T3827]  block_write_begin+0x93/0x1e0
[  129.477653][ T3827]  ? cont_write_begin+0x5e5/0x860
[  129.482679][ T3827]  ? hfs_free_extents+0x420/0x420
[  129.487715][ T3827]  cont_write_begin+0x606/0x860
[  129.493092][ T3827]  ? fault_in_readable+0x1d5/0x310
[  129.498217][ T3827]  ? generic_cont_expand_simple+0x250/0x250
[  129.504110][ T3827]  ? fault_in_readable+0x219/0x310
[  129.509224][ T3827]  ? fault_in_safe_writeable+0x240/0x240
[  129.514974][ T3827]  hfs_write_begin+0x86/0xd0
[  129.519576][ T3827]  ? hfs_free_extents+0x420/0x420
[  129.524615][ T3827]  generic_perform_write+0x2e4/0x5e0
[  129.529921][ T3827]  ? __block_commit_write+0x420/0x420
[  129.535307][ T3827]  ? generic_file_direct_write+0x610/0x610
[  129.541126][ T3827]  ? __file_remove_privs+0x6c0/0x6c0
[  129.546430][ T3827]  ? generic_write_checks+0x15c/0x1c0
[  129.551820][ T3827]  __generic_file_write_iter+0x176/0x400
[  129.557477][ T3827]  generic_file_write_iter+0xab/0x310
[  129.562861][ T3827]  vfs_write+0x7dc/0xc50
[  129.567114][ T3827]  ? file_end_write+0x230/0x230
[  129.572047][ T3827]  ? ptrace_stop+0x74d/0x970
[  129.576645][ T3827]  ? _raw_spin_unlock_irq+0x2a/0x40
[  129.581853][ T3827]  ? __fdget_pos+0x252/0x2e0
[  129.586464][ T3827]  ksys_write+0x177/0x2a0
[  129.590834][ T3827]  ? __ia32_sys_read+0x80/0x80
[  129.595707][ T3827]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  129.601703][ T3827]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  129.607696][ T3827]  do_syscall_64+0x3d/0xb0
[  129.612123][ T3827]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  129.618298][ T3827] RIP: 0033:0x7f0fa5191c89
[  129.622736][ T3827] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  129.642449][ T3827] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  129.650874][ T3827] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  129.658860][ T3827] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  129.666838][ T3827] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3827] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3827] exit_group(0)               = ?
[pid  3827] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3827, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./180", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./180", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./180/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./180/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./180/binderfs")                = 0
umount2("./180/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./180/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./180/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./180/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./180/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./180/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./180")                          = 0
mkdir("./181", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
[  129.674832][ T3827] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  129.682819][ T3827] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000b4
[  129.691079][ T3827]  </TASK>
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3828
./strace-static-x86_64: Process 3828 attached
[pid  3828] chdir("./181")              = 0
[pid  3828] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3828] setpgid(0, 0)               = 0
[pid  3828] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3828] write(3, "1000", 4)         = 4
[pid  3828] close(3)                    = 0
[pid  3828] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3828] memfd_create("syzkaller", 0) = 3
[pid  3828] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3828] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3828] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3828] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3828] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3828] close(3)                    = 0
[pid  3828] mkdir("./file0", 0777)      = 0
[pid  3828] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3828] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3828] chdir("./file0")            = 0
[pid  3828] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3828] close(4)                    = 0
[pid  3828] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3828] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3828] write(5, "13", 2)           = 2
[  129.757727][ T3828] loop0: detected capacity change from 0 to 64
[  129.786468][ T3828] FAULT_INJECTION: forcing a failure.
[  129.786468][ T3828] name failslab, interval 1, probability 0, space 0, times 0
[  129.799551][ T3828] CPU: 0 PID: 3828 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  129.809986][ T3828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  129.820035][ T3828] Call Trace:
[  129.823313][ T3828]  <TASK>
[  129.826238][ T3828]  dump_stack_lvl+0x1b1/0x28e
[  129.830927][ T3828]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  129.836394][ T3828]  ? panic+0x710/0x710
[  129.840458][ T3828]  ? __might_sleep+0xc0/0xc0
[  129.845045][ T3828]  ? __mutex_lock_common+0x45f/0x26e0
[  129.850435][ T3828]  should_fail_ex+0x395/0x4c0
[  129.855116][ T3828]  ? hfs_find_init+0x8b/0x1e0
[  129.859802][ T3828]  should_failslab+0x5/0x20
[  129.864305][ T3828]  __kmem_cache_alloc_node+0x69/0x310
[  129.869700][ T3828]  ? hfs_find_init+0x8b/0x1e0
[  129.874371][ T3828]  __kmalloc+0x9e/0x1a0
[  129.878524][ T3828]  hfs_find_init+0x8b/0x1e0
[  129.883033][ T3828]  hfs_extend_file+0x2f8/0x1420
[  129.887901][ T3828]  ? hfs_get_block+0xbb0/0xbb0
[  129.892671][ T3828]  ? lru_cache_disable+0x30/0x30
[  129.897669][ T3828]  ? __might_sleep+0xc0/0xc0
[  129.902283][ T3828]  hfs_get_block+0x3fc/0xbb0
[  129.906899][ T3828]  ? hfs_free_extents+0x420/0x420
[  129.911916][ T3828]  ? do_raw_spin_unlock+0x134/0x8a0
[  129.917125][ T3828]  ? create_page_buffers+0x244/0x4b0
[  129.922417][ T3828]  __block_write_begin_int+0x54c/0x1a80
[  129.927979][ T3828]  ? hfs_free_extents+0x420/0x420
[  129.932998][ T3828]  ? page_zero_new_buffers+0x940/0x940
[  129.938470][ T3828]  ? PageHeadHuge+0x8a/0x1d0
[  129.943071][ T3828]  ? hfs_free_extents+0x420/0x420
[  129.948100][ T3828]  block_write_begin+0x93/0x1e0
[  129.952954][ T3828]  ? cont_write_begin+0x5e5/0x860
[  129.957998][ T3828]  ? hfs_free_extents+0x420/0x420
[  129.963032][ T3828]  cont_write_begin+0x606/0x860
[  129.967896][ T3828]  ? fault_in_readable+0x1d5/0x310
[  129.973018][ T3828]  ? generic_cont_expand_simple+0x250/0x250
[  129.978917][ T3828]  ? fault_in_readable+0x219/0x310
[  129.984126][ T3828]  ? fault_in_safe_writeable+0x240/0x240
[  129.989858][ T3828]  hfs_write_begin+0x86/0xd0
[  129.994449][ T3828]  ? hfs_free_extents+0x420/0x420
[  129.999481][ T3828]  generic_perform_write+0x2e4/0x5e0
[  130.004780][ T3828]  ? __block_commit_write+0x420/0x420
[  130.010160][ T3828]  ? generic_file_direct_write+0x610/0x610
[  130.015969][ T3828]  ? __file_remove_privs+0x6c0/0x6c0
[  130.021258][ T3828]  ? generic_write_checks+0x15c/0x1c0
[  130.026644][ T3828]  __generic_file_write_iter+0x176/0x400
[  130.032286][ T3828]  generic_file_write_iter+0xab/0x310
[  130.037666][ T3828]  vfs_write+0x7dc/0xc50
[  130.042009][ T3828]  ? file_end_write+0x230/0x230
[  130.046875][ T3828]  ? ptrace_stop+0x74d/0x970
[  130.051476][ T3828]  ? _raw_spin_unlock_irq+0x2a/0x40
[  130.056691][ T3828]  ? __fdget_pos+0x252/0x2e0
[  130.061288][ T3828]  ksys_write+0x177/0x2a0
[  130.065626][ T3828]  ? __ia32_sys_read+0x80/0x80
[  130.070398][ T3828]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  130.076387][ T3828]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  130.082372][ T3828]  do_syscall_64+0x3d/0xb0
[  130.086795][ T3828]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  130.092706][ T3828] RIP: 0033:0x7f0fa5191c89
[  130.097121][ T3828] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  130.116726][ T3828] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  130.125144][ T3828] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  130.133126][ T3828] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  130.141111][ T3828] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  130.149096][ T3828] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  3828] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3828] exit_group(0)               = ?
[pid  3828] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3828, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./181", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./181", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./181/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./181/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./181/binderfs")                = 0
umount2("./181/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./181/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./181/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./181/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./181/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./181/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./181")                          = 0
mkdir("./182", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3829
./strace-static-x86_64: Process 3829 attached
[pid  3829] chdir("./182")              = 0
[pid  3829] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3829] setpgid(0, 0)               = 0
[pid  3829] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3829] write(3, "1000", 4)         = 4
[pid  3829] close(3)                    = 0
[  130.157076][ T3828] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000b5
[  130.165066][ T3828]  </TASK>
[pid  3829] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3829] memfd_create("syzkaller", 0) = 3
[pid  3829] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3829] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3829] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3829] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3829] close(3)                    = 0
[pid  3829] mkdir("./file0", 0777)      = 0
[pid  3829] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3829] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3829] chdir("./file0")            = 0
[pid  3829] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3829] close(4)                    = 0
[pid  3829] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3829] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3829] write(5, "13", 2)           = 2
[  130.232110][ T3829] loop0: detected capacity change from 0 to 64
[  130.255813][ T3829] FAULT_INJECTION: forcing a failure.
[  130.255813][ T3829] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  130.269341][ T3829] CPU: 0 PID: 3829 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  130.279773][ T3829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  130.289824][ T3829] Call Trace:
[  130.293097][ T3829]  <TASK>
[  130.296037][ T3829]  dump_stack_lvl+0x1b1/0x28e
[  130.300727][ T3829]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  130.306195][ T3829]  ? panic+0x710/0x710
[  130.310254][ T3829]  ? do_anonymous_page+0xd4a/0x1150
[  130.315448][ T3829]  ? mark_lock+0x9a/0x350
[  130.319774][ T3829]  should_fail_ex+0x395/0x4c0
[  130.324450][ T3829]  prepare_alloc_pages+0x1d7/0x5a0
[  130.329584][ T3829]  __alloc_pages+0x161/0x560
[  130.334199][ T3829]  ? zone_statistics+0x160/0x160
[  130.339134][ T3829]  ? rcu_lock_release+0x5/0x20
[  130.343906][ T3829]  ? alloc_pages+0x520/0x7b0
[  130.348506][ T3829]  ? xas_descend+0x1f3/0x400
[  130.353107][ T3829]  folio_alloc+0x1a/0x50
[  130.357345][ T3829]  filemap_alloc_folio+0x7e/0x1c0
[  130.362379][ T3829]  __filemap_get_folio+0x898/0x1260
[  130.367590][ T3829]  ? page_cache_prev_miss+0x4e0/0x4e0
[  130.372977][ T3829]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[  130.378962][ T3829]  ? print_irqtrace_events+0x220/0x220
[  130.384430][ T3829]  pagecache_get_page+0x28/0x260
[  130.389380][ T3829]  ? hfs_free_extents+0x420/0x420
[  130.394396][ T3829]  block_write_begin+0x2e/0x1e0
[  130.399248][ T3829]  ? cont_write_begin+0x5e5/0x860
[  130.404290][ T3829]  ? hfs_free_extents+0x420/0x420
[  130.409307][ T3829]  cont_write_begin+0x606/0x860
[  130.414179][ T3829]  ? fault_in_readable+0x1d5/0x310
[  130.419373][ T3829]  ? generic_cont_expand_simple+0x250/0x250
[  130.425263][ T3829]  ? fault_in_readable+0x219/0x310
[  130.430371][ T3829]  ? fault_in_safe_writeable+0x240/0x240
[  130.436006][ T3829]  hfs_write_begin+0x86/0xd0
[  130.440606][ T3829]  ? hfs_free_extents+0x420/0x420
[  130.445729][ T3829]  generic_perform_write+0x2e4/0x5e0
[  130.451014][ T3829]  ? __block_commit_write+0x420/0x420
[  130.456430][ T3829]  ? generic_file_direct_write+0x610/0x610
[  130.462231][ T3829]  ? __file_remove_privs+0x6c0/0x6c0
[  130.467509][ T3829]  ? generic_write_checks+0x15c/0x1c0
[  130.472884][ T3829]  __generic_file_write_iter+0x176/0x400
[  130.478541][ T3829]  generic_file_write_iter+0xab/0x310
[  130.483910][ T3829]  vfs_write+0x7dc/0xc50
[  130.488152][ T3829]  ? file_end_write+0x230/0x230
[  130.493004][ T3829]  ? ptrace_stop+0x74d/0x970
[  130.497613][ T3829]  ? _raw_spin_unlock_irq+0x2a/0x40
[  130.502817][ T3829]  ? __fdget_pos+0x252/0x2e0
[  130.507426][ T3829]  ksys_write+0x177/0x2a0
[  130.511755][ T3829]  ? __ia32_sys_read+0x80/0x80
[  130.516524][ T3829]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  130.522517][ T3829]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  130.528492][ T3829]  do_syscall_64+0x3d/0xb0
[  130.532923][ T3829]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  130.538827][ T3829] RIP: 0033:0x7f0fa5191c89
[  130.543322][ T3829] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  130.562921][ T3829] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  130.571326][ T3829] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[pid  3829] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3829] exit_group(0)               = ?
[pid  3829] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3829, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./182", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./182", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./182/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./182/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./182/binderfs")                = 0
umount2("./182/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./182/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./182/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./182/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./182/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./182/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./182")                          = 0
mkdir("./183", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3830
./strace-static-x86_64: Process 3830 attached
[pid  3830] chdir("./183")              = 0
[pid  3830] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3830] setpgid(0, 0)               = 0
[pid  3830] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3830] write(3, "1000", 4)         = 4
[pid  3830] close(3)                    = 0
[pid  3830] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3830] memfd_create("syzkaller", 0) = 3
[pid  3830] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3830] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3830] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3830] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[  130.579297][ T3829] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  130.587258][ T3829] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  130.595219][ T3829] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  130.603190][ T3829] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000b6
[  130.611179][ T3829]  </TASK>
[pid  3830] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3830] close(3)                    = 0
[pid  3830] mkdir("./file0", 0777)      = 0
[pid  3830] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3830] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3830] chdir("./file0")            = 0
[pid  3830] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3830] close(4)                    = 0
[pid  3830] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3830] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3830] write(5, "13", 2)           = 2
[  130.651411][ T3830] loop0: detected capacity change from 0 to 64
[  130.653037][ T3640] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  130.683132][ T3830] FAULT_INJECTION: forcing a failure.
[  130.683132][ T3830] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  130.696832][ T3830] CPU: 0 PID: 3830 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  130.707241][ T3830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  130.717316][ T3830] Call Trace:
[  130.720671][ T3830]  <TASK>
[  130.723593][ T3830]  dump_stack_lvl+0x1b1/0x28e
[  130.728258][ T3830]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  130.733703][ T3830]  ? panic+0x710/0x710
[  130.737770][ T3830]  ? do_anonymous_page+0xd4a/0x1150
[  130.742963][ T3830]  ? mark_lock+0x9a/0x350
[  130.747282][ T3830]  should_fail_ex+0x395/0x4c0
[  130.751962][ T3830]  prepare_alloc_pages+0x1d7/0x5a0
[  130.757173][ T3830]  __alloc_pages+0x161/0x560
[  130.761767][ T3830]  ? zone_statistics+0x160/0x160
[  130.766716][ T3830]  ? rcu_lock_release+0x5/0x20
[  130.771479][ T3830]  ? alloc_pages+0x520/0x7b0
[  130.776066][ T3830]  ? xas_descend+0x1f3/0x400
[  130.780658][ T3830]  folio_alloc+0x1a/0x50
[  130.784899][ T3830]  filemap_alloc_folio+0x7e/0x1c0
[  130.789929][ T3830]  __filemap_get_folio+0x898/0x1260
[  130.795130][ T3830]  ? page_cache_prev_miss+0x4e0/0x4e0
[  130.800533][ T3830]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[  130.806518][ T3830]  ? print_irqtrace_events+0x220/0x220
[  130.811980][ T3830]  pagecache_get_page+0x28/0x260
[  130.816917][ T3830]  ? hfs_free_extents+0x420/0x420
[  130.821937][ T3830]  block_write_begin+0x2e/0x1e0
[  130.826795][ T3830]  ? cont_write_begin+0x5e5/0x860
[  130.831824][ T3830]  ? hfs_free_extents+0x420/0x420
[  130.836846][ T3830]  cont_write_begin+0x606/0x860
[  130.841703][ T3830]  ? fault_in_readable+0x1d5/0x310
[  130.846820][ T3830]  ? generic_cont_expand_simple+0x250/0x250
[  130.852716][ T3830]  ? fault_in_readable+0x219/0x310
[  130.857918][ T3830]  ? fault_in_safe_writeable+0x240/0x240
[  130.863557][ T3830]  hfs_write_begin+0x86/0xd0
[  130.868145][ T3830]  ? hfs_free_extents+0x420/0x420
[  130.873171][ T3830]  generic_perform_write+0x2e4/0x5e0
[  130.878465][ T3830]  ? __block_commit_write+0x420/0x420
[  130.883838][ T3830]  ? generic_file_direct_write+0x610/0x610
[  130.889644][ T3830]  ? __file_remove_privs+0x6c0/0x6c0
[  130.894928][ T3830]  ? generic_write_checks+0x15c/0x1c0
[  130.900307][ T3830]  __generic_file_write_iter+0x176/0x400
[  130.905943][ T3830]  generic_file_write_iter+0xab/0x310
[  130.911316][ T3830]  vfs_write+0x7dc/0xc50
[  130.915566][ T3830]  ? file_end_write+0x230/0x230
[  130.920413][ T3830]  ? ptrace_stop+0x74d/0x970
[  130.925009][ T3830]  ? _raw_spin_unlock_irq+0x2a/0x40
[  130.930210][ T3830]  ? __fdget_pos+0x252/0x2e0
[  130.934807][ T3830]  ksys_write+0x177/0x2a0
[  130.939145][ T3830]  ? __ia32_sys_read+0x80/0x80
[  130.943911][ T3830]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  130.949890][ T3830]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  130.955869][ T3830]  do_syscall_64+0x3d/0xb0
[  130.960285][ T3830]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  130.966174][ T3830] RIP: 0033:0x7f0fa5191c89
[  130.970585][ T3830] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  130.990276][ T3830] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid  3830] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3830] exit_group(0)               = ?
[pid  3830] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3830, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./183", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./183", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./183/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./183/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./183/binderfs")                = 0
umount2("./183/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./183/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./183/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./183/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./183/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./183/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./183")                          = 0
mkdir("./184", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3831
./strace-static-x86_64: Process 3831 attached
[pid  3831] chdir("./184")              = 0
[pid  3831] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3831] setpgid(0, 0)               = 0
[  130.998706][ T3830] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  131.006677][ T3830] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  131.014652][ T3830] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  131.022621][ T3830] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  131.030589][ T3830] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000b7
[  131.038576][ T3830]  </TASK>
[pid  3831] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3831] write(3, "1000", 4)         = 4
[pid  3831] close(3)                    = 0
[pid  3831] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3831] memfd_create("syzkaller", 0) = 3
[pid  3831] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3831] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3831] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3831] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3831] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3831] close(3)                    = 0
[pid  3831] mkdir("./file0", 0777)      = 0
[pid  3831] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3831] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3831] chdir("./file0")            = 0
[pid  3831] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3831] close(4)                    = 0
[pid  3831] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3831] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3831] write(5, "13", 2)           = 2
[pid  3831] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid  3831] exit_group(0)               = ?
[pid  3831] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3831, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./184", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./184", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./184/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./184/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./184/binderfs")                = 0
umount2("./184/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./184/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./184/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./184/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./184/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./184/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./184")                          = 0
mkdir("./185", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
[  131.090080][ T3831] loop0: detected capacity change from 0 to 64
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3832 attached
, child_tidptr=0x555555b7f5d0) = 3832
[pid  3832] chdir("./185")              = 0
[pid  3832] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3832] setpgid(0, 0)               = 0
[pid  3832] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3832] write(3, "1000", 4)         = 4
[pid  3832] close(3)                    = 0
[pid  3832] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3832] memfd_create("syzkaller", 0) = 3
[pid  3832] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3832] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3832] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3832] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3832] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3832] close(3)                    = 0
[pid  3832] mkdir("./file0", 0777)      = 0
[pid  3832] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3832] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3832] chdir("./file0")            = 0
[pid  3832] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3832] close(4)                    = 0
[pid  3832] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3832] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3832] write(5, "13", 2)           = 2
[  131.162291][ T3832] loop0: detected capacity change from 0 to 64
[  131.185511][ T3832] FAULT_INJECTION: forcing a failure.
[  131.185511][ T3832] name failslab, interval 1, probability 0, space 0, times 0
[  131.198565][ T3832] CPU: 0 PID: 3832 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  131.208985][ T3832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  131.219044][ T3832] Call Trace:
[  131.222330][ T3832]  <TASK>
[  131.225274][ T3832]  dump_stack_lvl+0x1b1/0x28e
[  131.229979][ T3832]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  131.235448][ T3832]  ? panic+0x710/0x710
[  131.239549][ T3832]  ? __might_sleep+0xc0/0xc0
[  131.244157][ T3832]  ? __mutex_lock_common+0x45f/0x26e0
[  131.249557][ T3832]  should_fail_ex+0x395/0x4c0
[  131.254265][ T3832]  ? hfs_find_init+0x8b/0x1e0
[  131.258960][ T3832]  should_failslab+0x5/0x20
[  131.263459][ T3832]  __kmem_cache_alloc_node+0x69/0x310
[  131.268834][ T3832]  ? hfs_find_init+0x8b/0x1e0
[  131.273514][ T3832]  __kmalloc+0x9e/0x1a0
[  131.277675][ T3832]  hfs_find_init+0x8b/0x1e0
[  131.282192][ T3832]  hfs_extend_file+0x2f8/0x1420
[  131.287064][ T3832]  ? hfs_get_block+0xbb0/0xbb0
[  131.291823][ T3832]  ? lru_cache_disable+0x30/0x30
[  131.296772][ T3832]  ? __might_sleep+0xc0/0xc0
[  131.301371][ T3832]  hfs_get_block+0x3fc/0xbb0
[  131.305979][ T3832]  ? hfs_free_extents+0x420/0x420
[  131.311018][ T3832]  ? do_raw_spin_unlock+0x134/0x8a0
[  131.316215][ T3832]  ? create_page_buffers+0x244/0x4b0
[  131.321501][ T3832]  __block_write_begin_int+0x54c/0x1a80
[  131.327056][ T3832]  ? hfs_free_extents+0x420/0x420
[  131.332079][ T3832]  ? page_zero_new_buffers+0x940/0x940
[  131.337560][ T3832]  ? PageHeadHuge+0x8a/0x1d0
[  131.342169][ T3832]  ? hfs_free_extents+0x420/0x420
[  131.347197][ T3832]  block_write_begin+0x93/0x1e0
[  131.352060][ T3832]  ? cont_write_begin+0x5e5/0x860
[  131.357077][ T3832]  ? hfs_free_extents+0x420/0x420
[  131.362092][ T3832]  cont_write_begin+0x606/0x860
[  131.366939][ T3832]  ? fault_in_readable+0x1d5/0x310
[  131.372071][ T3832]  ? generic_cont_expand_simple+0x250/0x250
[  131.377989][ T3832]  ? fault_in_readable+0x219/0x310
[  131.383101][ T3832]  ? fault_in_safe_writeable+0x240/0x240
[  131.388743][ T3832]  hfs_write_begin+0x86/0xd0
[  131.393339][ T3832]  ? hfs_free_extents+0x420/0x420
[  131.398376][ T3832]  generic_perform_write+0x2e4/0x5e0
[  131.403779][ T3832]  ? __block_commit_write+0x420/0x420
[  131.409161][ T3832]  ? generic_file_direct_write+0x610/0x610
[  131.414963][ T3832]  ? __file_remove_privs+0x6c0/0x6c0
[  131.420239][ T3832]  ? generic_write_checks+0x15c/0x1c0
[  131.425610][ T3832]  __generic_file_write_iter+0x176/0x400
[  131.431246][ T3832]  generic_file_write_iter+0xab/0x310
[  131.436613][ T3832]  vfs_write+0x7dc/0xc50
[  131.440870][ T3832]  ? file_end_write+0x230/0x230
[  131.445720][ T3832]  ? ptrace_stop+0x74d/0x970
[  131.450325][ T3832]  ? _raw_spin_unlock_irq+0x2a/0x40
[  131.455523][ T3832]  ? __fdget_pos+0x252/0x2e0
[  131.460110][ T3832]  ksys_write+0x177/0x2a0
[  131.464435][ T3832]  ? __ia32_sys_read+0x80/0x80
[  131.469199][ T3832]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  131.475191][ T3832]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  131.481174][ T3832]  do_syscall_64+0x3d/0xb0
[  131.485592][ T3832]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  131.491513][ T3832] RIP: 0033:0x7f0fa5191c89
[  131.495948][ T3832] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  131.515554][ T3832] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  131.523962][ T3832] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  131.531925][ T3832] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  131.539895][ T3832] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  131.547965][ T3832] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  131.555929][ T3832] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000b9
[pid  3832] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3832] exit_group(0)               = ?
[pid  3832] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3832, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./185", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./185", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./185/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./185/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./185/binderfs")                = 0
umount2("./185/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./185/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./185/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./185/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./185/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./185/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./185")                          = 0
mkdir("./186", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3833
./strace-static-x86_64: Process 3833 attached
[pid  3833] chdir("./186")              = 0
[  131.563906][ T3832]  </TASK>
[pid  3833] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3833] setpgid(0, 0)               = 0
[pid  3833] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3833] write(3, "1000", 4)         = 4
[pid  3833] close(3)                    = 0
[pid  3833] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3833] memfd_create("syzkaller", 0) = 3
[pid  3833] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3833] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3833] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3833] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3833] close(3)                    = 0
[pid  3833] mkdir("./file0", 0777)      = 0
[pid  3833] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3833] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3833] chdir("./file0")            = 0
[pid  3833] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3833] close(4)                    = 0
[pid  3833] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3833] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3833] write(5, "13", 2)           = 2
[  131.610194][ T3833] loop0: detected capacity change from 0 to 64
[  131.613260][ T3640] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  131.640165][ T3833] FAULT_INJECTION: forcing a failure.
[  131.640165][ T3833] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  131.653722][ T3833] CPU: 1 PID: 3833 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  131.664170][ T3833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  131.674240][ T3833] Call Trace:
[  131.677521][ T3833]  <TASK>
[  131.680451][ T3833]  dump_stack_lvl+0x1b1/0x28e
[  131.685136][ T3833]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  131.690601][ T3833]  ? panic+0x710/0x710
[  131.694682][ T3833]  ? do_anonymous_page+0xd4a/0x1150
[  131.699895][ T3833]  ? mark_lock+0x9a/0x350
[  131.704232][ T3833]  should_fail_ex+0x395/0x4c0
[  131.708925][ T3833]  prepare_alloc_pages+0x1d7/0x5a0
[  131.714054][ T3833]  __alloc_pages+0x161/0x560
[  131.718658][ T3833]  ? zone_statistics+0x160/0x160
[  131.723609][ T3833]  ? rcu_lock_release+0x5/0x20
[  131.728469][ T3833]  ? alloc_pages+0x520/0x7b0
[  131.733062][ T3833]  ? xas_descend+0x1f3/0x400
[  131.737656][ T3833]  folio_alloc+0x1a/0x50
[  131.741896][ T3833]  filemap_alloc_folio+0x7e/0x1c0
[  131.746925][ T3833]  __filemap_get_folio+0x898/0x1260
[  131.752129][ T3833]  ? page_cache_prev_miss+0x4e0/0x4e0
[  131.757686][ T3833]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[  131.763690][ T3833]  ? print_irqtrace_events+0x220/0x220
[  131.769149][ T3833]  pagecache_get_page+0x28/0x260
[  131.774084][ T3833]  ? hfs_free_extents+0x420/0x420
[  131.779193][ T3833]  block_write_begin+0x2e/0x1e0
[  131.784047][ T3833]  ? cont_write_begin+0x5e5/0x860
[  131.789075][ T3833]  ? hfs_free_extents+0x420/0x420
[  131.794101][ T3833]  cont_write_begin+0x606/0x860
[  131.798963][ T3833]  ? fault_in_readable+0x1d5/0x310
[  131.804077][ T3833]  ? generic_cont_expand_simple+0x250/0x250
[  131.809971][ T3833]  ? fault_in_readable+0x219/0x310
[  131.815084][ T3833]  ? fault_in_safe_writeable+0x240/0x240
[  131.820723][ T3833]  hfs_write_begin+0x86/0xd0
[  131.825312][ T3833]  ? hfs_free_extents+0x420/0x420
[  131.830337][ T3833]  generic_perform_write+0x2e4/0x5e0
[  131.835639][ T3833]  ? __block_commit_write+0x420/0x420
[  131.841011][ T3833]  ? generic_file_direct_write+0x610/0x610
[  131.846817][ T3833]  ? __file_remove_privs+0x6c0/0x6c0
[  131.852190][ T3833]  ? generic_write_checks+0x15c/0x1c0
[  131.857567][ T3833]  __generic_file_write_iter+0x176/0x400
[  131.863210][ T3833]  generic_file_write_iter+0xab/0x310
[  131.868584][ T3833]  vfs_write+0x7dc/0xc50
[  131.872844][ T3833]  ? file_end_write+0x230/0x230
[  131.877784][ T3833]  ? ptrace_stop+0x74d/0x970
[  131.882401][ T3833]  ? _raw_spin_unlock_irq+0x2a/0x40
[  131.887614][ T3833]  ? __fdget_pos+0x252/0x2e0
[  131.892219][ T3833]  ksys_write+0x177/0x2a0
[  131.896583][ T3833]  ? __ia32_sys_read+0x80/0x80
[  131.901372][ T3833]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  131.907359][ T3833]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  131.913344][ T3833]  do_syscall_64+0x3d/0xb0
[  131.917763][ T3833]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  131.923660][ T3833] RIP: 0033:0x7f0fa5191c89
[  131.928073][ T3833] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  131.947767][ T3833] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid  3833] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3833] exit_group(0)               = ?
[pid  3833] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3833, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./186", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./186", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./186/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./186/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./186/binderfs")                = 0
umount2("./186/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./186/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./186/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./186/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./186/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./186/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./186")                          = 0
mkdir("./187", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3834
./strace-static-x86_64: Process 3834 attached
[pid  3834] chdir("./187")              = 0
[  131.956177][ T3833] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  131.964146][ T3833] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  131.972113][ T3833] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  131.980081][ T3833] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  131.988046][ T3833] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000ba
[  131.996030][ T3833]  </TASK>
[pid  3834] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3834] setpgid(0, 0)               = 0
[pid  3834] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3834] write(3, "1000", 4)         = 4
[pid  3834] close(3)                    = 0
[pid  3834] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3834] memfd_create("syzkaller", 0) = 3
[pid  3834] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3834] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3834] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3834] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3834] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3834] close(3)                    = 0
[pid  3834] mkdir("./file0", 0777)      = 0
[pid  3834] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3834] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3834] chdir("./file0")            = 0
[pid  3834] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3834] close(4)                    = 0
[pid  3834] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3834] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3834] write(5, "13", 2)           = 2
[  132.055757][ T3834] loop0: detected capacity change from 0 to 64
[  132.090300][ T3834] FAULT_INJECTION: forcing a failure.
[  132.090300][ T3834] name failslab, interval 1, probability 0, space 0, times 0
[  132.103313][ T3834] CPU: 0 PID: 3834 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  132.113741][ T3834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  132.123789][ T3834] Call Trace:
[  132.127064][ T3834]  <TASK>
[  132.129987][ T3834]  dump_stack_lvl+0x1b1/0x28e
[  132.135104][ T3834]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  132.140597][ T3834]  ? panic+0x710/0x710
[  132.144684][ T3834]  ? __might_sleep+0xc0/0xc0
[  132.149288][ T3834]  ? __mutex_lock_common+0x45f/0x26e0
[  132.154694][ T3834]  should_fail_ex+0x395/0x4c0
[  132.159391][ T3834]  ? hfs_find_init+0x8b/0x1e0
[  132.164081][ T3834]  should_failslab+0x5/0x20
[  132.168614][ T3834]  __kmem_cache_alloc_node+0x69/0x310
[  132.174048][ T3834]  ? hfs_find_init+0x8b/0x1e0
[  132.178731][ T3834]  __kmalloc+0x9e/0x1a0
[  132.182894][ T3834]  hfs_find_init+0x8b/0x1e0
[  132.187404][ T3834]  hfs_extend_file+0x2f8/0x1420
[  132.192264][ T3834]  ? hfs_get_block+0xbb0/0xbb0
[  132.197027][ T3834]  ? lru_cache_disable+0x30/0x30
[  132.201967][ T3834]  ? __might_sleep+0xc0/0xc0
[  132.206574][ T3834]  hfs_get_block+0x3fc/0xbb0
[  132.211182][ T3834]  ? hfs_free_extents+0x420/0x420
[  132.216203][ T3834]  ? do_raw_spin_unlock+0x134/0x8a0
[  132.221414][ T3834]  ? create_page_buffers+0x244/0x4b0
[  132.226709][ T3834]  __block_write_begin_int+0x54c/0x1a80
[  132.232276][ T3834]  ? hfs_free_extents+0x420/0x420
[  132.237299][ T3834]  ? page_zero_new_buffers+0x940/0x940
[  132.242758][ T3834]  ? PageHeadHuge+0x8a/0x1d0
[  132.247349][ T3834]  ? hfs_free_extents+0x420/0x420
[  132.252377][ T3834]  block_write_begin+0x93/0x1e0
[  132.257228][ T3834]  ? cont_write_begin+0x5e5/0x860
[  132.262253][ T3834]  ? hfs_free_extents+0x420/0x420
[  132.267276][ T3834]  cont_write_begin+0x606/0x860
[  132.272134][ T3834]  ? fault_in_readable+0x1d5/0x310
[  132.277253][ T3834]  ? generic_cont_expand_simple+0x250/0x250
[  132.283144][ T3834]  ? fault_in_readable+0x219/0x310
[  132.292777][ T3834]  ? fault_in_safe_writeable+0x240/0x240
[  132.298419][ T3834]  hfs_write_begin+0x86/0xd0
[  132.303003][ T3834]  ? hfs_free_extents+0x420/0x420
[  132.308027][ T3834]  generic_perform_write+0x2e4/0x5e0
[  132.313323][ T3834]  ? __block_commit_write+0x420/0x420
[  132.318695][ T3834]  ? generic_file_direct_write+0x610/0x610
[  132.324504][ T3834]  ? __file_remove_privs+0x6c0/0x6c0
[  132.329820][ T3834]  __generic_file_write_iter+0x176/0x400
[  132.335491][ T3834]  generic_file_write_iter+0xab/0x310
[  132.340880][ T3834]  vfs_write+0x7dc/0xc50
[  132.345141][ T3834]  ? file_end_write+0x230/0x230
[  132.349995][ T3834]  ? ptrace_stop+0x74d/0x970
[  132.354630][ T3834]  ? _raw_spin_unlock_irq+0x2a/0x40
[  132.359837][ T3834]  ? __fdget_pos+0x252/0x2e0
[  132.364436][ T3834]  ksys_write+0x177/0x2a0
[  132.368769][ T3834]  ? __ia32_sys_read+0x80/0x80
[  132.373541][ T3834]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  132.379523][ T3834]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  132.385504][ T3834]  do_syscall_64+0x3d/0xb0
[  132.389919][ T3834]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  132.395826][ T3834] RIP: 0033:0x7f0fa5191c89
[  132.400254][ T3834] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  132.419869][ T3834] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  132.428283][ T3834] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  132.436250][ T3834] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  132.444222][ T3834] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3834] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3834] exit_group(0)               = ?
[pid  3834] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3834, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./187", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./187", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./187/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./187/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./187/binderfs")                = 0
umount2("./187/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./187/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./187/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./187/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./187/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./187/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./187")                          = 0
mkdir("./188", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3835
./strace-static-x86_64: Process 3835 attached
[pid  3835] chdir("./188")              = 0
[pid  3835] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3835] setpgid(0, 0)               = 0
[pid  3835] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3835] write(3, "1000", 4)         = 4
[pid  3835] close(3)                    = 0
[pid  3835] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3835] memfd_create("syzkaller", 0) = 3
[pid  3835] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[  132.452199][ T3834] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  132.460173][ T3834] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000bb
[  132.468159][ T3834]  </TASK>
[pid  3835] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3835] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3835] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3835] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3835] close(3)                    = 0
[pid  3835] mkdir("./file0", 0777)      = 0
[pid  3835] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3835] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3835] chdir("./file0")            = 0
[pid  3835] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3835] close(4)                    = 0
[pid  3835] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3835] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3835] write(5, "13", 2)           = 2
[  132.504843][ T3835] loop0: detected capacity change from 0 to 64
[  132.531091][ T3835] FAULT_INJECTION: forcing a failure.
[  132.531091][ T3835] name failslab, interval 1, probability 0, space 0, times 0
[  132.544067][ T3835] CPU: 1 PID: 3835 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  132.554488][ T3835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  132.564560][ T3835] Call Trace:
[  132.567848][ T3835]  <TASK>
[  132.570791][ T3835]  dump_stack_lvl+0x1b1/0x28e
[  132.575489][ T3835]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  132.580957][ T3835]  ? panic+0x710/0x710
[  132.585035][ T3835]  ? __might_sleep+0xc0/0xc0
[  132.589636][ T3835]  ? __mutex_lock_common+0x45f/0x26e0
[  132.595030][ T3835]  should_fail_ex+0x395/0x4c0
[  132.599727][ T3835]  ? hfs_find_init+0x8b/0x1e0
[  132.604417][ T3835]  should_failslab+0x5/0x20
[  132.608926][ T3835]  __kmem_cache_alloc_node+0x69/0x310
[  132.614307][ T3835]  ? rcu_lock_release+0x5/0x20
[  132.619078][ T3835]  ? hfs_find_init+0x8b/0x1e0
[  132.623762][ T3835]  __kmalloc+0x9e/0x1a0
[  132.627926][ T3835]  hfs_find_init+0x8b/0x1e0
[  132.632437][ T3835]  hfs_extend_file+0x2f8/0x1420
[  132.637291][ T3835]  ? xas_find+0x937/0xa60
[  132.641632][ T3835]  ? hfs_get_block+0xbb0/0xbb0
[  132.646392][ T3835]  ? filemap_get_folios+0x557/0x830
[  132.651595][ T3835]  ? find_lock_entries+0xf60/0xf60
[  132.656720][ T3835]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  132.662620][ T3835]  hfs_get_block+0x3fc/0xbb0
[  132.667237][ T3835]  ? hfs_free_extents+0x420/0x420
[  132.672270][ T3835]  ? do_raw_spin_unlock+0x134/0x8a0
[  132.677482][ T3835]  ? create_page_buffers+0x244/0x4b0
[  132.682784][ T3835]  __block_write_begin_int+0x54c/0x1a80
[  132.688372][ T3835]  ? hfs_free_extents+0x420/0x420
[  132.693403][ T3835]  ? page_zero_new_buffers+0x940/0x940
[  132.698868][ T3835]  ? PageHeadHuge+0x8a/0x1d0
[  132.703467][ T3835]  ? hfs_free_extents+0x420/0x420
[  132.708495][ T3835]  block_write_begin+0x93/0x1e0
[  132.713358][ T3835]  ? cont_write_begin+0x5e5/0x860
[  132.718389][ T3835]  ? hfs_free_extents+0x420/0x420
[  132.723416][ T3835]  cont_write_begin+0x606/0x860
[  132.728277][ T3835]  ? fault_in_readable+0x1d5/0x310
[  132.733411][ T3835]  ? generic_cont_expand_simple+0x250/0x250
[  132.739325][ T3835]  ? fault_in_readable+0x219/0x310
[  132.744454][ T3835]  ? fault_in_safe_writeable+0x240/0x240
[  132.750115][ T3835]  hfs_write_begin+0x86/0xd0
[  132.754707][ T3835]  ? hfs_free_extents+0x420/0x420
[  132.759740][ T3835]  generic_perform_write+0x2e4/0x5e0
[  132.765038][ T3835]  ? __block_commit_write+0x420/0x420
[  132.770413][ T3835]  ? generic_file_direct_write+0x610/0x610
[  132.776219][ T3835]  ? __file_remove_privs+0x6c0/0x6c0
[  132.781503][ T3835]  ? generic_write_checks+0x15c/0x1c0
[  132.786882][ T3835]  __generic_file_write_iter+0x176/0x400
[  132.792523][ T3835]  generic_file_write_iter+0xab/0x310
[  132.797911][ T3835]  vfs_write+0x7dc/0xc50
[  132.802168][ T3835]  ? file_end_write+0x230/0x230
[  132.807015][ T3835]  ? ptrace_stop+0x74d/0x970
[  132.811617][ T3835]  ? _raw_spin_unlock_irq+0x2a/0x40
[  132.816821][ T3835]  ? __fdget_pos+0x252/0x2e0
[  132.821416][ T3835]  ksys_write+0x177/0x2a0
[  132.825755][ T3835]  ? __ia32_sys_read+0x80/0x80
[  132.830525][ T3835]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  132.836506][ T3835]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  132.842488][ T3835]  do_syscall_64+0x3d/0xb0
[  132.846922][ T3835]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  132.852810][ T3835] RIP: 0033:0x7f0fa5191c89
[  132.857227][ T3835] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  132.876829][ T3835] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  132.885241][ T3835] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  132.893207][ T3835] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid  3835] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3835] exit_group(0)               = ?
[pid  3835] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3835, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./188", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./188", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./188/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./188/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./188/binderfs")                = 0
umount2("./188/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./188/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./188/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./188/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./188/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./188/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./188")                          = 0
mkdir("./189", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3836
./strace-static-x86_64: Process 3836 attached
[pid  3836] chdir("./189")              = 0
[pid  3836] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3836] setpgid(0, 0)               = 0
[pid  3836] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3836] write(3, "1000", 4)         = 4
[pid  3836] close(3)                    = 0
[pid  3836] symlink("/dev/binderfs", "./binderfs") = 0
[  132.901175][ T3835] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  132.909140][ T3835] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  132.917111][ T3835] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000bc
[  132.925096][ T3835]  </TASK>
[  132.931485][ T1250] ieee802154 phy0 wpan0: encryption failed: -22
[  132.937787][ T1250] ieee802154 phy1 wpan1: encryption failed: -22
[pid  3836] memfd_create("syzkaller", 0) = 3
[pid  3836] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3836] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3836] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3836] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3836] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3836] close(3)                    = 0
[pid  3836] mkdir("./file0", 0777)      = 0
[pid  3836] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3836] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3836] chdir("./file0")            = 0
[pid  3836] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3836] close(4)                    = 0
[pid  3836] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3836] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3836] write(5, "13", 2)           = 2
[  132.985498][ T3836] loop0: detected capacity change from 0 to 64
[  133.007664][ T3836] FAULT_INJECTION: forcing a failure.
[  133.007664][ T3836] name failslab, interval 1, probability 0, space 0, times 0
[  133.021398][ T3836] CPU: 1 PID: 3836 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  133.031836][ T3836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  133.041906][ T3836] Call Trace:
[  133.045194][ T3836]  <TASK>
[  133.048134][ T3836]  dump_stack_lvl+0x1b1/0x28e
[  133.053450][ T3836]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  133.058927][ T3836]  ? panic+0x710/0x710
[  133.063011][ T3836]  ? __might_sleep+0xc0/0xc0
[  133.067630][ T3836]  ? __mutex_lock_common+0x45f/0x26e0
[  133.073038][ T3836]  should_fail_ex+0x395/0x4c0
[  133.077740][ T3836]  ? hfs_find_init+0x8b/0x1e0
[  133.082437][ T3836]  should_failslab+0x5/0x20
[  133.086956][ T3836]  __kmem_cache_alloc_node+0x69/0x310
[  133.092348][ T3836]  ? hfs_find_init+0x8b/0x1e0
[  133.097042][ T3836]  __kmalloc+0x9e/0x1a0
[  133.101242][ T3836]  hfs_find_init+0x8b/0x1e0
[  133.105766][ T3836]  hfs_extend_file+0x2f8/0x1420
[  133.110644][ T3836]  ? hfs_get_block+0xbb0/0xbb0
[  133.115422][ T3836]  ? lru_cache_disable+0x30/0x30
[  133.120377][ T3836]  ? __might_sleep+0xc0/0xc0
[  133.125008][ T3836]  hfs_get_block+0x3fc/0xbb0
[  133.129634][ T3836]  ? hfs_free_extents+0x420/0x420
[  133.134671][ T3836]  ? do_raw_spin_unlock+0x134/0x8a0
[  133.139895][ T3836]  ? create_page_buffers+0x244/0x4b0
[  133.145203][ T3836]  __block_write_begin_int+0x54c/0x1a80
[  133.150793][ T3836]  ? hfs_free_extents+0x420/0x420
[  133.155835][ T3836]  ? page_zero_new_buffers+0x940/0x940
[  133.161309][ T3836]  ? PageHeadHuge+0x8a/0x1d0
[  133.165932][ T3836]  ? hfs_free_extents+0x420/0x420
[  133.170985][ T3836]  block_write_begin+0x93/0x1e0
[  133.175860][ T3836]  ? cont_write_begin+0x5e5/0x860
[  133.180907][ T3836]  ? hfs_free_extents+0x420/0x420
[  133.185974][ T3836]  cont_write_begin+0x606/0x860
[  133.190863][ T3836]  ? fault_in_readable+0x1d5/0x310
[  133.196009][ T3836]  ? generic_cont_expand_simple+0x250/0x250
[  133.201924][ T3836]  ? fault_in_readable+0x219/0x310
[  133.207070][ T3836]  ? fault_in_safe_writeable+0x240/0x240
[  133.212740][ T3836]  hfs_write_begin+0x86/0xd0
[  133.217353][ T3836]  ? hfs_free_extents+0x420/0x420
[  133.222399][ T3836]  generic_perform_write+0x2e4/0x5e0
[  133.227802][ T3836]  ? __block_commit_write+0x420/0x420
[  133.233194][ T3836]  ? generic_file_direct_write+0x610/0x610
[  133.239014][ T3836]  ? __file_remove_privs+0x6c0/0x6c0
[  133.244317][ T3836]  ? generic_write_checks+0x15c/0x1c0
[  133.249717][ T3836]  __generic_file_write_iter+0x176/0x400
[  133.255378][ T3836]  generic_file_write_iter+0xab/0x310
[  133.260771][ T3836]  vfs_write+0x7dc/0xc50
[  133.265040][ T3836]  ? file_end_write+0x230/0x230
[  133.269902][ T3836]  ? ptrace_stop+0x74d/0x970
[  133.274523][ T3836]  ? _raw_spin_unlock_irq+0x2a/0x40
[  133.279742][ T3836]  ? __fdget_pos+0x252/0x2e0
[  133.284351][ T3836]  ksys_write+0x177/0x2a0
[  133.288716][ T3836]  ? __ia32_sys_read+0x80/0x80
[  133.293523][ T3836]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  133.299530][ T3836]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  133.305534][ T3836]  do_syscall_64+0x3d/0xb0
[  133.309976][ T3836]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  133.315974][ T3836] RIP: 0033:0x7f0fa5191c89
[  133.320408][ T3836] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  133.340031][ T3836] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  133.348467][ T3836] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  133.356467][ T3836] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  133.364501][ T3836] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  133.372488][ T3836] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  3836] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3836] exit_group(0)               = ?
[pid  3836] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3836, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./189", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./189", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./189/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./189/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./189/binderfs")                = 0
umount2("./189/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./189/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./189/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./189/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./189/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./189/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./189")                          = 0
mkdir("./190", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3837
./strace-static-x86_64: Process 3837 attached
[pid  3837] chdir("./190")              = 0
[pid  3837] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[  133.380490][ T3836] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000bd
[  133.388508][ T3836]  </TASK>
[pid  3837] setpgid(0, 0)               = 0
[pid  3837] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3837] write(3, "1000", 4)         = 4
[pid  3837] close(3)                    = 0
[pid  3837] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3837] memfd_create("syzkaller", 0) = 3
[pid  3837] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3837] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3837] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3837] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3837] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3837] close(3)                    = 0
[pid  3837] mkdir("./file0", 0777)      = 0
[pid  3837] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3837] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3837] chdir("./file0")            = 0
[pid  3837] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3837] close(4)                    = 0
[pid  3837] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3837] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3837] write(5, "13", 2)           = 2
[  133.437676][ T3837] loop0: detected capacity change from 0 to 64
[  133.466156][ T3837] FAULT_INJECTION: forcing a failure.
[  133.466156][ T3837] name failslab, interval 1, probability 0, space 0, times 0
[  133.479210][ T3837] CPU: 0 PID: 3837 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  133.489631][ T3837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  133.499776][ T3837] Call Trace:
[  133.503055][ T3837]  <TASK>
[  133.505990][ T3837]  dump_stack_lvl+0x1b1/0x28e
[  133.510684][ T3837]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  133.516135][ T3837]  ? panic+0x710/0x710
[  133.520199][ T3837]  ? __might_sleep+0xc0/0xc0
[  133.524821][ T3837]  ? __mutex_lock_common+0x45f/0x26e0
[  133.530192][ T3837]  should_fail_ex+0x395/0x4c0
[  133.534865][ T3837]  ? hfs_find_init+0x8b/0x1e0
[  133.539542][ T3837]  should_failslab+0x5/0x20
[  133.544041][ T3837]  __kmem_cache_alloc_node+0x69/0x310
[  133.549430][ T3837]  ? hfs_find_init+0x8b/0x1e0
[  133.554109][ T3837]  __kmalloc+0x9e/0x1a0
[  133.558270][ T3837]  hfs_find_init+0x8b/0x1e0
[  133.562780][ T3837]  hfs_extend_file+0x2f8/0x1420
[  133.567657][ T3837]  ? hfs_get_block+0xbb0/0xbb0
[  133.572422][ T3837]  ? lru_cache_disable+0x30/0x30
[  133.577359][ T3837]  ? __might_sleep+0xc0/0xc0
[  133.581959][ T3837]  hfs_get_block+0x3fc/0xbb0
[  133.586553][ T3837]  ? hfs_free_extents+0x420/0x420
[  133.591567][ T3837]  ? do_raw_spin_unlock+0x134/0x8a0
[  133.596763][ T3837]  ? create_page_buffers+0x244/0x4b0
[  133.602058][ T3837]  __block_write_begin_int+0x54c/0x1a80
[  133.607653][ T3837]  ? hfs_free_extents+0x420/0x420
[  133.612684][ T3837]  ? page_zero_new_buffers+0x940/0x940
[  133.618135][ T3837]  ? PageHeadHuge+0x8a/0x1d0
[  133.622734][ T3837]  ? hfs_free_extents+0x420/0x420
[  133.627771][ T3837]  block_write_begin+0x93/0x1e0
[  133.632623][ T3837]  ? cont_write_begin+0x5e5/0x860
[  133.637644][ T3837]  ? hfs_free_extents+0x420/0x420
[  133.642668][ T3837]  cont_write_begin+0x606/0x860
[  133.647526][ T3837]  ? fault_in_readable+0x1d5/0x310
[  133.652639][ T3837]  ? generic_cont_expand_simple+0x250/0x250
[  133.658530][ T3837]  ? fault_in_readable+0x219/0x310
[  133.663651][ T3837]  ? fault_in_safe_writeable+0x240/0x240
[  133.669308][ T3837]  hfs_write_begin+0x86/0xd0
[  133.673912][ T3837]  ? hfs_free_extents+0x420/0x420
[  133.678954][ T3837]  generic_perform_write+0x2e4/0x5e0
[  133.684258][ T3837]  ? __block_commit_write+0x420/0x420
[  133.689655][ T3837]  ? generic_file_direct_write+0x610/0x610
[  133.695492][ T3837]  ? __file_remove_privs+0x6c0/0x6c0
[  133.700788][ T3837]  ? generic_write_checks+0x15c/0x1c0
[  133.706181][ T3837]  __generic_file_write_iter+0x176/0x400
[  133.711831][ T3837]  generic_file_write_iter+0xab/0x310
[  133.717213][ T3837]  vfs_write+0x7dc/0xc50
[  133.721477][ T3837]  ? file_end_write+0x230/0x230
[  133.726327][ T3837]  ? ptrace_stop+0x74d/0x970
[  133.730939][ T3837]  ? _raw_spin_unlock_irq+0x2a/0x40
[  133.736153][ T3837]  ? __fdget_pos+0x252/0x2e0
[  133.740753][ T3837]  ksys_write+0x177/0x2a0
[  133.745102][ T3837]  ? __ia32_sys_read+0x80/0x80
[  133.749877][ T3837]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  133.755873][ T3837]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  133.761875][ T3837]  do_syscall_64+0x3d/0xb0
[  133.766308][ T3837]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  133.772205][ T3837] RIP: 0033:0x7f0fa5191c89
[  133.776627][ T3837] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  133.796323][ T3837] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  133.804739][ T3837] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  133.812726][ T3837] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  133.820700][ T3837] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  133.828669][ T3837] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  3837] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3837] exit_group(0)               = ?
[pid  3837] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3837, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./190", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./190", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./190/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./190/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./190/binderfs")                = 0
umount2("./190/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./190/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./190/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./190/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./190/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./190/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./190")                          = 0
mkdir("./191", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3838
./strace-static-x86_64: Process 3838 attached
[pid  3838] chdir("./191")              = 0
[pid  3838] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3838] setpgid(0, 0)               = 0
[pid  3838] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3838] write(3, "1000", 4)         = 4
[pid  3838] close(3)                    = 0
[pid  3838] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3838] memfd_create("syzkaller", 0) = 3
[pid  3838] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3838] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3838] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3838] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[  133.836641][ T3837] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000be
[  133.844623][ T3837]  </TASK>
[pid  3838] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3838] close(3)                    = 0
[pid  3838] mkdir("./file0", 0777)      = 0
[pid  3838] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3838] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3838] chdir("./file0")            = 0
[pid  3838] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3838] close(4)                    = 0
[pid  3838] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3838] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3838] write(5, "13", 2)           = 2
[  133.894903][ T3838] loop0: detected capacity change from 0 to 64
[  133.924752][ T3838] FAULT_INJECTION: forcing a failure.
[  133.924752][ T3838] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  133.938062][ T3838] CPU: 0 PID: 3838 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  133.948468][ T3838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  133.958533][ T3838] Call Trace:
[  133.961818][ T3838]  <TASK>
[  133.964830][ T3838]  dump_stack_lvl+0x1b1/0x28e
[  133.969503][ T3838]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  133.974954][ T3838]  ? panic+0x710/0x710
[  133.979013][ T3838]  ? do_anonymous_page+0xd4a/0x1150
[  133.984220][ T3838]  ? mark_lock+0x9a/0x350
[  133.988568][ T3838]  should_fail_ex+0x395/0x4c0
[  133.993253][ T3838]  prepare_alloc_pages+0x1d7/0x5a0
[  133.998385][ T3838]  __alloc_pages+0x161/0x560
[  134.002989][ T3838]  ? zone_statistics+0x160/0x160
[  134.007937][ T3838]  ? rcu_lock_release+0x5/0x20
[  134.012708][ T3838]  ? alloc_pages+0x520/0x7b0
[  134.017288][ T3838]  ? xas_descend+0x1f3/0x400
[  134.021969][ T3838]  folio_alloc+0x1a/0x50
[  134.026238][ T3838]  filemap_alloc_folio+0x7e/0x1c0
[  134.031288][ T3838]  __filemap_get_folio+0x898/0x1260
[  134.036487][ T3838]  ? page_cache_prev_miss+0x4e0/0x4e0
[  134.041855][ T3838]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[  134.047830][ T3838]  ? print_irqtrace_events+0x220/0x220
[  134.053286][ T3838]  pagecache_get_page+0x28/0x260
[  134.058230][ T3838]  ? hfs_free_extents+0x420/0x420
[  134.063258][ T3838]  block_write_begin+0x2e/0x1e0
[  134.068104][ T3838]  ? cont_write_begin+0x5e5/0x860
[  134.073132][ T3838]  ? hfs_free_extents+0x420/0x420
[  134.078161][ T3838]  cont_write_begin+0x606/0x860
[  134.083022][ T3838]  ? fault_in_readable+0x1d5/0x310
[  134.088145][ T3838]  ? generic_cont_expand_simple+0x250/0x250
[  134.094042][ T3838]  ? fault_in_readable+0x219/0x310
[  134.099164][ T3838]  ? fault_in_safe_writeable+0x240/0x240
[  134.104806][ T3838]  hfs_write_begin+0x86/0xd0
[  134.109416][ T3838]  ? hfs_free_extents+0x420/0x420
[  134.114445][ T3838]  generic_perform_write+0x2e4/0x5e0
[  134.119744][ T3838]  ? __block_commit_write+0x420/0x420
[  134.125111][ T3838]  ? generic_file_direct_write+0x610/0x610
[  134.130911][ T3838]  ? __file_remove_privs+0x6c0/0x6c0
[  134.136199][ T3838]  ? generic_write_checks+0x15c/0x1c0
[  134.141569][ T3838]  __generic_file_write_iter+0x176/0x400
[  134.147204][ T3838]  generic_file_write_iter+0xab/0x310
[  134.152571][ T3838]  vfs_write+0x7dc/0xc50
[  134.156814][ T3838]  ? file_end_write+0x230/0x230
[  134.161669][ T3838]  ? ptrace_stop+0x74d/0x970
[  134.166278][ T3838]  ? _raw_spin_unlock_irq+0x2a/0x40
[  134.171469][ T3838]  ? __fdget_pos+0x252/0x2e0
[  134.176053][ T3838]  ksys_write+0x177/0x2a0
[  134.180378][ T3838]  ? __ia32_sys_read+0x80/0x80
[  134.185149][ T3838]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  134.191261][ T3838]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  134.197252][ T3838]  do_syscall_64+0x3d/0xb0
[  134.201667][ T3838]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  134.207562][ T3838] RIP: 0033:0x7f0fa5191c89
[  134.211985][ T3838] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  134.231590][ T3838] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid  3838] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3838] exit_group(0)               = ?
[pid  3838] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3838, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./191", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./191", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./191/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./191/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./191/binderfs")                = 0
umount2("./191/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./191/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./191/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./191/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./191/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./191/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./191")                          = 0
mkdir("./192", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3839
./strace-static-x86_64: Process 3839 attached
[pid  3839] chdir("./192")              = 0
[pid  3839] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3839] setpgid(0, 0)               = 0
[pid  3839] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[  134.240701][ T3838] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  134.248677][ T3838] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  134.256653][ T3838] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  134.264613][ T3838] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  134.272591][ T3838] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000bf
[  134.280593][ T3838]  </TASK>
[pid  3839] write(3, "1000", 4)         = 4
[pid  3839] close(3)                    = 0
[pid  3839] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3839] memfd_create("syzkaller", 0) = 3
[pid  3839] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3839] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3839] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3839] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3839] close(3)                    = 0
[pid  3839] mkdir("./file0", 0777)      = 0
[pid  3839] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3839] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3839] chdir("./file0")            = 0
[pid  3839] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3839] close(4)                    = 0
[pid  3839] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3839] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3839] write(5, "13", 2)           = 2
[  134.338975][ T3839] loop0: detected capacity change from 0 to 64
[  134.355533][ T3839] FAULT_INJECTION: forcing a failure.
[  134.355533][ T3839] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  134.369090][ T3839] CPU: 0 PID: 3839 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  134.379535][ T3839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  134.389608][ T3839] Call Trace:
[  134.392895][ T3839]  <TASK>
[  134.395821][ T3839]  dump_stack_lvl+0x1b1/0x28e
[  134.400497][ T3839]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  134.405961][ T3839]  ? panic+0x710/0x710
[  134.410022][ T3839]  ? do_anonymous_page+0xd4a/0x1150
[  134.415234][ T3839]  ? mark_lock+0x9a/0x350
[  134.419589][ T3839]  should_fail_ex+0x395/0x4c0
[  134.424283][ T3839]  prepare_alloc_pages+0x1d7/0x5a0
[  134.429412][ T3839]  __alloc_pages+0x161/0x560
[  134.434110][ T3839]  ? zone_statistics+0x160/0x160
[  134.439049][ T3839]  ? rcu_lock_release+0x5/0x20
[  134.443833][ T3839]  ? alloc_pages+0x520/0x7b0
[  134.448435][ T3839]  ? xas_descend+0x1f3/0x400
[  134.453229][ T3839]  folio_alloc+0x1a/0x50
[  134.457466][ T3839]  filemap_alloc_folio+0x7e/0x1c0
[  134.462573][ T3839]  __filemap_get_folio+0x898/0x1260
[  134.467766][ T3839]  ? page_cache_prev_miss+0x4e0/0x4e0
[  134.473143][ T3839]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[  134.479119][ T3839]  ? print_irqtrace_events+0x220/0x220
[  134.484572][ T3839]  pagecache_get_page+0x28/0x260
[  134.489514][ T3839]  ? hfs_free_extents+0x420/0x420
[  134.494541][ T3839]  block_write_begin+0x2e/0x1e0
[  134.499395][ T3839]  ? cont_write_begin+0x5e5/0x860
[  134.504412][ T3839]  ? hfs_free_extents+0x420/0x420
[  134.509428][ T3839]  cont_write_begin+0x606/0x860
[  134.514284][ T3839]  ? fault_in_readable+0x1d5/0x310
[  134.519411][ T3839]  ? generic_cont_expand_simple+0x250/0x250
[  134.525305][ T3839]  ? fault_in_readable+0x219/0x310
[  134.530432][ T3839]  ? fault_in_safe_writeable+0x240/0x240
[  134.536066][ T3839]  hfs_write_begin+0x86/0xd0
[  134.540657][ T3839]  ? hfs_free_extents+0x420/0x420
[  134.545696][ T3839]  generic_perform_write+0x2e4/0x5e0
[  134.550980][ T3839]  ? __block_commit_write+0x420/0x420
[  134.556346][ T3839]  ? generic_file_direct_write+0x610/0x610
[  134.562145][ T3839]  ? __file_remove_privs+0x6c0/0x6c0
[  134.567423][ T3839]  ? generic_write_checks+0x15c/0x1c0
[  134.572797][ T3839]  __generic_file_write_iter+0x176/0x400
[  134.578457][ T3839]  generic_file_write_iter+0xab/0x310
[  134.583822][ T3839]  vfs_write+0x7dc/0xc50
[  134.588062][ T3839]  ? file_end_write+0x230/0x230
[  134.593074][ T3839]  ? ptrace_stop+0x74d/0x970
[  134.597691][ T3839]  ? _raw_spin_unlock_irq+0x2a/0x40
[  134.602904][ T3839]  ? __fdget_pos+0x252/0x2e0
[  134.607516][ T3839]  ksys_write+0x177/0x2a0
[  134.611844][ T3839]  ? __ia32_sys_read+0x80/0x80
[  134.616635][ T3839]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  134.622623][ T3839]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  134.628606][ T3839]  do_syscall_64+0x3d/0xb0
[  134.633015][ T3839]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  134.638906][ T3839] RIP: 0033:0x7f0fa5191c89
[  134.643332][ T3839] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  134.662929][ T3839] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  134.671334][ T3839] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  134.679293][ T3839] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid  3839] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3839] exit_group(0)               = ?
[pid  3839] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3839, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./192", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./192", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./192/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./192/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./192/binderfs")                = 0
umount2("./192/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./192/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./192/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./192/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./192/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./192/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./192")                          = 0
mkdir("./193", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
[  134.687258][ T3839] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  134.695243][ T3839] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  134.703219][ T3839] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000c0
[  134.711191][ T3839]  </TASK>
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3840
./strace-static-x86_64: Process 3840 attached
[pid  3840] chdir("./193")              = 0
[pid  3840] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3840] setpgid(0, 0)               = 0
[pid  3840] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3840] write(3, "1000", 4)         = 4
[pid  3840] close(3)                    = 0
[pid  3840] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3840] memfd_create("syzkaller", 0) = 3
[pid  3840] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3840] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3840] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3840] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3840] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3840] close(3)                    = 0
[pid  3840] mkdir("./file0", 0777)      = 0
[pid  3840] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3840] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3840] chdir("./file0")            = 0
[pid  3840] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3840] close(4)                    = 0
[pid  3840] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3840] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3840] write(5, "13", 2)           = 2
[  134.776678][ T3840] loop0: detected capacity change from 0 to 64
[  134.795384][ T3840] FAULT_INJECTION: forcing a failure.
[  134.795384][ T3840] name failslab, interval 1, probability 0, space 0, times 0
[  134.808210][ T3840] CPU: 0 PID: 3840 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  134.818643][ T3840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  134.828693][ T3840] Call Trace:
[  134.831967][ T3840]  <TASK>
[  134.834891][ T3840]  dump_stack_lvl+0x1b1/0x28e
[  134.839573][ T3840]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  134.845047][ T3840]  ? panic+0x710/0x710
[  134.849108][ T3840]  ? __might_sleep+0xc0/0xc0
[  134.853690][ T3840]  ? __mutex_lock_common+0x45f/0x26e0
[  134.859062][ T3840]  should_fail_ex+0x395/0x4c0
[  134.863733][ T3840]  ? hfs_find_init+0x8b/0x1e0
[  134.868419][ T3840]  should_failslab+0x5/0x20
[  134.872916][ T3840]  __kmem_cache_alloc_node+0x69/0x310
[  134.878286][ T3840]  ? rcu_lock_release+0x5/0x20
[  134.883047][ T3840]  ? hfs_find_init+0x8b/0x1e0
[  134.887716][ T3840]  __kmalloc+0x9e/0x1a0
[  134.891868][ T3840]  hfs_find_init+0x8b/0x1e0
[  134.896370][ T3840]  hfs_extend_file+0x2f8/0x1420
[  134.901212][ T3840]  ? xas_find+0x937/0xa60
[  134.905576][ T3840]  ? hfs_get_block+0xbb0/0xbb0
[  134.910338][ T3840]  ? filemap_get_folios+0x557/0x830
[  134.915547][ T3840]  ? find_lock_entries+0xf60/0xf60
[  134.920651][ T3840]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  134.926543][ T3840]  hfs_get_block+0x3fc/0xbb0
[  134.931156][ T3840]  ? hfs_free_extents+0x420/0x420
[  134.936186][ T3840]  ? do_raw_spin_unlock+0x134/0x8a0
[  134.941383][ T3840]  ? create_page_buffers+0x244/0x4b0
[  134.946753][ T3840]  __block_write_begin_int+0x54c/0x1a80
[  134.952306][ T3840]  ? hfs_free_extents+0x420/0x420
[  134.957328][ T3840]  ? page_zero_new_buffers+0x940/0x940
[  134.962811][ T3840]  ? PageHeadHuge+0x8a/0x1d0
[  134.967421][ T3840]  ? hfs_free_extents+0x420/0x420
[  134.972440][ T3840]  block_write_begin+0x93/0x1e0
[  134.977338][ T3840]  ? cont_write_begin+0x5e5/0x860
[  134.982354][ T3840]  ? hfs_free_extents+0x420/0x420
[  134.987369][ T3840]  cont_write_begin+0x606/0x860
[  134.992216][ T3840]  ? fault_in_readable+0x1d5/0x310
[  134.997331][ T3840]  ? generic_cont_expand_simple+0x250/0x250
[  135.003233][ T3840]  ? fault_in_readable+0x219/0x310
[  135.008349][ T3840]  ? fault_in_safe_writeable+0x240/0x240
[  135.014002][ T3840]  hfs_write_begin+0x86/0xd0
[  135.018582][ T3840]  ? hfs_free_extents+0x420/0x420
[  135.023612][ T3840]  generic_perform_write+0x2e4/0x5e0
[  135.028932][ T3840]  ? __block_commit_write+0x420/0x420
[  135.034325][ T3840]  ? generic_file_direct_write+0x610/0x610
[  135.040152][ T3840]  ? __file_remove_privs+0x6c0/0x6c0
[  135.045461][ T3840]  ? generic_write_checks+0x15c/0x1c0
[  135.050861][ T3840]  __generic_file_write_iter+0x176/0x400
[  135.056520][ T3840]  generic_file_write_iter+0xab/0x310
[  135.061936][ T3840]  vfs_write+0x7dc/0xc50
[  135.070798][ T3840]  ? file_end_write+0x230/0x230
[  135.075656][ T3840]  ? ptrace_stop+0x74d/0x970
[  135.080254][ T3840]  ? _raw_spin_unlock_irq+0x2a/0x40
[  135.085470][ T3840]  ? __fdget_pos+0x252/0x2e0
[  135.090074][ T3840]  ksys_write+0x177/0x2a0
[  135.094398][ T3840]  ? __ia32_sys_read+0x80/0x80
[  135.099155][ T3840]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  135.105147][ T3840]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  135.111121][ T3840]  do_syscall_64+0x3d/0xb0
[  135.115619][ T3840]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  135.121510][ T3840] RIP: 0033:0x7f0fa5191c89
[  135.125934][ T3840] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  135.145544][ T3840] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  135.153965][ T3840] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  135.161947][ T3840] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  135.169929][ T3840] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3840] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3840] exit_group(0)               = ?
[pid  3840] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3840, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./193", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./193", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./193/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./193/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./193/binderfs")                = 0
umount2("./193/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./193/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./193/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./193/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./193/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./193/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./193")                          = 0
mkdir("./194", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
[  135.177914][ T3840] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  135.185889][ T3840] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000c1
[  135.193883][ T3840]  </TASK>
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3841
./strace-static-x86_64: Process 3841 attached
[pid  3841] chdir("./194")              = 0
[pid  3841] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3841] setpgid(0, 0)               = 0
[pid  3841] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3841] write(3, "1000", 4)         = 4
[pid  3841] close(3)                    = 0
[pid  3841] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3841] memfd_create("syzkaller", 0) = 3
[pid  3841] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3841] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3841] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3841] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3841] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3841] close(3)                    = 0
[pid  3841] mkdir("./file0", 0777)      = 0
[pid  3841] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3841] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3841] chdir("./file0")            = 0
[pid  3841] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3841] close(4)                    = 0
[pid  3841] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3841] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3841] write(5, "13", 2)           = 2
[  135.254948][ T3841] loop0: detected capacity change from 0 to 64
[  135.286397][ T3841] FAULT_INJECTION: forcing a failure.
[  135.286397][ T3841] name failslab, interval 1, probability 0, space 0, times 0
[  135.299655][ T3841] CPU: 0 PID: 3841 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  135.310096][ T3841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  135.320143][ T3841] Call Trace:
[  135.323414][ T3841]  <TASK>
[  135.326335][ T3841]  dump_stack_lvl+0x1b1/0x28e
[  135.331016][ T3841]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  135.336548][ T3841]  ? panic+0x710/0x710
[  135.340697][ T3841]  ? __might_sleep+0xc0/0xc0
[  135.345290][ T3841]  ? __mutex_lock_common+0x45f/0x26e0
[  135.350699][ T3841]  should_fail_ex+0x395/0x4c0
[  135.355389][ T3841]  ? hfs_find_init+0x8b/0x1e0
[  135.360079][ T3841]  should_failslab+0x5/0x20
[  135.364586][ T3841]  __kmem_cache_alloc_node+0x69/0x310
[  135.369966][ T3841]  ? hfs_find_init+0x8b/0x1e0
[  135.374646][ T3841]  __kmalloc+0x9e/0x1a0
[  135.378814][ T3841]  hfs_find_init+0x8b/0x1e0
[  135.383346][ T3841]  hfs_extend_file+0x2f8/0x1420
[  135.388229][ T3841]  ? hfs_get_block+0xbb0/0xbb0
[  135.393087][ T3841]  ? lru_cache_disable+0x30/0x30
[  135.398024][ T3841]  ? __might_sleep+0xc0/0xc0
[  135.402632][ T3841]  hfs_get_block+0x3fc/0xbb0
[  135.407239][ T3841]  ? hfs_free_extents+0x420/0x420
[  135.412261][ T3841]  ? do_raw_spin_unlock+0x134/0x8a0
[  135.417472][ T3841]  ? create_page_buffers+0x244/0x4b0
[  135.422764][ T3841]  __block_write_begin_int+0x54c/0x1a80
[  135.428340][ T3841]  ? hfs_free_extents+0x420/0x420
[  135.433360][ T3841]  ? page_zero_new_buffers+0x940/0x940
[  135.438822][ T3841]  ? PageHeadHuge+0x8a/0x1d0
[  135.443420][ T3841]  ? hfs_free_extents+0x420/0x420
[  135.448443][ T3841]  block_write_begin+0x93/0x1e0
[  135.453300][ T3841]  ? cont_write_begin+0x5e5/0x860
[  135.458326][ T3841]  ? hfs_free_extents+0x420/0x420
[  135.463349][ T3841]  cont_write_begin+0x606/0x860
[  135.468207][ T3841]  ? fault_in_readable+0x1d5/0x310
[  135.473323][ T3841]  ? generic_cont_expand_simple+0x250/0x250
[  135.479216][ T3841]  ? fault_in_readable+0x219/0x310
[  135.484354][ T3841]  ? fault_in_safe_writeable+0x240/0x240
[  135.490006][ T3841]  hfs_write_begin+0x86/0xd0
[  135.494599][ T3841]  ? hfs_free_extents+0x420/0x420
[  135.499671][ T3841]  generic_perform_write+0x2e4/0x5e0
[  135.504984][ T3841]  ? __block_commit_write+0x420/0x420
[  135.510367][ T3841]  ? generic_file_direct_write+0x610/0x610
[  135.516195][ T3841]  ? __file_remove_privs+0x6c0/0x6c0
[  135.521494][ T3841]  ? generic_write_checks+0x15c/0x1c0
[  135.526892][ T3841]  __generic_file_write_iter+0x176/0x400
[  135.532549][ T3841]  generic_file_write_iter+0xab/0x310
[  135.537937][ T3841]  vfs_write+0x7dc/0xc50
[  135.542201][ T3841]  ? file_end_write+0x230/0x230
[  135.547094][ T3841]  ? ptrace_stop+0x74d/0x970
[  135.551713][ T3841]  ? _raw_spin_unlock_irq+0x2a/0x40
[  135.556926][ T3841]  ? __fdget_pos+0x252/0x2e0
[  135.561531][ T3841]  ksys_write+0x177/0x2a0
[  135.565867][ T3841]  ? __ia32_sys_read+0x80/0x80
[  135.570633][ T3841]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  135.576610][ T3841]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  135.582589][ T3841]  do_syscall_64+0x3d/0xb0
[  135.587004][ T3841]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  135.592894][ T3841] RIP: 0033:0x7f0fa5191c89
[  135.597305][ T3841] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  135.616908][ T3841] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  135.625341][ T3841] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  135.633327][ T3841] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  135.641305][ T3841] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3841] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3841] exit_group(0)               = ?
[pid  3841] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3841, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./194", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./194", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./194/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./194/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./194/binderfs")                = 0
umount2("./194/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./194/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./194/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./194/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./194/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./194/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./194")                          = 0
mkdir("./195", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3842
./strace-static-x86_64: Process 3842 attached
[pid  3842] chdir("./195")              = 0
[pid  3842] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3842] setpgid(0, 0)               = 0
[pid  3842] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3842] write(3, "1000", 4)         = 4
[pid  3842] close(3)                    = 0
[pid  3842] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3842] memfd_create("syzkaller", 0) = 3
[pid  3842] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3842] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3842] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3842] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[  135.649282][ T3841] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  135.657271][ T3841] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000c2
[  135.665258][ T3841]  </TASK>
[pid  3842] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3842] close(3)                    = 0
[pid  3842] mkdir("./file0", 0777)      = 0
[pid  3842] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3842] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3842] chdir("./file0")            = 0
[pid  3842] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3842] close(4)                    = 0
[pid  3842] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3842] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3842] write(5, "13", 2)           = 2
[  135.713362][ T3842] loop0: detected capacity change from 0 to 64
[  135.736531][ T3842] FAULT_INJECTION: forcing a failure.
[  135.736531][ T3842] name failslab, interval 1, probability 0, space 0, times 0
[  135.749488][ T3842] CPU: 0 PID: 3842 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  135.760003][ T3842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  135.770051][ T3842] Call Trace:
[  135.773326][ T3842]  <TASK>
[  135.776257][ T3842]  dump_stack_lvl+0x1b1/0x28e
[  135.780945][ T3842]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  135.786425][ T3842]  ? panic+0x710/0x710
[  135.790506][ T3842]  ? __might_sleep+0xc0/0xc0
[  135.795096][ T3842]  ? __mutex_lock_common+0x45f/0x26e0
[  135.800495][ T3842]  should_fail_ex+0x395/0x4c0
[  135.805180][ T3842]  ? hfs_find_init+0x8b/0x1e0
[  135.809870][ T3842]  should_failslab+0x5/0x20
[  135.814390][ T3842]  __kmem_cache_alloc_node+0x69/0x310
[  135.819782][ T3842]  ? rcu_lock_release+0x5/0x20
[  135.824562][ T3842]  ? hfs_find_init+0x8b/0x1e0
[  135.829238][ T3842]  __kmalloc+0x9e/0x1a0
[  135.833394][ T3842]  hfs_find_init+0x8b/0x1e0
[  135.837908][ T3842]  hfs_extend_file+0x2f8/0x1420
[  135.842772][ T3842]  ? xas_find+0x937/0xa60
[  135.847102][ T3842]  ? hfs_get_block+0xbb0/0xbb0
[  135.851864][ T3842]  ? filemap_get_folios+0x557/0x830
[  135.857072][ T3842]  ? find_lock_entries+0xf60/0xf60
[  135.862190][ T3842]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  135.868099][ T3842]  hfs_get_block+0x3fc/0xbb0
[  135.872707][ T3842]  ? hfs_free_extents+0x420/0x420
[  135.877728][ T3842]  ? do_raw_spin_unlock+0x134/0x8a0
[  135.882949][ T3842]  ? create_page_buffers+0x244/0x4b0
[  135.888259][ T3842]  __block_write_begin_int+0x54c/0x1a80
[  135.893844][ T3842]  ? hfs_free_extents+0x420/0x420
[  135.898901][ T3842]  ? page_zero_new_buffers+0x940/0x940
[  135.904402][ T3842]  ? PageHeadHuge+0x8a/0x1d0
[  135.909029][ T3842]  ? hfs_free_extents+0x420/0x420
[  135.914076][ T3842]  block_write_begin+0x93/0x1e0
[  135.918953][ T3842]  ? cont_write_begin+0x5e5/0x860
[  135.924013][ T3842]  ? hfs_free_extents+0x420/0x420
[  135.929062][ T3842]  cont_write_begin+0x606/0x860
[  135.933945][ T3842]  ? fault_in_readable+0x1d5/0x310
[  135.939075][ T3842]  ? generic_cont_expand_simple+0x250/0x250
[  135.944970][ T3842]  ? fault_in_readable+0x219/0x310
[  135.950085][ T3842]  ? fault_in_safe_writeable+0x240/0x240
[  135.955728][ T3842]  hfs_write_begin+0x86/0xd0
[  135.960323][ T3842]  ? hfs_free_extents+0x420/0x420
[  135.965352][ T3842]  generic_perform_write+0x2e4/0x5e0
[  135.970645][ T3842]  ? __block_commit_write+0x420/0x420
[  135.976117][ T3842]  ? generic_file_direct_write+0x610/0x610
[  135.981924][ T3842]  ? __file_remove_privs+0x6c0/0x6c0
[  135.987213][ T3842]  ? generic_write_checks+0x15c/0x1c0
[  135.992593][ T3842]  __generic_file_write_iter+0x176/0x400
[  135.998231][ T3842]  generic_file_write_iter+0xab/0x310
[  136.003606][ T3842]  vfs_write+0x7dc/0xc50
[  136.007860][ T3842]  ? file_end_write+0x230/0x230
[  136.012707][ T3842]  ? ptrace_stop+0x74d/0x970
[  136.017312][ T3842]  ? _raw_spin_unlock_irq+0x2a/0x40
[  136.022517][ T3842]  ? __fdget_pos+0x252/0x2e0
[  136.027114][ T3842]  ksys_write+0x177/0x2a0
[  136.031453][ T3842]  ? __ia32_sys_read+0x80/0x80
[  136.036221][ T3842]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  136.042206][ T3842]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  136.048194][ T3842]  do_syscall_64+0x3d/0xb0
[  136.052623][ T3842]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  136.058516][ T3842] RIP: 0033:0x7f0fa5191c89
[  136.062932][ T3842] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  136.082535][ T3842] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  136.090947][ T3842] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  136.098917][ T3842] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  136.106887][ T3842] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3842] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3842] exit_group(0)               = ?
[pid  3842] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3842, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./195", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./195", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./195/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./195/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./195/binderfs")                = 0
umount2("./195/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./195/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./195/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./195/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./195/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./195/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./195")                          = 0
mkdir("./196", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3843
./strace-static-x86_64: Process 3843 attached
[pid  3843] chdir("./196")              = 0
[pid  3843] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3843] setpgid(0, 0)               = 0
[pid  3843] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[  136.114859][ T3842] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  136.122827][ T3842] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000c3
[  136.130815][ T3842]  </TASK>
[pid  3843] write(3, "1000", 4)         = 4
[pid  3843] close(3)                    = 0
[pid  3843] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3843] memfd_create("syzkaller", 0) = 3
[pid  3843] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3843] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3843] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3843] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3843] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3843] close(3)                    = 0
[pid  3843] mkdir("./file0", 0777)      = 0
[pid  3843] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3843] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3843] chdir("./file0")            = 0
[pid  3843] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3843] close(4)                    = 0
[pid  3843] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3843] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3843] write(5, "13", 2)           = 2
[  136.181731][ T3843] loop0: detected capacity change from 0 to 64
[  136.183932][ T3640] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  136.212555][ T3843] FAULT_INJECTION: forcing a failure.
[  136.212555][ T3843] name failslab, interval 1, probability 0, space 0, times 0
[  136.225265][ T3843] CPU: 0 PID: 3843 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  136.235691][ T3843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  136.245741][ T3843] Call Trace:
[  136.249022][ T3843]  <TASK>
[  136.251957][ T3843]  dump_stack_lvl+0x1b1/0x28e
[  136.256640][ T3843]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  136.262098][ T3843]  ? panic+0x710/0x710
[  136.266166][ T3843]  ? __might_sleep+0xc0/0xc0
[  136.270753][ T3843]  ? __mutex_lock_common+0x45f/0x26e0
[  136.276132][ T3843]  should_fail_ex+0x395/0x4c0
[  136.280824][ T3843]  ? hfs_find_init+0x8b/0x1e0
[  136.285537][ T3843]  should_failslab+0x5/0x20
[  136.290073][ T3843]  __kmem_cache_alloc_node+0x69/0x310
[  136.295473][ T3843]  ? hfs_find_init+0x8b/0x1e0
[  136.300164][ T3843]  __kmalloc+0x9e/0x1a0
[  136.304604][ T3843]  hfs_find_init+0x8b/0x1e0
[  136.309110][ T3843]  hfs_extend_file+0x2f8/0x1420
[  136.313987][ T3843]  ? hfs_get_block+0xbb0/0xbb0
[  136.318764][ T3843]  ? lru_cache_disable+0x30/0x30
[  136.323706][ T3843]  ? __might_sleep+0xc0/0xc0
[  136.328318][ T3843]  hfs_get_block+0x3fc/0xbb0
[  136.332913][ T3843]  ? hfs_free_extents+0x420/0x420
[  136.337935][ T3843]  ? do_raw_spin_unlock+0x134/0x8a0
[  136.343147][ T3843]  ? create_page_buffers+0x244/0x4b0
[  136.348446][ T3843]  __block_write_begin_int+0x54c/0x1a80
[  136.354054][ T3843]  ? hfs_free_extents+0x420/0x420
[  136.359216][ T3843]  ? page_zero_new_buffers+0x940/0x940
[  136.364680][ T3843]  ? PageHeadHuge+0x8a/0x1d0
[  136.369277][ T3843]  ? hfs_free_extents+0x420/0x420
[  136.374300][ T3843]  block_write_begin+0x93/0x1e0
[  136.379151][ T3843]  ? cont_write_begin+0x5e5/0x860
[  136.384188][ T3843]  ? hfs_free_extents+0x420/0x420
[  136.389304][ T3843]  cont_write_begin+0x606/0x860
[  136.394165][ T3843]  ? fault_in_readable+0x1d5/0x310
[  136.399444][ T3843]  ? generic_cont_expand_simple+0x250/0x250
[  136.405333][ T3843]  ? fault_in_readable+0x219/0x310
[  136.410443][ T3843]  ? fault_in_safe_writeable+0x240/0x240
[  136.416076][ T3843]  hfs_write_begin+0x86/0xd0
[  136.420670][ T3843]  ? hfs_free_extents+0x420/0x420
[  136.425705][ T3843]  generic_perform_write+0x2e4/0x5e0
[  136.430992][ T3843]  ? __block_commit_write+0x420/0x420
[  136.436360][ T3843]  ? generic_file_direct_write+0x610/0x610
[  136.442217][ T3843]  ? __file_remove_privs+0x6c0/0x6c0
[  136.447511][ T3843]  ? generic_write_checks+0x15c/0x1c0
[  136.452970][ T3843]  __generic_file_write_iter+0x176/0x400
[  136.458607][ T3843]  generic_file_write_iter+0xab/0x310
[  136.463974][ T3843]  vfs_write+0x7dc/0xc50
[  136.468394][ T3843]  ? file_end_write+0x230/0x230
[  136.473243][ T3843]  ? ptrace_stop+0x74d/0x970
[  136.477854][ T3843]  ? _raw_spin_unlock_irq+0x2a/0x40
[  136.483062][ T3843]  ? __fdget_pos+0x252/0x2e0
[  136.487658][ T3843]  ksys_write+0x177/0x2a0
[  136.492017][ T3843]  ? __ia32_sys_read+0x80/0x80
[  136.496785][ T3843]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  136.502778][ T3843]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  136.508757][ T3843]  do_syscall_64+0x3d/0xb0
[  136.513175][ T3843]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  136.519077][ T3843] RIP: 0033:0x7f0fa5191c89
[  136.523492][ T3843] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  136.543365][ T3843] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  136.551803][ T3843] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  136.559788][ T3843] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  136.567756][ T3843] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  136.575760][ T3843] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  3843] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3843] exit_group(0)               = ?
[pid  3843] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3843, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./196", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./196", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./196/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./196/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./196/binderfs")                = 0
umount2("./196/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./196/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./196/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./196/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./196/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./196/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./196")                          = 0
mkdir("./197", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3844
./strace-static-x86_64: Process 3844 attached
[pid  3844] chdir("./197")              = 0
[pid  3844] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3844] setpgid(0, 0)               = 0
[pid  3844] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3844] write(3, "1000", 4)         = 4
[pid  3844] close(3)                    = 0
[pid  3844] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3844] memfd_create("syzkaller", 0) = 3
[pid  3844] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3844] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3844] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3844] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[  136.583735][ T3843] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000c4
[  136.591745][ T3843]  </TASK>
[pid  3844] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3844] close(3)                    = 0
[pid  3844] mkdir("./file0", 0777)      = 0
[pid  3844] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3844] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3844] chdir("./file0")            = 0
[pid  3844] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3844] close(4)                    = 0
[pid  3844] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3844] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3844] write(5, "13", 2)           = 2
[  136.642626][ T3844] loop0: detected capacity change from 0 to 64
[  136.660171][ T3844] FAULT_INJECTION: forcing a failure.
[  136.660171][ T3844] name failslab, interval 1, probability 0, space 0, times 0
[  136.675438][ T3844] CPU: 0 PID: 3844 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  136.685879][ T3844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  136.695929][ T3844] Call Trace:
[  136.699213][ T3844]  <TASK>
[  136.702143][ T3844]  dump_stack_lvl+0x1b1/0x28e
[  136.706818][ T3844]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  136.712267][ T3844]  ? panic+0x710/0x710
[  136.716329][ T3844]  ? __might_sleep+0xc0/0xc0
[  136.720918][ T3844]  ? __mutex_lock_common+0x45f/0x26e0
[  136.726305][ T3844]  should_fail_ex+0x395/0x4c0
[  136.730990][ T3844]  ? hfs_find_init+0x8b/0x1e0
[  136.735679][ T3844]  should_failslab+0x5/0x20
[  136.740186][ T3844]  __kmem_cache_alloc_node+0x69/0x310
[  136.745559][ T3844]  ? rcu_lock_release+0x5/0x20
[  136.750324][ T3844]  ? hfs_find_init+0x8b/0x1e0
[  136.755090][ T3844]  __kmalloc+0x9e/0x1a0
[  136.759252][ T3844]  hfs_find_init+0x8b/0x1e0
[  136.763762][ T3844]  hfs_extend_file+0x2f8/0x1420
[  136.768614][ T3844]  ? xas_find+0x937/0xa60
[  136.772951][ T3844]  ? hfs_get_block+0xbb0/0xbb0
[  136.777709][ T3844]  ? filemap_get_folios+0x557/0x830
[  136.782910][ T3844]  ? find_lock_entries+0xf60/0xf60
[  136.788028][ T3844]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  136.793933][ T3844]  hfs_get_block+0x3fc/0xbb0
[  136.798535][ T3844]  ? hfs_free_extents+0x420/0x420
[  136.803589][ T3844]  ? do_raw_spin_unlock+0x134/0x8a0
[  136.808798][ T3844]  ? create_page_buffers+0x244/0x4b0
[  136.814091][ T3844]  __block_write_begin_int+0x54c/0x1a80
[  136.819658][ T3844]  ? hfs_free_extents+0x420/0x420
[  136.824679][ T3844]  ? page_zero_new_buffers+0x940/0x940
[  136.830149][ T3844]  ? PageHeadHuge+0x8a/0x1d0
[  136.834744][ T3844]  ? hfs_free_extents+0x420/0x420
[  136.839765][ T3844]  block_write_begin+0x93/0x1e0
[  136.844617][ T3844]  ? cont_write_begin+0x5e5/0x860
[  136.849644][ T3844]  ? hfs_free_extents+0x420/0x420
[  136.854666][ T3844]  cont_write_begin+0x606/0x860
[  136.859527][ T3844]  ? fault_in_readable+0x1d5/0x310
[  136.864727][ T3844]  ? generic_cont_expand_simple+0x250/0x250
[  136.870619][ T3844]  ? fault_in_readable+0x219/0x310
[  136.875733][ T3844]  ? fault_in_safe_writeable+0x240/0x240
[  136.881370][ T3844]  hfs_write_begin+0x86/0xd0
[  136.885956][ T3844]  ? hfs_free_extents+0x420/0x420
[  136.890984][ T3844]  generic_perform_write+0x2e4/0x5e0
[  136.896277][ T3844]  ? __block_commit_write+0x420/0x420
[  136.901649][ T3844]  ? generic_file_direct_write+0x610/0x610
[  136.907538][ T3844]  ? __file_remove_privs+0x6c0/0x6c0
[  136.912829][ T3844]  ? generic_write_checks+0x15c/0x1c0
[  136.918219][ T3844]  __generic_file_write_iter+0x176/0x400
[  136.923857][ T3844]  generic_file_write_iter+0xab/0x310
[  136.929230][ T3844]  vfs_write+0x7dc/0xc50
[  136.933481][ T3844]  ? file_end_write+0x230/0x230
[  136.938329][ T3844]  ? ptrace_stop+0x74d/0x970
[  136.942927][ T3844]  ? _raw_spin_unlock_irq+0x2a/0x40
[  136.948129][ T3844]  ? __fdget_pos+0x252/0x2e0
[  136.952723][ T3844]  ksys_write+0x177/0x2a0
[  136.957143][ T3844]  ? __ia32_sys_read+0x80/0x80
[  136.961917][ T3844]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  136.967900][ T3844]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  136.973886][ T3844]  do_syscall_64+0x3d/0xb0
[  136.978306][ T3844]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  136.984202][ T3844] RIP: 0033:0x7f0fa5191c89
[  136.988620][ T3844] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  137.008394][ T3844] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  137.016808][ T3844] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  137.024780][ T3844] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  137.032749][ T3844] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3844] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3844] exit_group(0)               = ?
[pid  3844] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3844, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./197", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./197", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./197/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./197/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./197/binderfs")                = 0
umount2("./197/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./197/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./197/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./197/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./197/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./197/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./197")                          = 0
mkdir("./198", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3845
./strace-static-x86_64: Process 3845 attached
[pid  3845] chdir("./198")              = 0
[pid  3845] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[  137.040719][ T3844] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  137.048776][ T3844] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000c5
[  137.056761][ T3844]  </TASK>
[pid  3845] setpgid(0, 0)               = 0
[pid  3845] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3845] write(3, "1000", 4)         = 4
[pid  3845] close(3)                    = 0
[pid  3845] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3845] memfd_create("syzkaller", 0) = 3
[pid  3845] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3845] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3845] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3845] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3845] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3845] close(3)                    = 0
[pid  3845] mkdir("./file0", 0777)      = 0
[pid  3845] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3845] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3845] chdir("./file0")            = 0
[pid  3845] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3845] close(4)                    = 0
[pid  3845] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3845] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3845] write(5, "13", 2)           = 2
[  137.118313][ T3845] loop0: detected capacity change from 0 to 64
[  137.142620][ T3845] FAULT_INJECTION: forcing a failure.
[  137.142620][ T3845] name failslab, interval 1, probability 0, space 0, times 0
[  137.155484][ T3845] CPU: 0 PID: 3845 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  137.165920][ T3845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  137.175972][ T3845] Call Trace:
[  137.179249][ T3845]  <TASK>
[  137.182174][ T3845]  dump_stack_lvl+0x1b1/0x28e
[  137.186866][ T3845]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  137.192333][ T3845]  ? panic+0x710/0x710
[  137.196422][ T3845]  ? __might_sleep+0xc0/0xc0
[  137.201013][ T3845]  ? __mutex_lock_common+0x45f/0x26e0
[  137.206456][ T3845]  should_fail_ex+0x395/0x4c0
[  137.211158][ T3845]  ? hfs_find_init+0x8b/0x1e0
[  137.215845][ T3845]  should_failslab+0x5/0x20
[  137.220415][ T3845]  __kmem_cache_alloc_node+0x69/0x310
[  137.225790][ T3845]  ? rcu_lock_release+0x5/0x20
[  137.230557][ T3845]  ? hfs_find_init+0x8b/0x1e0
[  137.235241][ T3845]  __kmalloc+0x9e/0x1a0
[  137.239406][ T3845]  hfs_find_init+0x8b/0x1e0
[  137.243916][ T3845]  hfs_extend_file+0x2f8/0x1420
[  137.248766][ T3845]  ? xas_find+0x937/0xa60
[  137.253108][ T3845]  ? hfs_get_block+0xbb0/0xbb0
[  137.257878][ T3845]  ? filemap_get_folios+0x557/0x830
[  137.263604][ T3845]  ? find_lock_entries+0xf60/0xf60
[  137.268725][ T3845]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  137.274629][ T3845]  hfs_get_block+0x3fc/0xbb0
[  137.279238][ T3845]  ? hfs_free_extents+0x420/0x420
[  137.284263][ T3845]  ? do_raw_spin_unlock+0x134/0x8a0
[  137.289472][ T3845]  ? create_page_buffers+0x244/0x4b0
[  137.294772][ T3845]  __block_write_begin_int+0x54c/0x1a80
[  137.300344][ T3845]  ? hfs_free_extents+0x420/0x420
[  137.305371][ T3845]  ? page_zero_new_buffers+0x940/0x940
[  137.310854][ T3845]  ? PageHeadHuge+0x8a/0x1d0
[  137.315540][ T3845]  ? hfs_free_extents+0x420/0x420
[  137.320564][ T3845]  block_write_begin+0x93/0x1e0
[  137.325441][ T3845]  ? cont_write_begin+0x5e5/0x860
[  137.330496][ T3845]  ? hfs_free_extents+0x420/0x420
[  137.335537][ T3845]  cont_write_begin+0x606/0x860
[  137.340420][ T3845]  ? fault_in_readable+0x1d5/0x310
[  137.345558][ T3845]  ? generic_cont_expand_simple+0x250/0x250
[  137.351466][ T3845]  ? fault_in_readable+0x219/0x310
[  137.356605][ T3845]  ? fault_in_safe_writeable+0x240/0x240
[  137.362256][ T3845]  hfs_write_begin+0x86/0xd0
[  137.366851][ T3845]  ? hfs_free_extents+0x420/0x420
[  137.371884][ T3845]  generic_perform_write+0x2e4/0x5e0
[  137.377191][ T3845]  ? __block_commit_write+0x420/0x420
[  137.382581][ T3845]  ? generic_file_direct_write+0x610/0x610
[  137.388396][ T3845]  ? __file_remove_privs+0x6c0/0x6c0
[  137.393687][ T3845]  ? generic_write_checks+0x15c/0x1c0
[  137.399072][ T3845]  __generic_file_write_iter+0x176/0x400
[  137.404715][ T3845]  generic_file_write_iter+0xab/0x310
[  137.410091][ T3845]  vfs_write+0x7dc/0xc50
[  137.414353][ T3845]  ? file_end_write+0x230/0x230
[  137.419207][ T3845]  ? ptrace_stop+0x74d/0x970
[  137.423810][ T3845]  ? _raw_spin_unlock_irq+0x2a/0x40
[  137.429015][ T3845]  ? __fdget_pos+0x252/0x2e0
[  137.433610][ T3845]  ksys_write+0x177/0x2a0
[  137.437946][ T3845]  ? __ia32_sys_read+0x80/0x80
[  137.442714][ T3845]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  137.448700][ T3845]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  137.454684][ T3845]  do_syscall_64+0x3d/0xb0
[  137.459104][ T3845]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  137.464996][ T3845] RIP: 0033:0x7f0fa5191c89
[  137.469414][ T3845] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  137.489020][ T3845] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  137.497433][ T3845] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  137.505404][ T3845] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid  3845] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3845] exit_group(0)               = ?
[pid  3845] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3845, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./198", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./198", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./198/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./198/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./198/binderfs")                = 0
umount2("./198/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./198/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./198/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./198/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./198/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./198/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./198")                          = 0
mkdir("./199", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
[  137.513374][ T3845] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  137.521345][ T3845] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  137.529318][ T3845] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000c6
[  137.537304][ T3845]  </TASK>
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3846 attached
, child_tidptr=0x555555b7f5d0) = 3846
[pid  3846] chdir("./199")              = 0
[pid  3846] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3846] setpgid(0, 0)               = 0
[pid  3846] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3846] write(3, "1000", 4)         = 4
[pid  3846] close(3)                    = 0
[pid  3846] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3846] memfd_create("syzkaller", 0) = 3
[pid  3846] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3846] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3846] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3846] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3846] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3846] close(3)                    = 0
[pid  3846] mkdir("./file0", 0777)      = 0
[pid  3846] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3846] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3846] chdir("./file0")            = 0
[pid  3846] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3846] close(4)                    = 0
[pid  3846] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3846] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3846] write(5, "13", 2)           = 2
[  137.591659][ T3846] loop0: detected capacity change from 0 to 64
[  137.617427][ T3846] FAULT_INJECTION: forcing a failure.
[  137.617427][ T3846] name failslab, interval 1, probability 0, space 0, times 0
[  137.630433][ T3846] CPU: 0 PID: 3846 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  137.640921][ T3846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  137.650972][ T3846] Call Trace:
[  137.654257][ T3846]  <TASK>
[  137.657180][ T3846]  dump_stack_lvl+0x1b1/0x28e
[  137.661864][ T3846]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  137.667348][ T3846]  ? panic+0x710/0x710
[  137.671426][ T3846]  ? __might_sleep+0xc0/0xc0
[  137.676018][ T3846]  ? __mutex_lock_common+0x45f/0x26e0
[  137.681411][ T3846]  should_fail_ex+0x395/0x4c0
[  137.686096][ T3846]  ? hfs_find_init+0x8b/0x1e0
[  137.690788][ T3846]  should_failslab+0x5/0x20
[  137.695303][ T3846]  __kmem_cache_alloc_node+0x69/0x310
[  137.700675][ T3846]  ? hfs_find_init+0x8b/0x1e0
[  137.705346][ T3846]  __kmalloc+0x9e/0x1a0
[  137.709502][ T3846]  hfs_find_init+0x8b/0x1e0
[  137.714018][ T3846]  hfs_extend_file+0x2f8/0x1420
[  137.718885][ T3846]  ? hfs_get_block+0xbb0/0xbb0
[  137.723651][ T3846]  ? lru_cache_disable+0x30/0x30
[  137.728598][ T3846]  ? __might_sleep+0xc0/0xc0
[  137.733212][ T3846]  hfs_get_block+0x3fc/0xbb0
[  137.737820][ T3846]  ? hfs_free_extents+0x420/0x420
[  137.742858][ T3846]  ? do_raw_spin_unlock+0x134/0x8a0
[  137.748074][ T3846]  ? create_page_buffers+0x244/0x4b0
[  137.753356][ T3846]  __block_write_begin_int+0x54c/0x1a80
[  137.758911][ T3846]  ? hfs_free_extents+0x420/0x420
[  137.763926][ T3846]  ? page_zero_new_buffers+0x940/0x940
[  137.769381][ T3846]  ? PageHeadHuge+0x8a/0x1d0
[  137.773965][ T3846]  ? hfs_free_extents+0x420/0x420
[  137.778980][ T3846]  block_write_begin+0x93/0x1e0
[  137.783825][ T3846]  ? cont_write_begin+0x5e5/0x860
[  137.788841][ T3846]  ? hfs_free_extents+0x420/0x420
[  137.793952][ T3846]  cont_write_begin+0x606/0x860
[  137.798818][ T3846]  ? fault_in_readable+0x1d5/0x310
[  137.803927][ T3846]  ? generic_cont_expand_simple+0x250/0x250
[  137.809818][ T3846]  ? fault_in_readable+0x219/0x310
[  137.814926][ T3846]  ? fault_in_safe_writeable+0x240/0x240
[  137.820559][ T3846]  hfs_write_begin+0x86/0xd0
[  137.825147][ T3846]  ? hfs_free_extents+0x420/0x420
[  137.830171][ T3846]  generic_perform_write+0x2e4/0x5e0
[  137.835457][ T3846]  ? __block_commit_write+0x420/0x420
[  137.840835][ T3846]  ? generic_file_direct_write+0x610/0x610
[  137.846652][ T3846]  ? __file_remove_privs+0x6c0/0x6c0
[  137.851939][ T3846]  ? generic_write_checks+0x15c/0x1c0
[  137.857331][ T3846]  __generic_file_write_iter+0x176/0x400
[  137.862983][ T3846]  generic_file_write_iter+0xab/0x310
[  137.868363][ T3846]  vfs_write+0x7dc/0xc50
[  137.872623][ T3846]  ? file_end_write+0x230/0x230
[  137.877466][ T3846]  ? ptrace_stop+0x74d/0x970
[  137.882073][ T3846]  ? _raw_spin_unlock_irq+0x2a/0x40
[  137.887286][ T3846]  ? __fdget_pos+0x252/0x2e0
[  137.891878][ T3846]  ksys_write+0x177/0x2a0
[  137.896204][ T3846]  ? __ia32_sys_read+0x80/0x80
[  137.900962][ T3846]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  137.906947][ T3846]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  137.913449][ T3846]  do_syscall_64+0x3d/0xb0
[  137.917870][ T3846]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  137.924203][ T3846] RIP: 0033:0x7f0fa5191c89
[  137.928612][ T3846] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  137.948233][ T3846] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  137.956663][ T3846] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  137.964641][ T3846] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  137.972624][ T3846] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  137.980589][ T3846] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  3846] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3846] exit_group(0)               = ?
[pid  3846] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3846, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./199", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./199", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./199/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./199/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./199/binderfs")                = 0
umount2("./199/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./199/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./199/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./199/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./199/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./199/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./199")                          = 0
mkdir("./200", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3847
./strace-static-x86_64: Process 3847 attached
[pid  3847] chdir("./200")              = 0
[pid  3847] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3847] setpgid(0, 0)               = 0
[pid  3847] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3847] write(3, "1000", 4)         = 4
[pid  3847] close(3)                    = 0
[pid  3847] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3847] memfd_create("syzkaller", 0) = 3
[pid  3847] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3847] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3847] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3847] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[  137.988639][ T3846] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000c7
[  137.996615][ T3846]  </TASK>
[pid  3847] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3847] close(3)                    = 0
[pid  3847] mkdir("./file0", 0777)      = 0
[pid  3847] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3847] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3847] chdir("./file0")            = 0
[pid  3847] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3847] close(4)                    = 0
[pid  3847] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3847] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3847] write(5, "13", 2)           = 2
[  138.049060][ T3847] loop0: detected capacity change from 0 to 64
[  138.080236][ T3847] FAULT_INJECTION: forcing a failure.
[  138.080236][ T3847] name failslab, interval 1, probability 0, space 0, times 0
[  138.093110][ T3847] CPU: 1 PID: 3847 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  138.103546][ T3847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  138.113602][ T3847] Call Trace:
[  138.116883][ T3847]  <TASK>
[  138.119815][ T3847]  dump_stack_lvl+0x1b1/0x28e
[  138.124500][ T3847]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  138.129958][ T3847]  ? panic+0x710/0x710
[  138.134037][ T3847]  ? __might_sleep+0xc0/0xc0
[  138.138625][ T3847]  ? __mutex_lock_common+0x45f/0x26e0
[  138.144022][ T3847]  should_fail_ex+0x395/0x4c0
[  138.148709][ T3847]  ? hfs_find_init+0x8b/0x1e0
[  138.153419][ T3847]  should_failslab+0x5/0x20
[  138.157943][ T3847]  __kmem_cache_alloc_node+0x69/0x310
[  138.163346][ T3847]  ? hfs_find_init+0x8b/0x1e0
[  138.168043][ T3847]  __kmalloc+0x9e/0x1a0
[  138.172215][ T3847]  hfs_find_init+0x8b/0x1e0
[  138.176745][ T3847]  hfs_extend_file+0x2f8/0x1420
[  138.181618][ T3847]  ? hfs_get_block+0xbb0/0xbb0
[  138.186385][ T3847]  ? lru_cache_disable+0x30/0x30
[  138.191329][ T3847]  ? __might_sleep+0xc0/0xc0
[  138.195941][ T3847]  hfs_get_block+0x3fc/0xbb0
[  138.200546][ T3847]  ? hfs_free_extents+0x420/0x420
[  138.205570][ T3847]  ? do_raw_spin_unlock+0x134/0x8a0
[  138.210781][ T3847]  ? create_page_buffers+0x244/0x4b0
[  138.216084][ T3847]  __block_write_begin_int+0x54c/0x1a80
[  138.221654][ T3847]  ? hfs_free_extents+0x420/0x420
[  138.226684][ T3847]  ? page_zero_new_buffers+0x940/0x940
[  138.232146][ T3847]  ? PageHeadHuge+0x8a/0x1d0
[  138.236746][ T3847]  ? hfs_free_extents+0x420/0x420
[  138.241768][ T3847]  block_write_begin+0x93/0x1e0
[  138.246623][ T3847]  ? cont_write_begin+0x5e5/0x860
[  138.251650][ T3847]  ? hfs_free_extents+0x420/0x420
[  138.256674][ T3847]  cont_write_begin+0x606/0x860
[  138.261531][ T3847]  ? fault_in_readable+0x1d5/0x310
[  138.266666][ T3847]  ? generic_cont_expand_simple+0x250/0x250
[  138.272572][ T3847]  ? fault_in_readable+0x219/0x310
[  138.277700][ T3847]  ? fault_in_safe_writeable+0x240/0x240
[  138.283350][ T3847]  hfs_write_begin+0x86/0xd0
[  138.287949][ T3847]  ? hfs_free_extents+0x420/0x420
[  138.292984][ T3847]  generic_perform_write+0x2e4/0x5e0
[  138.298283][ T3847]  ? __block_commit_write+0x420/0x420
[  138.303667][ T3847]  ? generic_file_direct_write+0x610/0x610
[  138.309476][ T3847]  ? __file_remove_privs+0x6c0/0x6c0
[  138.314766][ T3847]  ? generic_write_checks+0x15c/0x1c0
[  138.320150][ T3847]  __generic_file_write_iter+0x176/0x400
[  138.325788][ T3847]  generic_file_write_iter+0xab/0x310
[  138.331165][ T3847]  vfs_write+0x7dc/0xc50
[  138.335420][ T3847]  ? file_end_write+0x230/0x230
[  138.340271][ T3847]  ? ptrace_stop+0x74d/0x970
[  138.344891][ T3847]  ? _raw_spin_unlock_irq+0x2a/0x40
[  138.350124][ T3847]  ? __fdget_pos+0x252/0x2e0
[  138.354743][ T3847]  ksys_write+0x177/0x2a0
[  138.359091][ T3847]  ? __ia32_sys_read+0x80/0x80
[  138.363865][ T3847]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  138.369859][ T3847]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  138.375841][ T3847]  do_syscall_64+0x3d/0xb0
[  138.380437][ T3847]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  138.386334][ T3847] RIP: 0033:0x7f0fa5191c89
[  138.390747][ T3847] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  138.410355][ T3847] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  138.418773][ T3847] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  138.426746][ T3847] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  138.434719][ T3847] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  138.442688][ T3847] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  3847] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3847] exit_group(0)               = ?
[pid  3847] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3847, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./200", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./200", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./200/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./200/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./200/binderfs")                = 0
umount2("./200/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./200/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./200/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./200/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./200/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./200/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./200")                          = 0
mkdir("./201", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3848
./strace-static-x86_64: Process 3848 attached
[pid  3848] chdir("./201")              = 0
[pid  3848] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3848] setpgid(0, 0)               = 0
[pid  3848] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3848] write(3, "1000", 4)         = 4
[pid  3848] close(3)                    = 0
[pid  3848] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3848] memfd_create("syzkaller", 0) = 3
[pid  3848] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3848] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[  138.450664][ T3847] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000c8
[  138.458650][ T3847]  </TASK>
[pid  3848] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3848] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3848] close(3)                    = 0
[pid  3848] mkdir("./file0", 0777)      = 0
[pid  3848] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3848] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3848] chdir("./file0")            = 0
[pid  3848] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3848] close(4)                    = 0
[pid  3848] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3848] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3848] write(5, "13", 2)           = 2
[  138.514742][ T3848] loop0: detected capacity change from 0 to 64
[  138.544260][ T3848] FAULT_INJECTION: forcing a failure.
[  138.544260][ T3848] name failslab, interval 1, probability 0, space 0, times 0
[  138.557379][ T3848] CPU: 0 PID: 3848 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  138.567794][ T3848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  138.578019][ T3848] Call Trace:
[  138.581301][ T3848]  <TASK>
[  138.584225][ T3848]  dump_stack_lvl+0x1b1/0x28e
[  138.588898][ T3848]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  138.594350][ T3848]  ? panic+0x710/0x710
[  138.598415][ T3848]  ? __might_sleep+0xc0/0xc0
[  138.603001][ T3848]  ? __mutex_lock_common+0x45f/0x26e0
[  138.608372][ T3848]  should_fail_ex+0x395/0x4c0
[  138.613046][ T3848]  ? hfs_find_init+0x8b/0x1e0
[  138.617717][ T3848]  should_failslab+0x5/0x20
[  138.622222][ T3848]  __kmem_cache_alloc_node+0x69/0x310
[  138.627611][ T3848]  ? hfs_find_init+0x8b/0x1e0
[  138.632289][ T3848]  __kmalloc+0x9e/0x1a0
[  138.636450][ T3848]  hfs_find_init+0x8b/0x1e0
[  138.640959][ T3848]  hfs_extend_file+0x2f8/0x1420
[  138.645831][ T3848]  ? hfs_get_block+0xbb0/0xbb0
[  138.650614][ T3848]  ? lru_cache_disable+0x30/0x30
[  138.655905][ T3848]  ? __might_sleep+0xc0/0xc0
[  138.660504][ T3848]  hfs_get_block+0x3fc/0xbb0
[  138.665101][ T3848]  ? hfs_free_extents+0x420/0x420
[  138.670131][ T3848]  ? do_raw_spin_unlock+0x134/0x8a0
[  138.675333][ T3848]  ? create_page_buffers+0x244/0x4b0
[  138.680626][ T3848]  __block_write_begin_int+0x54c/0x1a80
[  138.686206][ T3848]  ? hfs_free_extents+0x420/0x420
[  138.691224][ T3848]  ? page_zero_new_buffers+0x940/0x940
[  138.696686][ T3848]  ? PageHeadHuge+0x8a/0x1d0
[  138.701299][ T3848]  ? hfs_free_extents+0x420/0x420
[  138.706340][ T3848]  block_write_begin+0x93/0x1e0
[  138.711206][ T3848]  ? cont_write_begin+0x5e5/0x860
[  138.716252][ T3848]  ? hfs_free_extents+0x420/0x420
[  138.721270][ T3848]  cont_write_begin+0x606/0x860
[  138.726124][ T3848]  ? fault_in_readable+0x1d5/0x310
[  138.731236][ T3848]  ? generic_cont_expand_simple+0x250/0x250
[  138.737124][ T3848]  ? fault_in_readable+0x219/0x310
[  138.742234][ T3848]  ? fault_in_safe_writeable+0x240/0x240
[  138.747867][ T3848]  hfs_write_begin+0x86/0xd0
[  138.752454][ T3848]  ? hfs_free_extents+0x420/0x420
[  138.757498][ T3848]  generic_perform_write+0x2e4/0x5e0
[  138.762783][ T3848]  ? __block_commit_write+0x420/0x420
[  138.768155][ T3848]  ? generic_file_direct_write+0x610/0x610
[  138.773962][ T3848]  ? __file_remove_privs+0x6c0/0x6c0
[  138.779327][ T3848]  ? generic_write_checks+0x15c/0x1c0
[  138.784706][ T3848]  __generic_file_write_iter+0x176/0x400
[  138.790337][ T3848]  generic_file_write_iter+0xab/0x310
[  138.795707][ T3848]  vfs_write+0x7dc/0xc50
[  138.799950][ T3848]  ? file_end_write+0x230/0x230
[  138.804791][ T3848]  ? ptrace_stop+0x74d/0x970
[  138.809396][ T3848]  ? _raw_spin_unlock_irq+0x2a/0x40
[  138.814619][ T3848]  ? __fdget_pos+0x252/0x2e0
[  138.819226][ T3848]  ksys_write+0x177/0x2a0
[  138.823552][ T3848]  ? __ia32_sys_read+0x80/0x80
[  138.828307][ T3848]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  138.834289][ T3848]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  138.840264][ T3848]  do_syscall_64+0x3d/0xb0
[  138.844672][ T3848]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  138.850565][ T3848] RIP: 0033:0x7f0fa5191c89
[  138.854989][ T3848] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  138.874585][ T3848] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  138.882993][ T3848] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  138.890956][ T3848] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  138.898930][ T3848] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  138.906917][ T3848] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  3848] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3848] exit_group(0)               = ?
[pid  3848] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3848, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./201", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./201", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./201/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./201/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./201/binderfs")                = 0
umount2("./201/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./201/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./201/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./201/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./201/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./201/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./201")                          = 0
mkdir("./202", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3849 attached
, child_tidptr=0x555555b7f5d0) = 3849
[pid  3849] chdir("./202")              = 0
[pid  3849] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3849] setpgid(0, 0)               = 0
[pid  3849] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3849] write(3, "1000", 4)         = 4
[pid  3849] close(3)                    = 0
[pid  3849] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3849] memfd_create("syzkaller", 0) = 3
[pid  3849] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3849] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3849] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3849] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[  138.914895][ T3848] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000c9
[  138.922869][ T3848]  </TASK>
[pid  3849] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3849] close(3)                    = 0
[pid  3849] mkdir("./file0", 0777)      = 0
[pid  3849] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3849] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3849] chdir("./file0")            = 0
[pid  3849] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3849] close(4)                    = 0
[pid  3849] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3849] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3849] write(5, "13", 2)           = 2
[  138.977060][ T3849] loop0: detected capacity change from 0 to 64
[  139.005549][ T3849] FAULT_INJECTION: forcing a failure.
[  139.005549][ T3849] name failslab, interval 1, probability 0, space 0, times 0
[  139.018244][ T3849] CPU: 1 PID: 3849 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  139.028648][ T3849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  139.038701][ T3849] Call Trace:
[  139.041976][ T3849]  <TASK>
[  139.044919][ T3849]  dump_stack_lvl+0x1b1/0x28e
[  139.049637][ T3849]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  139.055089][ T3849]  ? panic+0x710/0x710
[  139.059154][ T3849]  ? __might_sleep+0xc0/0xc0
[  139.063734][ T3849]  ? __mutex_lock_common+0x45f/0x26e0
[  139.069107][ T3849]  should_fail_ex+0x395/0x4c0
[  139.073795][ T3849]  ? hfs_find_init+0x8b/0x1e0
[  139.078489][ T3849]  should_failslab+0x5/0x20
[  139.082987][ T3849]  __kmem_cache_alloc_node+0x69/0x310
[  139.088358][ T3849]  ? hfs_find_init+0x8b/0x1e0
[  139.093039][ T3849]  __kmalloc+0x9e/0x1a0
[  139.097216][ T3849]  hfs_find_init+0x8b/0x1e0
[  139.101740][ T3849]  hfs_extend_file+0x2f8/0x1420
[  139.106592][ T3849]  ? hfs_get_block+0xbb0/0xbb0
[  139.111361][ T3849]  ? lru_cache_disable+0x30/0x30
[  139.116306][ T3849]  ? __might_sleep+0xc0/0xc0
[  139.120920][ T3849]  hfs_get_block+0x3fc/0xbb0
[  139.125559][ T3849]  ? hfs_free_extents+0x420/0x420
[  139.130597][ T3849]  ? do_raw_spin_unlock+0x134/0x8a0
[  139.135802][ T3849]  ? create_page_buffers+0x244/0x4b0
[  139.141090][ T3849]  __block_write_begin_int+0x54c/0x1a80
[  139.146648][ T3849]  ? hfs_free_extents+0x420/0x420
[  139.151674][ T3849]  ? page_zero_new_buffers+0x940/0x940
[  139.157149][ T3849]  ? PageHeadHuge+0x8a/0x1d0
[  139.161744][ T3849]  ? hfs_free_extents+0x420/0x420
[  139.166765][ T3849]  block_write_begin+0x93/0x1e0
[  139.171616][ T3849]  ? cont_write_begin+0x5e5/0x860
[  139.176639][ T3849]  ? hfs_free_extents+0x420/0x420
[  139.181659][ T3849]  cont_write_begin+0x606/0x860
[  139.186527][ T3849]  ? fault_in_readable+0x1d5/0x310
[  139.191672][ T3849]  ? generic_cont_expand_simple+0x250/0x250
[  139.197570][ T3849]  ? fault_in_readable+0x219/0x310
[  139.202682][ T3849]  ? fault_in_safe_writeable+0x240/0x240
[  139.208315][ T3849]  hfs_write_begin+0x86/0xd0
[  139.212902][ T3849]  ? hfs_free_extents+0x420/0x420
[  139.217928][ T3849]  generic_perform_write+0x2e4/0x5e0
[  139.223220][ T3849]  ? __block_commit_write+0x420/0x420
[  139.228601][ T3849]  ? generic_file_direct_write+0x610/0x610
[  139.234420][ T3849]  ? __file_remove_privs+0x6c0/0x6c0
[  139.239701][ T3849]  ? generic_write_checks+0x15c/0x1c0
[  139.245086][ T3849]  __generic_file_write_iter+0x176/0x400
[  139.250739][ T3849]  generic_file_write_iter+0xab/0x310
[  139.256121][ T3849]  vfs_write+0x7dc/0xc50
[  139.260386][ T3849]  ? file_end_write+0x230/0x230
[  139.265230][ T3849]  ? ptrace_stop+0x74d/0x970
[  139.269838][ T3849]  ? _raw_spin_unlock_irq+0x2a/0x40
[  139.275053][ T3849]  ? __fdget_pos+0x252/0x2e0
[  139.279664][ T3849]  ksys_write+0x177/0x2a0
[  139.284027][ T3849]  ? __ia32_sys_read+0x80/0x80
[  139.288792][ T3849]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  139.294780][ T3849]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  139.300788][ T3849]  do_syscall_64+0x3d/0xb0
[  139.305232][ T3849]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  139.311160][ T3849] RIP: 0033:0x7f0fa5191c89
[  139.315571][ T3849] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  139.335181][ T3849] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  139.343877][ T3849] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  139.351869][ T3849] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  139.359844][ T3849] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  139.367825][ T3849] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  3849] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3849] exit_group(0)               = ?
[pid  3849] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3849, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./202", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./202", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./202/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./202/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./202/binderfs")                = 0
umount2("./202/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./202/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./202/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./202/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./202/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./202/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./202")                          = 0
mkdir("./203", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3850
./strace-static-x86_64: Process 3850 attached
[pid  3850] chdir("./203")              = 0
[pid  3850] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3850] setpgid(0, 0)               = 0
[pid  3850] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3850] write(3, "1000", 4)         = 4
[pid  3850] close(3)                    = 0
[pid  3850] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3850] memfd_create("syzkaller", 0) = 3
[  139.375826][ T3849] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000ca
[  139.383814][ T3849]  </TASK>
[pid  3850] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3850] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3850] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3850] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3850] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3850] close(3)                    = 0
[pid  3850] mkdir("./file0", 0777)      = 0
[pid  3850] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3850] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3850] chdir("./file0")            = 0
[pid  3850] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3850] close(4)                    = 0
[pid  3850] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3850] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3850] write(5, "13", 2)           = 2
[  139.443975][ T3850] loop0: detected capacity change from 0 to 64
[  139.459466][ T3850] FAULT_INJECTION: forcing a failure.
[  139.459466][ T3850] name failslab, interval 1, probability 0, space 0, times 0
[  139.472356][ T3850] CPU: 0 PID: 3850 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  139.482784][ T3850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  139.492829][ T3850] Call Trace:
[  139.496115][ T3850]  <TASK>
[  139.499035][ T3850]  dump_stack_lvl+0x1b1/0x28e
[  139.503723][ T3850]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  139.509172][ T3850]  ? panic+0x710/0x710
[  139.513229][ T3850]  ? __might_sleep+0xc0/0xc0
[  139.517802][ T3850]  ? __mutex_lock_common+0x45f/0x26e0
[  139.523276][ T3850]  should_fail_ex+0x395/0x4c0
[  139.527945][ T3850]  ? hfs_find_init+0x8b/0x1e0
[  139.532618][ T3850]  should_failslab+0x5/0x20
[  139.537123][ T3850]  __kmem_cache_alloc_node+0x69/0x310
[  139.542493][ T3850]  ? rcu_lock_release+0x5/0x20
[  139.547262][ T3850]  ? hfs_find_init+0x8b/0x1e0
[  139.551940][ T3850]  __kmalloc+0x9e/0x1a0
[  139.556102][ T3850]  hfs_find_init+0x8b/0x1e0
[  139.560608][ T3850]  hfs_extend_file+0x2f8/0x1420
[  139.565457][ T3850]  ? xas_find+0x937/0xa60
[  139.569801][ T3850]  ? hfs_get_block+0xbb0/0xbb0
[  139.574559][ T3850]  ? filemap_get_folios+0x557/0x830
[  139.579760][ T3850]  ? find_lock_entries+0xf60/0xf60
[  139.584893][ T3850]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  139.590805][ T3850]  hfs_get_block+0x3fc/0xbb0
[  139.595408][ T3850]  ? hfs_free_extents+0x420/0x420
[  139.600518][ T3850]  ? do_raw_spin_unlock+0x134/0x8a0
[  139.605726][ T3850]  ? create_page_buffers+0x244/0x4b0
[  139.611015][ T3850]  __block_write_begin_int+0x54c/0x1a80
[  139.616582][ T3850]  ? hfs_free_extents+0x420/0x420
[  139.621604][ T3850]  ? page_zero_new_buffers+0x940/0x940
[  139.627084][ T3850]  ? PageHeadHuge+0x8a/0x1d0
[  139.631702][ T3850]  ? hfs_free_extents+0x420/0x420
[  139.636737][ T3850]  block_write_begin+0x93/0x1e0
[  139.641605][ T3850]  ? cont_write_begin+0x5e5/0x860
[  139.646657][ T3850]  ? hfs_free_extents+0x420/0x420
[  139.651687][ T3850]  cont_write_begin+0x606/0x860
[  139.656568][ T3850]  ? fault_in_readable+0x1d5/0x310
[  139.661695][ T3850]  ? generic_cont_expand_simple+0x250/0x250
[  139.667605][ T3850]  ? fault_in_readable+0x219/0x310
[  139.672729][ T3850]  ? fault_in_safe_writeable+0x240/0x240
[  139.678379][ T3850]  hfs_write_begin+0x86/0xd0
[  139.682992][ T3850]  ? hfs_free_extents+0x420/0x420
[  139.688048][ T3850]  generic_perform_write+0x2e4/0x5e0
[  139.693365][ T3850]  ? __block_commit_write+0x420/0x420
[  139.698754][ T3850]  ? generic_file_direct_write+0x610/0x610
[  139.704583][ T3850]  ? __file_remove_privs+0x6c0/0x6c0
[  139.709879][ T3850]  ? generic_write_checks+0x15c/0x1c0
[  139.715270][ T3850]  __generic_file_write_iter+0x176/0x400
[  139.720945][ T3850]  generic_file_write_iter+0xab/0x310
[  139.726339][ T3850]  vfs_write+0x7dc/0xc50
[  139.730602][ T3850]  ? file_end_write+0x230/0x230
[  139.735459][ T3850]  ? ptrace_stop+0x74d/0x970
[  139.740068][ T3850]  ? _raw_spin_unlock_irq+0x2a/0x40
[  139.745275][ T3850]  ? __fdget_pos+0x252/0x2e0
[  139.749887][ T3850]  ksys_write+0x177/0x2a0
[  139.754245][ T3850]  ? __ia32_sys_read+0x80/0x80
[  139.759115][ T3850]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  139.765124][ T3850]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  139.771132][ T3850]  do_syscall_64+0x3d/0xb0
[  139.775559][ T3850]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  139.781462][ T3850] RIP: 0033:0x7f0fa5191c89
[  139.785880][ T3850] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  139.805498][ T3850] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  139.813916][ T3850] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  139.821901][ T3850] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  139.829914][ T3850] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  139.837902][ T3850] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  3850] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3850] exit_group(0)               = ?
[pid  3850] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3850, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./203", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./203", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./203/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./203/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./203/binderfs")                = 0
umount2("./203/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./203/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./203/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./203/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./203/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./203/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./203")                          = 0
mkdir("./204", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3851
./strace-static-x86_64: Process 3851 attached
[pid  3851] chdir("./204")              = 0
[pid  3851] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3851] setpgid(0, 0)               = 0
[pid  3851] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3851] write(3, "1000", 4)         = 4
[pid  3851] close(3)                    = 0
[pid  3851] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3851] memfd_create("syzkaller", 0) = 3
[pid  3851] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[  139.845875][ T3850] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000cb
[  139.853880][ T3850]  </TASK>
[pid  3851] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3851] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3851] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3851] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3851] close(3)                    = 0
[pid  3851] mkdir("./file0", 0777)      = 0
[pid  3851] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3851] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3851] chdir("./file0")            = 0
[pid  3851] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3851] close(4)                    = 0
[pid  3851] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3851] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3851] write(5, "13", 2)           = 2
[  139.909479][ T3851] loop0: detected capacity change from 0 to 64
[  139.930693][ T3851] FAULT_INJECTION: forcing a failure.
[  139.930693][ T3851] name failslab, interval 1, probability 0, space 0, times 0
[  139.944192][ T3851] CPU: 0 PID: 3851 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  139.954637][ T3851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  139.964702][ T3851] Call Trace:
[  139.967972][ T3851]  <TASK>
[  139.970889][ T3851]  dump_stack_lvl+0x1b1/0x28e
[  139.975555][ T3851]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  139.981012][ T3851]  ? panic+0x710/0x710
[  139.985069][ T3851]  ? __might_sleep+0xc0/0xc0
[  139.989649][ T3851]  ? __mutex_lock_common+0x45f/0x26e0
[  139.995013][ T3851]  should_fail_ex+0x395/0x4c0
[  139.999766][ T3851]  ? hfs_find_init+0x8b/0x1e0
[  140.004459][ T3851]  should_failslab+0x5/0x20
[  140.008962][ T3851]  __kmem_cache_alloc_node+0x69/0x310
[  140.014333][ T3851]  ? rcu_lock_release+0x5/0x20
[  140.019095][ T3851]  ? hfs_find_init+0x8b/0x1e0
[  140.023773][ T3851]  __kmalloc+0x9e/0x1a0
[  140.027933][ T3851]  hfs_find_init+0x8b/0x1e0
[  140.032439][ T3851]  hfs_extend_file+0x2f8/0x1420
[  140.037291][ T3851]  ? xas_find+0x937/0xa60
[  140.041628][ T3851]  ? hfs_get_block+0xbb0/0xbb0
[  140.046558][ T3851]  ? filemap_get_folios+0x557/0x830
[  140.051791][ T3851]  ? find_lock_entries+0xf60/0xf60
[  140.056901][ T3851]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  140.062801][ T3851]  hfs_get_block+0x3fc/0xbb0
[  140.067402][ T3851]  ? hfs_free_extents+0x420/0x420
[  140.072457][ T3851]  ? do_raw_spin_unlock+0x134/0x8a0
[  140.077690][ T3851]  ? create_page_buffers+0x244/0x4b0
[  140.083013][ T3851]  __block_write_begin_int+0x54c/0x1a80
[  140.088595][ T3851]  ? hfs_free_extents+0x420/0x420
[  140.093630][ T3851]  ? page_zero_new_buffers+0x940/0x940
[  140.099100][ T3851]  ? PageHeadHuge+0x8a/0x1d0
[  140.103699][ T3851]  ? hfs_free_extents+0x420/0x420
[  140.108722][ T3851]  block_write_begin+0x93/0x1e0
[  140.113576][ T3851]  ? cont_write_begin+0x5e5/0x860
[  140.118600][ T3851]  ? hfs_free_extents+0x420/0x420
[  140.123618][ T3851]  cont_write_begin+0x606/0x860
[  140.128472][ T3851]  ? fault_in_readable+0x1d5/0x310
[  140.133587][ T3851]  ? generic_cont_expand_simple+0x250/0x250
[  140.139477][ T3851]  ? fault_in_readable+0x219/0x310
[  140.146856][ T3851]  ? fault_in_safe_writeable+0x240/0x240
[  140.152508][ T3851]  hfs_write_begin+0x86/0xd0
[  140.157112][ T3851]  ? hfs_free_extents+0x420/0x420
[  140.162151][ T3851]  generic_perform_write+0x2e4/0x5e0
[  140.167458][ T3851]  ? __block_commit_write+0x420/0x420
[  140.172840][ T3851]  ? generic_file_direct_write+0x610/0x610
[  140.178733][ T3851]  ? __file_remove_privs+0x6c0/0x6c0
[  140.184022][ T3851]  ? generic_write_checks+0x15c/0x1c0
[  140.189402][ T3851]  __generic_file_write_iter+0x176/0x400
[  140.195037][ T3851]  generic_file_write_iter+0xab/0x310
[  140.200410][ T3851]  vfs_write+0x7dc/0xc50
[  140.204679][ T3851]  ? file_end_write+0x230/0x230
[  140.209536][ T3851]  ? ptrace_stop+0x74d/0x970
[  140.214144][ T3851]  ? _raw_spin_unlock_irq+0x2a/0x40
[  140.219355][ T3851]  ? __fdget_pos+0x252/0x2e0
[  140.223954][ T3851]  ksys_write+0x177/0x2a0
[  140.228290][ T3851]  ? __ia32_sys_read+0x80/0x80
[  140.233061][ T3851]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  140.239042][ T3851]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  140.245113][ T3851]  do_syscall_64+0x3d/0xb0
[  140.249526][ T3851]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  140.255414][ T3851] RIP: 0033:0x7f0fa5191c89
[  140.259825][ T3851] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  140.279440][ T3851] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  140.287874][ T3851] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  140.295850][ T3851] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid  3851] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3851] exit_group(0)               = ?
[pid  3851] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3851, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./204", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./204", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./204/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./204/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./204/binderfs")                = 0
umount2("./204/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./204/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./204/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./204/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./204/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./204/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./204")                          = 0
mkdir("./205", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3852
./strace-static-x86_64: Process 3852 attached
[pid  3852] chdir("./205")              = 0
[pid  3852] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[  140.303845][ T3851] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  140.311827][ T3851] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  140.319792][ T3851] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000cc
[  140.327773][ T3851]  </TASK>
[pid  3852] setpgid(0, 0)               = 0
[pid  3852] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3852] write(3, "1000", 4)         = 4
[pid  3852] close(3)                    = 0
[pid  3852] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3852] memfd_create("syzkaller", 0) = 3
[pid  3852] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3852] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3852] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3852] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3852] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3852] close(3)                    = 0
[pid  3852] mkdir("./file0", 0777)      = 0
[pid  3852] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3852] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3852] chdir("./file0")            = 0
[pid  3852] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3852] close(4)                    = 0
[pid  3852] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3852] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3852] write(5, "13", 2)           = 2
[  140.393343][ T3852] loop0: detected capacity change from 0 to 64
[  140.409338][ T3852] FAULT_INJECTION: forcing a failure.
[  140.409338][ T3852] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  140.422530][ T3852] CPU: 0 PID: 3852 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  140.432953][ T3852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  140.442997][ T3852] Call Trace:
[  140.446275][ T3852]  <TASK>
[  140.449204][ T3852]  dump_stack_lvl+0x1b1/0x28e
[  140.453871][ T3852]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  140.459318][ T3852]  ? panic+0x710/0x710
[  140.463371][ T3852]  ? hfs_free_extents+0x420/0x420
[  140.468407][ T3852]  ? PageHeadHuge+0x8a/0x1d0
[  140.473003][ T3852]  should_fail_ex+0x395/0x4c0
[  140.477691][ T3852]  copy_page_from_iter_atomic+0x217/0x1140
[  140.483492][ T3852]  ? generic_cont_expand_simple+0x250/0x250
[  140.489378][ T3852]  ? pipe_zero+0x200/0x200
[  140.493790][ T3852]  ? hfs_write_begin+0x86/0xd0
[  140.498546][ T3852]  ? hfs_free_extents+0x420/0x420
[  140.503561][ T3852]  ? hfs_write_begin+0x9e/0xd0
[  140.508313][ T3852]  generic_perform_write+0x35a/0x5e0
[  140.513613][ T3852]  ? __block_commit_write+0x420/0x420
[  140.519002][ T3852]  ? generic_file_direct_write+0x610/0x610
[  140.524815][ T3852]  ? __file_remove_privs+0x6c0/0x6c0
[  140.530102][ T3852]  ? generic_write_checks+0x15c/0x1c0
[  140.535498][ T3852]  __generic_file_write_iter+0x176/0x400
[  140.541226][ T3852]  generic_file_write_iter+0xab/0x310
[  140.546607][ T3852]  vfs_write+0x7dc/0xc50
[  140.550861][ T3852]  ? file_end_write+0x230/0x230
[  140.555698][ T3852]  ? ptrace_stop+0x74d/0x970
[  140.560299][ T3852]  ? _raw_spin_unlock_irq+0x2a/0x40
[  140.565536][ T3852]  ? __fdget_pos+0x252/0x2e0
[  140.570135][ T3852]  ksys_write+0x177/0x2a0
[  140.574456][ T3852]  ? __ia32_sys_read+0x80/0x80
[  140.579210][ T3852]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  140.585209][ T3852]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  140.591189][ T3852]  do_syscall_64+0x3d/0xb0
[  140.595681][ T3852]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  140.601569][ T3852] RIP: 0033:0x7f0fa5191c89
[  140.605984][ T3852] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  140.625576][ T3852] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  140.633976][ T3852] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[pid  3852] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid  3852] exit_group(0)               = ?
[pid  3852] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3852, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./205", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./205", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./205/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./205/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./205/binderfs")                = 0
umount2("./205/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./205/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./205/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./205/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./205/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./205/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./205")                          = 0
mkdir("./206", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3853
./strace-static-x86_64: Process 3853 attached
[pid  3853] chdir("./206")              = 0
[pid  3853] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3853] setpgid(0, 0)               = 0
[pid  3853] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3853] write(3, "1000", 4)         = 4
[pid  3853] close(3)                    = 0
[pid  3853] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3853] memfd_create("syzkaller", 0) = 3
[pid  3853] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3853] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3853] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3853] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[  140.641938][ T3852] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  140.649895][ T3852] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  140.657873][ T3852] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  140.665850][ T3852] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000cd
[  140.673826][ T3852]  </TASK>
[pid  3853] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3853] close(3)                    = 0
[pid  3853] mkdir("./file0", 0777)      = 0
[pid  3853] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3853] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3853] chdir("./file0")            = 0
[pid  3853] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3853] close(4)                    = 0
[pid  3853] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3853] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3853] write(5, "13", 2)           = 2
[pid  3853] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid  3853] exit_group(0)               = ?
[pid  3853] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3853, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
umount2("./206", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./206", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./206/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./206/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./206/binderfs")                = 0
umount2("./206/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./206/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./206/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./206/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./206/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./206/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./206")                          = 0
mkdir("./207", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3854
./strace-static-x86_64: Process 3854 attached
[pid  3854] chdir("./207")              = 0
[pid  3854] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3854] setpgid(0, 0)               = 0
[pid  3854] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3854] write(3, "1000", 4)         = 4
[pid  3854] close(3)                    = 0
[pid  3854] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3854] memfd_create("syzkaller", 0) = 3
[  140.718493][ T3853] loop0: detected capacity change from 0 to 64
[pid  3854] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3854] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3854] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3854] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3854] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3854] close(3)                    = 0
[pid  3854] mkdir("./file0", 0777)      = 0
[pid  3854] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3854] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3854] chdir("./file0")            = 0
[pid  3854] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3854] close(4)                    = 0
[pid  3854] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3854] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3854] write(5, "13", 2)           = 2
[  140.783235][ T3854] loop0: detected capacity change from 0 to 64
[  140.811950][ T3854] FAULT_INJECTION: forcing a failure.
[  140.811950][ T3854] name failslab, interval 1, probability 0, space 0, times 0
[  140.825109][ T3854] CPU: 0 PID: 3854 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  140.835629][ T3854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  140.845669][ T3854] Call Trace:
[  140.848935][ T3854]  <TASK>
[  140.851851][ T3854]  dump_stack_lvl+0x1b1/0x28e
[  140.856518][ T3854]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  140.861962][ T3854]  ? panic+0x710/0x710
[  140.866016][ T3854]  ? __might_sleep+0xc0/0xc0
[  140.870587][ T3854]  ? __mutex_lock_common+0x45f/0x26e0
[  140.875948][ T3854]  should_fail_ex+0x395/0x4c0
[  140.880613][ T3854]  ? hfs_find_init+0x8b/0x1e0
[  140.885280][ T3854]  should_failslab+0x5/0x20
[  140.889772][ T3854]  __kmem_cache_alloc_node+0x69/0x310
[  140.895128][ T3854]  ? rcu_lock_release+0x5/0x20
[  140.899877][ T3854]  ? hfs_find_init+0x8b/0x1e0
[  140.904625][ T3854]  __kmalloc+0x9e/0x1a0
[  140.908778][ T3854]  hfs_find_init+0x8b/0x1e0
[  140.913269][ T3854]  hfs_extend_file+0x2f8/0x1420
[  140.918192][ T3854]  ? xas_find+0x937/0xa60
[  140.922516][ T3854]  ? hfs_get_block+0xbb0/0xbb0
[  140.927278][ T3854]  ? filemap_get_folios+0x557/0x830
[  140.932474][ T3854]  ? find_lock_entries+0xf60/0xf60
[  140.937602][ T3854]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  140.943505][ T3854]  hfs_get_block+0x3fc/0xbb0
[  140.948107][ T3854]  ? hfs_free_extents+0x420/0x420
[  140.953123][ T3854]  ? do_raw_spin_unlock+0x134/0x8a0
[  140.958330][ T3854]  ? create_page_buffers+0x244/0x4b0
[  140.963621][ T3854]  __block_write_begin_int+0x54c/0x1a80
[  140.969188][ T3854]  ? hfs_free_extents+0x420/0x420
[  140.974207][ T3854]  ? page_zero_new_buffers+0x940/0x940
[  140.979666][ T3854]  ? PageHeadHuge+0x8a/0x1d0
[  140.984258][ T3854]  ? hfs_free_extents+0x420/0x420
[  140.989277][ T3854]  block_write_begin+0x93/0x1e0
[  140.994126][ T3854]  ? cont_write_begin+0x5e5/0x860
[  140.999237][ T3854]  ? hfs_free_extents+0x420/0x420
[  141.004258][ T3854]  cont_write_begin+0x606/0x860
[  141.009118][ T3854]  ? fault_in_readable+0x1d5/0x310
[  141.014231][ T3854]  ? generic_cont_expand_simple+0x250/0x250
[  141.020124][ T3854]  ? fault_in_readable+0x219/0x310
[  141.025237][ T3854]  ? fault_in_safe_writeable+0x240/0x240
[  141.030878][ T3854]  hfs_write_begin+0x86/0xd0
[  141.035464][ T3854]  ? hfs_free_extents+0x420/0x420
[  141.040489][ T3854]  generic_perform_write+0x2e4/0x5e0
[  141.045781][ T3854]  ? __block_commit_write+0x420/0x420
[  141.051244][ T3854]  ? generic_file_direct_write+0x610/0x610
[  141.057048][ T3854]  ? __file_remove_privs+0x6c0/0x6c0
[  141.062333][ T3854]  ? generic_write_checks+0x15c/0x1c0
[  141.067712][ T3854]  __generic_file_write_iter+0x176/0x400
[  141.073351][ T3854]  generic_file_write_iter+0xab/0x310
[  141.078727][ T3854]  vfs_write+0x7dc/0xc50
[  141.082982][ T3854]  ? file_end_write+0x230/0x230
[  141.087842][ T3854]  ? ptrace_stop+0x74d/0x970
[  141.092451][ T3854]  ? _raw_spin_unlock_irq+0x2a/0x40
[  141.097657][ T3854]  ? __fdget_pos+0x252/0x2e0
[  141.102257][ T3854]  ksys_write+0x177/0x2a0
[  141.106589][ T3854]  ? __ia32_sys_read+0x80/0x80
[  141.111356][ T3854]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  141.117335][ T3854]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  141.123312][ T3854]  do_syscall_64+0x3d/0xb0
[  141.127729][ T3854]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  141.133619][ T3854] RIP: 0033:0x7f0fa5191c89
[  141.138034][ T3854] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  141.157633][ T3854] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  141.166062][ T3854] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  141.174040][ T3854] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid  3854] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3854] exit_group(0)               = ?
[pid  3854] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3854, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./207", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./207", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./207/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./207/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./207/binderfs")                = 0
umount2("./207/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./207/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./207/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./207/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./207/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./207/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./207")                          = 0
mkdir("./208", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3855
./strace-static-x86_64: Process 3855 attached
[pid  3855] chdir("./208")              = 0
[pid  3855] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3855] setpgid(0, 0)               = 0
[pid  3855] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3855] write(3, "1000", 4)         = 4
[pid  3855] close(3)                    = 0
[pid  3855] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3855] memfd_create("syzkaller", 0) = 3
[pid  3855] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3855] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3855] munmap(0x7f0f9cc00000, 32768) = 0
[  141.182022][ T3854] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  141.190006][ T3854] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  141.198067][ T3854] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000cf
[  141.206058][ T3854]  </TASK>
[pid  3855] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3855] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3855] close(3)                    = 0
[pid  3855] mkdir("./file0", 0777)      = 0
[pid  3855] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3855] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3855] chdir("./file0")            = 0
[pid  3855] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3855] close(4)                    = 0
[pid  3855] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3855] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3855] write(5, "13", 2)           = 2
[  141.246343][ T3855] loop0: detected capacity change from 0 to 64
[  141.270663][ T3855] FAULT_INJECTION: forcing a failure.
[  141.270663][ T3855] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  141.284250][ T3855] CPU: 1 PID: 3855 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  141.294698][ T3855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  141.304748][ T3855] Call Trace:
[  141.308030][ T3855]  <TASK>
[  141.310975][ T3855]  dump_stack_lvl+0x1b1/0x28e
[  141.315675][ T3855]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  141.321136][ T3855]  ? panic+0x710/0x710
[  141.325218][ T3855]  ? do_anonymous_page+0xd4a/0x1150
[  141.330430][ T3855]  ? mark_lock+0x9a/0x350
[  141.334751][ T3855]  should_fail_ex+0x395/0x4c0
[  141.339439][ T3855]  prepare_alloc_pages+0x1d7/0x5a0
[  141.344571][ T3855]  __alloc_pages+0x161/0x560
[  141.349157][ T3855]  ? zone_statistics+0x160/0x160
[  141.354121][ T3855]  ? rcu_lock_release+0x5/0x20
[  141.358988][ T3855]  ? alloc_pages+0x520/0x7b0
[  141.363570][ T3855]  ? xas_descend+0x1f3/0x400
[  141.368172][ T3855]  folio_alloc+0x1a/0x50
[  141.372436][ T3855]  filemap_alloc_folio+0x7e/0x1c0
[  141.377481][ T3855]  __filemap_get_folio+0x898/0x1260
[  141.382681][ T3855]  ? page_cache_prev_miss+0x4e0/0x4e0
[  141.388064][ T3855]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[  141.394055][ T3855]  ? print_irqtrace_events+0x220/0x220
[  141.399507][ T3855]  pagecache_get_page+0x28/0x260
[  141.404456][ T3855]  ? hfs_free_extents+0x420/0x420
[  141.409488][ T3855]  block_write_begin+0x2e/0x1e0
[  141.414345][ T3855]  ? cont_write_begin+0x5e5/0x860
[  141.419370][ T3855]  ? hfs_free_extents+0x420/0x420
[  141.424392][ T3855]  cont_write_begin+0x606/0x860
[  141.429257][ T3855]  ? fault_in_readable+0x1d5/0x310
[  141.434382][ T3855]  ? generic_cont_expand_simple+0x250/0x250
[  141.440273][ T3855]  ? fault_in_readable+0x219/0x310
[  141.445396][ T3855]  ? fault_in_safe_writeable+0x240/0x240
[  141.451028][ T3855]  hfs_write_begin+0x86/0xd0
[  141.455622][ T3855]  ? hfs_free_extents+0x420/0x420
[  141.460658][ T3855]  generic_perform_write+0x2e4/0x5e0
[  141.465970][ T3855]  ? __block_commit_write+0x420/0x420
[  141.471340][ T3855]  ? generic_file_direct_write+0x610/0x610
[  141.477139][ T3855]  ? __file_remove_privs+0x6c0/0x6c0
[  141.482420][ T3855]  ? generic_write_checks+0x15c/0x1c0
[  141.487790][ T3855]  __generic_file_write_iter+0x176/0x400
[  141.493418][ T3855]  generic_file_write_iter+0xab/0x310
[  141.498784][ T3855]  vfs_write+0x7dc/0xc50
[  141.503025][ T3855]  ? file_end_write+0x230/0x230
[  141.507864][ T3855]  ? ptrace_stop+0x74d/0x970
[  141.512467][ T3855]  ? _raw_spin_unlock_irq+0x2a/0x40
[  141.517680][ T3855]  ? __fdget_pos+0x252/0x2e0
[  141.522283][ T3855]  ksys_write+0x177/0x2a0
[  141.526606][ T3855]  ? __ia32_sys_read+0x80/0x80
[  141.531371][ T3855]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  141.537365][ T3855]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  141.543336][ T3855]  do_syscall_64+0x3d/0xb0
[  141.547748][ T3855]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  141.553639][ T3855] RIP: 0033:0x7f0fa5191c89
[  141.558059][ T3855] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  141.577653][ T3855] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  141.586055][ T3855] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[pid  3855] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3855] exit_group(0)               = ?
[pid  3855] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3855, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./208", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./208", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./208/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./208/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./208/binderfs")                = 0
umount2("./208/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./208/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./208/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./208/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./208/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./208/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./208")                          = 0
mkdir("./209", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3856
./strace-static-x86_64: Process 3856 attached
[pid  3856] chdir("./209")              = 0
[pid  3856] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3856] setpgid(0, 0)               = 0
[pid  3856] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3856] write(3, "1000", 4)         = 4
[pid  3856] close(3)                    = 0
[pid  3856] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3856] memfd_create("syzkaller", 0) = 3
[pid  3856] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3856] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[  141.594017][ T3855] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  141.601987][ T3855] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  141.609964][ T3855] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  141.617937][ T3855] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000d0
[  141.625912][ T3855]  </TASK>
[pid  3856] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3856] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3856] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3856] close(3)                    = 0
[pid  3856] mkdir("./file0", 0777)      = 0
[pid  3856] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3856] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3856] chdir("./file0")            = 0
[pid  3856] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3856] close(4)                    = 0
[pid  3856] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3856] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3856] write(5, "13", 2)           = 2
[  141.680548][ T3856] loop0: detected capacity change from 0 to 64
[  141.707051][ T3856] FAULT_INJECTION: forcing a failure.
[  141.707051][ T3856] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  141.720594][ T3856] CPU: 1 PID: 3856 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  141.731033][ T3856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  141.741086][ T3856] Call Trace:
[  141.744364][ T3856]  <TASK>
[  141.747292][ T3856]  dump_stack_lvl+0x1b1/0x28e
[  141.751973][ T3856]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  141.757430][ T3856]  ? panic+0x710/0x710
[  141.761580][ T3856]  ? do_anonymous_page+0xd4a/0x1150
[  141.766959][ T3856]  ? mark_lock+0x9a/0x350
[  141.771289][ T3856]  should_fail_ex+0x395/0x4c0
[  141.775971][ T3856]  prepare_alloc_pages+0x1d7/0x5a0
[  141.781093][ T3856]  __alloc_pages+0x161/0x560
[  141.785687][ T3856]  ? zone_statistics+0x160/0x160
[  141.790634][ T3856]  ? rcu_lock_release+0x5/0x20
[  141.795398][ T3856]  ? alloc_pages+0x520/0x7b0
[  141.799987][ T3856]  ? xas_descend+0x1f3/0x400
[  141.804579][ T3856]  folio_alloc+0x1a/0x50
[  141.808819][ T3856]  filemap_alloc_folio+0x7e/0x1c0
[  141.813841][ T3856]  __filemap_get_folio+0x898/0x1260
[  141.819043][ T3856]  ? page_cache_prev_miss+0x4e0/0x4e0
[  141.824415][ T3856]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[  141.830394][ T3856]  ? print_irqtrace_events+0x220/0x220
[  141.835854][ T3856]  pagecache_get_page+0x28/0x260
[  141.840792][ T3856]  ? hfs_free_extents+0x420/0x420
[  141.845823][ T3856]  block_write_begin+0x2e/0x1e0
[  141.850675][ T3856]  ? cont_write_begin+0x5e5/0x860
[  141.855708][ T3856]  ? hfs_free_extents+0x420/0x420
[  141.860729][ T3856]  cont_write_begin+0x606/0x860
[  141.865586][ T3856]  ? fault_in_readable+0x1d5/0x310
[  141.870704][ T3856]  ? generic_cont_expand_simple+0x250/0x250
[  141.876597][ T3856]  ? fault_in_readable+0x219/0x310
[  141.881715][ T3856]  ? fault_in_safe_writeable+0x240/0x240
[  141.887354][ T3856]  hfs_write_begin+0x86/0xd0
[  141.891942][ T3856]  ? hfs_free_extents+0x420/0x420
[  141.896965][ T3856]  generic_perform_write+0x2e4/0x5e0
[  141.902257][ T3856]  ? __block_commit_write+0x420/0x420
[  141.907630][ T3856]  ? generic_file_direct_write+0x610/0x610
[  141.913434][ T3856]  ? __file_remove_privs+0x6c0/0x6c0
[  141.918719][ T3856]  ? generic_write_checks+0x15c/0x1c0
[  141.924096][ T3856]  __generic_file_write_iter+0x176/0x400
[  141.929735][ T3856]  generic_file_write_iter+0xab/0x310
[  141.935109][ T3856]  vfs_write+0x7dc/0xc50
[  141.939367][ T3856]  ? file_end_write+0x230/0x230
[  141.944302][ T3856]  ? ptrace_stop+0x74d/0x970
[  141.948903][ T3856]  ? _raw_spin_unlock_irq+0x2a/0x40
[  141.954105][ T3856]  ? __fdget_pos+0x252/0x2e0
[  141.958704][ T3856]  ksys_write+0x177/0x2a0
[  141.963036][ T3856]  ? __ia32_sys_read+0x80/0x80
[  141.967799][ T3856]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  141.973782][ T3856]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  141.979766][ T3856]  do_syscall_64+0x3d/0xb0
[  141.984181][ T3856]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  141.990069][ T3856] RIP: 0033:0x7f0fa5191c89
[  141.994480][ T3856] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  142.014124][ T3856] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  142.022552][ T3856] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[pid  3856] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3856] exit_group(0)               = ?
[pid  3856] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3856, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./209", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./209", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./209/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./209/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./209/binderfs")                = 0
umount2("./209/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./209/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./209/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./209/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./209/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./209/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./209")                          = 0
mkdir("./210", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3857
./strace-static-x86_64: Process 3857 attached
[pid  3857] chdir("./210")              = 0
[pid  3857] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3857] setpgid(0, 0)               = 0
[pid  3857] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3857] write(3, "1000", 4)         = 4
[pid  3857] close(3)                    = 0
[pid  3857] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3857] memfd_create("syzkaller", 0) = 3
[pid  3857] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3857] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3857] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3857] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[  142.030519][ T3856] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  142.038486][ T3856] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  142.046452][ T3856] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  142.054416][ T3856] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000d1
[  142.062398][ T3856]  </TASK>
[pid  3857] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3857] close(3)                    = 0
[pid  3857] mkdir("./file0", 0777)      = 0
[pid  3857] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3857] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3857] chdir("./file0")            = 0
[pid  3857] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3857] close(4)                    = 0
[pid  3857] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3857] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3857] write(5, "13", 2)           = 2
[  142.112389][ T3857] loop0: detected capacity change from 0 to 64
[  142.114682][ T3640] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  142.142477][ T3857] FAULT_INJECTION: forcing a failure.
[  142.142477][ T3857] name failslab, interval 1, probability 0, space 0, times 0
[  142.155481][ T3857] CPU: 0 PID: 3857 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  142.165907][ T3857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  142.175969][ T3857] Call Trace:
[  142.179239][ T3857]  <TASK>
[  142.182157][ T3857]  dump_stack_lvl+0x1b1/0x28e
[  142.186843][ T3857]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  142.192295][ T3857]  ? panic+0x710/0x710
[  142.196358][ T3857]  ? __might_sleep+0xc0/0xc0
[  142.200938][ T3857]  ? __mutex_lock_common+0x45f/0x26e0
[  142.206314][ T3857]  should_fail_ex+0x395/0x4c0
[  142.211009][ T3857]  ? hfs_find_init+0x8b/0x1e0
[  142.215709][ T3857]  should_failslab+0x5/0x20
[  142.220225][ T3857]  __kmem_cache_alloc_node+0x69/0x310
[  142.225607][ T3857]  ? hfs_find_init+0x8b/0x1e0
[  142.230295][ T3857]  __kmalloc+0x9e/0x1a0
[  142.234463][ T3857]  hfs_find_init+0x8b/0x1e0
[  142.238977][ T3857]  hfs_extend_file+0x2f8/0x1420
[  142.243837][ T3857]  ? hfs_get_block+0xbb0/0xbb0
[  142.248616][ T3857]  ? lru_cache_disable+0x30/0x30
[  142.253556][ T3857]  ? __might_sleep+0xc0/0xc0
[  142.258167][ T3857]  hfs_get_block+0x3fc/0xbb0
[  142.262764][ T3857]  ? hfs_free_extents+0x420/0x420
[  142.267791][ T3857]  ? do_raw_spin_unlock+0x134/0x8a0
[  142.272993][ T3857]  ? create_page_buffers+0x244/0x4b0
[  142.278282][ T3857]  __block_write_begin_int+0x54c/0x1a80
[  142.283847][ T3857]  ? hfs_free_extents+0x420/0x420
[  142.288868][ T3857]  ? page_zero_new_buffers+0x940/0x940
[  142.294327][ T3857]  ? PageHeadHuge+0x8a/0x1d0
[  142.299013][ T3857]  ? hfs_free_extents+0x420/0x420
[  142.304028][ T3857]  block_write_begin+0x93/0x1e0
[  142.308873][ T3857]  ? cont_write_begin+0x5e5/0x860
[  142.313922][ T3857]  ? hfs_free_extents+0x420/0x420
[  142.318969][ T3857]  cont_write_begin+0x606/0x860
[  142.323851][ T3857]  ? fault_in_readable+0x1d5/0x310
[  142.328980][ T3857]  ? generic_cont_expand_simple+0x250/0x250
[  142.334880][ T3857]  ? fault_in_readable+0x219/0x310
[  142.339990][ T3857]  ? fault_in_safe_writeable+0x240/0x240
[  142.345663][ T3857]  hfs_write_begin+0x86/0xd0
[  142.350247][ T3857]  ? hfs_free_extents+0x420/0x420
[  142.355269][ T3857]  generic_perform_write+0x2e4/0x5e0
[  142.360563][ T3857]  ? __block_commit_write+0x420/0x420
[  142.365933][ T3857]  ? generic_file_direct_write+0x610/0x610
[  142.371732][ T3857]  ? __file_remove_privs+0x6c0/0x6c0
[  142.377081][ T3857]  ? generic_write_checks+0x15c/0x1c0
[  142.382585][ T3857]  __generic_file_write_iter+0x176/0x400
[  142.388248][ T3857]  generic_file_write_iter+0xab/0x310
[  142.393632][ T3857]  vfs_write+0x7dc/0xc50
[  142.397895][ T3857]  ? file_end_write+0x230/0x230
[  142.402758][ T3857]  ? ptrace_stop+0x74d/0x970
[  142.407368][ T3857]  ? _raw_spin_unlock_irq+0x2a/0x40
[  142.412573][ T3857]  ? __fdget_pos+0x252/0x2e0
[  142.417169][ T3857]  ksys_write+0x177/0x2a0
[  142.421502][ T3857]  ? __ia32_sys_read+0x80/0x80
[  142.426265][ T3857]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  142.432246][ T3857]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  142.438314][ T3857]  do_syscall_64+0x3d/0xb0
[  142.442728][ T3857]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  142.448620][ T3857] RIP: 0033:0x7f0fa5191c89
[  142.453034][ T3857] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  142.472637][ T3857] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  142.481047][ T3857] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  142.489022][ T3857] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  142.496992][ T3857] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  142.504967][ T3857] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  3857] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3857] exit_group(0)               = ?
[pid  3857] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3857, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./210", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./210", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./210/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./210/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./210/binderfs")                = 0
umount2("./210/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./210/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./210/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./210/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./210/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./210/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./210")                          = 0
mkdir("./211", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3858
./strace-static-x86_64: Process 3858 attached
[pid  3858] chdir("./211")              = 0
[pid  3858] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3858] setpgid(0, 0)               = 0
[pid  3858] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3858] write(3, "1000", 4)         = 4
[pid  3858] close(3)                    = 0
[pid  3858] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3858] memfd_create("syzkaller", 0) = 3
[pid  3858] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3858] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3858] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3858] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[  142.512936][ T3857] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000d2
[  142.520920][ T3857]  </TASK>
[pid  3858] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3858] close(3)                    = 0
[pid  3858] mkdir("./file0", 0777)      = 0
[pid  3858] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3858] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3858] chdir("./file0")            = 0
[pid  3858] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3858] close(4)                    = 0
[pid  3858] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3858] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3858] write(5, "13", 2)           = 2
[  142.569592][ T3858] loop0: detected capacity change from 0 to 64
[  142.598828][ T3858] FAULT_INJECTION: forcing a failure.
[  142.598828][ T3858] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  142.611950][ T3858] CPU: 0 PID: 3858 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  142.622365][ T3858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  142.632542][ T3858] Call Trace:
[  142.635830][ T3858]  <TASK>
[  142.638754][ T3858]  dump_stack_lvl+0x1b1/0x28e
[  142.643429][ T3858]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  142.648891][ T3858]  ? panic+0x710/0x710
[  142.652960][ T3858]  ? hfs_free_extents+0x420/0x420
[  142.657994][ T3858]  ? PageHeadHuge+0x8a/0x1d0
[  142.662587][ T3858]  should_fail_ex+0x395/0x4c0
[  142.667274][ T3858]  copy_page_from_iter_atomic+0x217/0x1140
[  142.673102][ T3858]  ? generic_cont_expand_simple+0x250/0x250
[  142.679015][ T3858]  ? pipe_zero+0x200/0x200
[  142.683430][ T3858]  ? hfs_write_begin+0x86/0xd0
[  142.688194][ T3858]  ? hfs_free_extents+0x420/0x420
[  142.693226][ T3858]  ? hfs_write_begin+0x9e/0xd0
[  142.697995][ T3858]  generic_perform_write+0x35a/0x5e0
[  142.703300][ T3858]  ? __block_commit_write+0x420/0x420
[  142.708684][ T3858]  ? generic_file_direct_write+0x610/0x610
[  142.714498][ T3858]  ? __file_remove_privs+0x6c0/0x6c0
[  142.719802][ T3858]  ? generic_write_checks+0x15c/0x1c0
[  142.725179][ T3858]  __generic_file_write_iter+0x176/0x400
[  142.730868][ T3858]  generic_file_write_iter+0xab/0x310
[  142.736250][ T3858]  vfs_write+0x7dc/0xc50
[  142.740499][ T3858]  ? file_end_write+0x230/0x230
[  142.745350][ T3858]  ? ptrace_stop+0x74d/0x970
[  142.749958][ T3858]  ? _raw_spin_unlock_irq+0x2a/0x40
[  142.755162][ T3858]  ? __fdget_pos+0x252/0x2e0
[  142.759765][ T3858]  ksys_write+0x177/0x2a0
[  142.764094][ T3858]  ? __ia32_sys_read+0x80/0x80
[  142.768866][ T3858]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  142.774859][ T3858]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  142.780836][ T3858]  do_syscall_64+0x3d/0xb0
[  142.785253][ T3858]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  142.791154][ T3858] RIP: 0033:0x7f0fa5191c89
[  142.795567][ T3858] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid  3858] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid  3858] exit_group(0)               = ?
[pid  3858] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3858, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./211", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./211", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./211/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./211/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./211/binderfs")                = 0
umount2("./211/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./211/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./211/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./211/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./211/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./211/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./211")                          = 0
mkdir("./212", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3859
./strace-static-x86_64: Process 3859 attached
[pid  3859] chdir("./212")              = 0
[pid  3859] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3859] setpgid(0, 0)               = 0
[  142.815170][ T3858] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  142.823589][ T3858] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  142.831574][ T3858] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  142.839564][ T3858] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  142.847532][ T3858] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  142.855502][ T3858] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000d3
[  142.863514][ T3858]  </TASK>
[pid  3859] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3859] write(3, "1000", 4)         = 4
[pid  3859] close(3)                    = 0
[pid  3859] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3859] memfd_create("syzkaller", 0) = 3
[pid  3859] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3859] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3859] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3859] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3859] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3859] close(3)                    = 0
[pid  3859] mkdir("./file0", 0777)      = 0
[pid  3859] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3859] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3859] chdir("./file0")            = 0
[pid  3859] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3859] close(4)                    = 0
[pid  3859] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3859] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3859] write(5, "13", 2)           = 2
[  142.906055][ T3859] loop0: detected capacity change from 0 to 64
[  142.936603][ T3859] FAULT_INJECTION: forcing a failure.
[  142.936603][ T3859] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  142.950448][ T3859] CPU: 0 PID: 3859 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  142.960893][ T3859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  142.970962][ T3859] Call Trace:
[  142.974234][ T3859]  <TASK>
[  142.977155][ T3859]  dump_stack_lvl+0x1b1/0x28e
[  142.981826][ T3859]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  142.987273][ T3859]  ? panic+0x710/0x710
[  142.991327][ T3859]  ? do_anonymous_page+0xd4a/0x1150
[  142.996515][ T3859]  ? mark_lock+0x9a/0x350
[  143.000840][ T3859]  should_fail_ex+0x395/0x4c0
[  143.005556][ T3859]  prepare_alloc_pages+0x1d7/0x5a0
[  143.010680][ T3859]  __alloc_pages+0x161/0x560
[  143.015286][ T3859]  ? zone_statistics+0x160/0x160
[  143.020233][ T3859]  ? rcu_lock_release+0x5/0x20
[  143.024996][ T3859]  ? alloc_pages+0x520/0x7b0
[  143.029586][ T3859]  ? xas_descend+0x1f3/0x400
[  143.034181][ T3859]  folio_alloc+0x1a/0x50
[  143.038420][ T3859]  filemap_alloc_folio+0x7e/0x1c0
[  143.043448][ T3859]  __filemap_get_folio+0x898/0x1260
[  143.048655][ T3859]  ? page_cache_prev_miss+0x4e0/0x4e0
[  143.054035][ T3859]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[  143.060027][ T3859]  ? print_irqtrace_events+0x220/0x220
[  143.065499][ T3859]  pagecache_get_page+0x28/0x260
[  143.070438][ T3859]  ? hfs_free_extents+0x420/0x420
[  143.075470][ T3859]  block_write_begin+0x2e/0x1e0
[  143.080333][ T3859]  ? cont_write_begin+0x5e5/0x860
[  143.085361][ T3859]  ? hfs_free_extents+0x420/0x420
[  143.090385][ T3859]  cont_write_begin+0x606/0x860
[  143.095244][ T3859]  ? fault_in_readable+0x1d5/0x310
[  143.100362][ T3859]  ? generic_cont_expand_simple+0x250/0x250
[  143.106274][ T3859]  ? fault_in_readable+0x219/0x310
[  143.111411][ T3859]  ? fault_in_safe_writeable+0x240/0x240
[  143.117051][ T3859]  hfs_write_begin+0x86/0xd0
[  143.121643][ T3859]  ? hfs_free_extents+0x420/0x420
[  143.126666][ T3859]  generic_perform_write+0x2e4/0x5e0
[  143.131959][ T3859]  ? __block_commit_write+0x420/0x420
[  143.137339][ T3859]  ? generic_file_direct_write+0x610/0x610
[  143.143146][ T3859]  ? __file_remove_privs+0x6c0/0x6c0
[  143.148430][ T3859]  ? generic_write_checks+0x15c/0x1c0
[  143.153811][ T3859]  __generic_file_write_iter+0x176/0x400
[  143.159450][ T3859]  generic_file_write_iter+0xab/0x310
[  143.164833][ T3859]  vfs_write+0x7dc/0xc50
[  143.169085][ T3859]  ? file_end_write+0x230/0x230
[  143.173935][ T3859]  ? ptrace_stop+0x74d/0x970
[  143.178534][ T3859]  ? _raw_spin_unlock_irq+0x2a/0x40
[  143.183742][ T3859]  ? __fdget_pos+0x252/0x2e0
[  143.188336][ T3859]  ksys_write+0x177/0x2a0
[  143.192669][ T3859]  ? __ia32_sys_read+0x80/0x80
[  143.197437][ T3859]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  143.203424][ T3859]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  143.209428][ T3859]  do_syscall_64+0x3d/0xb0
[  143.213869][ T3859]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  143.219774][ T3859] RIP: 0033:0x7f0fa5191c89
[  143.224200][ T3859] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  143.243805][ T3859] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid  3859] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3859] exit_group(0)               = ?
[pid  3859] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3859, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./212", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./212", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./212/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./212/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./212/binderfs")                = 0
umount2("./212/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./212/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./212/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./212/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./212/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./212/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./212")                          = 0
mkdir("./213", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3860
./strace-static-x86_64: Process 3860 attached
[pid  3860] chdir("./213")              = 0
[pid  3860] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3860] setpgid(0, 0)               = 0
[pid  3860] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3860] write(3, "1000", 4)         = 4
[pid  3860] close(3)                    = 0
[pid  3860] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3860] memfd_create("syzkaller", 0) = 3
[pid  3860] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3860] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3860] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3860] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[  143.252223][ T3859] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  143.260189][ T3859] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  143.268154][ T3859] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  143.276122][ T3859] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  143.284086][ T3859] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000d4
[  143.292069][ T3859]  </TASK>
[pid  3860] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3860] close(3)                    = 0
[pid  3860] mkdir("./file0", 0777)      = 0
[pid  3860] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3860] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3860] chdir("./file0")            = 0
[pid  3860] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3860] close(4)                    = 0
[pid  3860] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3860] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3860] write(5, "13", 2)           = 2
[  143.327693][ T3860] loop0: detected capacity change from 0 to 64
[  143.330590][ T3640] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  143.372152][ T3860] FAULT_INJECTION: forcing a failure.
[  143.372152][ T3860] name failslab, interval 1, probability 0, space 0, times 0
[  143.384896][ T3860] CPU: 0 PID: 3860 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  143.395321][ T3860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  143.405378][ T3860] Call Trace:
[  143.408664][ T3860]  <TASK>
[  143.411611][ T3860]  dump_stack_lvl+0x1b1/0x28e
[  143.416307][ T3860]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  143.421757][ T3860]  ? panic+0x710/0x710
[  143.425821][ T3860]  ? __might_sleep+0xc0/0xc0
[  143.430403][ T3860]  ? __mutex_lock_common+0x45f/0x26e0
[  143.435771][ T3860]  should_fail_ex+0x395/0x4c0
[  143.440455][ T3860]  ? hfs_find_init+0x8b/0x1e0
[  143.445150][ T3860]  should_failslab+0x5/0x20
[  143.449651][ T3860]  __kmem_cache_alloc_node+0x69/0x310
[  143.455022][ T3860]  ? hfs_find_init+0x8b/0x1e0
[  143.459703][ T3860]  __kmalloc+0x9e/0x1a0
[  143.463890][ T3860]  hfs_find_init+0x8b/0x1e0
[  143.468409][ T3860]  hfs_extend_file+0x2f8/0x1420
[  143.473259][ T3860]  ? hfs_get_block+0xbb0/0xbb0
[  143.478014][ T3860]  ? lru_cache_disable+0x30/0x30
[  143.482943][ T3860]  ? __might_sleep+0xc0/0xc0
[  143.487554][ T3860]  hfs_get_block+0x3fc/0xbb0
[  143.492149][ T3860]  ? hfs_free_extents+0x420/0x420
[  143.497172][ T3860]  ? do_raw_spin_unlock+0x134/0x8a0
[  143.502398][ T3860]  ? create_page_buffers+0x244/0x4b0
[  143.507706][ T3860]  __block_write_begin_int+0x54c/0x1a80
[  143.513264][ T3860]  ? hfs_free_extents+0x420/0x420
[  143.518280][ T3860]  ? page_zero_new_buffers+0x940/0x940
[  143.523734][ T3860]  ? PageHeadHuge+0x8a/0x1d0
[  143.528320][ T3860]  ? hfs_free_extents+0x420/0x420
[  143.533336][ T3860]  block_write_begin+0x93/0x1e0
[  143.538189][ T3860]  ? cont_write_begin+0x5e5/0x860
[  143.543229][ T3860]  ? hfs_free_extents+0x420/0x420
[  143.548259][ T3860]  cont_write_begin+0x606/0x860
[  143.553111][ T3860]  ? fault_in_readable+0x1d5/0x310
[  143.558217][ T3860]  ? generic_cont_expand_simple+0x250/0x250
[  143.564102][ T3860]  ? fault_in_readable+0x219/0x310
[  143.569207][ T3860]  ? fault_in_safe_writeable+0x240/0x240
[  143.574839][ T3860]  hfs_write_begin+0x86/0xd0
[  143.579429][ T3860]  ? hfs_free_extents+0x420/0x420
[  143.584462][ T3860]  generic_perform_write+0x2e4/0x5e0
[  143.589748][ T3860]  ? __block_commit_write+0x420/0x420
[  143.595117][ T3860]  ? generic_file_direct_write+0x610/0x610
[  143.600917][ T3860]  ? __file_remove_privs+0x6c0/0x6c0
[  143.606191][ T3860]  ? generic_write_checks+0x15c/0x1c0
[  143.611562][ T3860]  __generic_file_write_iter+0x176/0x400
[  143.617191][ T3860]  generic_file_write_iter+0xab/0x310
[  143.622559][ T3860]  vfs_write+0x7dc/0xc50
[  143.626802][ T3860]  ? file_end_write+0x230/0x230
[  143.631642][ T3860]  ? ptrace_stop+0x74d/0x970
[  143.636242][ T3860]  ? _raw_spin_unlock_irq+0x2a/0x40
[  143.641445][ T3860]  ? __fdget_pos+0x252/0x2e0
[  143.646049][ T3860]  ksys_write+0x177/0x2a0
[  143.650371][ T3860]  ? __ia32_sys_read+0x80/0x80
[  143.655136][ T3860]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  143.661128][ T3860]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  143.667101][ T3860]  do_syscall_64+0x3d/0xb0
[  143.671509][ T3860]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  143.677397][ T3860] RIP: 0033:0x7f0fa5191c89
[  143.681802][ T3860] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  143.701401][ T3860] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  143.709809][ T3860] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[pid  3860] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3860] exit_group(0)               = ?
[pid  3860] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3860, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./213", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./213", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./213/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./213/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./213/binderfs")                = 0
umount2("./213/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./213/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./213/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./213/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./213/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./213/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./213")                          = 0
mkdir("./214", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3861
./strace-static-x86_64: Process 3861 attached
[pid  3861] chdir("./214")              = 0
[pid  3861] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3861] setpgid(0, 0)               = 0
[  143.717772][ T3860] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  143.725733][ T3860] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  143.733704][ T3860] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  143.741692][ T3860] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000d5
[  143.749695][ T3860]  </TASK>
[pid  3861] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3861] write(3, "1000", 4)         = 4
[pid  3861] close(3)                    = 0
[pid  3861] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3861] memfd_create("syzkaller", 0) = 3
[pid  3861] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3861] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3861] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3861] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3861] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3861] close(3)                    = 0
[pid  3861] mkdir("./file0", 0777)      = 0
[pid  3861] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3861] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3861] chdir("./file0")            = 0
[pid  3861] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3861] close(4)                    = 0
[pid  3861] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3861] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3861] write(5, "13", 2)           = 2
[  143.813367][ T3861] loop0: detected capacity change from 0 to 64
[  143.835587][ T3861] FAULT_INJECTION: forcing a failure.
[  143.835587][ T3861] name failslab, interval 1, probability 0, space 0, times 0
[  143.849021][ T3861] CPU: 0 PID: 3861 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  143.859483][ T3861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  143.869562][ T3861] Call Trace:
[  143.872853][ T3861]  <TASK>
[  143.875777][ T3861]  dump_stack_lvl+0x1b1/0x28e
[  143.880453][ T3861]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  143.885929][ T3861]  ? panic+0x710/0x710
[  143.889991][ T3861]  ? __might_sleep+0xc0/0xc0
[  143.894574][ T3861]  ? __mutex_lock_common+0x45f/0x26e0
[  143.899958][ T3861]  should_fail_ex+0x395/0x4c0
[  143.904642][ T3861]  ? hfs_find_init+0x8b/0x1e0
[  143.909323][ T3861]  should_failslab+0x5/0x20
[  143.913827][ T3861]  __kmem_cache_alloc_node+0x69/0x310
[  143.919199][ T3861]  ? rcu_lock_release+0x5/0x20
[  143.923964][ T3861]  ? hfs_find_init+0x8b/0x1e0
[  143.928665][ T3861]  __kmalloc+0x9e/0x1a0
[  143.932830][ T3861]  hfs_find_init+0x8b/0x1e0
[  143.937343][ T3861]  hfs_extend_file+0x2f8/0x1420
[  143.942208][ T3861]  ? xas_find+0x937/0xa60
[  143.946549][ T3861]  ? hfs_get_block+0xbb0/0xbb0
[  143.951307][ T3861]  ? filemap_get_folios+0x557/0x830
[  143.956512][ T3861]  ? find_lock_entries+0xf60/0xf60
[  143.961628][ T3861]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  143.967535][ T3861]  hfs_get_block+0x3fc/0xbb0
[  143.972135][ T3861]  ? hfs_free_extents+0x420/0x420
[  143.977157][ T3861]  ? do_raw_spin_unlock+0x134/0x8a0
[  143.982364][ T3861]  ? create_page_buffers+0x244/0x4b0
[  143.987659][ T3861]  __block_write_begin_int+0x54c/0x1a80
[  143.993229][ T3861]  ? hfs_free_extents+0x420/0x420
[  143.998249][ T3861]  ? page_zero_new_buffers+0x940/0x940
[  144.003712][ T3861]  ? PageHeadHuge+0x8a/0x1d0
[  144.008304][ T3861]  ? hfs_free_extents+0x420/0x420
[  144.013324][ T3861]  block_write_begin+0x93/0x1e0
[  144.018176][ T3861]  ? cont_write_begin+0x5e5/0x860
[  144.023198][ T3861]  ? hfs_free_extents+0x420/0x420
[  144.028220][ T3861]  cont_write_begin+0x606/0x860
[  144.033077][ T3861]  ? fault_in_readable+0x1d5/0x310
[  144.038195][ T3861]  ? generic_cont_expand_simple+0x250/0x250
[  144.044088][ T3861]  ? fault_in_readable+0x219/0x310
[  144.049200][ T3861]  ? fault_in_safe_writeable+0x240/0x240
[  144.054843][ T3861]  hfs_write_begin+0x86/0xd0
[  144.059433][ T3861]  ? hfs_free_extents+0x420/0x420
[  144.064458][ T3861]  generic_perform_write+0x2e4/0x5e0
[  144.069770][ T3861]  ? __block_commit_write+0x420/0x420
[  144.075145][ T3861]  ? generic_file_direct_write+0x610/0x610
[  144.080949][ T3861]  ? __file_remove_privs+0x6c0/0x6c0
[  144.086233][ T3861]  ? generic_write_checks+0x15c/0x1c0
[  144.091616][ T3861]  __generic_file_write_iter+0x176/0x400
[  144.097342][ T3861]  generic_file_write_iter+0xab/0x310
[  144.102719][ T3861]  vfs_write+0x7dc/0xc50
[  144.106973][ T3861]  ? file_end_write+0x230/0x230
[  144.111821][ T3861]  ? ptrace_stop+0x74d/0x970
[  144.116434][ T3861]  ? _raw_spin_unlock_irq+0x2a/0x40
[  144.121641][ T3861]  ? __fdget_pos+0x252/0x2e0
[  144.126236][ T3861]  ksys_write+0x177/0x2a0
[  144.130571][ T3861]  ? __ia32_sys_read+0x80/0x80
[  144.135336][ T3861]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  144.141321][ T3861]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  144.147299][ T3861]  do_syscall_64+0x3d/0xb0
[  144.151715][ T3861]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  144.157604][ T3861] RIP: 0033:0x7f0fa5191c89
[  144.162018][ T3861] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  144.181623][ T3861] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  144.190031][ T3861] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  144.197998][ T3861] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  144.205965][ T3861] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3861] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3861] exit_group(0)               = ?
[pid  3861] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3861, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./214", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./214", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./214/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./214/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./214/binderfs")                = 0
umount2("./214/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./214/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./214/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./214/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./214/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./214/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./214")                          = 0
mkdir("./215", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
[  144.213937][ T3861] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  144.221902][ T3861] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000d6
[  144.229903][ T3861]  </TASK>
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3862
./strace-static-x86_64: Process 3862 attached
[pid  3862] chdir("./215")              = 0
[pid  3862] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3862] setpgid(0, 0)               = 0
[pid  3862] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3862] write(3, "1000", 4)         = 4
[pid  3862] close(3)                    = 0
[pid  3862] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3862] memfd_create("syzkaller", 0) = 3
[pid  3862] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3862] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3862] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3862] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3862] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3862] close(3)                    = 0
[pid  3862] mkdir("./file0", 0777)      = 0
[pid  3862] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3862] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3862] chdir("./file0")            = 0
[pid  3862] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3862] close(4)                    = 0
[pid  3862] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3862] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3862] write(5, "13", 2)           = 2
[  144.293603][ T3862] loop0: detected capacity change from 0 to 64
[  144.334409][ T3862] FAULT_INJECTION: forcing a failure.
[  144.334409][ T3862] name failslab, interval 1, probability 0, space 0, times 0
[  144.347466][ T3862] CPU: 1 PID: 3862 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  144.357925][ T3862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  144.368010][ T3862] Call Trace:
[  144.371303][ T3862]  <TASK>
[  144.374230][ T3862]  dump_stack_lvl+0x1b1/0x28e
[  144.378899][ T3862]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  144.384365][ T3862]  ? panic+0x710/0x710
[  144.388426][ T3862]  ? __might_sleep+0xc0/0xc0
[  144.393032][ T3862]  ? __mutex_lock_common+0x45f/0x26e0
[  144.398398][ T3862]  should_fail_ex+0x395/0x4c0
[  144.403070][ T3862]  ? hfs_find_init+0x8b/0x1e0
[  144.407752][ T3862]  should_failslab+0x5/0x20
[  144.412266][ T3862]  __kmem_cache_alloc_node+0x69/0x310
[  144.417647][ T3862]  ? hfs_find_init+0x8b/0x1e0
[  144.422323][ T3862]  __kmalloc+0x9e/0x1a0
[  144.426478][ T3862]  hfs_find_init+0x8b/0x1e0
[  144.430988][ T3862]  hfs_extend_file+0x2f8/0x1420
[  144.435853][ T3862]  ? hfs_get_block+0xbb0/0xbb0
[  144.440618][ T3862]  ? lru_cache_disable+0x30/0x30
[  144.445562][ T3862]  ? __might_sleep+0xc0/0xc0
[  144.450265][ T3862]  hfs_get_block+0x3fc/0xbb0
[  144.454876][ T3862]  ? hfs_free_extents+0x420/0x420
[  144.459899][ T3862]  ? do_raw_spin_unlock+0x134/0x8a0
[  144.465125][ T3862]  ? create_page_buffers+0x244/0x4b0
[  144.470419][ T3862]  __block_write_begin_int+0x54c/0x1a80
[  144.475979][ T3862]  ? hfs_free_extents+0x420/0x420
[  144.481023][ T3862]  ? page_zero_new_buffers+0x940/0x940
[  144.486505][ T3862]  ? PageHeadHuge+0x8a/0x1d0
[  144.491118][ T3862]  ? hfs_free_extents+0x420/0x420
[  144.496148][ T3862]  block_write_begin+0x93/0x1e0
[  144.500992][ T3862]  ? cont_write_begin+0x5e5/0x860
[  144.506009][ T3862]  ? hfs_free_extents+0x420/0x420
[  144.511028][ T3862]  cont_write_begin+0x606/0x860
[  144.515889][ T3862]  ? fault_in_readable+0x1d5/0x310
[  144.521014][ T3862]  ? generic_cont_expand_simple+0x250/0x250
[  144.526910][ T3862]  ? fault_in_readable+0x219/0x310
[  144.532032][ T3862]  ? fault_in_safe_writeable+0x240/0x240
[  144.537661][ T3862]  hfs_write_begin+0x86/0xd0
[  144.542241][ T3862]  ? hfs_free_extents+0x420/0x420
[  144.547255][ T3862]  generic_perform_write+0x2e4/0x5e0
[  144.552539][ T3862]  ? __block_commit_write+0x420/0x420
[  144.557905][ T3862]  ? generic_file_direct_write+0x610/0x610
[  144.563699][ T3862]  ? __file_remove_privs+0x6c0/0x6c0
[  144.568979][ T3862]  ? generic_write_checks+0x15c/0x1c0
[  144.574347][ T3862]  __generic_file_write_iter+0x176/0x400
[  144.579979][ T3862]  generic_file_write_iter+0xab/0x310
[  144.585344][ T3862]  vfs_write+0x7dc/0xc50
[  144.589583][ T3862]  ? file_end_write+0x230/0x230
[  144.594428][ T3862]  ? ptrace_stop+0x74d/0x970
[  144.599030][ T3862]  ? _raw_spin_unlock_irq+0x2a/0x40
[  144.604231][ T3862]  ? __fdget_pos+0x252/0x2e0
[  144.608816][ T3862]  ksys_write+0x177/0x2a0
[  144.613147][ T3862]  ? __ia32_sys_read+0x80/0x80
[  144.617913][ T3862]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  144.623901][ T3862]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  144.629871][ T3862]  do_syscall_64+0x3d/0xb0
[  144.634293][ T3862]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  144.640191][ T3862] RIP: 0033:0x7f0fa5191c89
[  144.644592][ T3862] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  144.664194][ T3862] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  144.672630][ T3862] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[pid  3862] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3862] exit_group(0)               = ?
[pid  3862] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3862, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./215", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./215", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./215/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./215/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./215/binderfs")                = 0
umount2("./215/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./215/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./215/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./215/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./215/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./215/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./215")                          = 0
mkdir("./216", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3863
./strace-static-x86_64: Process 3863 attached
[pid  3863] chdir("./216")              = 0
[pid  3863] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3863] setpgid(0, 0)               = 0
[pid  3863] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3863] write(3, "1000", 4)         = 4
[pid  3863] close(3)                    = 0
[pid  3863] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3863] memfd_create("syzkaller", 0) = 3
[pid  3863] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3863] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3863] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3863] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[  144.680589][ T3862] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  144.688548][ T3862] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  144.696532][ T3862] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  144.705810][ T3862] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000d7
[  144.713789][ T3862]  </TASK>
[pid  3863] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3863] close(3)                    = 0
[pid  3863] mkdir("./file0", 0777)      = 0
[pid  3863] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3863] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3863] chdir("./file0")            = 0
[pid  3863] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3863] close(4)                    = 0
[pid  3863] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3863] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3863] write(5, "13", 2)           = 2
[pid  3863] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid  3863] exit_group(0)               = ?
[pid  3863] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3863, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./216", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./216", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./216/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./216/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./216/binderfs")                = 0
umount2("./216/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./216/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./216/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./216/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./216/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./216/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./216")                          = 0
mkdir("./217", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3864
./strace-static-x86_64: Process 3864 attached
[  144.764287][ T3863] loop0: detected capacity change from 0 to 64
[pid  3864] chdir("./217")              = 0
[pid  3864] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3864] setpgid(0, 0)               = 0
[pid  3864] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3864] write(3, "1000", 4)         = 4
[pid  3864] close(3)                    = 0
[pid  3864] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3864] memfd_create("syzkaller", 0) = 3
[pid  3864] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3864] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3864] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3864] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3864] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3864] close(3)                    = 0
[pid  3864] mkdir("./file0", 0777)      = 0
[pid  3864] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3864] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3864] chdir("./file0")            = 0
[pid  3864] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3864] close(4)                    = 0
[pid  3864] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3864] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3864] write(5, "13", 2)           = 2
[  144.834969][ T3864] loop0: detected capacity change from 0 to 64
[  144.865229][ T3864] FAULT_INJECTION: forcing a failure.
[  144.865229][ T3864] name failslab, interval 1, probability 0, space 0, times 0
[  144.878403][ T3864] CPU: 0 PID: 3864 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  144.888811][ T3864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  144.898855][ T3864] Call Trace:
[  144.902122][ T3864]  <TASK>
[  144.905042][ T3864]  dump_stack_lvl+0x1b1/0x28e
[  144.909709][ T3864]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  144.915150][ T3864]  ? panic+0x710/0x710
[  144.919204][ T3864]  ? __might_sleep+0xc0/0xc0
[  144.923863][ T3864]  ? __mutex_lock_common+0x45f/0x26e0
[  144.929229][ T3864]  should_fail_ex+0x395/0x4c0
[  144.933902][ T3864]  ? hfs_find_init+0x8b/0x1e0
[  144.938585][ T3864]  should_failslab+0x5/0x20
[  144.943087][ T3864]  __kmem_cache_alloc_node+0x69/0x310
[  144.948466][ T3864]  ? hfs_find_init+0x8b/0x1e0
[  144.953229][ T3864]  __kmalloc+0x9e/0x1a0
[  144.957386][ T3864]  hfs_find_init+0x8b/0x1e0
[  144.961896][ T3864]  hfs_extend_file+0x2f8/0x1420
[  144.966751][ T3864]  ? hfs_get_block+0xbb0/0xbb0
[  144.971512][ T3864]  ? lru_cache_disable+0x30/0x30
[  144.976450][ T3864]  ? __might_sleep+0xc0/0xc0
[  144.981053][ T3864]  hfs_get_block+0x3fc/0xbb0
[  144.985653][ T3864]  ? hfs_free_extents+0x420/0x420
[  144.990673][ T3864]  ? do_raw_spin_unlock+0x134/0x8a0
[  144.995879][ T3864]  ? create_page_buffers+0x244/0x4b0
[  145.001169][ T3864]  __block_write_begin_int+0x54c/0x1a80
[  145.006733][ T3864]  ? hfs_free_extents+0x420/0x420
[  145.011762][ T3864]  ? page_zero_new_buffers+0x940/0x940
[  145.017219][ T3864]  ? PageHeadHuge+0x8a/0x1d0
[  145.022341][ T3864]  ? hfs_free_extents+0x420/0x420
[  145.027361][ T3864]  block_write_begin+0x93/0x1e0
[  145.032209][ T3864]  ? cont_write_begin+0x5e5/0x860
[  145.037330][ T3864]  ? hfs_free_extents+0x420/0x420
[  145.042348][ T3864]  cont_write_begin+0x606/0x860
[  145.047204][ T3864]  ? fault_in_readable+0x1d5/0x310
[  145.052317][ T3864]  ? generic_cont_expand_simple+0x250/0x250
[  145.058206][ T3864]  ? fault_in_readable+0x219/0x310
[  145.063316][ T3864]  ? fault_in_safe_writeable+0x240/0x240
[  145.068953][ T3864]  hfs_write_begin+0x86/0xd0
[  145.073535][ T3864]  ? hfs_free_extents+0x420/0x420
[  145.078648][ T3864]  generic_perform_write+0x2e4/0x5e0
[  145.083939][ T3864]  ? __block_commit_write+0x420/0x420
[  145.089320][ T3864]  ? generic_file_direct_write+0x610/0x610
[  145.095124][ T3864]  ? __file_remove_privs+0x6c0/0x6c0
[  145.100407][ T3864]  ? generic_write_checks+0x15c/0x1c0
[  145.105787][ T3864]  __generic_file_write_iter+0x176/0x400
[  145.111422][ T3864]  generic_file_write_iter+0xab/0x310
[  145.116796][ T3864]  vfs_write+0x7dc/0xc50
[  145.121045][ T3864]  ? file_end_write+0x230/0x230
[  145.125896][ T3864]  ? ptrace_stop+0x74d/0x970
[  145.130493][ T3864]  ? _raw_spin_unlock_irq+0x2a/0x40
[  145.135694][ T3864]  ? __fdget_pos+0x252/0x2e0
[  145.140290][ T3864]  ksys_write+0x177/0x2a0
[  145.144621][ T3864]  ? __ia32_sys_read+0x80/0x80
[  145.149384][ T3864]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  145.155365][ T3864]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  145.161346][ T3864]  do_syscall_64+0x3d/0xb0
[  145.165757][ T3864]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  145.171644][ T3864] RIP: 0033:0x7f0fa5191c89
[  145.176055][ T3864] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  145.195673][ T3864] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  145.204105][ T3864] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  145.212082][ T3864] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  145.220049][ T3864] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  145.228018][ T3864] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  3864] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3864] exit_group(0)               = ?
[pid  3864] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3864, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./217", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./217", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./217/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./217/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./217/binderfs")                = 0
umount2("./217/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./217/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./217/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./217/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./217/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./217/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./217")                          = 0
mkdir("./218", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3865
./strace-static-x86_64: Process 3865 attached
[pid  3865] chdir("./218")              = 0
[pid  3865] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3865] setpgid(0, 0)               = 0
[pid  3865] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3865] write(3, "1000", 4)         = 4
[pid  3865] close(3)                    = 0
[pid  3865] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3865] memfd_create("syzkaller", 0) = 3
[pid  3865] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3865] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3865] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3865] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[  145.235984][ T3864] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000d9
[  145.243986][ T3864]  </TASK>
[pid  3865] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3865] close(3)                    = 0
[pid  3865] mkdir("./file0", 0777)      = 0
[pid  3865] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3865] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3865] chdir("./file0")            = 0
[pid  3865] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3865] close(4)                    = 0
[pid  3865] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3865] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3865] write(5, "13", 2)           = 2
[  145.295045][ T3865] loop0: detected capacity change from 0 to 64
[  145.316586][ T3865] FAULT_INJECTION: forcing a failure.
[  145.316586][ T3865] name failslab, interval 1, probability 0, space 0, times 0
[  145.329290][ T3865] CPU: 1 PID: 3865 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  145.339718][ T3865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  145.349770][ T3865] Call Trace:
[  145.353048][ T3865]  <TASK>
[  145.355980][ T3865]  dump_stack_lvl+0x1b1/0x28e
[  145.361272][ T3865]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  145.366731][ T3865]  ? panic+0x710/0x710
[  145.370801][ T3865]  ? __might_sleep+0xc0/0xc0
[  145.375393][ T3865]  ? __mutex_lock_common+0x45f/0x26e0
[  145.380770][ T3865]  should_fail_ex+0x395/0x4c0
[  145.385456][ T3865]  ? hfs_find_init+0x8b/0x1e0
[  145.390136][ T3865]  should_failslab+0x5/0x20
[  145.394637][ T3865]  __kmem_cache_alloc_node+0x69/0x310
[  145.400005][ T3865]  ? rcu_lock_release+0x5/0x20
[  145.404769][ T3865]  ? hfs_find_init+0x8b/0x1e0
[  145.409452][ T3865]  __kmalloc+0x9e/0x1a0
[  145.413610][ T3865]  hfs_find_init+0x8b/0x1e0
[  145.418118][ T3865]  hfs_extend_file+0x2f8/0x1420
[  145.422963][ T3865]  ? xas_find+0x937/0xa60
[  145.427305][ T3865]  ? hfs_get_block+0xbb0/0xbb0
[  145.432065][ T3865]  ? filemap_get_folios+0x557/0x830
[  145.437268][ T3865]  ? find_lock_entries+0xf60/0xf60
[  145.442385][ T3865]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  145.448287][ T3865]  hfs_get_block+0x3fc/0xbb0
[  145.452894][ T3865]  ? hfs_free_extents+0x420/0x420
[  145.457912][ T3865]  ? do_raw_spin_unlock+0x134/0x8a0
[  145.463124][ T3865]  ? create_page_buffers+0x244/0x4b0
[  145.468415][ T3865]  __block_write_begin_int+0x54c/0x1a80
[  145.473981][ T3865]  ? hfs_free_extents+0x420/0x420
[  145.479001][ T3865]  ? page_zero_new_buffers+0x940/0x940
[  145.484459][ T3865]  ? PageHeadHuge+0x8a/0x1d0
[  145.489050][ T3865]  ? hfs_free_extents+0x420/0x420
[  145.494070][ T3865]  block_write_begin+0x93/0x1e0
[  145.498921][ T3865]  ? cont_write_begin+0x5e5/0x860
[  145.503947][ T3865]  ? hfs_free_extents+0x420/0x420
[  145.508969][ T3865]  cont_write_begin+0x606/0x860
[  145.513826][ T3865]  ? fault_in_readable+0x1d5/0x310
[  145.518938][ T3865]  ? generic_cont_expand_simple+0x250/0x250
[  145.524830][ T3865]  ? fault_in_readable+0x219/0x310
[  145.529940][ T3865]  ? fault_in_safe_writeable+0x240/0x240
[  145.535578][ T3865]  hfs_write_begin+0x86/0xd0
[  145.540163][ T3865]  ? hfs_free_extents+0x420/0x420
[  145.545186][ T3865]  generic_perform_write+0x2e4/0x5e0
[  145.550479][ T3865]  ? __block_commit_write+0x420/0x420
[  145.555854][ T3865]  ? generic_file_direct_write+0x610/0x610
[  145.561660][ T3865]  ? __file_remove_privs+0x6c0/0x6c0
[  145.566947][ T3865]  ? generic_write_checks+0x15c/0x1c0
[  145.572412][ T3865]  __generic_file_write_iter+0x176/0x400
[  145.578054][ T3865]  generic_file_write_iter+0xab/0x310
[  145.583431][ T3865]  vfs_write+0x7dc/0xc50
[  145.587681][ T3865]  ? file_end_write+0x230/0x230
[  145.592534][ T3865]  ? ptrace_stop+0x74d/0x970
[  145.597146][ T3865]  ? _raw_spin_unlock_irq+0x2a/0x40
[  145.602357][ T3865]  ? __fdget_pos+0x252/0x2e0
[  145.606949][ T3865]  ksys_write+0x177/0x2a0
[  145.611278][ T3865]  ? __ia32_sys_read+0x80/0x80
[  145.616049][ T3865]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  145.622031][ T3865]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  145.628010][ T3865]  do_syscall_64+0x3d/0xb0
[  145.632424][ T3865]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  145.638312][ T3865] RIP: 0033:0x7f0fa5191c89
[  145.642722][ T3865] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  145.662321][ T3865] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  145.670729][ T3865] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  145.678719][ T3865] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  145.686683][ T3865] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3865] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3865] exit_group(0)               = ?
[pid  3865] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3865, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./218", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./218", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./218/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./218/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./218/binderfs")                = 0
umount2("./218/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./218/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./218/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./218/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./218/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./218/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./218")                          = 0
mkdir("./219", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3866
./strace-static-x86_64: Process 3866 attached
[pid  3866] chdir("./219")              = 0
[pid  3866] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3866] setpgid(0, 0)               = 0
[pid  3866] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[  145.694646][ T3865] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  145.702608][ T3865] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000da
[  145.710589][ T3865]  </TASK>
[pid  3866] write(3, "1000", 4)         = 4
[pid  3866] close(3)                    = 0
[pid  3866] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3866] memfd_create("syzkaller", 0) = 3
[pid  3866] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3866] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3866] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3866] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3866] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3866] close(3)                    = 0
[pid  3866] mkdir("./file0", 0777)      = 0
[pid  3866] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3866] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3866] chdir("./file0")            = 0
[pid  3866] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3866] close(4)                    = 0
[pid  3866] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3866] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3866] write(5, "13", 2)           = 2
[  145.764971][ T3866] loop0: detected capacity change from 0 to 64
[  145.795943][ T3866] FAULT_INJECTION: forcing a failure.
[  145.795943][ T3866] name failslab, interval 1, probability 0, space 0, times 0
[  145.808649][ T3866] CPU: 1 PID: 3866 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  145.819056][ T3866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  145.829103][ T3866] Call Trace:
[  145.832393][ T3866]  <TASK>
[  145.835322][ T3866]  dump_stack_lvl+0x1b1/0x28e
[  145.840001][ T3866]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  145.845455][ T3866]  ? panic+0x710/0x710
[  145.849545][ T3866]  ? __might_sleep+0xc0/0xc0
[  145.854131][ T3866]  ? __mutex_lock_common+0x45f/0x26e0
[  145.859510][ T3866]  should_fail_ex+0x395/0x4c0
[  145.864191][ T3866]  ? hfs_find_init+0x8b/0x1e0
[  145.868869][ T3866]  should_failslab+0x5/0x20
[  145.873371][ T3866]  __kmem_cache_alloc_node+0x69/0x310
[  145.878748][ T3866]  ? hfs_find_init+0x8b/0x1e0
[  145.883428][ T3866]  __kmalloc+0x9e/0x1a0
[  145.887592][ T3866]  hfs_find_init+0x8b/0x1e0
[  145.892101][ T3866]  hfs_extend_file+0x2f8/0x1420
[  145.896960][ T3866]  ? hfs_get_block+0xbb0/0xbb0
[  145.901725][ T3866]  ? lru_cache_disable+0x30/0x30
[  145.906666][ T3866]  ? __might_sleep+0xc0/0xc0
[  145.911277][ T3866]  hfs_get_block+0x3fc/0xbb0
[  145.915875][ T3866]  ? hfs_free_extents+0x420/0x420
[  145.920894][ T3866]  ? do_raw_spin_unlock+0x134/0x8a0
[  145.926100][ T3866]  ? create_page_buffers+0x244/0x4b0
[  145.931387][ T3866]  __block_write_begin_int+0x54c/0x1a80
[  145.936956][ T3866]  ? hfs_free_extents+0x420/0x420
[  145.941990][ T3866]  ? page_zero_new_buffers+0x940/0x940
[  145.947451][ T3866]  ? PageHeadHuge+0x8a/0x1d0
[  145.952133][ T3866]  ? hfs_free_extents+0x420/0x420
[  145.957168][ T3866]  block_write_begin+0x93/0x1e0
[  145.962021][ T3866]  ? cont_write_begin+0x5e5/0x860
[  145.967045][ T3866]  ? hfs_free_extents+0x420/0x420
[  145.972065][ T3866]  cont_write_begin+0x606/0x860
[  145.976923][ T3866]  ? fault_in_readable+0x1d5/0x310
[  145.982041][ T3866]  ? generic_cont_expand_simple+0x250/0x250
[  145.987935][ T3866]  ? fault_in_readable+0x219/0x310
[  145.993070][ T3866]  ? fault_in_safe_writeable+0x240/0x240
[  145.998708][ T3866]  hfs_write_begin+0x86/0xd0
[  146.003293][ T3866]  ? hfs_free_extents+0x420/0x420
[  146.008316][ T3866]  generic_perform_write+0x2e4/0x5e0
[  146.013608][ T3866]  ? __block_commit_write+0x420/0x420
[  146.019013][ T3866]  ? generic_file_direct_write+0x610/0x610
[  146.024814][ T3866]  ? __file_remove_privs+0x6c0/0x6c0
[  146.030099][ T3866]  ? generic_write_checks+0x15c/0x1c0
[  146.035481][ T3866]  __generic_file_write_iter+0x176/0x400
[  146.041130][ T3866]  generic_file_write_iter+0xab/0x310
[  146.046503][ T3866]  vfs_write+0x7dc/0xc50
[  146.050756][ T3866]  ? file_end_write+0x230/0x230
[  146.055606][ T3866]  ? ptrace_stop+0x74d/0x970
[  146.060205][ T3866]  ? _raw_spin_unlock_irq+0x2a/0x40
[  146.065413][ T3866]  ? __fdget_pos+0x252/0x2e0
[  146.070009][ T3866]  ksys_write+0x177/0x2a0
[  146.074367][ T3866]  ? __ia32_sys_read+0x80/0x80
[  146.079138][ T3866]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  146.085125][ T3866]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  146.091113][ T3866]  do_syscall_64+0x3d/0xb0
[  146.095531][ T3866]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  146.101419][ T3866] RIP: 0033:0x7f0fa5191c89
[  146.105840][ T3866] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  146.125442][ T3866] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  146.133853][ T3866] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  146.141819][ T3866] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  146.149785][ T3866] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  146.157752][ T3866] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  3866] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3866] exit_group(0)               = ?
[pid  3866] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3866, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./219", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./219", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./219/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./219/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./219/binderfs")                = 0
umount2("./219/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./219/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./219/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./219/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./219/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./219/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./219")                          = 0
mkdir("./220", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3867
./strace-static-x86_64: Process 3867 attached
[pid  3867] chdir("./220")              = 0
[pid  3867] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3867] setpgid(0, 0)               = 0
[pid  3867] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3867] write(3, "1000", 4)         = 4
[pid  3867] close(3)                    = 0
[pid  3867] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3867] memfd_create("syzkaller", 0) = 3
[pid  3867] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3867] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3867] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[  146.165735][ T3866] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000db
[  146.173715][ T3866]  </TASK>
[pid  3867] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3867] close(3)                    = 0
[pid  3867] mkdir("./file0", 0777)      = 0
[pid  3867] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3867] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3867] chdir("./file0")            = 0
[pid  3867] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3867] close(4)                    = 0
[pid  3867] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3867] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3867] write(5, "13", 2)           = 2
[  146.227078][ T3867] loop0: detected capacity change from 0 to 64
[  146.254432][ T3867] FAULT_INJECTION: forcing a failure.
[  146.254432][ T3867] name failslab, interval 1, probability 0, space 0, times 0
[  146.267560][ T3867] CPU: 1 PID: 3867 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  146.278009][ T3867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  146.288078][ T3867] Call Trace:
[  146.291359][ T3867]  <TASK>
[  146.294286][ T3867]  dump_stack_lvl+0x1b1/0x28e
[  146.298966][ T3867]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  146.304418][ T3867]  ? panic+0x710/0x710
[  146.308488][ T3867]  ? __might_sleep+0xc0/0xc0
[  146.313076][ T3867]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[  146.319057][ T3867]  should_fail_ex+0x395/0x4c0
[  146.323740][ T3867]  ? hfs_find_init+0x8b/0x1e0
[  146.328419][ T3867]  should_failslab+0x5/0x20
[  146.332951][ T3867]  __kmem_cache_alloc_node+0x69/0x310
[  146.338320][ T3867]  ? asm_sysvec_reschedule_ipi+0x16/0x20
[  146.343972][ T3867]  ? lockdep_hardirqs_on+0x8d/0x130
[  146.349208][ T3867]  ? hfs_find_init+0x8b/0x1e0
[  146.353985][ T3867]  __kmalloc+0x9e/0x1a0
[  146.358156][ T3867]  hfs_find_init+0x8b/0x1e0
[  146.362690][ T3867]  hfs_extend_file+0x2f8/0x1420
[  146.367578][ T3867]  ? hfs_get_block+0xbb0/0xbb0
[  146.372372][ T3867]  ? lru_cache_disable+0x30/0x30
[  146.377313][ T3867]  ? __might_sleep+0xc0/0xc0
[  146.381918][ T3867]  hfs_get_block+0x3fc/0xbb0
[  146.386520][ T3867]  ? hfs_free_extents+0x420/0x420
[  146.391540][ T3867]  ? do_raw_spin_unlock+0x134/0x8a0
[  146.396742][ T3867]  ? create_page_buffers+0x244/0x4b0
[  146.402031][ T3867]  __block_write_begin_int+0x54c/0x1a80
[  146.407607][ T3867]  ? hfs_free_extents+0x420/0x420
[  146.412627][ T3867]  ? page_zero_new_buffers+0x940/0x940
[  146.418086][ T3867]  ? PageHeadHuge+0x8a/0x1d0
[  146.422678][ T3867]  ? hfs_free_extents+0x420/0x420
[  146.427710][ T3867]  block_write_begin+0x93/0x1e0
[  146.432646][ T3867]  ? cont_write_begin+0x5e5/0x860
[  146.437669][ T3867]  ? hfs_free_extents+0x420/0x420
[  146.442694][ T3867]  cont_write_begin+0x606/0x860
[  146.447551][ T3867]  ? fault_in_readable+0x1d5/0x310
[  146.452663][ T3867]  ? generic_cont_expand_simple+0x250/0x250
[  146.459333][ T3867]  ? fault_in_readable+0x219/0x310
[  146.464443][ T3867]  ? fault_in_safe_writeable+0x240/0x240
[  146.470080][ T3867]  hfs_write_begin+0x86/0xd0
[  146.474667][ T3867]  ? hfs_free_extents+0x420/0x420
[  146.479691][ T3867]  generic_perform_write+0x2e4/0x5e0
[  146.484985][ T3867]  ? __block_commit_write+0x420/0x420
[  146.490360][ T3867]  ? generic_file_direct_write+0x610/0x610
[  146.496165][ T3867]  ? __file_remove_privs+0x6c0/0x6c0
[  146.501450][ T3867]  ? generic_write_checks+0x15c/0x1c0
[  146.506839][ T3867]  __generic_file_write_iter+0x176/0x400
[  146.512474][ T3867]  generic_file_write_iter+0xab/0x310
[  146.517857][ T3867]  vfs_write+0x7dc/0xc50
[  146.522108][ T3867]  ? file_end_write+0x230/0x230
[  146.526957][ T3867]  ? ptrace_stop+0x74d/0x970
[  146.531553][ T3867]  ? _raw_spin_unlock_irq+0x2a/0x40
[  146.536755][ T3867]  ? __fdget_pos+0x252/0x2e0
[  146.541348][ T3867]  ksys_write+0x177/0x2a0
[  146.545683][ T3867]  ? __ia32_sys_read+0x80/0x80
[  146.550447][ T3867]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  146.556426][ T3867]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  146.562405][ T3867]  do_syscall_64+0x3d/0xb0
[  146.566825][ T3867]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  146.572712][ T3867] RIP: 0033:0x7f0fa5191c89
[  146.577122][ T3867] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  146.596725][ T3867] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  146.605137][ T3867] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  146.613192][ T3867] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid  3867] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3867] exit_group(0)               = ?
[pid  3867] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3867, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./220", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./220", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./220/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./220/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./220/binderfs")                = 0
umount2("./220/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./220/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./220/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./220/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./220/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./220/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./220")                          = 0
mkdir("./221", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3868 attached
[  146.621159][ T3867] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  146.629128][ T3867] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  146.637094][ T3867] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000dc
[  146.645077][ T3867]  </TASK>
 <unfinished ...>
[pid  3868] chdir("./221" <unfinished ...>
[pid  3638] <... clone resumed>, child_tidptr=0x555555b7f5d0) = 3868
[pid  3868] <... chdir resumed>)        = 0
[pid  3868] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3868] setpgid(0, 0)               = 0
[pid  3868] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3868] write(3, "1000", 4)         = 4
[pid  3868] close(3)                    = 0
[pid  3868] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3868] memfd_create("syzkaller", 0) = 3
[pid  3868] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3868] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3868] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3868] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3868] close(3)                    = 0
[pid  3868] mkdir("./file0", 0777)      = 0
[pid  3868] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3868] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3868] chdir("./file0")            = 0
[pid  3868] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3868] close(4)                    = 0
[pid  3868] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3868] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3868] write(5, "13", 2)           = 2
[  146.703401][ T3868] loop0: detected capacity change from 0 to 64
[  146.727876][ T3868] FAULT_INJECTION: forcing a failure.
[  146.727876][ T3868] name failslab, interval 1, probability 0, space 0, times 0
[  146.740769][ T3868] CPU: 1 PID: 3868 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  146.751212][ T3868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  146.761270][ T3868] Call Trace:
[  146.764550][ T3868]  <TASK>
[  146.767482][ T3868]  dump_stack_lvl+0x1b1/0x28e
[  146.772164][ T3868]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  146.777621][ T3868]  ? panic+0x710/0x710
[  146.781692][ T3868]  ? __might_sleep+0xc0/0xc0
[  146.786288][ T3868]  ? __mutex_lock_common+0x45f/0x26e0
[  146.791666][ T3868]  should_fail_ex+0x395/0x4c0
[  146.796351][ T3868]  ? hfs_find_init+0x8b/0x1e0
[  146.801035][ T3868]  should_failslab+0x5/0x20
[  146.805540][ T3868]  __kmem_cache_alloc_node+0x69/0x310
[  146.810911][ T3868]  ? rcu_lock_release+0x5/0x20
[  146.815677][ T3868]  ? hfs_find_init+0x8b/0x1e0
[  146.820354][ T3868]  __kmalloc+0x9e/0x1a0
[  146.824516][ T3868]  hfs_find_init+0x8b/0x1e0
[  146.829023][ T3868]  hfs_extend_file+0x2f8/0x1420
[  146.833871][ T3868]  ? xas_find+0x937/0xa60
[  146.838215][ T3868]  ? hfs_get_block+0xbb0/0xbb0
[  146.842973][ T3868]  ? filemap_get_folios+0x557/0x830
[  146.848177][ T3868]  ? find_lock_entries+0xf60/0xf60
[  146.853315][ T3868]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  146.859227][ T3868]  hfs_get_block+0x3fc/0xbb0
[  146.863829][ T3868]  ? hfs_free_extents+0x420/0x420
[  146.868853][ T3868]  ? do_raw_spin_unlock+0x134/0x8a0
[  146.874061][ T3868]  ? create_page_buffers+0x244/0x4b0
[  146.879352][ T3868]  __block_write_begin_int+0x54c/0x1a80
[  146.884920][ T3868]  ? hfs_free_extents+0x420/0x420
[  146.889943][ T3868]  ? page_zero_new_buffers+0x940/0x940
[  146.895409][ T3868]  ? PageHeadHuge+0x8a/0x1d0
[  146.900006][ T3868]  ? hfs_free_extents+0x420/0x420
[  146.905029][ T3868]  block_write_begin+0x93/0x1e0
[  146.909882][ T3868]  ? cont_write_begin+0x5e5/0x860
[  146.914909][ T3868]  ? hfs_free_extents+0x420/0x420
[  146.919934][ T3868]  cont_write_begin+0x606/0x860
[  146.924794][ T3868]  ? fault_in_readable+0x1d5/0x310
[  146.929911][ T3868]  ? generic_cont_expand_simple+0x250/0x250
[  146.935805][ T3868]  ? fault_in_readable+0x219/0x310
[  146.940918][ T3868]  ? fault_in_safe_writeable+0x240/0x240
[  146.946562][ T3868]  hfs_write_begin+0x86/0xd0
[  146.951237][ T3868]  ? hfs_free_extents+0x420/0x420
[  146.956262][ T3868]  generic_perform_write+0x2e4/0x5e0
[  146.961555][ T3868]  ? __block_commit_write+0x420/0x420
[  146.967016][ T3868]  ? generic_file_direct_write+0x610/0x610
[  146.972821][ T3868]  ? __file_remove_privs+0x6c0/0x6c0
[  146.978109][ T3868]  ? generic_write_checks+0x15c/0x1c0
[  146.983491][ T3868]  __generic_file_write_iter+0x176/0x400
[  146.989156][ T3868]  generic_file_write_iter+0xab/0x310
[  146.994533][ T3868]  vfs_write+0x7dc/0xc50
[  146.998789][ T3868]  ? file_end_write+0x230/0x230
[  147.003641][ T3868]  ? ptrace_stop+0x74d/0x970
[  147.008243][ T3868]  ? _raw_spin_unlock_irq+0x2a/0x40
[  147.013448][ T3868]  ? __fdget_pos+0x252/0x2e0
[  147.018044][ T3868]  ksys_write+0x177/0x2a0
[  147.022378][ T3868]  ? __ia32_sys_read+0x80/0x80
[  147.027144][ T3868]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  147.033129][ T3868]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  147.039115][ T3868]  do_syscall_64+0x3d/0xb0
[  147.043530][ T3868]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  147.049419][ T3868] RIP: 0033:0x7f0fa5191c89
[  147.053833][ T3868] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  147.073436][ T3868] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  147.081851][ T3868] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  147.089819][ T3868] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid  3868] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3868] exit_group(0)               = ?
[pid  3868] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3868, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./221", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./221", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./221/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./221/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./221/binderfs")                = 0
umount2("./221/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./221/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./221/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./221/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./221/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./221/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./221")                          = 0
mkdir("./222", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3869 attached
, child_tidptr=0x555555b7f5d0) = 3869
[pid  3869] chdir("./222")              = 0
[pid  3869] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[  147.097877][ T3868] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  147.105861][ T3868] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  147.113830][ T3868] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000dd
[  147.121815][ T3868]  </TASK>
[pid  3869] setpgid(0, 0)               = 0
[pid  3869] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3869] write(3, "1000", 4)         = 4
[pid  3869] close(3)                    = 0
[pid  3869] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3869] memfd_create("syzkaller", 0) = 3
[pid  3869] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3869] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3869] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3869] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3869] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3869] close(3)                    = 0
[pid  3869] mkdir("./file0", 0777)      = 0
[pid  3869] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3869] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3869] chdir("./file0")            = 0
[pid  3869] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3869] close(4)                    = 0
[pid  3869] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3869] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3869] write(5, "13", 2)           = 2
[  147.177526][ T3869] loop0: detected capacity change from 0 to 64
[  147.197377][ T3869] FAULT_INJECTION: forcing a failure.
[  147.197377][ T3869] name failslab, interval 1, probability 0, space 0, times 0
[  147.210628][ T3869] CPU: 0 PID: 3869 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  147.221076][ T3869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  147.231127][ T3869] Call Trace:
[  147.234402][ T3869]  <TASK>
[  147.237322][ T3869]  dump_stack_lvl+0x1b1/0x28e
[  147.241999][ T3869]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  147.247466][ T3869]  ? panic+0x710/0x710
[  147.251529][ T3869]  ? __might_sleep+0xc0/0xc0
[  147.256108][ T3869]  ? __mutex_lock_common+0x45f/0x26e0
[  147.261478][ T3869]  should_fail_ex+0x395/0x4c0
[  147.266152][ T3869]  ? hfs_find_init+0x8b/0x1e0
[  147.270840][ T3869]  should_failslab+0x5/0x20
[  147.275350][ T3869]  __kmem_cache_alloc_node+0x69/0x310
[  147.280723][ T3869]  ? rcu_lock_release+0x5/0x20
[  147.285500][ T3869]  ? hfs_find_init+0x8b/0x1e0
[  147.290182][ T3869]  __kmalloc+0x9e/0x1a0
[  147.294366][ T3869]  hfs_find_init+0x8b/0x1e0
[  147.298884][ T3869]  hfs_extend_file+0x2f8/0x1420
[  147.303732][ T3869]  ? xas_find+0x937/0xa60
[  147.308079][ T3869]  ? hfs_get_block+0xbb0/0xbb0
[  147.312851][ T3869]  ? filemap_get_folios+0x557/0x830
[  147.318046][ T3869]  ? find_lock_entries+0xf60/0xf60
[  147.323156][ T3869]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  147.329066][ T3869]  hfs_get_block+0x3fc/0xbb0
[  147.333666][ T3869]  ? hfs_free_extents+0x420/0x420
[  147.338766][ T3869]  ? do_raw_spin_unlock+0x134/0x8a0
[  147.343976][ T3869]  ? create_page_buffers+0x244/0x4b0
[  147.349273][ T3869]  __block_write_begin_int+0x54c/0x1a80
[  147.354845][ T3869]  ? hfs_free_extents+0x420/0x420
[  147.359860][ T3869]  ? page_zero_new_buffers+0x940/0x940
[  147.365316][ T3869]  ? PageHeadHuge+0x8a/0x1d0
[  147.369902][ T3869]  ? hfs_free_extents+0x420/0x420
[  147.374914][ T3869]  block_write_begin+0x93/0x1e0
[  147.379768][ T3869]  ? cont_write_begin+0x5e5/0x860
[  147.384805][ T3869]  ? hfs_free_extents+0x420/0x420
[  147.389822][ T3869]  cont_write_begin+0x606/0x860
[  147.394675][ T3869]  ? fault_in_readable+0x1d5/0x310
[  147.399779][ T3869]  ? generic_cont_expand_simple+0x250/0x250
[  147.405663][ T3869]  ? fault_in_readable+0x219/0x310
[  147.410775][ T3869]  ? fault_in_safe_writeable+0x240/0x240
[  147.416424][ T3869]  hfs_write_begin+0x86/0xd0
[  147.421014][ T3869]  ? hfs_free_extents+0x420/0x420
[  147.426052][ T3869]  generic_perform_write+0x2e4/0x5e0
[  147.431334][ T3869]  ? __block_commit_write+0x420/0x420
[  147.436700][ T3869]  ? generic_file_direct_write+0x610/0x610
[  147.442499][ T3869]  ? __file_remove_privs+0x6c0/0x6c0
[  147.447779][ T3869]  ? generic_write_checks+0x15c/0x1c0
[  147.453151][ T3869]  __generic_file_write_iter+0x176/0x400
[  147.458783][ T3869]  generic_file_write_iter+0xab/0x310
[  147.464152][ T3869]  vfs_write+0x7dc/0xc50
[  147.468412][ T3869]  ? file_end_write+0x230/0x230
[  147.473265][ T3869]  ? ptrace_stop+0x74d/0x970
[  147.477901][ T3869]  ? _raw_spin_unlock_irq+0x2a/0x40
[  147.483131][ T3869]  ? __fdget_pos+0x252/0x2e0
[  147.487737][ T3869]  ksys_write+0x177/0x2a0
[  147.492090][ T3869]  ? __ia32_sys_read+0x80/0x80
[  147.496851][ T3869]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  147.502844][ T3869]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  147.508839][ T3869]  do_syscall_64+0x3d/0xb0
[  147.513253][ T3869]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  147.519152][ T3869] RIP: 0033:0x7f0fa5191c89
[  147.523571][ T3869] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  147.543193][ T3869] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  147.551615][ T3869] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  147.559594][ T3869] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  147.567574][ T3869] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3869] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3869] exit_group(0)               = ?
[pid  3869] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3869, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./222", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./222", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./222/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./222/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./222/binderfs")                = 0
umount2("./222/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./222/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./222/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./222/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./222/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./222/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./222")                          = 0
mkdir("./223", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3870
./strace-static-x86_64: Process 3870 attached
[pid  3870] chdir("./223")              = 0
[pid  3870] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3870] setpgid(0, 0)               = 0
[pid  3870] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3870] write(3, "1000", 4)         = 4
[pid  3870] close(3)                    = 0
[pid  3870] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3870] memfd_create("syzkaller", 0) = 3
[pid  3870] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[  147.575542][ T3869] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  147.583511][ T3869] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000de
[  147.591491][ T3869]  </TASK>
[pid  3870] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3870] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3870] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3870] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3870] close(3)                    = 0
[pid  3870] mkdir("./file0", 0777)      = 0
[pid  3870] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3870] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3870] chdir("./file0")            = 0
[pid  3870] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3870] close(4)                    = 0
[pid  3870] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3870] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3870] write(5, "13", 2)           = 2
[  147.642787][ T3870] loop0: detected capacity change from 0 to 64
[  147.669287][ T3870] FAULT_INJECTION: forcing a failure.
[  147.669287][ T3870] name failslab, interval 1, probability 0, space 0, times 0
[  147.682324][ T3870] CPU: 0 PID: 3870 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  147.692734][ T3870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  147.702777][ T3870] Call Trace:
[  147.706044][ T3870]  <TASK>
[  147.708962][ T3870]  dump_stack_lvl+0x1b1/0x28e
[  147.713637][ T3870]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  147.719104][ T3870]  ? panic+0x710/0x710
[  147.723247][ T3870]  ? __might_sleep+0xc0/0xc0
[  147.727824][ T3870]  ? __mutex_lock_common+0x45f/0x26e0
[  147.733187][ T3870]  should_fail_ex+0x395/0x4c0
[  147.737855][ T3870]  ? hfs_find_init+0x8b/0x1e0
[  147.742526][ T3870]  should_failslab+0x5/0x20
[  147.747022][ T3870]  __kmem_cache_alloc_node+0x69/0x310
[  147.752388][ T3870]  ? hfs_find_init+0x8b/0x1e0
[  147.757053][ T3870]  __kmalloc+0x9e/0x1a0
[  147.761201][ T3870]  hfs_find_init+0x8b/0x1e0
[  147.765699][ T3870]  hfs_extend_file+0x2f8/0x1420
[  147.770544][ T3870]  ? hfs_get_block+0xbb0/0xbb0
[  147.775296][ T3870]  ? lru_cache_disable+0x30/0x30
[  147.780223][ T3870]  ? __might_sleep+0xc0/0xc0
[  147.784815][ T3870]  hfs_get_block+0x3fc/0xbb0
[  147.789402][ T3870]  ? hfs_free_extents+0x420/0x420
[  147.794414][ T3870]  ? do_raw_spin_unlock+0x134/0x8a0
[  147.799606][ T3870]  ? create_page_buffers+0x244/0x4b0
[  147.804883][ T3870]  __block_write_begin_int+0x54c/0x1a80
[  147.810436][ T3870]  ? hfs_free_extents+0x420/0x420
[  147.815446][ T3870]  ? page_zero_new_buffers+0x940/0x940
[  147.820891][ T3870]  ? PageHeadHuge+0x8a/0x1d0
[  147.825471][ T3870]  ? hfs_free_extents+0x420/0x420
[  147.830482][ T3870]  block_write_begin+0x93/0x1e0
[  147.835318][ T3870]  ? cont_write_begin+0x5e5/0x860
[  147.840329][ T3870]  ? hfs_free_extents+0x420/0x420
[  147.845339][ T3870]  cont_write_begin+0x606/0x860
[  147.850186][ T3870]  ? fault_in_readable+0x1d5/0x310
[  147.855287][ T3870]  ? generic_cont_expand_simple+0x250/0x250
[  147.861167][ T3870]  ? fault_in_readable+0x219/0x310
[  147.866269][ T3870]  ? fault_in_safe_writeable+0x240/0x240
[  147.871897][ T3870]  hfs_write_begin+0x86/0xd0
[  147.876476][ T3870]  ? hfs_free_extents+0x420/0x420
[  147.881489][ T3870]  generic_perform_write+0x2e4/0x5e0
[  147.886768][ T3870]  ? __block_commit_write+0x420/0x420
[  147.892134][ T3870]  ? generic_file_direct_write+0x610/0x610
[  147.897927][ T3870]  ? __file_remove_privs+0x6c0/0x6c0
[  147.903203][ T3870]  ? generic_write_checks+0x15c/0x1c0
[  147.908571][ T3870]  __generic_file_write_iter+0x176/0x400
[  147.914198][ T3870]  generic_file_write_iter+0xab/0x310
[  147.919560][ T3870]  vfs_write+0x7dc/0xc50
[  147.923802][ T3870]  ? file_end_write+0x230/0x230
[  147.928640][ T3870]  ? ptrace_stop+0x74d/0x970
[  147.933245][ T3870]  ? _raw_spin_unlock_irq+0x2a/0x40
[  147.938438][ T3870]  ? __fdget_pos+0x252/0x2e0
[  147.943030][ T3870]  ksys_write+0x177/0x2a0
[  147.947350][ T3870]  ? __ia32_sys_read+0x80/0x80
[  147.952105][ T3870]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  147.958074][ T3870]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  147.964043][ T3870]  do_syscall_64+0x3d/0xb0
[  147.968446][ T3870]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  147.974325][ T3870] RIP: 0033:0x7f0fa5191c89
[  147.978725][ T3870] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  147.998317][ T3870] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  148.006714][ T3870] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  148.014676][ T3870] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  148.022633][ T3870] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  148.030591][ T3870] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  3870] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3870] exit_group(0)               = ?
[pid  3870] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3870, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./223", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./223", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./223/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./223/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./223/binderfs")                = 0
umount2("./223/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./223/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./223/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./223/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./223/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./223/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./223")                          = 0
mkdir("./224", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3871
./strace-static-x86_64: Process 3871 attached
[pid  3871] chdir("./224")              = 0
[pid  3871] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3871] setpgid(0, 0)               = 0
[  148.038545][ T3870] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000df
[  148.046515][ T3870]  </TASK>
[pid  3871] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3871] write(3, "1000", 4)         = 4
[pid  3871] close(3)                    = 0
[pid  3871] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3871] memfd_create("syzkaller", 0) = 3
[pid  3871] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3871] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3871] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3871] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3871] close(3)                    = 0
[pid  3871] mkdir("./file0", 0777)      = 0
[pid  3871] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3871] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3871] chdir("./file0")            = 0
[pid  3871] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3871] close(4)                    = 0
[pid  3871] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3871] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3871] write(5, "13", 2)           = 2
[  148.104853][ T3871] loop0: detected capacity change from 0 to 64
[  148.137978][ T3871] FAULT_INJECTION: forcing a failure.
[  148.137978][ T3871] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  148.151449][ T3871] CPU: 1 PID: 3871 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  148.161870][ T3871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  148.171922][ T3871] Call Trace:
[  148.175213][ T3871]  <TASK>
[  148.178142][ T3871]  dump_stack_lvl+0x1b1/0x28e
[  148.182825][ T3871]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  148.188305][ T3871]  ? panic+0x710/0x710
[  148.192398][ T3871]  ? do_anonymous_page+0xd4a/0x1150
[  148.197621][ T3871]  ? mark_lock+0x9a/0x350
[  148.201986][ T3871]  should_fail_ex+0x395/0x4c0
[  148.206686][ T3871]  prepare_alloc_pages+0x1d7/0x5a0
[  148.211817][ T3871]  __alloc_pages+0x161/0x560
[  148.216418][ T3871]  ? zone_statistics+0x160/0x160
[  148.221366][ T3871]  ? rcu_lock_release+0x5/0x20
[  148.226128][ T3871]  ? alloc_pages+0x520/0x7b0
[  148.230715][ T3871]  ? xas_descend+0x1f3/0x400
[  148.235309][ T3871]  folio_alloc+0x1a/0x50
[  148.239549][ T3871]  filemap_alloc_folio+0x7e/0x1c0
[  148.244575][ T3871]  __filemap_get_folio+0x898/0x1260
[  148.249778][ T3871]  ? page_cache_prev_miss+0x4e0/0x4e0
[  148.255152][ T3871]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[  148.261131][ T3871]  ? print_irqtrace_events+0x220/0x220
[  148.266600][ T3871]  pagecache_get_page+0x28/0x260
[  148.271539][ T3871]  ? hfs_free_extents+0x420/0x420
[  148.276559][ T3871]  block_write_begin+0x2e/0x1e0
[  148.281414][ T3871]  ? cont_write_begin+0x5e5/0x860
[  148.286439][ T3871]  ? hfs_free_extents+0x420/0x420
[  148.291464][ T3871]  cont_write_begin+0x606/0x860
[  148.296321][ T3871]  ? fault_in_readable+0x1d5/0x310
[  148.301441][ T3871]  ? generic_cont_expand_simple+0x250/0x250
[  148.307339][ T3871]  ? fault_in_readable+0x219/0x310
[  148.312455][ T3871]  ? fault_in_safe_writeable+0x240/0x240
[  148.318099][ T3871]  hfs_write_begin+0x86/0xd0
[  148.322687][ T3871]  ? hfs_free_extents+0x420/0x420
[  148.327736][ T3871]  generic_perform_write+0x2e4/0x5e0
[  148.333054][ T3871]  ? __block_commit_write+0x420/0x420
[  148.338440][ T3871]  ? generic_file_direct_write+0x610/0x610
[  148.344245][ T3871]  ? __file_remove_privs+0x6c0/0x6c0
[  148.349529][ T3871]  ? generic_write_checks+0x15c/0x1c0
[  148.354907][ T3871]  __generic_file_write_iter+0x176/0x400
[  148.360544][ T3871]  generic_file_write_iter+0xab/0x310
[  148.365918][ T3871]  vfs_write+0x7dc/0xc50
[  148.370170][ T3871]  ? file_end_write+0x230/0x230
[  148.375018][ T3871]  ? ptrace_stop+0x74d/0x970
[  148.379614][ T3871]  ? _raw_spin_unlock_irq+0x2a/0x40
[  148.384821][ T3871]  ? __fdget_pos+0x252/0x2e0
[  148.389415][ T3871]  ksys_write+0x177/0x2a0
[  148.393747][ T3871]  ? __ia32_sys_read+0x80/0x80
[  148.398510][ T3871]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  148.404492][ T3871]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  148.410475][ T3871]  do_syscall_64+0x3d/0xb0
[  148.414912][ T3871]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  148.420819][ T3871] RIP: 0033:0x7f0fa5191c89
[  148.425258][ T3871] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  148.444884][ T3871] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid  3871] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3871] exit_group(0)               = ?
[pid  3871] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3871, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./224", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./224", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./224/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./224/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./224/binderfs")                = 0
umount2("./224/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./224/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./224/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./224/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./224/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./224/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./224")                          = 0
mkdir("./225", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
[  148.453316][ T3871] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  148.461293][ T3871] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  148.469267][ T3871] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  148.477248][ T3871] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  148.485218][ T3871] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000e0
[  148.493203][ T3871]  </TASK>
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3872
./strace-static-x86_64: Process 3872 attached
[pid  3872] chdir("./225")              = 0
[pid  3872] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3872] setpgid(0, 0)               = 0
[pid  3872] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3872] write(3, "1000", 4)         = 4
[pid  3872] close(3)                    = 0
[pid  3872] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3872] memfd_create("syzkaller", 0) = 3
[pid  3872] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3872] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3872] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3872] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3872] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3872] close(3)                    = 0
[pid  3872] mkdir("./file0", 0777)      = 0
[pid  3872] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3872] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3872] chdir("./file0")            = 0
[pid  3872] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3872] close(4)                    = 0
[pid  3872] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3872] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3872] write(5, "13", 2)           = 2
[  148.547541][ T3872] loop0: detected capacity change from 0 to 64
[  148.575875][ T3872] FAULT_INJECTION: forcing a failure.
[  148.575875][ T3872] name failslab, interval 1, probability 0, space 0, times 0
[  148.588670][ T3872] CPU: 1 PID: 3872 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  148.599132][ T3872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  148.609290][ T3872] Call Trace:
[  148.612576][ T3872]  <TASK>
[  148.615505][ T3872]  dump_stack_lvl+0x1b1/0x28e
[  148.620188][ T3872]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  148.625645][ T3872]  ? panic+0x710/0x710
[  148.629732][ T3872]  ? __might_sleep+0xc0/0xc0
[  148.634319][ T3872]  ? __mutex_lock_common+0x45f/0x26e0
[  148.639700][ T3872]  should_fail_ex+0x395/0x4c0
[  148.644383][ T3872]  ? hfs_find_init+0x8b/0x1e0
[  148.649068][ T3872]  should_failslab+0x5/0x20
[  148.653576][ T3872]  __kmem_cache_alloc_node+0x69/0x310
[  148.658954][ T3872]  ? hfs_find_init+0x8b/0x1e0
[  148.663632][ T3872]  __kmalloc+0x9e/0x1a0
[  148.667820][ T3872]  hfs_find_init+0x8b/0x1e0
[  148.672342][ T3872]  hfs_extend_file+0x2f8/0x1420
[  148.677204][ T3872]  ? hfs_get_block+0xbb0/0xbb0
[  148.681976][ T3872]  ? lru_cache_disable+0x30/0x30
[  148.686916][ T3872]  ? __might_sleep+0xc0/0xc0
[  148.691524][ T3872]  hfs_get_block+0x3fc/0xbb0
[  148.696129][ T3872]  ? hfs_free_extents+0x420/0x420
[  148.701148][ T3872]  ? do_raw_spin_unlock+0x134/0x8a0
[  148.706356][ T3872]  ? create_page_buffers+0x244/0x4b0
[  148.711652][ T3872]  __block_write_begin_int+0x54c/0x1a80
[  148.717221][ T3872]  ? hfs_free_extents+0x420/0x420
[  148.722243][ T3872]  ? page_zero_new_buffers+0x940/0x940
[  148.727703][ T3872]  ? PageHeadHuge+0x8a/0x1d0
[  148.732299][ T3872]  ? hfs_free_extents+0x420/0x420
[  148.737318][ T3872]  block_write_begin+0x93/0x1e0
[  148.742169][ T3872]  ? cont_write_begin+0x5e5/0x860
[  148.747193][ T3872]  ? hfs_free_extents+0x420/0x420
[  148.752229][ T3872]  cont_write_begin+0x606/0x860
[  148.757085][ T3872]  ? fault_in_readable+0x1d5/0x310
[  148.762202][ T3872]  ? generic_cont_expand_simple+0x250/0x250
[  148.768094][ T3872]  ? fault_in_readable+0x219/0x310
[  148.773205][ T3872]  ? fault_in_safe_writeable+0x240/0x240
[  148.778842][ T3872]  hfs_write_begin+0x86/0xd0
[  148.783432][ T3872]  ? hfs_free_extents+0x420/0x420
[  148.788457][ T3872]  generic_perform_write+0x2e4/0x5e0
[  148.793749][ T3872]  ? __block_commit_write+0x420/0x420
[  148.799121][ T3872]  ? generic_file_direct_write+0x610/0x610
[  148.804928][ T3872]  ? __file_remove_privs+0x6c0/0x6c0
[  148.810213][ T3872]  ? generic_write_checks+0x15c/0x1c0
[  148.815593][ T3872]  __generic_file_write_iter+0x176/0x400
[  148.821232][ T3872]  generic_file_write_iter+0xab/0x310
[  148.826605][ T3872]  vfs_write+0x7dc/0xc50
[  148.830860][ T3872]  ? file_end_write+0x230/0x230
[  148.835707][ T3872]  ? ptrace_stop+0x74d/0x970
[  148.840307][ T3872]  ? _raw_spin_unlock_irq+0x2a/0x40
[  148.845509][ T3872]  ? __fdget_pos+0x252/0x2e0
[  148.850108][ T3872]  ksys_write+0x177/0x2a0
[  148.854441][ T3872]  ? __ia32_sys_read+0x80/0x80
[  148.859208][ T3872]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  148.865189][ T3872]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  148.871173][ T3872]  do_syscall_64+0x3d/0xb0
[  148.875592][ T3872]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  148.881481][ T3872] RIP: 0033:0x7f0fa5191c89
[  148.885895][ T3872] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  148.905498][ T3872] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  148.913915][ T3872] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  148.921885][ T3872] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  148.929854][ T3872] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  148.937825][ T3872] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  3872] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3872] exit_group(0)               = ?
[pid  3872] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3872, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./225", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./225", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./225/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./225/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./225/binderfs")                = 0
umount2("./225/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./225/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./225/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./225/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./225/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./225/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./225")                          = 0
mkdir("./226", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3873
./strace-static-x86_64: Process 3873 attached
[pid  3873] chdir("./226")              = 0
[pid  3873] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3873] setpgid(0, 0)               = 0
[pid  3873] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3873] write(3, "1000", 4)         = 4
[  148.945790][ T3872] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000e1
[  148.953772][ T3872]  </TASK>
[pid  3873] close(3)                    = 0
[pid  3873] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3873] memfd_create("syzkaller", 0) = 3
[pid  3873] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3873] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3873] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3873] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3873] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3873] close(3)                    = 0
[pid  3873] mkdir("./file0", 0777)      = 0
[pid  3873] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3873] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3873] chdir("./file0")            = 0
[pid  3873] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3873] close(4)                    = 0
[pid  3873] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3873] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3873] write(5, "13", 2)           = 2
[  149.016766][ T3873] loop0: detected capacity change from 0 to 64
[  149.048542][ T3873] FAULT_INJECTION: forcing a failure.
[  149.048542][ T3873] name failslab, interval 1, probability 0, space 0, times 0
[  149.061374][ T3873] CPU: 0 PID: 3873 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  149.071809][ T3873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  149.081876][ T3873] Call Trace:
[  149.085152][ T3873]  <TASK>
[  149.088082][ T3873]  dump_stack_lvl+0x1b1/0x28e
[  149.092851][ T3873]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  149.098309][ T3873]  ? panic+0x710/0x710
[  149.102378][ T3873]  ? __might_sleep+0xc0/0xc0
[  149.106971][ T3873]  ? __mutex_lock_common+0x45f/0x26e0
[  149.112351][ T3873]  should_fail_ex+0x395/0x4c0
[  149.117034][ T3873]  ? hfs_find_init+0x8b/0x1e0
[  149.121713][ T3873]  should_failslab+0x5/0x20
[  149.126222][ T3873]  __kmem_cache_alloc_node+0x69/0x310
[  149.131598][ T3873]  ? hfs_find_init+0x8b/0x1e0
[  149.136277][ T3873]  __kmalloc+0x9e/0x1a0
[  149.140440][ T3873]  hfs_find_init+0x8b/0x1e0
[  149.144950][ T3873]  hfs_extend_file+0x2f8/0x1420
[  149.149812][ T3873]  ? hfs_get_block+0xbb0/0xbb0
[  149.154588][ T3873]  ? lru_cache_disable+0x30/0x30
[  149.159527][ T3873]  ? __might_sleep+0xc0/0xc0
[  149.164156][ T3873]  hfs_get_block+0x3fc/0xbb0
[  149.168789][ T3873]  ? hfs_free_extents+0x420/0x420
[  149.173830][ T3873]  ? do_raw_spin_unlock+0x134/0x8a0
[  149.179041][ T3873]  ? create_page_buffers+0x244/0x4b0
[  149.184337][ T3873]  __block_write_begin_int+0x54c/0x1a80
[  149.189912][ T3873]  ? hfs_free_extents+0x420/0x420
[  149.194960][ T3873]  ? page_zero_new_buffers+0x940/0x940
[  149.200447][ T3873]  ? PageHeadHuge+0x8a/0x1d0
[  149.205054][ T3873]  ? hfs_free_extents+0x420/0x420
[  149.210100][ T3873]  block_write_begin+0x93/0x1e0
[  149.214969][ T3873]  ? cont_write_begin+0x5e5/0x860
[  149.220100][ T3873]  ? hfs_free_extents+0x420/0x420
[  149.225131][ T3873]  cont_write_begin+0x606/0x860
[  149.230009][ T3873]  ? fault_in_readable+0x1d5/0x310
[  149.235125][ T3873]  ? generic_cont_expand_simple+0x250/0x250
[  149.241018][ T3873]  ? fault_in_readable+0x219/0x310
[  149.246134][ T3873]  ? fault_in_safe_writeable+0x240/0x240
[  149.251775][ T3873]  hfs_write_begin+0x86/0xd0
[  149.256362][ T3873]  ? hfs_free_extents+0x420/0x420
[  149.261387][ T3873]  generic_perform_write+0x2e4/0x5e0
[  149.266684][ T3873]  ? __block_commit_write+0x420/0x420
[  149.272065][ T3873]  ? generic_file_direct_write+0x610/0x610
[  149.277871][ T3873]  ? __file_remove_privs+0x6c0/0x6c0
[  149.283156][ T3873]  ? generic_write_checks+0x15c/0x1c0
[  149.288556][ T3873]  __generic_file_write_iter+0x176/0x400
[  149.294227][ T3873]  generic_file_write_iter+0xab/0x310
[  149.299618][ T3873]  vfs_write+0x7dc/0xc50
[  149.303872][ T3873]  ? file_end_write+0x230/0x230
[  149.308722][ T3873]  ? ptrace_stop+0x74d/0x970
[  149.313323][ T3873]  ? _raw_spin_unlock_irq+0x2a/0x40
[  149.318531][ T3873]  ? __fdget_pos+0x252/0x2e0
[  149.323126][ T3873]  ksys_write+0x177/0x2a0
[  149.327463][ T3873]  ? __ia32_sys_read+0x80/0x80
[  149.332228][ T3873]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  149.338211][ T3873]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  149.344193][ T3873]  do_syscall_64+0x3d/0xb0
[  149.348610][ T3873]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  149.354526][ T3873] RIP: 0033:0x7f0fa5191c89
[  149.358953][ T3873] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  149.378565][ T3873] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  149.387069][ T3873] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  149.395037][ T3873] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  149.403010][ T3873] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3873] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3873] exit_group(0)               = ?
[pid  3873] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3873, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./226", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./226", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./226/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./226/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./226/binderfs")                = 0
umount2("./226/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./226/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./226/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./226/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./226/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./226/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./226")                          = 0
mkdir("./227", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3874
./strace-static-x86_64: Process 3874 attached
[pid  3874] chdir("./227")              = 0
[pid  3874] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3874] setpgid(0, 0)               = 0
[pid  3874] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3874] write(3, "1000", 4)         = 4
[  149.411005][ T3873] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  149.418978][ T3873] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000e2
[  149.426965][ T3873]  </TASK>
[pid  3874] close(3)                    = 0
[pid  3874] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3874] memfd_create("syzkaller", 0) = 3
[pid  3874] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3874] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3874] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3874] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3874] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3874] close(3)                    = 0
[pid  3874] mkdir("./file0", 0777)      = 0
[pid  3874] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3874] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3874] chdir("./file0")            = 0
[pid  3874] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3874] close(4)                    = 0
[pid  3874] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3874] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3874] write(5, "13", 2)           = 2
[  149.485697][ T3874] loop0: detected capacity change from 0 to 64
[  149.504671][ T3874] FAULT_INJECTION: forcing a failure.
[  149.504671][ T3874] name failslab, interval 1, probability 0, space 0, times 0
[  149.518147][ T3874] CPU: 0 PID: 3874 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  149.528582][ T3874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  149.538628][ T3874] Call Trace:
[  149.541907][ T3874]  <TASK>
[  149.544845][ T3874]  dump_stack_lvl+0x1b1/0x28e
[  149.549524][ T3874]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  149.554974][ T3874]  ? panic+0x710/0x710
[  149.559049][ T3874]  ? __might_sleep+0xc0/0xc0
[  149.563631][ T3874]  ? __mutex_lock_common+0x45f/0x26e0
[  149.568998][ T3874]  should_fail_ex+0x395/0x4c0
[  149.573682][ T3874]  ? hfs_find_init+0x8b/0x1e0
[  149.578368][ T3874]  should_failslab+0x5/0x20
[  149.582871][ T3874]  __kmem_cache_alloc_node+0x69/0x310
[  149.588245][ T3874]  ? rcu_lock_release+0x5/0x20
[  149.593011][ T3874]  ? hfs_find_init+0x8b/0x1e0
[  149.597690][ T3874]  __kmalloc+0x9e/0x1a0
[  149.601856][ T3874]  hfs_find_init+0x8b/0x1e0
[  149.606363][ T3874]  hfs_extend_file+0x2f8/0x1420
[  149.611210][ T3874]  ? xas_find+0x937/0xa60
[  149.615548][ T3874]  ? hfs_get_block+0xbb0/0xbb0
[  149.620308][ T3874]  ? filemap_get_folios+0x557/0x830
[  149.625512][ T3874]  ? find_lock_entries+0xf60/0xf60
[  149.630629][ T3874]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  149.636536][ T3874]  hfs_get_block+0x3fc/0xbb0
[  149.641139][ T3874]  ? hfs_free_extents+0x420/0x420
[  149.646159][ T3874]  ? do_raw_spin_unlock+0x134/0x8a0
[  149.651363][ T3874]  ? create_page_buffers+0x244/0x4b0
[  149.656654][ T3874]  __block_write_begin_int+0x54c/0x1a80
[  149.662221][ T3874]  ? hfs_free_extents+0x420/0x420
[  149.667241][ T3874]  ? page_zero_new_buffers+0x940/0x940
[  149.672703][ T3874]  ? PageHeadHuge+0x8a/0x1d0
[  149.677386][ T3874]  ? hfs_free_extents+0x420/0x420
[  149.682406][ T3874]  block_write_begin+0x93/0x1e0
[  149.687256][ T3874]  ? cont_write_begin+0x5e5/0x860
[  149.692285][ T3874]  ? hfs_free_extents+0x420/0x420
[  149.697310][ T3874]  cont_write_begin+0x606/0x860
[  149.702171][ T3874]  ? fault_in_readable+0x1d5/0x310
[  149.707290][ T3874]  ? generic_cont_expand_simple+0x250/0x250
[  149.713185][ T3874]  ? fault_in_readable+0x219/0x310
[  149.718298][ T3874]  ? fault_in_safe_writeable+0x240/0x240
[  149.723941][ T3874]  hfs_write_begin+0x86/0xd0
[  149.728527][ T3874]  ? hfs_free_extents+0x420/0x420
[  149.733555][ T3874]  generic_perform_write+0x2e4/0x5e0
[  149.738864][ T3874]  ? __block_commit_write+0x420/0x420
[  149.744236][ T3874]  ? generic_file_direct_write+0x610/0x610
[  149.750041][ T3874]  ? __file_remove_privs+0x6c0/0x6c0
[  149.755335][ T3874]  ? generic_write_checks+0x15c/0x1c0
[  149.760715][ T3874]  __generic_file_write_iter+0x176/0x400
[  149.766361][ T3874]  generic_file_write_iter+0xab/0x310
[  149.771733][ T3874]  vfs_write+0x7dc/0xc50
[  149.776000][ T3874]  ? file_end_write+0x230/0x230
[  149.780857][ T3874]  ? ptrace_stop+0x74d/0x970
[  149.785456][ T3874]  ? _raw_spin_unlock_irq+0x2a/0x40
[  149.790659][ T3874]  ? __fdget_pos+0x252/0x2e0
[  149.795254][ T3874]  ksys_write+0x177/0x2a0
[  149.799589][ T3874]  ? __ia32_sys_read+0x80/0x80
[  149.804355][ T3874]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  149.810338][ T3874]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  149.816321][ T3874]  do_syscall_64+0x3d/0xb0
[  149.820733][ T3874]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  149.826622][ T3874] RIP: 0033:0x7f0fa5191c89
[  149.831033][ T3874] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  149.850638][ T3874] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  149.859050][ T3874] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  149.867020][ T3874] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  149.874987][ T3874] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3874] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3874] exit_group(0)               = ?
[pid  3874] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3874, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./227", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./227", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./227/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./227/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./227/binderfs")                = 0
umount2("./227/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./227/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./227/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./227/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./227/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./227/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./227")                          = 0
mkdir("./228", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3875
./strace-static-x86_64: Process 3875 attached
[pid  3875] chdir("./228")              = 0
[pid  3875] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3875] setpgid(0, 0)               = 0
[pid  3875] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3875] write(3, "1000", 4)         = 4
[pid  3875] close(3)                    = 0
[pid  3875] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3875] memfd_create("syzkaller", 0) = 3
[pid  3875] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[  149.882951][ T3874] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  149.890915][ T3874] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000e3
[  149.898897][ T3874]  </TASK>
[pid  3875] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3875] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3875] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3875] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3875] close(3)                    = 0
[pid  3875] mkdir("./file0", 0777)      = 0
[pid  3875] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3875] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3875] chdir("./file0")            = 0
[pid  3875] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3875] close(4)                    = 0
[pid  3875] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3875] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3875] write(5, "13", 2)           = 2
[  149.950193][ T3875] loop0: detected capacity change from 0 to 64
[  149.975058][ T3875] FAULT_INJECTION: forcing a failure.
[  149.975058][ T3875] name failslab, interval 1, probability 0, space 0, times 0
[  149.988070][ T3875] CPU: 0 PID: 3875 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  149.998490][ T3875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  150.008538][ T3875] Call Trace:
[  150.011817][ T3875]  <TASK>
[  150.014738][ T3875]  dump_stack_lvl+0x1b1/0x28e
[  150.019420][ T3875]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  150.024887][ T3875]  ? panic+0x710/0x710
[  150.028950][ T3875]  ? __might_sleep+0xc0/0xc0
[  150.033539][ T3875]  ? __mutex_lock_common+0x45f/0x26e0
[  150.038925][ T3875]  should_fail_ex+0x395/0x4c0
[  150.043600][ T3875]  ? hfs_find_init+0x8b/0x1e0
[  150.048283][ T3875]  should_failslab+0x5/0x20
[  150.052792][ T3875]  __kmem_cache_alloc_node+0x69/0x310
[  150.058162][ T3875]  ? rcu_lock_release+0x5/0x20
[  150.062929][ T3875]  ? hfs_find_init+0x8b/0x1e0
[  150.067605][ T3875]  __kmalloc+0x9e/0x1a0
[  150.071781][ T3875]  hfs_find_init+0x8b/0x1e0
[  150.076293][ T3875]  hfs_extend_file+0x2f8/0x1420
[  150.081145][ T3875]  ? xas_find+0x937/0xa60
[  150.085483][ T3875]  ? hfs_get_block+0xbb0/0xbb0
[  150.090242][ T3875]  ? filemap_get_folios+0x557/0x830
[  150.095442][ T3875]  ? find_lock_entries+0xf60/0xf60
[  150.100565][ T3875]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  150.106468][ T3875]  hfs_get_block+0x3fc/0xbb0
[  150.111073][ T3875]  ? hfs_free_extents+0x420/0x420
[  150.116091][ T3875]  ? do_raw_spin_unlock+0x134/0x8a0
[  150.121299][ T3875]  ? create_page_buffers+0x244/0x4b0
[  150.126590][ T3875]  __block_write_begin_int+0x54c/0x1a80
[  150.132158][ T3875]  ? hfs_free_extents+0x420/0x420
[  150.137177][ T3875]  ? page_zero_new_buffers+0x940/0x940
[  150.142636][ T3875]  ? PageHeadHuge+0x8a/0x1d0
[  150.147229][ T3875]  ? hfs_free_extents+0x420/0x420
[  150.152249][ T3875]  block_write_begin+0x93/0x1e0
[  150.157102][ T3875]  ? cont_write_begin+0x5e5/0x860
[  150.162127][ T3875]  ? hfs_free_extents+0x420/0x420
[  150.167150][ T3875]  cont_write_begin+0x606/0x860
[  150.172006][ T3875]  ? fault_in_readable+0x1d5/0x310
[  150.177120][ T3875]  ? generic_cont_expand_simple+0x250/0x250
[  150.183011][ T3875]  ? fault_in_readable+0x219/0x310
[  150.188139][ T3875]  ? fault_in_safe_writeable+0x240/0x240
[  150.193793][ T3875]  hfs_write_begin+0x86/0xd0
[  150.198400][ T3875]  ? hfs_free_extents+0x420/0x420
[  150.203446][ T3875]  generic_perform_write+0x2e4/0x5e0
[  150.208758][ T3875]  ? __block_commit_write+0x420/0x420
[  150.214138][ T3875]  ? generic_file_direct_write+0x610/0x610
[  150.219957][ T3875]  ? __file_remove_privs+0x6c0/0x6c0
[  150.225254][ T3875]  ? generic_write_checks+0x15c/0x1c0
[  150.230646][ T3875]  __generic_file_write_iter+0x176/0x400
[  150.236294][ T3875]  generic_file_write_iter+0xab/0x310
[  150.241670][ T3875]  vfs_write+0x7dc/0xc50
[  150.245926][ T3875]  ? file_end_write+0x230/0x230
[  150.250778][ T3875]  ? ptrace_stop+0x74d/0x970
[  150.255381][ T3875]  ? _raw_spin_unlock_irq+0x2a/0x40
[  150.260599][ T3875]  ? __fdget_pos+0x252/0x2e0
[  150.265208][ T3875]  ksys_write+0x177/0x2a0
[  150.269549][ T3875]  ? __ia32_sys_read+0x80/0x80
[  150.274327][ T3875]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  150.280314][ T3875]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  150.286301][ T3875]  do_syscall_64+0x3d/0xb0
[  150.290727][ T3875]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  150.296621][ T3875] RIP: 0033:0x7f0fa5191c89
[  150.301036][ T3875] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  150.320636][ T3875] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  150.329044][ T3875] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  150.337020][ T3875] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid  3875] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3875] exit_group(0)               = ?
[pid  3875] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3875, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./228", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./228", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./228/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./228/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./228/binderfs")                = 0
umount2("./228/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./228/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./228/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./228/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./228/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./228/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./228")                          = 0
mkdir("./229", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
[  150.344986][ T3875] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  150.352954][ T3875] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  150.360920][ T3875] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000e4
[  150.368901][ T3875]  </TASK>
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3876
./strace-static-x86_64: Process 3876 attached
[pid  3876] chdir("./229")              = 0
[pid  3876] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3876] setpgid(0, 0)               = 0
[pid  3876] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3876] write(3, "1000", 4)         = 4
[pid  3876] close(3)                    = 0
[pid  3876] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3876] memfd_create("syzkaller", 0) = 3
[pid  3876] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3876] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3876] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3876] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3876] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3876] close(3)                    = 0
[pid  3876] mkdir("./file0", 0777)      = 0
[pid  3876] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3876] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3876] chdir("./file0")            = 0
[pid  3876] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3876] close(4)                    = 0
[pid  3876] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3876] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3876] write(5, "13", 2)           = 2
[  150.429518][ T3876] loop0: detected capacity change from 0 to 64
[  150.462418][ T3876] FAULT_INJECTION: forcing a failure.
[  150.462418][ T3876] name failslab, interval 1, probability 0, space 0, times 0
[  150.475345][ T3876] CPU: 0 PID: 3876 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  150.485758][ T3876] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  150.495806][ T3876] Call Trace:
[  150.499079][ T3876]  <TASK>
[  150.502003][ T3876]  dump_stack_lvl+0x1b1/0x28e
[  150.506674][ T3876]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  150.512163][ T3876]  ? panic+0x710/0x710
[  150.516262][ T3876]  ? __might_sleep+0xc0/0xc0
[  150.520863][ T3876]  ? __mutex_lock_common+0x45f/0x26e0
[  150.526237][ T3876]  should_fail_ex+0x395/0x4c0
[  150.530919][ T3876]  ? hfs_find_init+0x8b/0x1e0
[  150.535609][ T3876]  should_failslab+0x5/0x20
[  150.540116][ T3876]  __kmem_cache_alloc_node+0x69/0x310
[  150.545498][ T3876]  ? hfs_find_init+0x8b/0x1e0
[  150.550178][ T3876]  __kmalloc+0x9e/0x1a0
[  150.554339][ T3876]  hfs_find_init+0x8b/0x1e0
[  150.558848][ T3876]  hfs_extend_file+0x2f8/0x1420
[  150.563717][ T3876]  ? hfs_get_block+0xbb0/0xbb0
[  150.568489][ T3876]  ? lru_cache_disable+0x30/0x30
[  150.573427][ T3876]  ? __might_sleep+0xc0/0xc0
[  150.578031][ T3876]  hfs_get_block+0x3fc/0xbb0
[  150.582632][ T3876]  ? hfs_free_extents+0x420/0x420
[  150.587653][ T3876]  ? do_raw_spin_unlock+0x134/0x8a0
[  150.592861][ T3876]  ? create_page_buffers+0x244/0x4b0
[  150.598151][ T3876]  __block_write_begin_int+0x54c/0x1a80
[  150.603723][ T3876]  ? hfs_free_extents+0x420/0x420
[  150.608742][ T3876]  ? page_zero_new_buffers+0x940/0x940
[  150.614547][ T3876]  ? PageHeadHuge+0x8a/0x1d0
[  150.619139][ T3876]  ? hfs_free_extents+0x420/0x420
[  150.624160][ T3876]  block_write_begin+0x93/0x1e0
[  150.629011][ T3876]  ? cont_write_begin+0x5e5/0x860
[  150.634033][ T3876]  ? hfs_free_extents+0x420/0x420
[  150.639070][ T3876]  cont_write_begin+0x606/0x860
[  150.643947][ T3876]  ? fault_in_readable+0x1d5/0x310
[  150.649079][ T3876]  ? generic_cont_expand_simple+0x250/0x250
[  150.654982][ T3876]  ? fault_in_readable+0x219/0x310
[  150.660099][ T3876]  ? fault_in_safe_writeable+0x240/0x240
[  150.665747][ T3876]  hfs_write_begin+0x86/0xd0
[  150.670337][ T3876]  ? hfs_free_extents+0x420/0x420
[  150.675365][ T3876]  generic_perform_write+0x2e4/0x5e0
[  150.680659][ T3876]  ? __block_commit_write+0x420/0x420
[  150.686033][ T3876]  ? generic_file_direct_write+0x610/0x610
[  150.691835][ T3876]  ? __file_remove_privs+0x6c0/0x6c0
[  150.697122][ T3876]  ? generic_write_checks+0x15c/0x1c0
[  150.702503][ T3876]  __generic_file_write_iter+0x176/0x400
[  150.708139][ T3876]  generic_file_write_iter+0xab/0x310
[  150.713512][ T3876]  vfs_write+0x7dc/0xc50
[  150.717764][ T3876]  ? file_end_write+0x230/0x230
[  150.722612][ T3876]  ? ptrace_stop+0x74d/0x970
[  150.727221][ T3876]  ? _raw_spin_unlock_irq+0x2a/0x40
[  150.732424][ T3876]  ? __fdget_pos+0x252/0x2e0
[  150.737023][ T3876]  ksys_write+0x177/0x2a0
[  150.741358][ T3876]  ? __ia32_sys_read+0x80/0x80
[  150.746206][ T3876]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  150.752188][ T3876]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  150.758170][ T3876]  do_syscall_64+0x3d/0xb0
[  150.762589][ T3876]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  150.768481][ T3876] RIP: 0033:0x7f0fa5191c89
[  150.772893][ T3876] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  150.792493][ T3876] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  150.800903][ T3876] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  150.808870][ T3876] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  150.816835][ T3876] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3876] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3876] exit_group(0)               = ?
[pid  3876] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3876, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./229", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./229", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./229/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./229/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./229/binderfs")                = 0
umount2("./229/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./229/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./229/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./229/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./229/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./229/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./229")                          = 0
mkdir("./230", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3877 attached
 <unfinished ...>
[  150.824804][ T3876] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  150.832769][ T3876] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000e5
[  150.840763][ T3876]  </TASK>
[pid  3877] chdir("./230")              = 0
[pid  3877] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3877] setpgid(0, 0 <unfinished ...>
[pid  3638] <... clone resumed>, child_tidptr=0x555555b7f5d0) = 3877
[pid  3877] <... setpgid resumed>)      = 0
[pid  3877] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3877] write(3, "1000", 4)         = 4
[pid  3877] close(3)                    = 0
[pid  3877] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3877] memfd_create("syzkaller", 0) = 3
[pid  3877] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3877] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3877] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3877] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3877] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3877] close(3)                    = 0
[pid  3877] mkdir("./file0", 0777)      = 0
[pid  3877] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3877] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3877] chdir("./file0")            = 0
[pid  3877] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3877] close(4)                    = 0
[pid  3877] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3877] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3877] write(5, "13", 2)           = 2
[  150.914443][ T3877] loop0: detected capacity change from 0 to 64
[  150.942218][ T3877] FAULT_INJECTION: forcing a failure.
[  150.942218][ T3877] name failslab, interval 1, probability 0, space 0, times 0
[  150.955061][ T3877] CPU: 1 PID: 3877 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  150.965514][ T3877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  150.975584][ T3877] Call Trace:
[  150.978957][ T3877]  <TASK>
[  150.982774][ T3877]  dump_stack_lvl+0x1b1/0x28e
[  150.987454][ T3877]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  150.992910][ T3877]  ? panic+0x710/0x710
[  150.996974][ T3877]  ? __might_sleep+0xc0/0xc0
[  151.002003][ T3877]  ? __mutex_lock_common+0x45f/0x26e0
[  151.007413][ T3877]  should_fail_ex+0x395/0x4c0
[  151.012112][ T3877]  ? hfs_find_init+0x8b/0x1e0
[  151.016787][ T3877]  should_failslab+0x5/0x20
[  151.021292][ T3877]  __kmem_cache_alloc_node+0x69/0x310
[  151.026689][ T3877]  ? hfs_find_init+0x8b/0x1e0
[  151.031378][ T3877]  __kmalloc+0x9e/0x1a0
[  151.035564][ T3877]  hfs_find_init+0x8b/0x1e0
[  151.040083][ T3877]  hfs_extend_file+0x2f8/0x1420
[  151.044936][ T3877]  ? hfs_get_block+0xbb0/0xbb0
[  151.049694][ T3877]  ? lru_cache_disable+0x30/0x30
[  151.054630][ T3877]  ? __might_sleep+0xc0/0xc0
[  151.059226][ T3877]  hfs_get_block+0x3fc/0xbb0
[  151.063814][ T3877]  ? hfs_free_extents+0x420/0x420
[  151.068832][ T3877]  ? do_raw_spin_unlock+0x134/0x8a0
[  151.074042][ T3877]  ? create_page_buffers+0x244/0x4b0
[  151.079342][ T3877]  __block_write_begin_int+0x54c/0x1a80
[  151.084900][ T3877]  ? hfs_free_extents+0x420/0x420
[  151.089934][ T3877]  ? page_zero_new_buffers+0x940/0x940
[  151.095395][ T3877]  ? PageHeadHuge+0x8a/0x1d0
[  151.100003][ T3877]  ? hfs_free_extents+0x420/0x420
[  151.105032][ T3877]  block_write_begin+0x93/0x1e0
[  151.109901][ T3877]  ? cont_write_begin+0x5e5/0x860
[  151.114921][ T3877]  ? hfs_free_extents+0x420/0x420
[  151.119940][ T3877]  cont_write_begin+0x606/0x860
[  151.124801][ T3877]  ? fault_in_readable+0x1d5/0x310
[  151.129922][ T3877]  ? generic_cont_expand_simple+0x250/0x250
[  151.135892][ T3877]  ? fault_in_readable+0x219/0x310
[  151.141022][ T3877]  ? fault_in_safe_writeable+0x240/0x240
[  151.146700][ T3877]  hfs_write_begin+0x86/0xd0
[  151.151305][ T3877]  ? hfs_free_extents+0x420/0x420
[  151.156326][ T3877]  generic_perform_write+0x2e4/0x5e0
[  151.161642][ T3877]  ? __block_commit_write+0x420/0x420
[  151.167018][ T3877]  ? generic_file_direct_write+0x610/0x610
[  151.172822][ T3877]  ? __file_remove_privs+0x6c0/0x6c0
[  151.178162][ T3877]  ? generic_write_checks+0x15c/0x1c0
[  151.183537][ T3877]  __generic_file_write_iter+0x176/0x400
[  151.189175][ T3877]  generic_file_write_iter+0xab/0x310
[  151.194546][ T3877]  vfs_write+0x7dc/0xc50
[  151.198789][ T3877]  ? file_end_write+0x230/0x230
[  151.203640][ T3877]  ? ptrace_stop+0x74d/0x970
[  151.208250][ T3877]  ? _raw_spin_unlock_irq+0x2a/0x40
[  151.213463][ T3877]  ? __fdget_pos+0x252/0x2e0
[  151.218068][ T3877]  ksys_write+0x177/0x2a0
[  151.222394][ T3877]  ? __ia32_sys_read+0x80/0x80
[  151.227250][ T3877]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  151.233251][ T3877]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  151.239226][ T3877]  do_syscall_64+0x3d/0xb0
[  151.243647][ T3877]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  151.249546][ T3877] RIP: 0033:0x7f0fa5191c89
[  151.253949][ T3877] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  151.273547][ T3877] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  151.281954][ T3877] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  151.289919][ T3877] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  151.298059][ T3877] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  151.306030][ T3877] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  3877] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3877] exit_group(0)               = ?
[pid  3877] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3877, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./230", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./230", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./230/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./230/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./230/binderfs")                = 0
umount2("./230/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./230/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./230/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./230/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./230/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./230/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./230")                          = 0
mkdir("./231", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3878
./strace-static-x86_64: Process 3878 attached
[pid  3878] chdir("./231")              = 0
[pid  3878] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3878] setpgid(0, 0)               = 0
[pid  3878] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3878] write(3, "1000", 4)         = 4
[pid  3878] close(3)                    = 0
[pid  3878] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3878] memfd_create("syzkaller", 0) = 3
[pid  3878] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3878] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3878] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3878] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[  151.314007][ T3877] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000e6
[  151.322001][ T3877]  </TASK>
[pid  3878] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3878] close(3)                    = 0
[pid  3878] mkdir("./file0", 0777)      = 0
[pid  3878] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3878] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3878] chdir("./file0")            = 0
[pid  3878] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3878] close(4)                    = 0
[pid  3878] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3878] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3878] write(5, "13", 2)           = 2
[  151.368384][ T3878] loop0: detected capacity change from 0 to 64
[  151.369994][ T3640] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  151.398928][ T3878] FAULT_INJECTION: forcing a failure.
[  151.398928][ T3878] name failslab, interval 1, probability 0, space 0, times 0
[  151.412147][ T3878] CPU: 0 PID: 3878 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  151.422853][ T3878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  151.432904][ T3878] Call Trace:
[  151.436269][ T3878]  <TASK>
[  151.439195][ T3878]  dump_stack_lvl+0x1b1/0x28e
[  151.443888][ T3878]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  151.449356][ T3878]  ? panic+0x710/0x710
[  151.453436][ T3878]  ? __might_sleep+0xc0/0xc0
[  151.458035][ T3878]  ? __mutex_lock_common+0x45f/0x26e0
[  151.463423][ T3878]  should_fail_ex+0x395/0x4c0
[  151.468106][ T3878]  ? hfs_find_init+0x8b/0x1e0
[  151.472785][ T3878]  should_failslab+0x5/0x20
[  151.477282][ T3878]  __kmem_cache_alloc_node+0x69/0x310
[  151.482652][ T3878]  ? hfs_find_init+0x8b/0x1e0
[  151.487326][ T3878]  __kmalloc+0x9e/0x1a0
[  151.491478][ T3878]  hfs_find_init+0x8b/0x1e0
[  151.495975][ T3878]  hfs_extend_file+0x2f8/0x1420
[  151.500833][ T3878]  ? hfs_get_block+0xbb0/0xbb0
[  151.505592][ T3878]  ? lru_cache_disable+0x30/0x30
[  151.510519][ T3878]  ? __might_sleep+0xc0/0xc0
[  151.515136][ T3878]  hfs_get_block+0x3fc/0xbb0
[  151.519743][ T3878]  ? hfs_free_extents+0x420/0x420
[  151.524766][ T3878]  ? do_raw_spin_unlock+0x134/0x8a0
[  151.529980][ T3878]  ? create_page_buffers+0x244/0x4b0
[  151.535269][ T3878]  __block_write_begin_int+0x54c/0x1a80
[  151.540838][ T3878]  ? hfs_free_extents+0x420/0x420
[  151.545854][ T3878]  ? page_zero_new_buffers+0x940/0x940
[  151.551306][ T3878]  ? PageHeadHuge+0x8a/0x1d0
[  151.555900][ T3878]  ? hfs_free_extents+0x420/0x420
[  151.560917][ T3878]  block_write_begin+0x93/0x1e0
[  151.565774][ T3878]  ? cont_write_begin+0x5e5/0x860
[  151.570799][ T3878]  ? hfs_free_extents+0x420/0x420
[  151.575844][ T3878]  cont_write_begin+0x606/0x860
[  151.580701][ T3878]  ? fault_in_readable+0x1d5/0x310
[  151.585806][ T3878]  ? generic_cont_expand_simple+0x250/0x250
[  151.591695][ T3878]  ? fault_in_readable+0x219/0x310
[  151.596799][ T3878]  ? fault_in_safe_writeable+0x240/0x240
[  151.602440][ T3878]  hfs_write_begin+0x86/0xd0
[  151.607025][ T3878]  ? hfs_free_extents+0x420/0x420
[  151.612046][ T3878]  generic_perform_write+0x2e4/0x5e0
[  151.617342][ T3878]  ? __block_commit_write+0x420/0x420
[  151.622740][ T3878]  ? generic_file_direct_write+0x610/0x610
[  151.628570][ T3878]  ? __file_remove_privs+0x6c0/0x6c0
[  151.633865][ T3878]  ? generic_write_checks+0x15c/0x1c0
[  151.639264][ T3878]  __generic_file_write_iter+0x176/0x400
[  151.644912][ T3878]  generic_file_write_iter+0xab/0x310
[  151.650286][ T3878]  vfs_write+0x7dc/0xc50
[  151.654543][ T3878]  ? file_end_write+0x230/0x230
[  151.659401][ T3878]  ? ptrace_stop+0x74d/0x970
[  151.664010][ T3878]  ? _raw_spin_unlock_irq+0x2a/0x40
[  151.669229][ T3878]  ? __fdget_pos+0x252/0x2e0
[  151.673829][ T3878]  ksys_write+0x177/0x2a0
[  151.678160][ T3878]  ? __ia32_sys_read+0x80/0x80
[  151.682933][ T3878]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  151.688915][ T3878]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  151.694903][ T3878]  do_syscall_64+0x3d/0xb0
[  151.699310][ T3878]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  151.705207][ T3878] RIP: 0033:0x7f0fa5191c89
[  151.709658][ T3878] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  151.729261][ T3878] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  151.737668][ T3878] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  151.745628][ T3878] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  151.753601][ T3878] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  151.761589][ T3878] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  3878] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3878] exit_group(0)               = ?
[pid  3878] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3878, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./231", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./231", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./231/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./231/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./231/binderfs")                = 0
umount2("./231/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./231/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./231/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./231/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./231/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./231/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./231")                          = 0
mkdir("./232", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3879
./strace-static-x86_64: Process 3879 attached
[pid  3879] chdir("./232")              = 0
[pid  3879] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3879] setpgid(0, 0)               = 0
[pid  3879] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3879] write(3, "1000", 4)         = 4
[pid  3879] close(3)                    = 0
[pid  3879] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3879] memfd_create("syzkaller", 0) = 3
[pid  3879] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3879] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3879] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3879] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[  151.769592][ T3878] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000e7
[  151.777569][ T3878]  </TASK>
[pid  3879] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3879] close(3)                    = 0
[pid  3879] mkdir("./file0", 0777)      = 0
[pid  3879] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3879] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3879] chdir("./file0")            = 0
[pid  3879] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3879] close(4)                    = 0
[pid  3879] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3879] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3879] write(5, "13", 2)           = 2
[pid  3879] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid  3879] exit_group(0)               = ?
[pid  3879] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3879, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./232", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./232", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./232/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./232/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./232/binderfs")                = 0
umount2("./232/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./232/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./232/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./232/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./232/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./232/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./232")                          = 0
mkdir("./233", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
[  151.817540][ T3879] loop0: detected capacity change from 0 to 64
[  151.820761][ T3640] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3880
./strace-static-x86_64: Process 3880 attached
[pid  3880] chdir("./233")              = 0
[pid  3880] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3880] setpgid(0, 0)               = 0
[pid  3880] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3880] write(3, "1000", 4)         = 4
[pid  3880] close(3)                    = 0
[pid  3880] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3880] memfd_create("syzkaller", 0) = 3
[pid  3880] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3880] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3880] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3880] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3880] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3880] close(3)                    = 0
[pid  3880] mkdir("./file0", 0777)      = 0
[pid  3880] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3880] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3880] chdir("./file0")            = 0
[pid  3880] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3880] close(4)                    = 0
[pid  3880] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3880] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3880] write(5, "13", 2)           = 2
[  151.896645][ T3880] loop0: detected capacity change from 0 to 64
[  151.924367][ T3880] FAULT_INJECTION: forcing a failure.
[  151.924367][ T3880] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  151.937736][ T3880] CPU: 1 PID: 3880 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  151.948166][ T3880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  151.958217][ T3880] Call Trace:
[  151.961502][ T3880]  <TASK>
[  151.964437][ T3880]  dump_stack_lvl+0x1b1/0x28e
[  151.969110][ T3880]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  151.974560][ T3880]  ? panic+0x710/0x710
[  151.978626][ T3880]  ? do_anonymous_page+0xd4a/0x1150
[  151.983831][ T3880]  ? mark_lock+0x9a/0x350
[  151.988154][ T3880]  should_fail_ex+0x395/0x4c0
[  151.992831][ T3880]  prepare_alloc_pages+0x1d7/0x5a0
[  151.997945][ T3880]  __alloc_pages+0x161/0x560
[  152.002537][ T3880]  ? zone_statistics+0x160/0x160
[  152.007487][ T3880]  ? rcu_lock_release+0x5/0x20
[  152.012243][ T3880]  ? alloc_pages+0x520/0x7b0
[  152.016841][ T3880]  ? xas_descend+0x1f3/0x400
[  152.021425][ T3880]  folio_alloc+0x1a/0x50
[  152.025658][ T3880]  filemap_alloc_folio+0x7e/0x1c0
[  152.030677][ T3880]  __filemap_get_folio+0x898/0x1260
[  152.035886][ T3880]  ? page_cache_prev_miss+0x4e0/0x4e0
[  152.041288][ T3880]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[  152.047279][ T3880]  ? print_irqtrace_events+0x220/0x220
[  152.052738][ T3880]  pagecache_get_page+0x28/0x260
[  152.057666][ T3880]  ? hfs_free_extents+0x420/0x420
[  152.062679][ T3880]  block_write_begin+0x2e/0x1e0
[  152.067541][ T3880]  ? cont_write_begin+0x5e5/0x860
[  152.072576][ T3880]  ? hfs_free_extents+0x420/0x420
[  152.077593][ T3880]  cont_write_begin+0x606/0x860
[  152.082440][ T3880]  ? fault_in_readable+0x1d5/0x310
[  152.087543][ T3880]  ? generic_cont_expand_simple+0x250/0x250
[  152.093436][ T3880]  ? fault_in_readable+0x219/0x310
[  152.098538][ T3880]  ? fault_in_safe_writeable+0x240/0x240
[  152.104164][ T3880]  hfs_write_begin+0x86/0xd0
[  152.108740][ T3880]  ? hfs_free_extents+0x420/0x420
[  152.113754][ T3880]  generic_perform_write+0x2e4/0x5e0
[  152.119036][ T3880]  ? __block_commit_write+0x420/0x420
[  152.124399][ T3880]  ? generic_file_direct_write+0x610/0x610
[  152.130196][ T3880]  ? __file_remove_privs+0x6c0/0x6c0
[  152.135469][ T3880]  ? generic_write_checks+0x15c/0x1c0
[  152.140850][ T3880]  __generic_file_write_iter+0x176/0x400
[  152.146501][ T3880]  generic_file_write_iter+0xab/0x310
[  152.151879][ T3880]  vfs_write+0x7dc/0xc50
[  152.156136][ T3880]  ? file_end_write+0x230/0x230
[  152.160976][ T3880]  ? ptrace_stop+0x74d/0x970
[  152.165578][ T3880]  ? _raw_spin_unlock_irq+0x2a/0x40
[  152.170799][ T3880]  ? __fdget_pos+0x252/0x2e0
[  152.175406][ T3880]  ksys_write+0x177/0x2a0
[  152.179731][ T3880]  ? __ia32_sys_read+0x80/0x80
[  152.184485][ T3880]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  152.190472][ T3880]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  152.196461][ T3880]  do_syscall_64+0x3d/0xb0
[  152.200866][ T3880]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  152.206755][ T3880] RIP: 0033:0x7f0fa5191c89
[  152.211187][ T3880] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  152.230808][ T3880] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  152.239229][ T3880] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[pid  3880] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3880] exit_group(0)               = ?
[pid  3880] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3880, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./233", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./233", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./233/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./233/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./233/binderfs")                = 0
umount2("./233/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./233/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./233/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./233/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./233/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./233/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./233")                          = 0
mkdir("./234", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3881
./strace-static-x86_64: Process 3881 attached
[  152.247189][ T3880] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  152.255158][ T3880] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  152.263134][ T3880] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  152.271094][ T3880] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000e9
[  152.279069][ T3880]  </TASK>
[pid  3881] chdir("./234")              = 0
[pid  3881] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3881] setpgid(0, 0)               = 0
[pid  3881] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3881] write(3, "1000", 4)         = 4
[pid  3881] close(3)                    = 0
[pid  3881] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3881] memfd_create("syzkaller", 0) = 3
[pid  3881] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3881] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3881] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3881] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3881] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3881] close(3)                    = 0
[pid  3881] mkdir("./file0", 0777)      = 0
[pid  3881] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3881] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3881] chdir("./file0")            = 0
[pid  3881] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3881] close(4)                    = 0
[pid  3881] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3881] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3881] write(5, "13", 2)           = 2
[  152.340508][ T3881] loop0: detected capacity change from 0 to 64
[  152.370195][ T3881] FAULT_INJECTION: forcing a failure.
[  152.370195][ T3881] name failslab, interval 1, probability 0, space 0, times 0
[  152.383108][ T3881] CPU: 0 PID: 3881 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  152.393531][ T3881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  152.403576][ T3881] Call Trace:
[  152.406845][ T3881]  <TASK>
[  152.409768][ T3881]  dump_stack_lvl+0x1b1/0x28e
[  152.414449][ T3881]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  152.419910][ T3881]  ? panic+0x710/0x710
[  152.423971][ T3881]  ? __might_sleep+0xc0/0xc0
[  152.428600][ T3881]  ? __mutex_lock_common+0x45f/0x26e0
[  152.433984][ T3881]  should_fail_ex+0x395/0x4c0
[  152.438671][ T3881]  ? hfs_find_init+0x8b/0x1e0
[  152.443372][ T3881]  should_failslab+0x5/0x20
[  152.447867][ T3881]  __kmem_cache_alloc_node+0x69/0x310
[  152.453232][ T3881]  ? hfs_find_init+0x8b/0x1e0
[  152.457903][ T3881]  __kmalloc+0x9e/0x1a0
[  152.462052][ T3881]  hfs_find_init+0x8b/0x1e0
[  152.466570][ T3881]  hfs_extend_file+0x2f8/0x1420
[  152.471432][ T3881]  ? hfs_get_block+0xbb0/0xbb0
[  152.476192][ T3881]  ? lru_cache_disable+0x30/0x30
[  152.481135][ T3881]  ? __might_sleep+0xc0/0xc0
[  152.485725][ T3881]  hfs_get_block+0x3fc/0xbb0
[  152.490409][ T3881]  ? hfs_free_extents+0x420/0x420
[  152.495419][ T3881]  ? do_raw_spin_unlock+0x134/0x8a0
[  152.500609][ T3881]  ? create_page_buffers+0x244/0x4b0
[  152.505905][ T3881]  __block_write_begin_int+0x54c/0x1a80
[  152.511460][ T3881]  ? hfs_free_extents+0x420/0x420
[  152.516478][ T3881]  ? page_zero_new_buffers+0x940/0x940
[  152.521954][ T3881]  ? PageHeadHuge+0x8a/0x1d0
[  152.526563][ T3881]  ? hfs_free_extents+0x420/0x420
[  152.531583][ T3881]  block_write_begin+0x93/0x1e0
[  152.536442][ T3881]  ? cont_write_begin+0x5e5/0x860
[  152.541453][ T3881]  ? hfs_free_extents+0x420/0x420
[  152.546475][ T3881]  cont_write_begin+0x606/0x860
[  152.551339][ T3881]  ? fault_in_readable+0x1d5/0x310
[  152.556457][ T3881]  ? generic_cont_expand_simple+0x250/0x250
[  152.562381][ T3881]  ? fault_in_readable+0x219/0x310
[  152.567495][ T3881]  ? fault_in_safe_writeable+0x240/0x240
[  152.573225][ T3881]  hfs_write_begin+0x86/0xd0
[  152.577804][ T3881]  ? hfs_free_extents+0x420/0x420
[  152.582831][ T3881]  generic_perform_write+0x2e4/0x5e0
[  152.588132][ T3881]  ? __block_commit_write+0x420/0x420
[  152.593526][ T3881]  ? generic_file_direct_write+0x610/0x610
[  152.599330][ T3881]  ? __file_remove_privs+0x6c0/0x6c0
[  152.604622][ T3881]  ? generic_write_checks+0x15c/0x1c0
[  152.610072][ T3881]  __generic_file_write_iter+0x176/0x400
[  152.615799][ T3881]  generic_file_write_iter+0xab/0x310
[  152.621182][ T3881]  vfs_write+0x7dc/0xc50
[  152.625442][ T3881]  ? file_end_write+0x230/0x230
[  152.630298][ T3881]  ? ptrace_stop+0x74d/0x970
[  152.634883][ T3881]  ? _raw_spin_unlock_irq+0x2a/0x40
[  152.640072][ T3881]  ? __fdget_pos+0x252/0x2e0
[  152.644657][ T3881]  ksys_write+0x177/0x2a0
[  152.649007][ T3881]  ? __ia32_sys_read+0x80/0x80
[  152.653782][ T3881]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  152.659756][ T3881]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  152.665728][ T3881]  do_syscall_64+0x3d/0xb0
[  152.670134][ T3881]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  152.676013][ T3881] RIP: 0033:0x7f0fa5191c89
[  152.680414][ T3881] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  152.700098][ T3881] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  152.708500][ T3881] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  152.716470][ T3881] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  152.724445][ T3881] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  152.732406][ T3881] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  3881] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3881] exit_group(0)               = ?
[pid  3881] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3881, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./234", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./234", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./234/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./234/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./234/binderfs")                = 0
umount2("./234/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./234/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./234/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./234/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./234/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./234/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./234")                          = 0
mkdir("./235", 0777)                    = 0
[  152.740361][ T3881] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000ea
[  152.748333][ T3881]  </TASK>
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3882
./strace-static-x86_64: Process 3882 attached
[pid  3882] chdir("./235")              = 0
[pid  3882] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3882] setpgid(0, 0)               = 0
[pid  3882] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3882] write(3, "1000", 4)         = 4
[pid  3882] close(3)                    = 0
[pid  3882] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3882] memfd_create("syzkaller", 0) = 3
[pid  3882] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3882] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3882] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3882] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3882] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3882] close(3)                    = 0
[pid  3882] mkdir("./file0", 0777)      = 0
[pid  3882] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3882] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3882] chdir("./file0")            = 0
[pid  3882] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3882] close(4)                    = 0
[pid  3882] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3882] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3882] write(5, "13", 2)           = 2
[  152.790620][ T3882] loop0: detected capacity change from 0 to 64
[  152.812713][ T3882] FAULT_INJECTION: forcing a failure.
[  152.812713][ T3882] name failslab, interval 1, probability 0, space 0, times 0
[  152.825890][ T3882] CPU: 0 PID: 3882 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  152.836408][ T3882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  152.846455][ T3882] Call Trace:
[  152.849728][ T3882]  <TASK>
[  152.852655][ T3882]  dump_stack_lvl+0x1b1/0x28e
[  152.857354][ T3882]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  152.862843][ T3882]  ? panic+0x710/0x710
[  152.866925][ T3882]  ? __might_sleep+0xc0/0xc0
[  152.871514][ T3882]  ? __mutex_lock_common+0x45f/0x26e0
[  152.876979][ T3882]  should_fail_ex+0x395/0x4c0
[  152.881664][ T3882]  ? hfs_find_init+0x8b/0x1e0
[  152.886344][ T3882]  should_failslab+0x5/0x20
[  152.890840][ T3882]  __kmem_cache_alloc_node+0x69/0x310
[  152.896200][ T3882]  ? rcu_lock_release+0x5/0x20
[  152.900957][ T3882]  ? hfs_find_init+0x8b/0x1e0
[  152.905631][ T3882]  __kmalloc+0x9e/0x1a0
[  152.909779][ T3882]  hfs_find_init+0x8b/0x1e0
[  152.914275][ T3882]  hfs_extend_file+0x2f8/0x1420
[  152.919122][ T3882]  ? xas_find+0x937/0xa60
[  152.923473][ T3882]  ? hfs_get_block+0xbb0/0xbb0
[  152.928222][ T3882]  ? filemap_get_folios+0x557/0x830
[  152.933412][ T3882]  ? find_lock_entries+0xf60/0xf60
[  152.938533][ T3882]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  152.944440][ T3882]  hfs_get_block+0x3fc/0xbb0
[  152.949031][ T3882]  ? hfs_free_extents+0x420/0x420
[  152.954040][ T3882]  ? do_raw_spin_unlock+0x134/0x8a0
[  152.959242][ T3882]  ? create_page_buffers+0x244/0x4b0
[  152.964532][ T3882]  __block_write_begin_int+0x54c/0x1a80
[  152.970125][ T3882]  ? hfs_free_extents+0x420/0x420
[  152.975153][ T3882]  ? page_zero_new_buffers+0x940/0x940
[  152.980616][ T3882]  ? PageHeadHuge+0x8a/0x1d0
[  152.985212][ T3882]  ? hfs_free_extents+0x420/0x420
[  152.990241][ T3882]  block_write_begin+0x93/0x1e0
[  152.995080][ T3882]  ? cont_write_begin+0x5e5/0x860
[  153.000095][ T3882]  ? hfs_free_extents+0x420/0x420
[  153.005107][ T3882]  cont_write_begin+0x606/0x860
[  153.009962][ T3882]  ? fault_in_readable+0x1d5/0x310
[  153.015083][ T3882]  ? generic_cont_expand_simple+0x250/0x250
[  153.020971][ T3882]  ? fault_in_readable+0x219/0x310
[  153.026095][ T3882]  ? fault_in_safe_writeable+0x240/0x240
[  153.031724][ T3882]  hfs_write_begin+0x86/0xd0
[  153.036301][ T3882]  ? hfs_free_extents+0x420/0x420
[  153.041317][ T3882]  generic_perform_write+0x2e4/0x5e0
[  153.046600][ T3882]  ? __block_commit_write+0x420/0x420
[  153.051962][ T3882]  ? generic_file_direct_write+0x610/0x610
[  153.057755][ T3882]  ? __file_remove_privs+0x6c0/0x6c0
[  153.063029][ T3882]  ? generic_write_checks+0x15c/0x1c0
[  153.068394][ T3882]  __generic_file_write_iter+0x176/0x400
[  153.074019][ T3882]  generic_file_write_iter+0xab/0x310
[  153.079380][ T3882]  vfs_write+0x7dc/0xc50
[  153.083637][ T3882]  ? file_end_write+0x230/0x230
[  153.088476][ T3882]  ? ptrace_stop+0x74d/0x970
[  153.093062][ T3882]  ? _raw_spin_unlock_irq+0x2a/0x40
[  153.098251][ T3882]  ? __fdget_pos+0x252/0x2e0
[  153.102830][ T3882]  ksys_write+0x177/0x2a0
[  153.107153][ T3882]  ? __ia32_sys_read+0x80/0x80
[  153.111908][ T3882]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  153.117879][ T3882]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  153.123866][ T3882]  do_syscall_64+0x3d/0xb0
[  153.128303][ T3882]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  153.134199][ T3882] RIP: 0033:0x7f0fa5191c89
[  153.138609][ T3882] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  153.158206][ T3882] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  153.166614][ T3882] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  153.174575][ T3882] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  153.182533][ T3882] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3882] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3882] exit_group(0)               = ?
[pid  3882] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3882, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./235", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./235", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./235/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./235/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./235/binderfs")                = 0
umount2("./235/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./235/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./235/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./235/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./235/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./235/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./235")                          = 0
mkdir("./236", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3883
./strace-static-x86_64: Process 3883 attached
[pid  3883] chdir("./236")              = 0
[pid  3883] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3883] setpgid(0, 0)               = 0
[pid  3883] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3883] write(3, "1000", 4)         = 4
[pid  3883] close(3)                    = 0
[  153.190503][ T3882] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  153.198572][ T3882] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000eb
[  153.206558][ T3882]  </TASK>
[pid  3883] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3883] memfd_create("syzkaller", 0) = 3
[pid  3883] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3883] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3883] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3883] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3883] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3883] close(3)                    = 0
[pid  3883] mkdir("./file0", 0777)      = 0
[pid  3883] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3883] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3883] chdir("./file0")            = 0
[pid  3883] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3883] close(4)                    = 0
[pid  3883] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3883] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3883] write(5, "13", 2)           = 2
[  153.262035][ T3883] loop0: detected capacity change from 0 to 64
[  153.282881][ T3883] FAULT_INJECTION: forcing a failure.
[  153.282881][ T3883] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  153.296029][ T3883] CPU: 0 PID: 3883 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  153.306467][ T3883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  153.316971][ T3883] Call Trace:
[  153.320250][ T3883]  <TASK>
[  153.323177][ T3883]  dump_stack_lvl+0x1b1/0x28e
[  153.327865][ T3883]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  153.333335][ T3883]  ? panic+0x710/0x710
[  153.337392][ T3883]  ? hfs_free_extents+0x420/0x420
[  153.342405][ T3883]  ? PageHeadHuge+0x8a/0x1d0
[  153.346988][ T3883]  should_fail_ex+0x395/0x4c0
[  153.351668][ T3883]  copy_page_from_iter_atomic+0x217/0x1140
[  153.357486][ T3883]  ? generic_cont_expand_simple+0x250/0x250
[  153.363383][ T3883]  ? pipe_zero+0x200/0x200
[  153.367804][ T3883]  ? hfs_write_begin+0x86/0xd0
[  153.372563][ T3883]  ? hfs_free_extents+0x420/0x420
[  153.377580][ T3883]  ? hfs_write_begin+0x9e/0xd0
[  153.382342][ T3883]  generic_perform_write+0x35a/0x5e0
[  153.387635][ T3883]  ? __block_commit_write+0x420/0x420
[  153.393004][ T3883]  ? generic_file_direct_write+0x610/0x610
[  153.398804][ T3883]  ? __file_remove_privs+0x6c0/0x6c0
[  153.404087][ T3883]  ? generic_write_checks+0x15c/0x1c0
[  153.409468][ T3883]  __generic_file_write_iter+0x176/0x400
[  153.415104][ T3883]  generic_file_write_iter+0xab/0x310
[  153.420475][ T3883]  vfs_write+0x7dc/0xc50
[  153.424723][ T3883]  ? file_end_write+0x230/0x230
[  153.429571][ T3883]  ? ptrace_stop+0x74d/0x970
[  153.434165][ T3883]  ? _raw_spin_unlock_irq+0x2a/0x40
[  153.439363][ T3883]  ? __fdget_pos+0x252/0x2e0
[  153.443954][ T3883]  ksys_write+0x177/0x2a0
[  153.448370][ T3883]  ? __ia32_sys_read+0x80/0x80
[  153.453134][ T3883]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  153.459120][ T3883]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  153.465104][ T3883]  do_syscall_64+0x3d/0xb0
[  153.469516][ T3883]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  153.475404][ T3883] RIP: 0033:0x7f0fa5191c89
[  153.479827][ T3883] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  153.499426][ T3883] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid  3883] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid  3883] exit_group(0)               = ?
[pid  3883] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3883, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./236", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./236", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./236/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./236/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./236/binderfs")                = 0
umount2("./236/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./236/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./236/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./236/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./236/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./236/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./236")                          = 0
mkdir("./237", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3884
./strace-static-x86_64: Process 3884 attached
[pid  3884] chdir("./237")              = 0
[pid  3884] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3884] setpgid(0, 0)               = 0
[pid  3884] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3884] write(3, "1000", 4)         = 4
[pid  3884] close(3)                    = 0
[pid  3884] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3884] memfd_create("syzkaller", 0) = 3
[pid  3884] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[  153.507837][ T3883] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  153.515804][ T3883] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  153.523770][ T3883] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  153.531733][ T3883] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  153.539698][ T3883] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000ec
[  153.547677][ T3883]  </TASK>
[pid  3884] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3884] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3884] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3884] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3884] close(3)                    = 0
[pid  3884] mkdir("./file0", 0777)      = 0
[pid  3884] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3884] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3884] chdir("./file0")            = 0
[pid  3884] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3884] close(4)                    = 0
[pid  3884] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3884] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3884] write(5, "13", 2)           = 2
[  153.596462][ T3884] loop0: detected capacity change from 0 to 64
[  153.622337][ T3884] FAULT_INJECTION: forcing a failure.
[  153.622337][ T3884] name failslab, interval 1, probability 0, space 0, times 0
[  153.637826][ T3884] CPU: 0 PID: 3884 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  153.648273][ T3884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  153.658343][ T3884] Call Trace:
[  153.661630][ T3884]  <TASK>
[  153.664549][ T3884]  dump_stack_lvl+0x1b1/0x28e
[  153.669220][ T3884]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  153.674663][ T3884]  ? panic+0x710/0x710
[  153.678719][ T3884]  ? __might_sleep+0xc0/0xc0
[  153.683294][ T3884]  ? __mutex_lock_common+0x45f/0x26e0
[  153.688659][ T3884]  should_fail_ex+0x395/0x4c0
[  153.693334][ T3884]  ? hfs_find_init+0x8b/0x1e0
[  153.698013][ T3884]  should_failslab+0x5/0x20
[  153.702518][ T3884]  __kmem_cache_alloc_node+0x69/0x310
[  153.707887][ T3884]  ? rcu_lock_release+0x5/0x20
[  153.712650][ T3884]  ? hfs_find_init+0x8b/0x1e0
[  153.717327][ T3884]  __kmalloc+0x9e/0x1a0
[  153.721492][ T3884]  hfs_find_init+0x8b/0x1e0
[  153.725999][ T3884]  hfs_extend_file+0x2f8/0x1420
[  153.730842][ T3884]  ? xas_find+0x937/0xa60
[  153.735177][ T3884]  ? hfs_get_block+0xbb0/0xbb0
[  153.739935][ T3884]  ? filemap_get_folios+0x557/0x830
[  153.745132][ T3884]  ? find_lock_entries+0xf60/0xf60
[  153.750242][ T3884]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  153.756142][ T3884]  hfs_get_block+0x3fc/0xbb0
[  153.760742][ T3884]  ? hfs_free_extents+0x420/0x420
[  153.765760][ T3884]  ? do_raw_spin_unlock+0x134/0x8a0
[  153.770965][ T3884]  ? create_page_buffers+0x244/0x4b0
[  153.776349][ T3884]  __block_write_begin_int+0x54c/0x1a80
[  153.781913][ T3884]  ? hfs_free_extents+0x420/0x420
[  153.786932][ T3884]  ? page_zero_new_buffers+0x940/0x940
[  153.792392][ T3884]  ? PageHeadHuge+0x8a/0x1d0
[  153.796986][ T3884]  ? hfs_free_extents+0x420/0x420
[  153.802003][ T3884]  block_write_begin+0x93/0x1e0
[  153.806850][ T3884]  ? cont_write_begin+0x5e5/0x860
[  153.811873][ T3884]  ? hfs_free_extents+0x420/0x420
[  153.816892][ T3884]  cont_write_begin+0x606/0x860
[  153.821744][ T3884]  ? fault_in_readable+0x1d5/0x310
[  153.826856][ T3884]  ? generic_cont_expand_simple+0x250/0x250
[  153.832748][ T3884]  ? fault_in_readable+0x219/0x310
[  153.837856][ T3884]  ? fault_in_safe_writeable+0x240/0x240
[  153.843491][ T3884]  hfs_write_begin+0x86/0xd0
[  153.848102][ T3884]  ? hfs_free_extents+0x420/0x420
[  153.853127][ T3884]  generic_perform_write+0x2e4/0x5e0
[  153.858416][ T3884]  ? __block_commit_write+0x420/0x420
[  153.863787][ T3884]  ? generic_file_direct_write+0x610/0x610
[  153.869601][ T3884]  ? __file_remove_privs+0x6c0/0x6c0
[  153.874884][ T3884]  ? generic_write_checks+0x15c/0x1c0
[  153.880263][ T3884]  __generic_file_write_iter+0x176/0x400
[  153.885899][ T3884]  generic_file_write_iter+0xab/0x310
[  153.891269][ T3884]  vfs_write+0x7dc/0xc50
[  153.895521][ T3884]  ? file_end_write+0x230/0x230
[  153.900374][ T3884]  ? ptrace_stop+0x74d/0x970
[  153.904970][ T3884]  ? _raw_spin_unlock_irq+0x2a/0x40
[  153.910173][ T3884]  ? __fdget_pos+0x252/0x2e0
[  153.914765][ T3884]  ksys_write+0x177/0x2a0
[  153.919097][ T3884]  ? __ia32_sys_read+0x80/0x80
[  153.923858][ T3884]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  153.929850][ T3884]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  153.935836][ T3884]  do_syscall_64+0x3d/0xb0
[  153.940251][ T3884]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  153.946138][ T3884] RIP: 0033:0x7f0fa5191c89
[  153.950553][ T3884] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  153.970151][ T3884] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  153.978561][ T3884] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  153.986525][ T3884] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid  3884] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3884] exit_group(0)               = ?
[pid  3884] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3884, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./237", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./237", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./237/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./237/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./237/binderfs")                = 0
umount2("./237/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./237/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./237/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./237/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./237/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./237/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./237")                          = 0
mkdir("./238", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3885
./strace-static-x86_64: Process 3885 attached
[pid  3885] chdir("./238")              = 0
[pid  3885] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3885] setpgid(0, 0)               = 0
[  153.994494][ T3884] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  154.002458][ T3884] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  154.010428][ T3884] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000ed
[  154.018410][ T3884]  </TASK>
[pid  3885] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3885] write(3, "1000", 4)         = 4
[pid  3885] close(3)                    = 0
[pid  3885] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3885] memfd_create("syzkaller", 0) = 3
[pid  3885] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3885] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3885] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3885] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3885] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3885] close(3)                    = 0
[pid  3885] mkdir("./file0", 0777)      = 0
[pid  3885] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3885] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3885] chdir("./file0")            = 0
[pid  3885] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3885] close(4)                    = 0
[pid  3885] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3885] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3885] write(5, "13", 2)           = 2
[pid  3885] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid  3885] exit_group(0)               = ?
[pid  3885] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3885, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./238", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./238", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./238/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./238/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./238/binderfs")                = 0
umount2("./238/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./238/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./238/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./238/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./238/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./238/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./238")                          = 0
mkdir("./239", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3886
./strace-static-x86_64: Process 3886 attached
[  154.066864][ T3885] loop0: detected capacity change from 0 to 64
[pid  3886] chdir("./239")              = 0
[pid  3886] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3886] setpgid(0, 0)               = 0
[pid  3886] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3886] write(3, "1000", 4)         = 4
[pid  3886] close(3)                    = 0
[pid  3886] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3886] memfd_create("syzkaller", 0) = 3
[pid  3886] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3886] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3886] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3886] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3886] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3886] close(3)                    = 0
[pid  3886] mkdir("./file0", 0777)      = 0
[pid  3886] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3886] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3886] chdir("./file0")            = 0
[pid  3886] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3886] close(4)                    = 0
[pid  3886] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3886] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3886] write(5, "13", 2)           = 2
[  154.137368][ T3886] loop0: detected capacity change from 0 to 64
[  154.160576][ T3886] FAULT_INJECTION: forcing a failure.
[  154.160576][ T3886] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  154.173716][ T3886] CPU: 0 PID: 3886 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  154.184144][ T3886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  154.194195][ T3886] Call Trace:
[  154.197475][ T3886]  <TASK>
[  154.200393][ T3886]  dump_stack_lvl+0x1b1/0x28e
[  154.205061][ T3886]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  154.210503][ T3886]  ? panic+0x710/0x710
[  154.214563][ T3886]  ? hfs_free_extents+0x420/0x420
[  154.219621][ T3886]  ? PageHeadHuge+0x8a/0x1d0
[  154.224225][ T3886]  should_fail_ex+0x395/0x4c0
[  154.228896][ T3886]  copy_page_from_iter_atomic+0x217/0x1140
[  154.234707][ T3886]  ? generic_cont_expand_simple+0x250/0x250
[  154.240595][ T3886]  ? pipe_zero+0x200/0x200
[  154.245019][ T3886]  ? hfs_write_begin+0x86/0xd0
[  154.249782][ T3886]  ? hfs_free_extents+0x420/0x420
[  154.254797][ T3886]  ? hfs_write_begin+0x9e/0xd0
[  154.259568][ T3886]  generic_perform_write+0x35a/0x5e0
[  154.264847][ T3886]  ? __block_commit_write+0x420/0x420
[  154.270207][ T3886]  ? generic_file_direct_write+0x610/0x610
[  154.276007][ T3886]  ? __file_remove_privs+0x6c0/0x6c0
[  154.281298][ T3886]  ? generic_write_checks+0x15c/0x1c0
[  154.286696][ T3886]  __generic_file_write_iter+0x176/0x400
[  154.292373][ T3886]  generic_file_write_iter+0xab/0x310
[  154.297773][ T3886]  vfs_write+0x7dc/0xc50
[  154.302042][ T3886]  ? file_end_write+0x230/0x230
[  154.306898][ T3886]  ? ptrace_stop+0x74d/0x970
[  154.311618][ T3886]  ? _raw_spin_unlock_irq+0x2a/0x40
[  154.316838][ T3886]  ? __fdget_pos+0x252/0x2e0
[  154.321435][ T3886]  ksys_write+0x177/0x2a0
[  154.325790][ T3886]  ? __ia32_sys_read+0x80/0x80
[  154.330569][ T3886]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  154.336544][ T3886]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  154.342597][ T3886]  do_syscall_64+0x3d/0xb0
[  154.347026][ T3886]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  154.352922][ T3886] RIP: 0033:0x7f0fa5191c89
[  154.357331][ T3886] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  154.376943][ T3886] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid  3886] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid  3886] exit_group(0)               = ?
[pid  3886] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3886, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./239", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./239", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./239/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./239/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./239/binderfs")                = 0
umount2("./239/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./239/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./239/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./239/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./239/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./239/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./239")                          = 0
mkdir("./240", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3887
./strace-static-x86_64: Process 3887 attached
[pid  3887] chdir("./240")              = 0
[  154.385377][ T3886] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  154.393368][ T3886] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  154.401787][ T3886] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  154.409768][ T3886] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  154.417740][ T3886] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000ef
[  154.425711][ T3886]  </TASK>
[pid  3887] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3887] setpgid(0, 0)               = 0
[pid  3887] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3887] write(3, "1000", 4)         = 4
[pid  3887] close(3)                    = 0
[pid  3887] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3887] memfd_create("syzkaller", 0) = 3
[pid  3887] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3887] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3887] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3887] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3887] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3887] close(3)                    = 0
[pid  3887] mkdir("./file0", 0777)      = 0
[pid  3887] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3887] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3887] chdir("./file0")            = 0
[pid  3887] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3887] close(4)                    = 0
[pid  3887] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3887] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3887] write(5, "13", 2)           = 2
[  154.486734][ T3887] loop0: detected capacity change from 0 to 64
[  154.519651][ T3887] FAULT_INJECTION: forcing a failure.
[  154.519651][ T3887] name failslab, interval 1, probability 0, space 0, times 0
[  154.532662][ T3887] CPU: 0 PID: 3887 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  154.543105][ T3887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  154.553158][ T3887] Call Trace:
[  154.556443][ T3887]  <TASK>
[  154.559375][ T3887]  dump_stack_lvl+0x1b1/0x28e
[  154.564067][ T3887]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  154.569609][ T3887]  ? panic+0x710/0x710
[  154.573693][ T3887]  ? __might_sleep+0xc0/0xc0
[  154.578286][ T3887]  ? __mutex_lock_common+0x45f/0x26e0
[  154.583671][ T3887]  should_fail_ex+0x395/0x4c0
[  154.588374][ T3887]  ? hfs_find_init+0x8b/0x1e0
[  154.593071][ T3887]  should_failslab+0x5/0x20
[  154.597566][ T3887]  __kmem_cache_alloc_node+0x69/0x310
[  154.602932][ T3887]  ? hfs_find_init+0x8b/0x1e0
[  154.607598][ T3887]  __kmalloc+0x9e/0x1a0
[  154.611753][ T3887]  hfs_find_init+0x8b/0x1e0
[  154.616265][ T3887]  hfs_extend_file+0x2f8/0x1420
[  154.621126][ T3887]  ? hfs_get_block+0xbb0/0xbb0
[  154.625889][ T3887]  ? lru_cache_disable+0x30/0x30
[  154.630920][ T3887]  ? __might_sleep+0xc0/0xc0
[  154.635536][ T3887]  hfs_get_block+0x3fc/0xbb0
[  154.640142][ T3887]  ? hfs_free_extents+0x420/0x420
[  154.645171][ T3887]  ? do_raw_spin_unlock+0x134/0x8a0
[  154.650386][ T3887]  ? create_page_buffers+0x244/0x4b0
[  154.655674][ T3887]  __block_write_begin_int+0x54c/0x1a80
[  154.661224][ T3887]  ? hfs_free_extents+0x420/0x420
[  154.666237][ T3887]  ? page_zero_new_buffers+0x940/0x940
[  154.671690][ T3887]  ? PageHeadHuge+0x8a/0x1d0
[  154.676278][ T3887]  ? hfs_free_extents+0x420/0x420
[  154.681290][ T3887]  block_write_begin+0x93/0x1e0
[  154.686133][ T3887]  ? cont_write_begin+0x5e5/0x860
[  154.691146][ T3887]  ? hfs_free_extents+0x420/0x420
[  154.696167][ T3887]  cont_write_begin+0x606/0x860
[  154.701033][ T3887]  ? fault_in_readable+0x1d5/0x310
[  154.706136][ T3887]  ? generic_cont_expand_simple+0x250/0x250
[  154.712025][ T3887]  ? fault_in_readable+0x219/0x310
[  154.717216][ T3887]  ? fault_in_safe_writeable+0x240/0x240
[  154.722842][ T3887]  hfs_write_begin+0x86/0xd0
[  154.727425][ T3887]  ? hfs_free_extents+0x420/0x420
[  154.732440][ T3887]  generic_perform_write+0x2e4/0x5e0
[  154.737721][ T3887]  ? __block_commit_write+0x420/0x420
[  154.743095][ T3887]  ? generic_file_direct_write+0x610/0x610
[  154.748891][ T3887]  ? __file_remove_privs+0x6c0/0x6c0
[  154.754174][ T3887]  ? generic_write_checks+0x15c/0x1c0
[  154.759557][ T3887]  __generic_file_write_iter+0x176/0x400
[  154.765203][ T3887]  generic_file_write_iter+0xab/0x310
[  154.770579][ T3887]  vfs_write+0x7dc/0xc50
[  154.774831][ T3887]  ? file_end_write+0x230/0x230
[  154.779672][ T3887]  ? ptrace_stop+0x74d/0x970
[  154.784279][ T3887]  ? _raw_spin_unlock_irq+0x2a/0x40
[  154.789502][ T3887]  ? __fdget_pos+0x252/0x2e0
[  154.794105][ T3887]  ksys_write+0x177/0x2a0
[  154.798429][ T3887]  ? __ia32_sys_read+0x80/0x80
[  154.803181][ T3887]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  154.809153][ T3887]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  154.815126][ T3887]  do_syscall_64+0x3d/0xb0
[  154.819533][ T3887]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  154.825425][ T3887] RIP: 0033:0x7f0fa5191c89
[  154.829865][ T3887] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  154.849464][ T3887] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  154.857871][ T3887] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  154.865833][ T3887] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  154.873796][ T3887] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3887] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3887] exit_group(0)               = ?
[pid  3887] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3887, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./240", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./240", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./240/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./240/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./240/binderfs")                = 0
umount2("./240/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./240/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./240/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./240/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./240/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./240/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./240")                          = 0
mkdir("./241", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3888
./strace-static-x86_64: Process 3888 attached
[pid  3888] chdir("./241")              = 0
[pid  3888] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[  154.881764][ T3887] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  154.889738][ T3887] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000f0
[  154.897716][ T3887]  </TASK>
[pid  3888] setpgid(0, 0)               = 0
[pid  3888] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3888] write(3, "1000", 4)         = 4
[pid  3888] close(3)                    = 0
[pid  3888] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3888] memfd_create("syzkaller", 0) = 3
[pid  3888] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3888] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3888] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3888] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3888] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3888] close(3)                    = 0
[pid  3888] mkdir("./file0", 0777)      = 0
[pid  3888] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3888] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3888] chdir("./file0")            = 0
[pid  3888] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3888] close(4)                    = 0
[pid  3888] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3888] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3888] write(5, "13", 2)           = 2
[  154.963542][ T3888] loop0: detected capacity change from 0 to 64
[  154.996010][ T3888] FAULT_INJECTION: forcing a failure.
[  154.996010][ T3888] name failslab, interval 1, probability 0, space 0, times 0
[  155.008962][ T3888] CPU: 0 PID: 3888 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  155.019405][ T3888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  155.029459][ T3888] Call Trace:
[  155.032743][ T3888]  <TASK>
[  155.035663][ T3888]  dump_stack_lvl+0x1b1/0x28e
[  155.040329][ T3888]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  155.045778][ T3888]  ? panic+0x710/0x710
[  155.049846][ T3888]  ? __might_sleep+0xc0/0xc0
[  155.054433][ T3888]  ? __mutex_lock_common+0x45f/0x26e0
[  155.059835][ T3888]  should_fail_ex+0x395/0x4c0
[  155.064531][ T3888]  ? hfs_find_init+0x8b/0x1e0
[  155.069210][ T3888]  should_failslab+0x5/0x20
[  155.073717][ T3888]  __kmem_cache_alloc_node+0x69/0x310
[  155.079094][ T3888]  ? hfs_find_init+0x8b/0x1e0
[  155.083772][ T3888]  __kmalloc+0x9e/0x1a0
[  155.087930][ T3888]  hfs_find_init+0x8b/0x1e0
[  155.092531][ T3888]  hfs_extend_file+0x2f8/0x1420
[  155.097388][ T3888]  ? hfs_get_block+0xbb0/0xbb0
[  155.102148][ T3888]  ? lru_cache_disable+0x30/0x30
[  155.107172][ T3888]  ? __might_sleep+0xc0/0xc0
[  155.111776][ T3888]  hfs_get_block+0x3fc/0xbb0
[  155.116377][ T3888]  ? hfs_free_extents+0x420/0x420
[  155.121397][ T3888]  ? do_raw_spin_unlock+0x134/0x8a0
[  155.126623][ T3888]  ? create_page_buffers+0x244/0x4b0
[  155.132015][ T3888]  __block_write_begin_int+0x54c/0x1a80
[  155.137602][ T3888]  ? hfs_free_extents+0x420/0x420
[  155.142632][ T3888]  ? page_zero_new_buffers+0x940/0x940
[  155.148094][ T3888]  ? PageHeadHuge+0x8a/0x1d0
[  155.152684][ T3888]  ? hfs_free_extents+0x420/0x420
[  155.157711][ T3888]  block_write_begin+0x93/0x1e0
[  155.162560][ T3888]  ? cont_write_begin+0x5e5/0x860
[  155.167582][ T3888]  ? hfs_free_extents+0x420/0x420
[  155.172606][ T3888]  cont_write_begin+0x606/0x860
[  155.177482][ T3888]  ? fault_in_readable+0x1d5/0x310
[  155.182618][ T3888]  ? generic_cont_expand_simple+0x250/0x250
[  155.188535][ T3888]  ? fault_in_readable+0x219/0x310
[  155.193658][ T3888]  ? fault_in_safe_writeable+0x240/0x240
[  155.199301][ T3888]  hfs_write_begin+0x86/0xd0
[  155.203889][ T3888]  ? hfs_free_extents+0x420/0x420
[  155.208911][ T3888]  generic_perform_write+0x2e4/0x5e0
[  155.214212][ T3888]  ? __block_commit_write+0x420/0x420
[  155.219586][ T3888]  ? generic_file_direct_write+0x610/0x610
[  155.225393][ T3888]  ? __file_remove_privs+0x6c0/0x6c0
[  155.230680][ T3888]  ? generic_write_checks+0x15c/0x1c0
[  155.236083][ T3888]  __generic_file_write_iter+0x176/0x400
[  155.241722][ T3888]  generic_file_write_iter+0xab/0x310
[  155.247132][ T3888]  vfs_write+0x7dc/0xc50
[  155.251386][ T3888]  ? file_end_write+0x230/0x230
[  155.256236][ T3888]  ? ptrace_stop+0x74d/0x970
[  155.260836][ T3888]  ? _raw_spin_unlock_irq+0x2a/0x40
[  155.266303][ T3888]  ? __fdget_pos+0x252/0x2e0
[  155.270897][ T3888]  ksys_write+0x177/0x2a0
[  155.275251][ T3888]  ? __ia32_sys_read+0x80/0x80
[  155.280027][ T3888]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  155.286016][ T3888]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  155.291996][ T3888]  do_syscall_64+0x3d/0xb0
[  155.296410][ T3888]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  155.302301][ T3888] RIP: 0033:0x7f0fa5191c89
[  155.306717][ T3888] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  155.326415][ T3888] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  155.334845][ T3888] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  155.342829][ T3888] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  155.350801][ T3888] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3888] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3888] exit_group(0)               = ?
[pid  3888] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3888, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
umount2("./241", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./241", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./241/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./241/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./241/binderfs")                = 0
umount2("./241/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./241/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./241/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./241/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./241/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./241/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./241")                          = 0
mkdir("./242", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3889
./strace-static-x86_64: Process 3889 attached
[pid  3889] chdir("./242")              = 0
[pid  3889] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3889] setpgid(0, 0)               = 0
[pid  3889] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3889] write(3, "1000", 4)         = 4
[pid  3889] close(3)                    = 0
[pid  3889] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3889] memfd_create("syzkaller", 0) = 3
[pid  3889] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3889] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3889] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3889] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[  155.358805][ T3888] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  155.366907][ T3888] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000f1
[  155.374922][ T3888]  </TASK>
[pid  3889] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3889] close(3)                    = 0
[pid  3889] mkdir("./file0", 0777)      = 0
[pid  3889] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3889] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3889] chdir("./file0")            = 0
[pid  3889] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3889] close(4)                    = 0
[pid  3889] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3889] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3889] write(5, "13", 2)           = 2
[pid  3889] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid  3889] exit_group(0)               = ?
[pid  3889] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3889, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./242", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./242", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./242/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./242/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./242/binderfs")                = 0
umount2("./242/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./242/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./242/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./242/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./242/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./242/file0")                    = 0
[  155.418836][ T3889] loop0: detected capacity change from 0 to 64
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./242")                          = 0
mkdir("./243", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3890
./strace-static-x86_64: Process 3890 attached
[pid  3890] chdir("./243")              = 0
[pid  3890] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3890] setpgid(0, 0)               = 0
[pid  3890] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3890] write(3, "1000", 4)         = 4
[pid  3890] close(3)                    = 0
[pid  3890] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3890] memfd_create("syzkaller", 0) = 3
[pid  3890] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3890] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3890] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3890] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3890] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3890] close(3)                    = 0
[pid  3890] mkdir("./file0", 0777)      = 0
[pid  3890] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3890] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3890] chdir("./file0")            = 0
[pid  3890] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3890] close(4)                    = 0
[pid  3890] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3890] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3890] write(5, "13", 2)           = 2
[  155.507790][ T3890] loop0: detected capacity change from 0 to 64
[  155.540029][ T3890] FAULT_INJECTION: forcing a failure.
[  155.540029][ T3890] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  155.553473][ T3890] CPU: 0 PID: 3890 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  155.564079][ T3890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  155.574126][ T3890] Call Trace:
[  155.577407][ T3890]  <TASK>
[  155.580357][ T3890]  dump_stack_lvl+0x1b1/0x28e
[  155.585131][ T3890]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  155.590579][ T3890]  ? panic+0x710/0x710
[  155.594634][ T3890]  ? do_anonymous_page+0xd4a/0x1150
[  155.599828][ T3890]  ? mark_lock+0x9a/0x350
[  155.604152][ T3890]  should_fail_ex+0x395/0x4c0
[  155.608830][ T3890]  prepare_alloc_pages+0x1d7/0x5a0
[  155.613943][ T3890]  __alloc_pages+0x161/0x560
[  155.618529][ T3890]  ? zone_statistics+0x160/0x160
[  155.623463][ T3890]  ? rcu_lock_release+0x5/0x20
[  155.628222][ T3890]  ? alloc_pages+0x520/0x7b0
[  155.632814][ T3890]  ? xas_descend+0x1f3/0x400
[  155.637416][ T3890]  folio_alloc+0x1a/0x50
[  155.641650][ T3890]  filemap_alloc_folio+0x7e/0x1c0
[  155.646668][ T3890]  __filemap_get_folio+0x898/0x1260
[  155.651873][ T3890]  ? page_cache_prev_miss+0x4e0/0x4e0
[  155.657261][ T3890]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[  155.663251][ T3890]  ? print_irqtrace_events+0x220/0x220
[  155.668728][ T3890]  pagecache_get_page+0x28/0x260
[  155.673658][ T3890]  ? hfs_free_extents+0x420/0x420
[  155.678668][ T3890]  block_write_begin+0x2e/0x1e0
[  155.683525][ T3890]  ? cont_write_begin+0x5e5/0x860
[  155.688562][ T3890]  ? hfs_free_extents+0x420/0x420
[  155.693588][ T3890]  cont_write_begin+0x606/0x860
[  155.698438][ T3890]  ? fault_in_readable+0x1d5/0x310
[  155.703545][ T3890]  ? generic_cont_expand_simple+0x250/0x250
[  155.709434][ T3890]  ? fault_in_readable+0x219/0x310
[  155.714590][ T3890]  ? fault_in_safe_writeable+0x240/0x240
[  155.720219][ T3890]  hfs_write_begin+0x86/0xd0
[  155.724810][ T3890]  ? hfs_free_extents+0x420/0x420
[  155.729881][ T3890]  generic_perform_write+0x2e4/0x5e0
[  155.735525][ T3890]  ? __block_commit_write+0x420/0x420
[  155.740911][ T3890]  ? generic_file_direct_write+0x610/0x610
[  155.746977][ T3890]  ? __file_remove_privs+0x6c0/0x6c0
[  155.752268][ T3890]  ? generic_write_checks+0x15c/0x1c0
[  155.757668][ T3890]  __generic_file_write_iter+0x176/0x400
[  155.763332][ T3890]  generic_file_write_iter+0xab/0x310
[  155.768725][ T3890]  vfs_write+0x7dc/0xc50
[  155.772999][ T3890]  ? file_end_write+0x230/0x230
[  155.777855][ T3890]  ? ptrace_stop+0x74d/0x970
[  155.782545][ T3890]  ? _raw_spin_unlock_irq+0x2a/0x40
[  155.787763][ T3890]  ? __fdget_pos+0x252/0x2e0
[  155.792357][ T3890]  ksys_write+0x177/0x2a0
[  155.796679][ T3890]  ? __ia32_sys_read+0x80/0x80
[  155.801435][ T3890]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  155.807428][ T3890]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  155.813590][ T3890]  do_syscall_64+0x3d/0xb0
[  155.817996][ T3890]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  155.823887][ T3890] RIP: 0033:0x7f0fa5191c89
[  155.828304][ T3890] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  155.847898][ T3890] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid  3890] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3890] exit_group(0)               = ?
[pid  3890] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3890, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./243", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./243", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./243/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./243/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./243/binderfs")                = 0
umount2("./243/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./243/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./243/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./243/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./243/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./243/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./243")                          = 0
mkdir("./244", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
[  155.856304][ T3890] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  155.864269][ T3890] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  155.872227][ T3890] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  155.880193][ T3890] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  155.888172][ T3890] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000f3
[  155.896150][ T3890]  </TASK>
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3891
./strace-static-x86_64: Process 3891 attached
[pid  3891] chdir("./244")              = 0
[pid  3891] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3891] setpgid(0, 0)               = 0
[pid  3891] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3891] write(3, "1000", 4)         = 4
[pid  3891] close(3)                    = 0
[pid  3891] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3891] memfd_create("syzkaller", 0) = 3
[pid  3891] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3891] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3891] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3891] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3891] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3891] close(3)                    = 0
[pid  3891] mkdir("./file0", 0777)      = 0
[pid  3891] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3891] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3891] chdir("./file0")            = 0
[pid  3891] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3891] close(4)                    = 0
[pid  3891] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3891] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3891] write(5, "13", 2)           = 2
[  155.951996][ T3891] loop0: detected capacity change from 0 to 64
[  155.969964][ T3891] FAULT_INJECTION: forcing a failure.
[  155.969964][ T3891] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  155.984881][ T3891] CPU: 1 PID: 3891 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  155.995337][ T3891] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  156.005405][ T3891] Call Trace:
[  156.008691][ T3891]  <TASK>
[  156.011637][ T3891]  dump_stack_lvl+0x1b1/0x28e
[  156.016312][ T3891]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  156.021760][ T3891]  ? panic+0x710/0x710
[  156.025819][ T3891]  ? do_anonymous_page+0xd4a/0x1150
[  156.031013][ T3891]  ? mark_lock+0x9a/0x350
[  156.035337][ T3891]  should_fail_ex+0x395/0x4c0
[  156.040040][ T3891]  prepare_alloc_pages+0x1d7/0x5a0
[  156.045151][ T3891]  __alloc_pages+0x161/0x560
[  156.049751][ T3891]  ? zone_statistics+0x160/0x160
[  156.054705][ T3891]  ? rcu_lock_release+0x5/0x20
[  156.059471][ T3891]  ? alloc_pages+0x520/0x7b0
[  156.064067][ T3891]  ? xas_descend+0x1f3/0x400
[  156.068652][ T3891]  folio_alloc+0x1a/0x50
[  156.072959][ T3891]  filemap_alloc_folio+0x7e/0x1c0
[  156.077980][ T3891]  __filemap_get_folio+0x898/0x1260
[  156.083179][ T3891]  ? page_cache_prev_miss+0x4e0/0x4e0
[  156.088558][ T3891]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[  156.094565][ T3891]  ? print_irqtrace_events+0x220/0x220
[  156.100026][ T3891]  pagecache_get_page+0x28/0x260
[  156.104968][ T3891]  ? hfs_free_extents+0x420/0x420
[  156.109999][ T3891]  block_write_begin+0x2e/0x1e0
[  156.114843][ T3891]  ? cont_write_begin+0x5e5/0x860
[  156.119861][ T3891]  ? hfs_free_extents+0x420/0x420
[  156.124886][ T3891]  cont_write_begin+0x606/0x860
[  156.129745][ T3891]  ? fault_in_readable+0x1d5/0x310
[  156.134871][ T3891]  ? generic_cont_expand_simple+0x250/0x250
[  156.140767][ T3891]  ? fault_in_readable+0x219/0x310
[  156.145893][ T3891]  ? fault_in_safe_writeable+0x240/0x240
[  156.151624][ T3891]  hfs_write_begin+0x86/0xd0
[  156.156223][ T3891]  ? hfs_free_extents+0x420/0x420
[  156.161241][ T3891]  generic_perform_write+0x2e4/0x5e0
[  156.166541][ T3891]  ? __block_commit_write+0x420/0x420
[  156.171907][ T3891]  ? generic_file_direct_write+0x610/0x610
[  156.177716][ T3891]  ? __file_remove_privs+0x6c0/0x6c0
[  156.183009][ T3891]  ? generic_write_checks+0x15c/0x1c0
[  156.188379][ T3891]  __generic_file_write_iter+0x176/0x400
[  156.194011][ T3891]  generic_file_write_iter+0xab/0x310
[  156.199378][ T3891]  vfs_write+0x7dc/0xc50
[  156.203619][ T3891]  ? file_end_write+0x230/0x230
[  156.208461][ T3891]  ? ptrace_stop+0x74d/0x970
[  156.213049][ T3891]  ? _raw_spin_unlock_irq+0x2a/0x40
[  156.218242][ T3891]  ? __fdget_pos+0x252/0x2e0
[  156.222824][ T3891]  ksys_write+0x177/0x2a0
[  156.227146][ T3891]  ? __ia32_sys_read+0x80/0x80
[  156.231902][ T3891]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  156.237879][ T3891]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  156.243863][ T3891]  do_syscall_64+0x3d/0xb0
[  156.248315][ T3891]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  156.254196][ T3891] RIP: 0033:0x7f0fa5191c89
[  156.258601][ T3891] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  156.278208][ T3891] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  156.286650][ T3891] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  156.294629][ T3891] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid  3891] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3891] exit_group(0)               = ?
[pid  3891] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3891, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./244", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./244", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./244/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./244/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./244/binderfs")                = 0
umount2("./244/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./244/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./244/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./244/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./244/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./244/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./244")                          = 0
mkdir("./245", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3892
./strace-static-x86_64: Process 3892 attached
[pid  3892] chdir("./245")              = 0
[pid  3892] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3892] setpgid(0, 0)               = 0
[pid  3892] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3892] write(3, "1000", 4)         = 4
[pid  3892] close(3)                    = 0
[pid  3892] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3892] memfd_create("syzkaller", 0) = 3
[pid  3892] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3892] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3892] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3892] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[  156.302591][ T3891] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  156.310555][ T3891] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  156.318540][ T3891] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000f4
[  156.326556][ T3891]  </TASK>
[pid  3892] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3892] close(3)                    = 0
[pid  3892] mkdir("./file0", 0777)      = 0
[pid  3892] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3892] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3892] chdir("./file0")            = 0
[pid  3892] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3892] close(4)                    = 0
[pid  3892] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3892] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3892] write(5, "13", 2)           = 2
[  156.383072][ T3892] loop0: detected capacity change from 0 to 64
[  156.404998][ T3892] FAULT_INJECTION: forcing a failure.
[  156.404998][ T3892] name failslab, interval 1, probability 0, space 0, times 0
[  156.418265][ T3892] CPU: 1 PID: 3892 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  156.428719][ T3892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  156.438790][ T3892] Call Trace:
[  156.442073][ T3892]  <TASK>
[  156.445005][ T3892]  dump_stack_lvl+0x1b1/0x28e
[  156.449685][ T3892]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  156.455145][ T3892]  ? panic+0x710/0x710
[  156.459213][ T3892]  ? __might_sleep+0xc0/0xc0
[  156.463798][ T3892]  ? __mutex_lock_common+0x45f/0x26e0
[  156.469180][ T3892]  should_fail_ex+0x395/0x4c0
[  156.473864][ T3892]  ? hfs_find_init+0x8b/0x1e0
[  156.478546][ T3892]  should_failslab+0x5/0x20
[  156.483051][ T3892]  __kmem_cache_alloc_node+0x69/0x310
[  156.488422][ T3892]  ? rcu_lock_release+0x5/0x20
[  156.493190][ T3892]  ? hfs_find_init+0x8b/0x1e0
[  156.497870][ T3892]  __kmalloc+0x9e/0x1a0
[  156.502032][ T3892]  hfs_find_init+0x8b/0x1e0
[  156.506539][ T3892]  hfs_extend_file+0x2f8/0x1420
[  156.511388][ T3892]  ? xas_find+0x937/0xa60
[  156.515730][ T3892]  ? hfs_get_block+0xbb0/0xbb0
[  156.520511][ T3892]  ? filemap_get_folios+0x557/0x830
[  156.525711][ T3892]  ? find_lock_entries+0xf60/0xf60
[  156.530828][ T3892]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  156.536910][ T3892]  hfs_get_block+0x3fc/0xbb0
[  156.541529][ T3892]  ? hfs_free_extents+0x420/0x420
[  156.546550][ T3892]  ? do_raw_spin_unlock+0x134/0x8a0
[  156.551755][ T3892]  ? create_page_buffers+0x244/0x4b0
[  156.557049][ T3892]  __block_write_begin_int+0x54c/0x1a80
[  156.562616][ T3892]  ? hfs_free_extents+0x420/0x420
[  156.567648][ T3892]  ? page_zero_new_buffers+0x940/0x940
[  156.573108][ T3892]  ? PageHeadHuge+0x8a/0x1d0
[  156.577725][ T3892]  ? hfs_free_extents+0x420/0x420
[  156.582744][ T3892]  block_write_begin+0x93/0x1e0
[  156.587594][ T3892]  ? cont_write_begin+0x5e5/0x860
[  156.592616][ T3892]  ? hfs_free_extents+0x420/0x420
[  156.597638][ T3892]  cont_write_begin+0x606/0x860
[  156.602516][ T3892]  ? fault_in_readable+0x1d5/0x310
[  156.607631][ T3892]  ? generic_cont_expand_simple+0x250/0x250
[  156.613522][ T3892]  ? fault_in_readable+0x219/0x310
[  156.618647][ T3892]  ? fault_in_safe_writeable+0x240/0x240
[  156.624374][ T3892]  hfs_write_begin+0x86/0xd0
[  156.628958][ T3892]  ? hfs_free_extents+0x420/0x420
[  156.633983][ T3892]  generic_perform_write+0x2e4/0x5e0
[  156.639276][ T3892]  ? __block_commit_write+0x420/0x420
[  156.644649][ T3892]  ? generic_file_direct_write+0x610/0x610
[  156.650453][ T3892]  ? __file_remove_privs+0x6c0/0x6c0
[  156.655740][ T3892]  ? generic_write_checks+0x15c/0x1c0
[  156.661120][ T3892]  __generic_file_write_iter+0x176/0x400
[  156.666756][ T3892]  generic_file_write_iter+0xab/0x310
[  156.672133][ T3892]  vfs_write+0x7dc/0xc50
[  156.676383][ T3892]  ? file_end_write+0x230/0x230
[  156.681230][ T3892]  ? ptrace_stop+0x74d/0x970
[  156.685858][ T3892]  ? _raw_spin_unlock_irq+0x2a/0x40
[  156.691061][ T3892]  ? __fdget_pos+0x252/0x2e0
[  156.695669][ T3892]  ksys_write+0x177/0x2a0
[  156.700002][ T3892]  ? __ia32_sys_read+0x80/0x80
[  156.704767][ T3892]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  156.710750][ T3892]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  156.716734][ T3892]  do_syscall_64+0x3d/0xb0
[  156.721149][ T3892]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  156.727038][ T3892] RIP: 0033:0x7f0fa5191c89
[  156.731453][ T3892] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  156.751055][ T3892] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  156.759479][ T3892] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  156.767448][ T3892] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  156.775416][ T3892] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3892] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3892] exit_group(0)               = ?
[pid  3892] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3892, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./245", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./245", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./245/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./245/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./245/binderfs")                = 0
umount2("./245/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./245/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./245/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./245/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./245/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
[  156.783384][ T3892] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  156.791353][ T3892] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000f5
[  156.799338][ T3892]  </TASK>
close(4)                                = 0
rmdir("./245/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./245")                          = 0
mkdir("./246", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3893
./strace-static-x86_64: Process 3893 attached
[pid  3893] chdir("./246")              = 0
[pid  3893] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3893] setpgid(0, 0)               = 0
[pid  3893] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3893] write(3, "1000", 4)         = 4
[pid  3893] close(3)                    = 0
[pid  3893] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3893] memfd_create("syzkaller", 0) = 3
[pid  3893] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3893] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3893] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3893] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3893] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3893] close(3)                    = 0
[pid  3893] mkdir("./file0", 0777)      = 0
[pid  3893] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3893] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3893] chdir("./file0")            = 0
[pid  3893] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3893] close(4)                    = 0
[pid  3893] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3893] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3893] write(5, "13", 2)           = 2
[  156.874740][ T3893] loop0: detected capacity change from 0 to 64
[  156.901968][ T3893] FAULT_INJECTION: forcing a failure.
[  156.901968][ T3893] name failslab, interval 1, probability 0, space 0, times 0
[  156.914796][ T3893] CPU: 1 PID: 3893 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  156.925236][ T3893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  156.935285][ T3893] Call Trace:
[  156.938555][ T3893]  <TASK>
[  156.941481][ T3893]  dump_stack_lvl+0x1b1/0x28e
[  156.946162][ T3893]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  156.951642][ T3893]  ? panic+0x710/0x710
[  156.955700][ T3893]  ? __might_sleep+0xc0/0xc0
[  156.960287][ T3893]  ? __mutex_lock_common+0x45f/0x26e0
[  156.965674][ T3893]  should_fail_ex+0x395/0x4c0
[  156.970357][ T3893]  ? hfs_find_init+0x8b/0x1e0
[  156.975049][ T3893]  should_failslab+0x5/0x20
[  156.979546][ T3893]  __kmem_cache_alloc_node+0x69/0x310
[  156.984916][ T3893]  ? hfs_find_init+0x8b/0x1e0
[  156.989584][ T3893]  __kmalloc+0x9e/0x1a0
[  156.993737][ T3893]  hfs_find_init+0x8b/0x1e0
[  156.998267][ T3893]  hfs_extend_file+0x2f8/0x1420
[  157.003134][ T3893]  ? hfs_get_block+0xbb0/0xbb0
[  157.007900][ T3893]  ? lru_cache_disable+0x30/0x30
[  157.012849][ T3893]  ? __might_sleep+0xc0/0xc0
[  157.017442][ T3893]  hfs_get_block+0x3fc/0xbb0
[  157.022051][ T3893]  ? hfs_free_extents+0x420/0x420
[  157.027081][ T3893]  ? do_raw_spin_unlock+0x134/0x8a0
[  157.032275][ T3893]  ? create_page_buffers+0x244/0x4b0
[  157.037553][ T3893]  __block_write_begin_int+0x54c/0x1a80
[  157.043110][ T3893]  ? hfs_free_extents+0x420/0x420
[  157.048133][ T3893]  ? page_zero_new_buffers+0x940/0x940
[  157.053614][ T3893]  ? PageHeadHuge+0x8a/0x1d0
[  157.058220][ T3893]  ? hfs_free_extents+0x420/0x420
[  157.063245][ T3893]  block_write_begin+0x93/0x1e0
[  157.068109][ T3893]  ? cont_write_begin+0x5e5/0x860
[  157.073129][ T3893]  ? hfs_free_extents+0x420/0x420
[  157.078146][ T3893]  cont_write_begin+0x606/0x860
[  157.083000][ T3893]  ? fault_in_readable+0x1d5/0x310
[  157.088120][ T3893]  ? generic_cont_expand_simple+0x250/0x250
[  157.094021][ T3893]  ? fault_in_readable+0x219/0x310
[  157.099148][ T3893]  ? fault_in_safe_writeable+0x240/0x240
[  157.104822][ T3893]  hfs_write_begin+0x86/0xd0
[  157.109421][ T3893]  ? hfs_free_extents+0x420/0x420
[  157.114457][ T3893]  generic_perform_write+0x2e4/0x5e0
[  157.119779][ T3893]  ? __block_commit_write+0x420/0x420
[  157.125171][ T3893]  ? generic_file_direct_write+0x610/0x610
[  157.130993][ T3893]  ? __file_remove_privs+0x6c0/0x6c0
[  157.136319][ T3893]  ? generic_write_checks+0x15c/0x1c0
[  157.141697][ T3893]  __generic_file_write_iter+0x176/0x400
[  157.147334][ T3893]  generic_file_write_iter+0xab/0x310
[  157.152708][ T3893]  vfs_write+0x7dc/0xc50
[  157.156956][ T3893]  ? file_end_write+0x230/0x230
[  157.161847][ T3893]  ? ptrace_stop+0x74d/0x970
[  157.166466][ T3893]  ? _raw_spin_unlock_irq+0x2a/0x40
[  157.171667][ T3893]  ? __fdget_pos+0x252/0x2e0
[  157.176262][ T3893]  ksys_write+0x177/0x2a0
[  157.180598][ T3893]  ? __ia32_sys_read+0x80/0x80
[  157.185374][ T3893]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  157.191386][ T3893]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  157.197363][ T3893]  do_syscall_64+0x3d/0xb0
[  157.201774][ T3893]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  157.207681][ T3893] RIP: 0033:0x7f0fa5191c89
[  157.212088][ T3893] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  157.231698][ T3893] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  157.240107][ T3893] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  157.248076][ T3893] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  157.256050][ T3893] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  157.264027][ T3893] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  3893] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3893] exit_group(0)               = ?
[pid  3893] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3893, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./246", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./246", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./246/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./246/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./246/binderfs")                = 0
umount2("./246/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./246/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./246/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./246/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./246/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./246/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./246")                          = 0
mkdir("./247", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3894
./strace-static-x86_64: Process 3894 attached
[pid  3894] chdir("./247")              = 0
[pid  3894] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3894] setpgid(0, 0)               = 0
[pid  3894] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3894] write(3, "1000", 4)         = 4
[pid  3894] close(3)                    = 0
[pid  3894] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3894] memfd_create("syzkaller", 0) = 3
[pid  3894] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3894] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3894] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3894] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[  157.271986][ T3893] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000f6
[  157.279958][ T3893]  </TASK>
[pid  3894] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3894] close(3)                    = 0
[pid  3894] mkdir("./file0", 0777)      = 0
[pid  3894] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3894] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3894] chdir("./file0")            = 0
[pid  3894] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3894] close(4)                    = 0
[pid  3894] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3894] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3894] write(5, "13", 2)           = 2
[  157.317680][ T3894] loop0: detected capacity change from 0 to 64
[  157.321438][ T3640] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  157.352321][ T3894] FAULT_INJECTION: forcing a failure.
[  157.352321][ T3894] name failslab, interval 1, probability 0, space 0, times 0
[  157.365434][ T3894] CPU: 1 PID: 3894 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  157.375878][ T3894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  157.385954][ T3894] Call Trace:
[  157.389243][ T3894]  <TASK>
[  157.392170][ T3894]  dump_stack_lvl+0x1b1/0x28e
[  157.396856][ T3894]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  157.402313][ T3894]  ? panic+0x710/0x710
[  157.406382][ T3894]  ? __might_sleep+0xc0/0xc0
[  157.410969][ T3894]  ? __mutex_lock_common+0x45f/0x26e0
[  157.416380][ T3894]  should_fail_ex+0x395/0x4c0
[  157.421063][ T3894]  ? hfs_find_init+0x8b/0x1e0
[  157.425742][ T3894]  should_failslab+0x5/0x20
[  157.430245][ T3894]  __kmem_cache_alloc_node+0x69/0x310
[  157.435632][ T3894]  ? hfs_find_init+0x8b/0x1e0
[  157.440312][ T3894]  __kmalloc+0x9e/0x1a0
[  157.444474][ T3894]  hfs_find_init+0x8b/0x1e0
[  157.448983][ T3894]  hfs_extend_file+0x2f8/0x1420
[  157.453842][ T3894]  ? hfs_get_block+0xbb0/0xbb0
[  157.458607][ T3894]  ? lru_cache_disable+0x30/0x30
[  157.463548][ T3894]  ? __might_sleep+0xc0/0xc0
[  157.468154][ T3894]  hfs_get_block+0x3fc/0xbb0
[  157.472758][ T3894]  ? hfs_free_extents+0x420/0x420
[  157.477779][ T3894]  ? do_raw_spin_unlock+0x134/0x8a0
[  157.482983][ T3894]  ? create_page_buffers+0x244/0x4b0
[  157.488276][ T3894]  __block_write_begin_int+0x54c/0x1a80
[  157.493843][ T3894]  ? hfs_free_extents+0x420/0x420
[  157.498866][ T3894]  ? page_zero_new_buffers+0x940/0x940
[  157.504331][ T3894]  ? PageHeadHuge+0x8a/0x1d0
[  157.508928][ T3894]  ? hfs_free_extents+0x420/0x420
[  157.513946][ T3894]  block_write_begin+0x93/0x1e0
[  157.518798][ T3894]  ? cont_write_begin+0x5e5/0x860
[  157.523825][ T3894]  ? hfs_free_extents+0x420/0x420
[  157.528848][ T3894]  cont_write_begin+0x606/0x860
[  157.533793][ T3894]  ? fault_in_readable+0x1d5/0x310
[  157.538947][ T3894]  ? generic_cont_expand_simple+0x250/0x250
[  157.544841][ T3894]  ? fault_in_readable+0x219/0x310
[  157.549953][ T3894]  ? fault_in_safe_writeable+0x240/0x240
[  157.555595][ T3894]  hfs_write_begin+0x86/0xd0
[  157.560187][ T3894]  ? hfs_free_extents+0x420/0x420
[  157.565212][ T3894]  generic_perform_write+0x2e4/0x5e0
[  157.570515][ T3894]  ? __block_commit_write+0x420/0x420
[  157.575892][ T3894]  ? generic_file_direct_write+0x610/0x610
[  157.581697][ T3894]  ? __file_remove_privs+0x6c0/0x6c0
[  157.586984][ T3894]  ? generic_write_checks+0x15c/0x1c0
[  157.592362][ T3894]  __generic_file_write_iter+0x176/0x400
[  157.597999][ T3894]  generic_file_write_iter+0xab/0x310
[  157.603371][ T3894]  vfs_write+0x7dc/0xc50
[  157.607621][ T3894]  ? file_end_write+0x230/0x230
[  157.612467][ T3894]  ? ptrace_stop+0x74d/0x970
[  157.617072][ T3894]  ? _raw_spin_unlock_irq+0x2a/0x40
[  157.622274][ T3894]  ? __fdget_pos+0x252/0x2e0
[  157.626865][ T3894]  ksys_write+0x177/0x2a0
[  157.631202][ T3894]  ? __ia32_sys_read+0x80/0x80
[  157.635966][ T3894]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  157.641950][ T3894]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  157.647929][ T3894]  do_syscall_64+0x3d/0xb0
[  157.652343][ T3894]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  157.658234][ T3894] RIP: 0033:0x7f0fa5191c89
[  157.662649][ T3894] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  157.682252][ T3894] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  157.690664][ T3894] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  157.698633][ T3894] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  157.706600][ T3894] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3894] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3894] exit_group(0)               = ?
[pid  3894] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3894, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./247", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./247", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./247/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./247/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./247/binderfs")                = 0
umount2("./247/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./247/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./247/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./247/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./247/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./247/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./247")                          = 0
mkdir("./248", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3895
./strace-static-x86_64: Process 3895 attached
[pid  3895] chdir("./248")              = 0
[pid  3895] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3895] setpgid(0, 0)               = 0
[pid  3895] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3895] write(3, "1000", 4)         = 4
[pid  3895] close(3)                    = 0
[pid  3895] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3895] memfd_create("syzkaller", 0) = 3
[pid  3895] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3895] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3895] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3895] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[  157.714568][ T3894] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  157.722531][ T3894] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000f7
[  157.730529][ T3894]  </TASK>
[pid  3895] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3895] close(3)                    = 0
[pid  3895] mkdir("./file0", 0777)      = 0
[pid  3895] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3895] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3895] chdir("./file0")            = 0
[pid  3895] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3895] close(4)                    = 0
[pid  3895] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3895] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3895] write(5, "13", 2)           = 2
[  157.767525][ T3895] loop0: detected capacity change from 0 to 64
[  157.769404][ T3640] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  157.804498][ T3895] FAULT_INJECTION: forcing a failure.
[  157.804498][ T3895] name failslab, interval 1, probability 0, space 0, times 0
[  157.817772][ T3895] CPU: 1 PID: 3895 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  157.828206][ T3895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  157.838251][ T3895] Call Trace:
[  157.841527][ T3895]  <TASK>
[  157.844447][ T3895]  dump_stack_lvl+0x1b1/0x28e
[  157.849115][ T3895]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  157.854563][ T3895]  ? panic+0x710/0x710
[  157.858619][ T3895]  ? __might_sleep+0xc0/0xc0
[  157.863224][ T3895]  ? __mutex_lock_common+0x45f/0x26e0
[  157.868588][ T3895]  should_fail_ex+0x395/0x4c0
[  157.873255][ T3895]  ? hfs_find_init+0x8b/0x1e0
[  157.877921][ T3895]  should_failslab+0x5/0x20
[  157.882448][ T3895]  __kmem_cache_alloc_node+0x69/0x310
[  157.887807][ T3895]  ? rcu_lock_release+0x5/0x20
[  157.892560][ T3895]  ? hfs_find_init+0x8b/0x1e0
[  157.897227][ T3895]  __kmalloc+0x9e/0x1a0
[  157.901374][ T3895]  hfs_find_init+0x8b/0x1e0
[  157.905869][ T3895]  hfs_extend_file+0x2f8/0x1420
[  157.910707][ T3895]  ? xas_find+0x937/0xa60
[  157.915031][ T3895]  ? hfs_get_block+0xbb0/0xbb0
[  157.919782][ T3895]  ? filemap_get_folios+0x557/0x830
[  157.925155][ T3895]  ? find_lock_entries+0xf60/0xf60
[  157.930268][ T3895]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  157.936161][ T3895]  hfs_get_block+0x3fc/0xbb0
[  157.940751][ T3895]  ? hfs_free_extents+0x420/0x420
[  157.945767][ T3895]  ? do_raw_spin_unlock+0x134/0x8a0
[  157.950970][ T3895]  ? create_page_buffers+0x244/0x4b0
[  157.956248][ T3895]  __block_write_begin_int+0x54c/0x1a80
[  157.961817][ T3895]  ? hfs_free_extents+0x420/0x420
[  157.966829][ T3895]  ? page_zero_new_buffers+0x940/0x940
[  157.972276][ T3895]  ? PageHeadHuge+0x8a/0x1d0
[  157.976864][ T3895]  ? hfs_free_extents+0x420/0x420
[  157.981872][ T3895]  block_write_begin+0x93/0x1e0
[  157.986766][ T3895]  ? cont_write_begin+0x5e5/0x860
[  157.991777][ T3895]  ? hfs_free_extents+0x420/0x420
[  157.996787][ T3895]  cont_write_begin+0x606/0x860
[  158.001630][ T3895]  ? fault_in_readable+0x1d5/0x310
[  158.006730][ T3895]  ? generic_cont_expand_simple+0x250/0x250
[  158.012612][ T3895]  ? fault_in_readable+0x219/0x310
[  158.017715][ T3895]  ? fault_in_safe_writeable+0x240/0x240
[  158.023343][ T3895]  hfs_write_begin+0x86/0xd0
[  158.027919][ T3895]  ? hfs_free_extents+0x420/0x420
[  158.032991][ T3895]  generic_perform_write+0x2e4/0x5e0
[  158.038271][ T3895]  ? __block_commit_write+0x420/0x420
[  158.043636][ T3895]  ? generic_file_direct_write+0x610/0x610
[  158.049429][ T3895]  ? __file_remove_privs+0x6c0/0x6c0
[  158.054703][ T3895]  ? generic_write_checks+0x15c/0x1c0
[  158.060068][ T3895]  __generic_file_write_iter+0x176/0x400
[  158.065693][ T3895]  generic_file_write_iter+0xab/0x310
[  158.071062][ T3895]  vfs_write+0x7dc/0xc50
[  158.075559][ T3895]  ? file_end_write+0x230/0x230
[  158.080400][ T3895]  ? ptrace_stop+0x74d/0x970
[  158.085019][ T3895]  ? _raw_spin_unlock_irq+0x2a/0x40
[  158.090208][ T3895]  ? __fdget_pos+0x252/0x2e0
[  158.094807][ T3895]  ksys_write+0x177/0x2a0
[  158.099132][ T3895]  ? __ia32_sys_read+0x80/0x80
[  158.103887][ T3895]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  158.109857][ T3895]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  158.115829][ T3895]  do_syscall_64+0x3d/0xb0
[  158.120232][ T3895]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  158.126112][ T3895] RIP: 0033:0x7f0fa5191c89
[  158.130520][ T3895] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  158.150113][ T3895] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  158.158518][ T3895] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[pid  3895] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3895] exit_group(0)               = ?
[pid  3895] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3895, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./248", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./248", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./248/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./248/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./248/binderfs")                = 0
umount2("./248/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./248/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./248/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./248/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./248/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./248/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./248")                          = 0
mkdir("./249", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3896
./strace-static-x86_64: Process 3896 attached
[pid  3896] chdir("./249")              = 0
[pid  3896] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3896] setpgid(0, 0)               = 0
[pid  3896] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3896] write(3, "1000", 4)         = 4
[  158.166497][ T3895] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  158.174456][ T3895] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  158.182431][ T3895] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  158.190389][ T3895] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000f8
[  158.198371][ T3895]  </TASK>
[pid  3896] close(3)                    = 0
[pid  3896] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3896] memfd_create("syzkaller", 0) = 3
[pid  3896] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3896] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3896] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3896] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3896] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3896] close(3)                    = 0
[pid  3896] mkdir("./file0", 0777)      = 0
[pid  3896] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3896] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3896] chdir("./file0")            = 0
[pid  3896] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3896] close(4)                    = 0
[pid  3896] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3896] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3896] write(5, "13", 2)           = 2
[  158.256352][ T3896] loop0: detected capacity change from 0 to 64
[  158.286390][ T3896] FAULT_INJECTION: forcing a failure.
[  158.286390][ T3896] name failslab, interval 1, probability 0, space 0, times 0
[  158.299409][ T3896] CPU: 0 PID: 3896 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  158.309839][ T3896] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  158.319907][ T3896] Call Trace:
[  158.323210][ T3896]  <TASK>
[  158.326140][ T3896]  dump_stack_lvl+0x1b1/0x28e
[  158.330840][ T3896]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  158.336316][ T3896]  ? panic+0x710/0x710
[  158.340389][ T3896]  ? __might_sleep+0xc0/0xc0
[  158.344986][ T3896]  ? __mutex_lock_common+0x45f/0x26e0
[  158.350358][ T3896]  should_fail_ex+0x395/0x4c0
[  158.355040][ T3896]  ? hfs_find_init+0x8b/0x1e0
[  158.359718][ T3896]  should_failslab+0x5/0x20
[  158.364231][ T3896]  __kmem_cache_alloc_node+0x69/0x310
[  158.369620][ T3896]  ? hfs_find_init+0x8b/0x1e0
[  158.374328][ T3896]  __kmalloc+0x9e/0x1a0
[  158.378505][ T3896]  hfs_find_init+0x8b/0x1e0
[  158.383028][ T3896]  hfs_extend_file+0x2f8/0x1420
[  158.387882][ T3896]  ? hfs_get_block+0xbb0/0xbb0
[  158.392650][ T3896]  ? lru_cache_disable+0x30/0x30
[  158.397600][ T3896]  ? __might_sleep+0xc0/0xc0
[  158.402199][ T3896]  hfs_get_block+0x3fc/0xbb0
[  158.406809][ T3896]  ? hfs_free_extents+0x420/0x420
[  158.411842][ T3896]  ? do_raw_spin_unlock+0x134/0x8a0
[  158.417046][ T3896]  ? create_page_buffers+0x244/0x4b0
[  158.422342][ T3896]  __block_write_begin_int+0x54c/0x1a80
[  158.427943][ T3896]  ? hfs_free_extents+0x420/0x420
[  158.432981][ T3896]  ? page_zero_new_buffers+0x940/0x940
[  158.438531][ T3896]  ? PageHeadHuge+0x8a/0x1d0
[  158.443125][ T3896]  ? hfs_free_extents+0x420/0x420
[  158.448159][ T3896]  block_write_begin+0x93/0x1e0
[  158.453018][ T3896]  ? cont_write_begin+0x5e5/0x860
[  158.458069][ T3896]  ? hfs_free_extents+0x420/0x420
[  158.463088][ T3896]  cont_write_begin+0x606/0x860
[  158.467943][ T3896]  ? fault_in_readable+0x1d5/0x310
[  158.473067][ T3896]  ? generic_cont_expand_simple+0x250/0x250
[  158.478955][ T3896]  ? fault_in_readable+0x219/0x310
[  158.484070][ T3896]  ? fault_in_safe_writeable+0x240/0x240
[  158.489724][ T3896]  hfs_write_begin+0x86/0xd0
[  158.494316][ T3896]  ? hfs_free_extents+0x420/0x420
[  158.499350][ T3896]  generic_perform_write+0x2e4/0x5e0
[  158.504636][ T3896]  ? __block_commit_write+0x420/0x420
[  158.510004][ T3896]  ? generic_file_direct_write+0x610/0x610
[  158.515809][ T3896]  ? __file_remove_privs+0x6c0/0x6c0
[  158.521092][ T3896]  ? generic_write_checks+0x15c/0x1c0
[  158.526465][ T3896]  __generic_file_write_iter+0x176/0x400
[  158.532099][ T3896]  generic_file_write_iter+0xab/0x310
[  158.537473][ T3896]  vfs_write+0x7dc/0xc50
[  158.541715][ T3896]  ? file_end_write+0x230/0x230
[  158.546565][ T3896]  ? ptrace_stop+0x74d/0x970
[  158.551190][ T3896]  ? _raw_spin_unlock_irq+0x2a/0x40
[  158.556405][ T3896]  ? __fdget_pos+0x252/0x2e0
[  158.561014][ T3896]  ksys_write+0x177/0x2a0
[  158.565350][ T3896]  ? __ia32_sys_read+0x80/0x80
[  158.570111][ T3896]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  158.576100][ T3896]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  158.582075][ T3896]  do_syscall_64+0x3d/0xb0
[  158.586489][ T3896]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  158.592382][ T3896] RIP: 0033:0x7f0fa5191c89
[  158.596807][ T3896] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  158.616416][ T3896] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  158.624834][ T3896] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  158.632820][ T3896] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  158.640804][ T3896] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  158.648783][ T3896] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  3896] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3896] exit_group(0)               = ?
[pid  3896] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3896, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./249", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./249", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./249/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./249/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./249/binderfs")                = 0
umount2("./249/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./249/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./249/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./249/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./249/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./249/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./249")                          = 0
mkdir("./250", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3897
./strace-static-x86_64: Process 3897 attached
[pid  3897] chdir("./250")              = 0
[pid  3897] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3897] setpgid(0, 0)               = 0
[pid  3897] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3897] write(3, "1000", 4)         = 4
[pid  3897] close(3)                    = 0
[  158.656753][ T3896] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000f9
[  158.664742][ T3896]  </TASK>
[pid  3897] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3897] memfd_create("syzkaller", 0) = 3
[pid  3897] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3897] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3897] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3897] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3897] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3897] close(3)                    = 0
[pid  3897] mkdir("./file0", 0777)      = 0
[pid  3897] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3897] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3897] chdir("./file0")            = 0
[pid  3897] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3897] close(4)                    = 0
[pid  3897] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3897] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3897] write(5, "13", 2)           = 2
[  158.727828][ T3897] loop0: detected capacity change from 0 to 64
[  158.761822][ T3897] FAULT_INJECTION: forcing a failure.
[  158.761822][ T3897] name failslab, interval 1, probability 0, space 0, times 0
[  158.774764][ T3897] CPU: 0 PID: 3897 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  158.785181][ T3897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  158.795239][ T3897] Call Trace:
[  158.798519][ T3897]  <TASK>
[  158.801448][ T3897]  dump_stack_lvl+0x1b1/0x28e
[  158.806133][ T3897]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  158.811587][ T3897]  ? panic+0x710/0x710
[  158.815662][ T3897]  ? __might_sleep+0xc0/0xc0
[  158.820253][ T3897]  ? __mutex_lock_common+0x45f/0x26e0
[  158.825633][ T3897]  should_fail_ex+0x395/0x4c0
[  158.830316][ T3897]  ? hfs_find_init+0x8b/0x1e0
[  158.835003][ T3897]  should_failslab+0x5/0x20
[  158.839513][ T3897]  __kmem_cache_alloc_node+0x69/0x310
[  158.845072][ T3897]  ? hfs_find_init+0x8b/0x1e0
[  158.849754][ T3897]  __kmalloc+0x9e/0x1a0
[  158.853920][ T3897]  hfs_find_init+0x8b/0x1e0
[  158.858429][ T3897]  hfs_extend_file+0x2f8/0x1420
[  158.863294][ T3897]  ? hfs_get_block+0xbb0/0xbb0
[  158.868062][ T3897]  ? lru_cache_disable+0x30/0x30
[  158.873007][ T3897]  ? __might_sleep+0xc0/0xc0
[  158.877614][ T3897]  hfs_get_block+0x3fc/0xbb0
[  158.882214][ T3897]  ? hfs_free_extents+0x420/0x420
[  158.887240][ T3897]  ? do_raw_spin_unlock+0x134/0x8a0
[  158.892451][ T3897]  ? create_page_buffers+0x244/0x4b0
[  158.897750][ T3897]  __block_write_begin_int+0x54c/0x1a80
[  158.903321][ T3897]  ? hfs_free_extents+0x420/0x420
[  158.908369][ T3897]  ? page_zero_new_buffers+0x940/0x940
[  158.913927][ T3897]  ? PageHeadHuge+0x8a/0x1d0
[  158.918524][ T3897]  ? hfs_free_extents+0x420/0x420
[  158.923548][ T3897]  block_write_begin+0x93/0x1e0
[  158.928402][ T3897]  ? cont_write_begin+0x5e5/0x860
[  158.933433][ T3897]  ? hfs_free_extents+0x420/0x420
[  158.938467][ T3897]  cont_write_begin+0x606/0x860
[  158.943331][ T3897]  ? fault_in_readable+0x1d5/0x310
[  158.948470][ T3897]  ? generic_cont_expand_simple+0x250/0x250
[  158.954372][ T3897]  ? fault_in_readable+0x219/0x310
[  158.959489][ T3897]  ? fault_in_safe_writeable+0x240/0x240
[  158.965135][ T3897]  hfs_write_begin+0x86/0xd0
[  158.969908][ T3897]  ? hfs_free_extents+0x420/0x420
[  158.974936][ T3897]  generic_perform_write+0x2e4/0x5e0
[  158.980239][ T3897]  ? __block_commit_write+0x420/0x420
[  158.985616][ T3897]  ? generic_file_direct_write+0x610/0x610
[  158.991421][ T3897]  ? __file_remove_privs+0x6c0/0x6c0
[  158.996709][ T3897]  ? generic_write_checks+0x15c/0x1c0
[  159.002111][ T3897]  __generic_file_write_iter+0x176/0x400
[  159.007792][ T3897]  generic_file_write_iter+0xab/0x310
[  159.013190][ T3897]  vfs_write+0x7dc/0xc50
[  159.017461][ T3897]  ? file_end_write+0x230/0x230
[  159.022318][ T3897]  ? ptrace_stop+0x74d/0x970
[  159.026924][ T3897]  ? _raw_spin_unlock_irq+0x2a/0x40
[  159.032131][ T3897]  ? __fdget_pos+0x252/0x2e0
[  159.036727][ T3897]  ksys_write+0x177/0x2a0
[  159.041061][ T3897]  ? __ia32_sys_read+0x80/0x80
[  159.045827][ T3897]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  159.051814][ T3897]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  159.057822][ T3897]  do_syscall_64+0x3d/0xb0
[  159.062265][ T3897]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  159.068175][ T3897] RIP: 0033:0x7f0fa5191c89
[  159.072591][ T3897] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  159.092283][ T3897] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  159.100702][ T3897] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  159.108682][ T3897] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  159.116656][ T3897] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3897] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3897] exit_group(0)               = ?
[pid  3897] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3897, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./250", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./250", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./250/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./250/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./250/binderfs")                = 0
umount2("./250/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./250/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./250/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./250/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./250/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./250/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./250")                          = 0
mkdir("./251", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3898
[  159.124630][ T3897] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  159.133211][ T3897] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000fa
[  159.141197][ T3897]  </TASK>
./strace-static-x86_64: Process 3898 attached
[pid  3898] chdir("./251")              = 0
[pid  3898] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3898] setpgid(0, 0)               = 0
[pid  3898] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3898] write(3, "1000", 4)         = 4
[pid  3898] close(3)                    = 0
[pid  3898] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3898] memfd_create("syzkaller", 0) = 3
[pid  3898] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3898] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3898] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3898] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3898] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3898] close(3)                    = 0
[pid  3898] mkdir("./file0", 0777)      = 0
[pid  3898] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3898] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3898] chdir("./file0")            = 0
[pid  3898] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3898] close(4)                    = 0
[pid  3898] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3898] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3898] write(5, "13", 2)           = 2
[  159.202854][ T3898] loop0: detected capacity change from 0 to 64
[  159.231437][ T3898] FAULT_INJECTION: forcing a failure.
[  159.231437][ T3898] name failslab, interval 1, probability 0, space 0, times 0
[  159.244079][ T3898] CPU: 1 PID: 3898 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  159.254498][ T3898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  159.264557][ T3898] Call Trace:
[  159.267836][ T3898]  <TASK>
[  159.270783][ T3898]  dump_stack_lvl+0x1b1/0x28e
[  159.275486][ T3898]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  159.280944][ T3898]  ? panic+0x710/0x710
[  159.285016][ T3898]  ? __might_sleep+0xc0/0xc0
[  159.289609][ T3898]  ? __mutex_lock_common+0x45f/0x26e0
[  159.294991][ T3898]  should_fail_ex+0x395/0x4c0
[  159.299681][ T3898]  ? hfs_find_init+0x8b/0x1e0
[  159.304363][ T3898]  should_failslab+0x5/0x20
[  159.308867][ T3898]  __kmem_cache_alloc_node+0x69/0x310
[  159.314243][ T3898]  ? hfs_find_init+0x8b/0x1e0
[  159.318929][ T3898]  __kmalloc+0x9e/0x1a0
[  159.323089][ T3898]  hfs_find_init+0x8b/0x1e0
[  159.327599][ T3898]  hfs_extend_file+0x2f8/0x1420
[  159.332463][ T3898]  ? hfs_get_block+0xbb0/0xbb0
[  159.337253][ T3898]  ? lru_cache_disable+0x30/0x30
[  159.342213][ T3898]  ? __might_sleep+0xc0/0xc0
[  159.346834][ T3898]  hfs_get_block+0x3fc/0xbb0
[  159.351441][ T3898]  ? hfs_free_extents+0x420/0x420
[  159.356461][ T3898]  ? do_raw_spin_unlock+0x134/0x8a0
[  159.361668][ T3898]  ? create_page_buffers+0x244/0x4b0
[  159.366978][ T3898]  __block_write_begin_int+0x54c/0x1a80
[  159.372549][ T3898]  ? hfs_free_extents+0x420/0x420
[  159.377575][ T3898]  ? page_zero_new_buffers+0x940/0x940
[  159.383049][ T3898]  ? PageHeadHuge+0x8a/0x1d0
[  159.387644][ T3898]  ? hfs_free_extents+0x420/0x420
[  159.392666][ T3898]  block_write_begin+0x93/0x1e0
[  159.397520][ T3898]  ? cont_write_begin+0x5e5/0x860
[  159.402568][ T3898]  ? hfs_free_extents+0x420/0x420
[  159.407627][ T3898]  cont_write_begin+0x606/0x860
[  159.412504][ T3898]  ? fault_in_readable+0x1d5/0x310
[  159.417622][ T3898]  ? generic_cont_expand_simple+0x250/0x250
[  159.423518][ T3898]  ? fault_in_readable+0x219/0x310
[  159.428634][ T3898]  ? fault_in_safe_writeable+0x240/0x240
[  159.434277][ T3898]  hfs_write_begin+0x86/0xd0
[  159.438864][ T3898]  ? hfs_free_extents+0x420/0x420
[  159.443900][ T3898]  generic_perform_write+0x2e4/0x5e0
[  159.449205][ T3898]  ? __block_commit_write+0x420/0x420
[  159.454758][ T3898]  ? generic_file_direct_write+0x610/0x610
[  159.460568][ T3898]  ? __file_remove_privs+0x6c0/0x6c0
[  159.465854][ T3898]  ? generic_write_checks+0x15c/0x1c0
[  159.471241][ T3898]  __generic_file_write_iter+0x176/0x400
[  159.476887][ T3898]  generic_file_write_iter+0xab/0x310
[  159.482263][ T3898]  vfs_write+0x7dc/0xc50
[  159.486520][ T3898]  ? file_end_write+0x230/0x230
[  159.491368][ T3898]  ? ptrace_stop+0x74d/0x970
[  159.495967][ T3898]  ? _raw_spin_unlock_irq+0x2a/0x40
[  159.501169][ T3898]  ? __fdget_pos+0x252/0x2e0
[  159.505764][ T3898]  ksys_write+0x177/0x2a0
[  159.510096][ T3898]  ? __ia32_sys_read+0x80/0x80
[  159.514862][ T3898]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  159.520853][ T3898]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  159.526839][ T3898]  do_syscall_64+0x3d/0xb0
[  159.531277][ T3898]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  159.537171][ T3898] RIP: 0033:0x7f0fa5191c89
[  159.541582][ T3898] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  159.561183][ T3898] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  159.569595][ T3898] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  159.577563][ T3898] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  159.585529][ T3898] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  159.593497][ T3898] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  3898] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3898] exit_group(0)               = ?
[pid  3898] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3898, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./251", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./251", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./251/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./251/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./251/binderfs")                = 0
umount2("./251/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./251/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./251/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./251/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./251/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./251/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./251")                          = 0
mkdir("./252", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3899 attached
, child_tidptr=0x555555b7f5d0) = 3899
[pid  3899] chdir("./252")              = 0
[pid  3899] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3899] setpgid(0, 0)               = 0
[pid  3899] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3899] write(3, "1000", 4)         = 4
[pid  3899] close(3)                    = 0
[pid  3899] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3899] memfd_create("syzkaller", 0) = 3
[pid  3899] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3899] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3899] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3899] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[  159.601463][ T3898] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000fb
[  159.609450][ T3898]  </TASK>
[pid  3899] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3899] close(3)                    = 0
[pid  3899] mkdir("./file0", 0777)      = 0
[pid  3899] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3899] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3899] chdir("./file0")            = 0
[pid  3899] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3899] close(4)                    = 0
[pid  3899] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3899] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3899] write(5, "13", 2)           = 2
[  159.665143][ T3899] loop0: detected capacity change from 0 to 64
[  159.697761][ T3899] FAULT_INJECTION: forcing a failure.
[  159.697761][ T3899] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  159.711369][ T3899] CPU: 0 PID: 3899 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  159.721797][ T3899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  159.731845][ T3899] Call Trace:
[  159.735137][ T3899]  <TASK>
[  159.738071][ T3899]  dump_stack_lvl+0x1b1/0x28e
[  159.742741][ T3899]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  159.748188][ T3899]  ? panic+0x710/0x710
[  159.752246][ T3899]  ? do_anonymous_page+0xd4a/0x1150
[  159.757435][ T3899]  ? mark_lock+0x9a/0x350
[  159.761754][ T3899]  should_fail_ex+0x395/0x4c0
[  159.766425][ T3899]  prepare_alloc_pages+0x1d7/0x5a0
[  159.771547][ T3899]  __alloc_pages+0x161/0x560
[  159.776153][ T3899]  ? zone_statistics+0x160/0x160
[  159.781098][ T3899]  ? rcu_lock_release+0x5/0x20
[  159.785863][ T3899]  ? alloc_pages+0x520/0x7b0
[  159.790449][ T3899]  ? xas_descend+0x1f3/0x400
[  159.795044][ T3899]  folio_alloc+0x1a/0x50
[  159.799279][ T3899]  filemap_alloc_folio+0x7e/0x1c0
[  159.804307][ T3899]  __filemap_get_folio+0x898/0x1260
[  159.809506][ T3899]  ? page_cache_prev_miss+0x4e0/0x4e0
[  159.814882][ T3899]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[  159.820861][ T3899]  ? print_irqtrace_events+0x220/0x220
[  159.826319][ T3899]  pagecache_get_page+0x28/0x260
[  159.831256][ T3899]  ? hfs_free_extents+0x420/0x420
[  159.836277][ T3899]  block_write_begin+0x2e/0x1e0
[  159.841127][ T3899]  ? cont_write_begin+0x5e5/0x860
[  159.846149][ T3899]  ? hfs_free_extents+0x420/0x420
[  159.851171][ T3899]  cont_write_begin+0x606/0x860
[  159.856027][ T3899]  ? fault_in_readable+0x1d5/0x310
[  159.861143][ T3899]  ? generic_cont_expand_simple+0x250/0x250
[  159.867035][ T3899]  ? fault_in_readable+0x219/0x310
[  159.872149][ T3899]  ? fault_in_safe_writeable+0x240/0x240
[  159.877878][ T3899]  hfs_write_begin+0x86/0xd0
[  159.882475][ T3899]  ? hfs_free_extents+0x420/0x420
[  159.887497][ T3899]  generic_perform_write+0x2e4/0x5e0
[  159.892791][ T3899]  ? __block_commit_write+0x420/0x420
[  159.898162][ T3899]  ? generic_file_direct_write+0x610/0x610
[  159.903966][ T3899]  ? __file_remove_privs+0x6c0/0x6c0
[  159.909251][ T3899]  ? generic_write_checks+0x15c/0x1c0
[  159.914633][ T3899]  __generic_file_write_iter+0x176/0x400
[  159.920268][ T3899]  generic_file_write_iter+0xab/0x310
[  159.925641][ T3899]  vfs_write+0x7dc/0xc50
[  159.929892][ T3899]  ? file_end_write+0x230/0x230
[  159.934744][ T3899]  ? ptrace_stop+0x74d/0x970
[  159.939347][ T3899]  ? _raw_spin_unlock_irq+0x2a/0x40
[  159.944546][ T3899]  ? __fdget_pos+0x252/0x2e0
[  159.949140][ T3899]  ksys_write+0x177/0x2a0
[  159.953473][ T3899]  ? __ia32_sys_read+0x80/0x80
[  159.958325][ T3899]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  159.964307][ T3899]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  159.970289][ T3899]  do_syscall_64+0x3d/0xb0
[  159.974699][ T3899]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  159.980587][ T3899] RIP: 0033:0x7f0fa5191c89
[  159.984999][ T3899] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  160.004604][ T3899] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid  3899] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3899] exit_group(0)               = ?
[pid  3899] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3899, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./252", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./252", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./252/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./252/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./252/binderfs")                = 0
umount2("./252/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./252/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./252/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./252/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./252/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./252/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./252")                          = 0
mkdir("./253", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3900
./strace-static-x86_64: Process 3900 attached
[pid  3900] chdir("./253")              = 0
[pid  3900] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3900] setpgid(0, 0)               = 0
[pid  3900] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3900] write(3, "1000", 4)         = 4
[pid  3900] close(3)                    = 0
[pid  3900] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3900] memfd_create("syzkaller", 0) = 3
[  160.013012][ T3899] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  160.020979][ T3899] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  160.028949][ T3899] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  160.036913][ T3899] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  160.044876][ T3899] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000fc
[  160.052861][ T3899]  </TASK>
[pid  3900] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3900] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3900] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3900] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3900] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3900] close(3)                    = 0
[pid  3900] mkdir("./file0", 0777)      = 0
[pid  3900] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3900] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3900] chdir("./file0")            = 0
[pid  3900] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3900] close(4)                    = 0
[pid  3900] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3900] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3900] write(5, "13", 2)           = 2
[  160.100939][ T3900] loop0: detected capacity change from 0 to 64
[  160.131018][ T3900] FAULT_INJECTION: forcing a failure.
[  160.131018][ T3900] name failslab, interval 1, probability 0, space 0, times 0
[  160.143987][ T3900] CPU: 0 PID: 3900 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  160.154395][ T3900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  160.164436][ T3900] Call Trace:
[  160.167718][ T3900]  <TASK>
[  160.170646][ T3900]  dump_stack_lvl+0x1b1/0x28e
[  160.175329][ T3900]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  160.180786][ T3900]  ? panic+0x710/0x710
[  160.184860][ T3900]  ? __might_sleep+0xc0/0xc0
[  160.189435][ T3900]  ? __mutex_lock_common+0x45f/0x26e0
[  160.194890][ T3900]  should_fail_ex+0x395/0x4c0
[  160.199580][ T3900]  ? hfs_find_init+0x8b/0x1e0
[  160.204274][ T3900]  should_failslab+0x5/0x20
[  160.208787][ T3900]  __kmem_cache_alloc_node+0x69/0x310
[  160.214165][ T3900]  ? hfs_find_init+0x8b/0x1e0
[  160.218855][ T3900]  __kmalloc+0x9e/0x1a0
[  160.223011][ T3900]  hfs_find_init+0x8b/0x1e0
[  160.227513][ T3900]  hfs_extend_file+0x2f8/0x1420
[  160.232364][ T3900]  ? hfs_get_block+0xbb0/0xbb0
[  160.237137][ T3900]  ? lru_cache_disable+0x30/0x30
[  160.242068][ T3900]  ? __might_sleep+0xc0/0xc0
[  160.246659][ T3900]  hfs_get_block+0x3fc/0xbb0
[  160.251246][ T3900]  ? hfs_free_extents+0x420/0x420
[  160.256255][ T3900]  ? do_raw_spin_unlock+0x134/0x8a0
[  160.261446][ T3900]  ? create_page_buffers+0x244/0x4b0
[  160.266724][ T3900]  __block_write_begin_int+0x54c/0x1a80
[  160.272280][ T3900]  ? hfs_free_extents+0x420/0x420
[  160.277382][ T3900]  ? page_zero_new_buffers+0x940/0x940
[  160.282833][ T3900]  ? PageHeadHuge+0x8a/0x1d0
[  160.287417][ T3900]  ? hfs_free_extents+0x420/0x420
[  160.292423][ T3900]  block_write_begin+0x93/0x1e0
[  160.297267][ T3900]  ? cont_write_begin+0x5e5/0x860
[  160.302279][ T3900]  ? hfs_free_extents+0x420/0x420
[  160.307288][ T3900]  cont_write_begin+0x606/0x860
[  160.312132][ T3900]  ? fault_in_readable+0x1d5/0x310
[  160.317237][ T3900]  ? generic_cont_expand_simple+0x250/0x250
[  160.323119][ T3900]  ? fault_in_readable+0x219/0x310
[  160.328229][ T3900]  ? fault_in_safe_writeable+0x240/0x240
[  160.333853][ T3900]  hfs_write_begin+0x86/0xd0
[  160.338427][ T3900]  ? hfs_free_extents+0x420/0x420
[  160.343441][ T3900]  generic_perform_write+0x2e4/0x5e0
[  160.348719][ T3900]  ? __block_commit_write+0x420/0x420
[  160.354099][ T3900]  ? generic_file_direct_write+0x610/0x610
[  160.359913][ T3900]  ? __file_remove_privs+0x6c0/0x6c0
[  160.365191][ T3900]  ? generic_write_checks+0x15c/0x1c0
[  160.370557][ T3900]  __generic_file_write_iter+0x176/0x400
[  160.376200][ T3900]  generic_file_write_iter+0xab/0x310
[  160.381595][ T3900]  vfs_write+0x7dc/0xc50
[  160.385842][ T3900]  ? file_end_write+0x230/0x230
[  160.390680][ T3900]  ? ptrace_stop+0x74d/0x970
[  160.395275][ T3900]  ? _raw_spin_unlock_irq+0x2a/0x40
[  160.400552][ T3900]  ? __fdget_pos+0x252/0x2e0
[  160.405133][ T3900]  ksys_write+0x177/0x2a0
[  160.409474][ T3900]  ? __ia32_sys_read+0x80/0x80
[  160.414226][ T3900]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  160.420195][ T3900]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  160.426169][ T3900]  do_syscall_64+0x3d/0xb0
[  160.430574][ T3900]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  160.436554][ T3900] RIP: 0033:0x7f0fa5191c89
[  160.440954][ T3900] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  160.460573][ T3900] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  160.469015][ T3900] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  160.476987][ T3900] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  160.484951][ T3900] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  160.492911][ T3900] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  3900] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3900] exit_group(0)               = ?
[pid  3900] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3900, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./253", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./253", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./253/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./253/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./253/binderfs")                = 0
umount2("./253/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./253/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./253/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./253/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./253/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./253/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./253")                          = 0
mkdir("./254", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3901 attached
, child_tidptr=0x555555b7f5d0) = 3901
[pid  3901] chdir("./254")              = 0
[pid  3901] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3901] setpgid(0, 0)               = 0
[pid  3901] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3901] write(3, "1000", 4)         = 4
[pid  3901] close(3)                    = 0
[pid  3901] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3901] memfd_create("syzkaller", 0) = 3
[pid  3901] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3901] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3901] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3901] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[  160.501011][ T3900] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000fd
[  160.509005][ T3900]  </TASK>
[pid  3901] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3901] close(3)                    = 0
[pid  3901] mkdir("./file0", 0777)      = 0
[pid  3901] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3901] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3901] chdir("./file0")            = 0
[pid  3901] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3901] close(4)                    = 0
[pid  3901] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3901] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3901] write(5, "13", 2)           = 2
[  160.558729][ T3901] loop0: detected capacity change from 0 to 64
[  160.592052][ T3901] FAULT_INJECTION: forcing a failure.
[  160.592052][ T3901] name failslab, interval 1, probability 0, space 0, times 0
[  160.604918][ T3901] CPU: 0 PID: 3901 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  160.615344][ T3901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  160.625393][ T3901] Call Trace:
[  160.628678][ T3901]  <TASK>
[  160.632140][ T3901]  dump_stack_lvl+0x1b1/0x28e
[  160.636821][ T3901]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  160.642301][ T3901]  ? panic+0x710/0x710
[  160.646394][ T3901]  ? __might_sleep+0xc0/0xc0
[  160.651000][ T3901]  ? __mutex_lock_common+0x45f/0x26e0
[  160.656391][ T3901]  should_fail_ex+0x395/0x4c0
[  160.661088][ T3901]  ? hfs_find_init+0x8b/0x1e0
[  160.665776][ T3901]  should_failslab+0x5/0x20
[  160.670292][ T3901]  __kmem_cache_alloc_node+0x69/0x310
[  160.675694][ T3901]  ? hfs_find_init+0x8b/0x1e0
[  160.680387][ T3901]  __kmalloc+0x9e/0x1a0
[  160.684582][ T3901]  hfs_find_init+0x8b/0x1e0
[  160.689116][ T3901]  hfs_extend_file+0x2f8/0x1420
[  160.693986][ T3901]  ? hfs_get_block+0xbb0/0xbb0
[  160.698749][ T3901]  ? lru_cache_disable+0x30/0x30
[  160.703681][ T3901]  ? __might_sleep+0xc0/0xc0
[  160.708307][ T3901]  hfs_get_block+0x3fc/0xbb0
[  160.712919][ T3901]  ? hfs_free_extents+0x420/0x420
[  160.718040][ T3901]  ? do_raw_spin_unlock+0x134/0x8a0
[  160.723268][ T3901]  ? create_page_buffers+0x244/0x4b0
[  160.728568][ T3901]  __block_write_begin_int+0x54c/0x1a80
[  160.734131][ T3901]  ? hfs_free_extents+0x420/0x420
[  160.739160][ T3901]  ? page_zero_new_buffers+0x940/0x940
[  160.744647][ T3901]  ? PageHeadHuge+0x8a/0x1d0
[  160.749253][ T3901]  ? hfs_free_extents+0x420/0x420
[  160.754284][ T3901]  block_write_begin+0x93/0x1e0
[  160.759148][ T3901]  ? cont_write_begin+0x5e5/0x860
[  160.764176][ T3901]  ? hfs_free_extents+0x420/0x420
[  160.769199][ T3901]  cont_write_begin+0x606/0x860
[  160.774055][ T3901]  ? fault_in_readable+0x1d5/0x310
[  160.779175][ T3901]  ? generic_cont_expand_simple+0x250/0x250
[  160.785172][ T3901]  ? fault_in_readable+0x219/0x310
[  160.790289][ T3901]  ? fault_in_safe_writeable+0x240/0x240
[  160.795938][ T3901]  hfs_write_begin+0x86/0xd0
[  160.800518][ T3901]  ? hfs_free_extents+0x420/0x420
[  160.805533][ T3901]  generic_perform_write+0x2e4/0x5e0
[  160.810826][ T3901]  ? __block_commit_write+0x420/0x420
[  160.816285][ T3901]  ? generic_file_direct_write+0x610/0x610
[  160.822121][ T3901]  ? __file_remove_privs+0x6c0/0x6c0
[  160.827425][ T3901]  ? generic_write_checks+0x15c/0x1c0
[  160.832809][ T3901]  __generic_file_write_iter+0x176/0x400
[  160.838448][ T3901]  generic_file_write_iter+0xab/0x310
[  160.843846][ T3901]  vfs_write+0x7dc/0xc50
[  160.848110][ T3901]  ? file_end_write+0x230/0x230
[  160.852975][ T3901]  ? ptrace_stop+0x74d/0x970
[  160.857655][ T3901]  ? _raw_spin_unlock_irq+0x2a/0x40
[  160.862856][ T3901]  ? __fdget_pos+0x252/0x2e0
[  160.867445][ T3901]  ksys_write+0x177/0x2a0
[  160.871771][ T3901]  ? __ia32_sys_read+0x80/0x80
[  160.876531][ T3901]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  160.882506][ T3901]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  160.888490][ T3901]  do_syscall_64+0x3d/0xb0
[  160.892918][ T3901]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  160.898804][ T3901] RIP: 0033:0x7f0fa5191c89
[  160.903207][ T3901] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  160.923332][ T3901] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  160.931745][ T3901] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  160.939712][ T3901] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  160.947691][ T3901] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3901] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3901] exit_group(0)               = ?
[pid  3901] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3901, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./254", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./254", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./254/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./254/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./254/binderfs")                = 0
umount2("./254/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./254/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./254/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./254/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./254/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./254/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./254")                          = 0
mkdir("./255", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
[  160.955674][ T3901] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  160.963646][ T3901] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000fe
[  160.971623][ T3901]  </TASK>
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3902
./strace-static-x86_64: Process 3902 attached
[pid  3902] chdir("./255")              = 0
[pid  3902] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3902] setpgid(0, 0)               = 0
[pid  3902] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3902] write(3, "1000", 4)         = 4
[pid  3902] close(3)                    = 0
[pid  3902] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3902] memfd_create("syzkaller", 0) = 3
[pid  3902] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3902] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3902] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3902] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3902] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3902] close(3)                    = 0
[pid  3902] mkdir("./file0", 0777)      = 0
[pid  3902] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3902] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3902] chdir("./file0")            = 0
[pid  3902] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3902] close(4)                    = 0
[pid  3902] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3902] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3902] write(5, "13", 2)           = 2
[  161.032617][ T3902] loop0: detected capacity change from 0 to 64
[  161.052651][ T3902] FAULT_INJECTION: forcing a failure.
[  161.052651][ T3902] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  161.065861][ T3902] CPU: 0 PID: 3902 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  161.076292][ T3902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  161.086337][ T3902] Call Trace:
[  161.089604][ T3902]  <TASK>
[  161.092526][ T3902]  dump_stack_lvl+0x1b1/0x28e
[  161.097193][ T3902]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  161.102640][ T3902]  ? panic+0x710/0x710
[  161.106699][ T3902]  ? hfs_free_extents+0x420/0x420
[  161.111711][ T3902]  ? PageHeadHuge+0x8a/0x1d0
[  161.116293][ T3902]  should_fail_ex+0x395/0x4c0
[  161.120991][ T3902]  copy_page_from_iter_atomic+0x217/0x1140
[  161.126819][ T3902]  ? generic_cont_expand_simple+0x250/0x250
[  161.132719][ T3902]  ? pipe_zero+0x200/0x200
[  161.137142][ T3902]  ? hfs_write_begin+0x86/0xd0
[  161.141901][ T3902]  ? hfs_free_extents+0x420/0x420
[  161.146919][ T3902]  ? hfs_write_begin+0x9e/0xd0
[  161.151690][ T3902]  generic_perform_write+0x35a/0x5e0
[  161.156982][ T3902]  ? __block_commit_write+0x420/0x420
[  161.162356][ T3902]  ? generic_file_direct_write+0x610/0x610
[  161.168246][ T3902]  ? __file_remove_privs+0x6c0/0x6c0
[  161.173532][ T3902]  ? generic_write_checks+0x15c/0x1c0
[  161.178910][ T3902]  __generic_file_write_iter+0x176/0x400
[  161.184566][ T3902]  generic_file_write_iter+0xab/0x310
[  161.189948][ T3902]  vfs_write+0x7dc/0xc50
[  161.194208][ T3902]  ? file_end_write+0x230/0x230
[  161.199066][ T3902]  ? ptrace_stop+0x74d/0x970
[  161.203665][ T3902]  ? _raw_spin_unlock_irq+0x2a/0x40
[  161.208867][ T3902]  ? __fdget_pos+0x252/0x2e0
[  161.213463][ T3902]  ksys_write+0x177/0x2a0
[  161.217798][ T3902]  ? __ia32_sys_read+0x80/0x80
[  161.222561][ T3902]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  161.228546][ T3902]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  161.234527][ T3902]  do_syscall_64+0x3d/0xb0
[  161.238944][ T3902]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  161.244836][ T3902] RIP: 0033:0x7f0fa5191c89
[  161.249251][ T3902] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  161.268855][ T3902] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid  3902] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid  3902] exit_group(0)               = ?
[pid  3902] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3902, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./255", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./255", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./255/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./255/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./255/binderfs")                = 0
umount2("./255/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./255/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./255/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./255/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./255/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./255/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./255")                          = 0
mkdir("./256", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3903
./strace-static-x86_64: Process 3903 attached
[pid  3903] chdir("./256")              = 0
[pid  3903] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3903] setpgid(0, 0)               = 0
[pid  3903] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3903] write(3, "1000", 4)         = 4
[pid  3903] close(3)                    = 0
[pid  3903] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3903] memfd_create("syzkaller", 0) = 3
[pid  3903] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3903] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3903] munmap(0x7f0f9cc00000, 32768) = 0
[  161.277277][ T3902] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  161.285246][ T3902] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  161.293214][ T3902] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  161.301181][ T3902] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  161.309148][ T3902] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 00000000000000ff
[  161.317133][ T3902]  </TASK>
[pid  3903] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3903] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3903] close(3)                    = 0
[pid  3903] mkdir("./file0", 0777)      = 0
[pid  3903] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3903] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3903] chdir("./file0")            = 0
[pid  3903] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3903] close(4)                    = 0
[pid  3903] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3903] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3903] write(5, "13", 2)           = 2
[  161.365532][ T3903] loop0: detected capacity change from 0 to 64
[  161.395192][ T3903] FAULT_INJECTION: forcing a failure.
[  161.395192][ T3903] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  161.408345][ T3903] CPU: 0 PID: 3903 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  161.418774][ T3903] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  161.428851][ T3903] Call Trace:
[  161.432137][ T3903]  <TASK>
[  161.435064][ T3903]  dump_stack_lvl+0x1b1/0x28e
[  161.439749][ T3903]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  161.445213][ T3903]  ? panic+0x710/0x710
[  161.449336][ T3903]  ? hfs_free_extents+0x420/0x420
[  161.454369][ T3903]  ? PageHeadHuge+0x8a/0x1d0
[  161.458974][ T3903]  should_fail_ex+0x395/0x4c0
[  161.463653][ T3903]  copy_page_from_iter_atomic+0x217/0x1140
[  161.469461][ T3903]  ? generic_cont_expand_simple+0x250/0x250
[  161.475351][ T3903]  ? pipe_zero+0x200/0x200
[  161.479767][ T3903]  ? hfs_write_begin+0x86/0xd0
[  161.484533][ T3903]  ? hfs_free_extents+0x420/0x420
[  161.489544][ T3903]  ? hfs_write_begin+0x9e/0xd0
[  161.494300][ T3903]  generic_perform_write+0x35a/0x5e0
[  161.499594][ T3903]  ? __block_commit_write+0x420/0x420
[  161.504970][ T3903]  ? generic_file_direct_write+0x610/0x610
[  161.510796][ T3903]  ? __file_remove_privs+0x6c0/0x6c0
[  161.516098][ T3903]  ? generic_write_checks+0x15c/0x1c0
[  161.521485][ T3903]  __generic_file_write_iter+0x176/0x400
[  161.527134][ T3903]  generic_file_write_iter+0xab/0x310
[  161.532517][ T3903]  vfs_write+0x7dc/0xc50
[  161.536779][ T3903]  ? file_end_write+0x230/0x230
[  161.541619][ T3903]  ? ptrace_stop+0x74d/0x970
[  161.546224][ T3903]  ? _raw_spin_unlock_irq+0x2a/0x40
[  161.551435][ T3903]  ? __fdget_pos+0x252/0x2e0
[  161.556022][ T3903]  ksys_write+0x177/0x2a0
[  161.560344][ T3903]  ? __ia32_sys_read+0x80/0x80
[  161.565103][ T3903]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  161.571087][ T3903]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  161.577078][ T3903]  do_syscall_64+0x3d/0xb0
[  161.581488][ T3903]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  161.587378][ T3903] RIP: 0033:0x7f0fa5191c89
[  161.591800][ T3903] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid  3903] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid  3903] exit_group(0)               = ?
[pid  3903] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3903, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./256", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./256", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./256/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./256/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./256/binderfs")                = 0
umount2("./256/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./256/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./256/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./256/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./256/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./256/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./256")                          = 0
mkdir("./257", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3904
./strace-static-x86_64: Process 3904 attached
[  161.611486][ T3903] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  161.619890][ T3903] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  161.627852][ T3903] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  161.635826][ T3903] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  161.643812][ T3903] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  161.651793][ T3903] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000100
[  161.659772][ T3903]  </TASK>
[pid  3904] chdir("./257")              = 0
[pid  3904] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3904] setpgid(0, 0)               = 0
[pid  3904] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3904] write(3, "1000", 4)         = 4
[pid  3904] close(3)                    = 0
[pid  3904] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3904] memfd_create("syzkaller", 0) = 3
[pid  3904] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3904] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3904] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3904] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3904] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3904] close(3)                    = 0
[pid  3904] mkdir("./file0", 0777)      = 0
[pid  3904] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3904] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3904] chdir("./file0")            = 0
[pid  3904] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3904] close(4)                    = 0
[pid  3904] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3904] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3904] write(5, "13", 2)           = 2
[  161.711005][ T3904] loop0: detected capacity change from 0 to 64
[  161.735047][ T3904] FAULT_INJECTION: forcing a failure.
[  161.735047][ T3904] name failslab, interval 1, probability 0, space 0, times 0
[  161.748072][ T3904] CPU: 1 PID: 3904 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  161.758508][ T3904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  161.768561][ T3904] Call Trace:
[  161.771845][ T3904]  <TASK>
[  161.774782][ T3904]  dump_stack_lvl+0x1b1/0x28e
[  161.779453][ T3904]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  161.784902][ T3904]  ? panic+0x710/0x710
[  161.788964][ T3904]  ? __might_sleep+0xc0/0xc0
[  161.793546][ T3904]  ? __mutex_lock_common+0x45f/0x26e0
[  161.798934][ T3904]  should_fail_ex+0x395/0x4c0
[  161.803609][ T3904]  ? hfs_find_init+0x8b/0x1e0
[  161.808281][ T3904]  should_failslab+0x5/0x20
[  161.812780][ T3904]  __kmem_cache_alloc_node+0x69/0x310
[  161.818161][ T3904]  ? rcu_lock_release+0x5/0x20
[  161.822929][ T3904]  ? hfs_find_init+0x8b/0x1e0
[  161.827599][ T3904]  __kmalloc+0x9e/0x1a0
[  161.831785][ T3904]  hfs_find_init+0x8b/0x1e0
[  161.836297][ T3904]  hfs_extend_file+0x2f8/0x1420
[  161.841155][ T3904]  ? xas_find+0x937/0xa60
[  161.845482][ T3904]  ? hfs_get_block+0xbb0/0xbb0
[  161.850249][ T3904]  ? filemap_get_folios+0x557/0x830
[  161.855459][ T3904]  ? find_lock_entries+0xf60/0xf60
[  161.860579][ T3904]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  161.866485][ T3904]  hfs_get_block+0x3fc/0xbb0
[  161.871272][ T3904]  ? hfs_free_extents+0x420/0x420
[  161.876295][ T3904]  ? do_raw_spin_unlock+0x134/0x8a0
[  161.881514][ T3904]  ? create_page_buffers+0x244/0x4b0
[  161.886799][ T3904]  __block_write_begin_int+0x54c/0x1a80
[  161.892354][ T3904]  ? hfs_free_extents+0x420/0x420
[  161.897372][ T3904]  ? page_zero_new_buffers+0x940/0x940
[  161.902828][ T3904]  ? PageHeadHuge+0x8a/0x1d0
[  161.907412][ T3904]  ? hfs_free_extents+0x420/0x420
[  161.912429][ T3904]  block_write_begin+0x93/0x1e0
[  161.917275][ T3904]  ? cont_write_begin+0x5e5/0x860
[  161.922293][ T3904]  ? hfs_free_extents+0x420/0x420
[  161.927321][ T3904]  cont_write_begin+0x606/0x860
[  161.932202][ T3904]  ? fault_in_readable+0x1d5/0x310
[  161.937352][ T3904]  ? generic_cont_expand_simple+0x250/0x250
[  161.943244][ T3904]  ? fault_in_readable+0x219/0x310
[  161.948348][ T3904]  ? fault_in_safe_writeable+0x240/0x240
[  161.953980][ T3904]  hfs_write_begin+0x86/0xd0
[  161.958560][ T3904]  ? hfs_free_extents+0x420/0x420
[  161.963582][ T3904]  generic_perform_write+0x2e4/0x5e0
[  161.968872][ T3904]  ? __block_commit_write+0x420/0x420
[  161.974259][ T3904]  ? generic_file_direct_write+0x610/0x610
[  161.980066][ T3904]  ? __file_remove_privs+0x6c0/0x6c0
[  161.985348][ T3904]  ? generic_write_checks+0x15c/0x1c0
[  161.990732][ T3904]  __generic_file_write_iter+0x176/0x400
[  161.996392][ T3904]  generic_file_write_iter+0xab/0x310
[  162.001784][ T3904]  vfs_write+0x7dc/0xc50
[  162.006055][ T3904]  ? file_end_write+0x230/0x230
[  162.010895][ T3904]  ? ptrace_stop+0x74d/0x970
[  162.015500][ T3904]  ? _raw_spin_unlock_irq+0x2a/0x40
[  162.020712][ T3904]  ? __fdget_pos+0x252/0x2e0
[  162.025307][ T3904]  ksys_write+0x177/0x2a0
[  162.029646][ T3904]  ? __ia32_sys_read+0x80/0x80
[  162.034405][ T3904]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  162.040399][ T3904]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  162.046393][ T3904]  do_syscall_64+0x3d/0xb0
[  162.050829][ T3904]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  162.056740][ T3904] RIP: 0033:0x7f0fa5191c89
[  162.061151][ T3904] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  162.080753][ T3904] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  162.089186][ T3904] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  162.097168][ T3904] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid  3904] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3904] exit_group(0)               = ?
[pid  3904] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3904, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./257", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./257", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./257/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./257/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./257/binderfs")                = 0
umount2("./257/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./257/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./257/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./257/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./257/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./257/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./257")                          = 0
mkdir("./258", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
[  162.105133][ T3904] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  162.113100][ T3904] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  162.121162][ T3904] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000101
[  162.129172][ T3904]  </TASK>
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3905
./strace-static-x86_64: Process 3905 attached
[pid  3905] chdir("./258")              = 0
[pid  3905] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3905] setpgid(0, 0)               = 0
[pid  3905] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3905] write(3, "1000", 4)         = 4
[pid  3905] close(3)                    = 0
[pid  3905] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3905] memfd_create("syzkaller", 0) = 3
[pid  3905] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3905] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3905] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3905] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3905] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3905] close(3)                    = 0
[pid  3905] mkdir("./file0", 0777)      = 0
[pid  3905] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3905] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3905] chdir("./file0")            = 0
[pid  3905] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3905] close(4)                    = 0
[pid  3905] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3905] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3905] write(5, "13", 2)           = 2
[  162.196534][ T3905] loop0: detected capacity change from 0 to 64
[  162.224445][ T3905] FAULT_INJECTION: forcing a failure.
[  162.224445][ T3905] name failslab, interval 1, probability 0, space 0, times 0
[  162.237298][ T3905] CPU: 0 PID: 3905 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  162.247707][ T3905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  162.257767][ T3905] Call Trace:
[  162.261056][ T3905]  <TASK>
[  162.263981][ T3905]  dump_stack_lvl+0x1b1/0x28e
[  162.268667][ T3905]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  162.274145][ T3905]  ? panic+0x710/0x710
[  162.278233][ T3905]  ? __might_sleep+0xc0/0xc0
[  162.282834][ T3905]  ? __mutex_lock_common+0x45f/0x26e0
[  162.288201][ T3905]  should_fail_ex+0x395/0x4c0
[  162.292875][ T3905]  ? hfs_find_init+0x8b/0x1e0
[  162.297557][ T3905]  should_failslab+0x5/0x20
[  162.302073][ T3905]  __kmem_cache_alloc_node+0x69/0x310
[  162.307466][ T3905]  ? hfs_find_init+0x8b/0x1e0
[  162.312139][ T3905]  __kmalloc+0x9e/0x1a0
[  162.316292][ T3905]  hfs_find_init+0x8b/0x1e0
[  162.320801][ T3905]  hfs_extend_file+0x2f8/0x1420
[  162.325668][ T3905]  ? hfs_get_block+0xbb0/0xbb0
[  162.330435][ T3905]  ? lru_cache_disable+0x30/0x30
[  162.335380][ T3905]  ? __might_sleep+0xc0/0xc0
[  162.339992][ T3905]  hfs_get_block+0x3fc/0xbb0
[  162.344619][ T3905]  ? hfs_free_extents+0x420/0x420
[  162.349658][ T3905]  ? do_raw_spin_unlock+0x134/0x8a0
[  162.355037][ T3905]  ? create_page_buffers+0x244/0x4b0
[  162.360320][ T3905]  __block_write_begin_int+0x54c/0x1a80
[  162.365876][ T3905]  ? hfs_free_extents+0x420/0x420
[  162.370916][ T3905]  ? page_zero_new_buffers+0x940/0x940
[  162.376373][ T3905]  ? PageHeadHuge+0x8a/0x1d0
[  162.380957][ T3905]  ? hfs_free_extents+0x420/0x420
[  162.385969][ T3905]  block_write_begin+0x93/0x1e0
[  162.390822][ T3905]  ? cont_write_begin+0x5e5/0x860
[  162.395857][ T3905]  ? hfs_free_extents+0x420/0x420
[  162.400885][ T3905]  cont_write_begin+0x606/0x860
[  162.405753][ T3905]  ? fault_in_readable+0x1d5/0x310
[  162.410861][ T3905]  ? generic_cont_expand_simple+0x250/0x250
[  162.416767][ T3905]  ? fault_in_readable+0x219/0x310
[  162.421870][ T3905]  ? fault_in_safe_writeable+0x240/0x240
[  162.427498][ T3905]  hfs_write_begin+0x86/0xd0
[  162.432079][ T3905]  ? hfs_free_extents+0x420/0x420
[  162.437094][ T3905]  generic_perform_write+0x2e4/0x5e0
[  162.442383][ T3905]  ? __block_commit_write+0x420/0x420
[  162.447758][ T3905]  ? generic_file_direct_write+0x610/0x610
[  162.453574][ T3905]  ? __file_remove_privs+0x6c0/0x6c0
[  162.458859][ T3905]  ? generic_write_checks+0x15c/0x1c0
[  162.464240][ T3905]  __generic_file_write_iter+0x176/0x400
[  162.469890][ T3905]  generic_file_write_iter+0xab/0x310
[  162.475266][ T3905]  vfs_write+0x7dc/0xc50
[  162.479507][ T3905]  ? file_end_write+0x230/0x230
[  162.484346][ T3905]  ? ptrace_stop+0x74d/0x970
[  162.488955][ T3905]  ? _raw_spin_unlock_irq+0x2a/0x40
[  162.494174][ T3905]  ? __fdget_pos+0x252/0x2e0
[  162.498781][ T3905]  ksys_write+0x177/0x2a0
[  162.503107][ T3905]  ? __ia32_sys_read+0x80/0x80
[  162.507875][ T3905]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  162.513870][ T3905]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  162.519842][ T3905]  do_syscall_64+0x3d/0xb0
[  162.524249][ T3905]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  162.530148][ T3905] RIP: 0033:0x7f0fa5191c89
[  162.534581][ T3905] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  162.554180][ T3905] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  162.562589][ T3905] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  162.570552][ T3905] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  162.578517][ T3905] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  162.586491][ T3905] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  3905] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3905] exit_group(0)               = ?
[pid  3905] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3905, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./258", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./258", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./258/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./258/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./258/binderfs")                = 0
umount2("./258/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./258/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./258/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./258/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./258/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./258/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./258")                          = 0
mkdir("./259", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3906 attached
 <unfinished ...>
[pid  3906] chdir("./259")              = 0
[pid  3906] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3906] setpgid(0, 0 <unfinished ...>
[pid  3638] <... clone resumed>, child_tidptr=0x555555b7f5d0) = 3906
[pid  3906] <... setpgid resumed>)      = 0
[pid  3906] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3906] write(3, "1000", 4)         = 4
[  162.594471][ T3905] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000102
[  162.602451][ T3905]  </TASK>
[pid  3906] close(3)                    = 0
[pid  3906] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3906] memfd_create("syzkaller", 0) = 3
[pid  3906] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3906] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3906] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3906] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3906] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3906] close(3)                    = 0
[pid  3906] mkdir("./file0", 0777)      = 0
[pid  3906] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3906] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3906] chdir("./file0")            = 0
[pid  3906] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3906] close(4)                    = 0
[pid  3906] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3906] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3906] write(5, "13", 2)           = 2
[  162.664706][ T3906] loop0: detected capacity change from 0 to 64
[  162.684303][ T3906] FAULT_INJECTION: forcing a failure.
[  162.684303][ T3906] name failslab, interval 1, probability 0, space 0, times 0
[  162.697423][ T3906] CPU: 1 PID: 3906 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  162.707878][ T3906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  162.717955][ T3906] Call Trace:
[  162.721239][ T3906]  <TASK>
[  162.724170][ T3906]  dump_stack_lvl+0x1b1/0x28e
[  162.728852][ T3906]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  162.734307][ T3906]  ? panic+0x710/0x710
[  162.738378][ T3906]  ? __might_sleep+0xc0/0xc0
[  162.742966][ T3906]  ? __mutex_lock_common+0x45f/0x26e0
[  162.748348][ T3906]  should_fail_ex+0x395/0x4c0
[  162.753027][ T3906]  ? hfs_find_init+0x8b/0x1e0
[  162.757715][ T3906]  should_failslab+0x5/0x20
[  162.762220][ T3906]  __kmem_cache_alloc_node+0x69/0x310
[  162.767593][ T3906]  ? rcu_lock_release+0x5/0x20
[  162.772359][ T3906]  ? hfs_find_init+0x8b/0x1e0
[  162.777044][ T3906]  __kmalloc+0x9e/0x1a0
[  162.781204][ T3906]  hfs_find_init+0x8b/0x1e0
[  162.785712][ T3906]  hfs_extend_file+0x2f8/0x1420
[  162.790563][ T3906]  ? xas_find+0x937/0xa60
[  162.794904][ T3906]  ? hfs_get_block+0xbb0/0xbb0
[  162.799662][ T3906]  ? filemap_get_folios+0x557/0x830
[  162.804865][ T3906]  ? find_lock_entries+0xf60/0xf60
[  162.809978][ T3906]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  162.815884][ T3906]  hfs_get_block+0x3fc/0xbb0
[  162.820486][ T3906]  ? hfs_free_extents+0x420/0x420
[  162.825510][ T3906]  ? do_raw_spin_unlock+0x134/0x8a0
[  162.830721][ T3906]  ? create_page_buffers+0x244/0x4b0
[  162.836013][ T3906]  __block_write_begin_int+0x54c/0x1a80
[  162.841586][ T3906]  ? hfs_free_extents+0x420/0x420
[  162.846607][ T3906]  ? page_zero_new_buffers+0x940/0x940
[  162.852073][ T3906]  ? PageHeadHuge+0x8a/0x1d0
[  162.856672][ T3906]  ? hfs_free_extents+0x420/0x420
[  162.861697][ T3906]  block_write_begin+0x93/0x1e0
[  162.866547][ T3906]  ? cont_write_begin+0x5e5/0x860
[  162.871575][ T3906]  ? hfs_free_extents+0x420/0x420
[  162.876600][ T3906]  cont_write_begin+0x606/0x860
[  162.881461][ T3906]  ? fault_in_readable+0x1d5/0x310
[  162.886580][ T3906]  ? generic_cont_expand_simple+0x250/0x250
[  162.892475][ T3906]  ? fault_in_readable+0x219/0x310
[  162.897591][ T3906]  ? fault_in_safe_writeable+0x240/0x240
[  162.903235][ T3906]  hfs_write_begin+0x86/0xd0
[  162.907823][ T3906]  ? hfs_free_extents+0x420/0x420
[  162.912849][ T3906]  generic_perform_write+0x2e4/0x5e0
[  162.918148][ T3906]  ? __block_commit_write+0x420/0x420
[  162.923532][ T3906]  ? generic_file_direct_write+0x610/0x610
[  162.929339][ T3906]  ? __file_remove_privs+0x6c0/0x6c0
[  162.934626][ T3906]  ? generic_write_checks+0x15c/0x1c0
[  162.940013][ T3906]  __generic_file_write_iter+0x176/0x400
[  162.945650][ T3906]  generic_file_write_iter+0xab/0x310
[  162.951114][ T3906]  vfs_write+0x7dc/0xc50
[  162.955366][ T3906]  ? file_end_write+0x230/0x230
[  162.960213][ T3906]  ? ptrace_stop+0x74d/0x970
[  162.964814][ T3906]  ? _raw_spin_unlock_irq+0x2a/0x40
[  162.970021][ T3906]  ? __fdget_pos+0x252/0x2e0
[  162.974615][ T3906]  ksys_write+0x177/0x2a0
[  162.978951][ T3906]  ? __ia32_sys_read+0x80/0x80
[  162.983722][ T3906]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  162.989705][ T3906]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  162.995684][ T3906]  do_syscall_64+0x3d/0xb0
[  163.000098][ T3906]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  163.005995][ T3906] RIP: 0033:0x7f0fa5191c89
[  163.010410][ T3906] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  163.030022][ T3906] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  163.038867][ T3906] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  163.046836][ T3906] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  163.054804][ T3906] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3906] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3906] exit_group(0)               = ?
[pid  3906] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3906, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./259", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./259", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./259/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./259/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./259/binderfs")                = 0
umount2("./259/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./259/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./259/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./259/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./259/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./259/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./259")                          = 0
mkdir("./260", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3907
./strace-static-x86_64: Process 3907 attached
[pid  3907] chdir("./260")              = 0
[  163.062774][ T3906] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  163.070741][ T3906] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000103
[  163.078731][ T3906]  </TASK>
[pid  3907] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3907] setpgid(0, 0)               = 0
[pid  3907] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3907] write(3, "1000", 4)         = 4
[pid  3907] close(3)                    = 0
[pid  3907] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3907] memfd_create("syzkaller", 0) = 3
[pid  3907] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3907] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3907] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3907] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3907] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3907] close(3)                    = 0
[pid  3907] mkdir("./file0", 0777)      = 0
[pid  3907] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3907] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3907] chdir("./file0")            = 0
[pid  3907] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3907] close(4)                    = 0
[pid  3907] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3907] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3907] write(5, "13", 2)           = 2
[  163.119826][ T3907] loop0: detected capacity change from 0 to 64
[  163.148908][ T3907] FAULT_INJECTION: forcing a failure.
[  163.148908][ T3907] name failslab, interval 1, probability 0, space 0, times 0
[  163.161811][ T3907] CPU: 0 PID: 3907 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  163.172234][ T3907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  163.182279][ T3907] Call Trace:
[  163.185549][ T3907]  <TASK>
[  163.188467][ T3907]  dump_stack_lvl+0x1b1/0x28e
[  163.193139][ T3907]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  163.198583][ T3907]  ? panic+0x710/0x710
[  163.202641][ T3907]  ? __might_sleep+0xc0/0xc0
[  163.207250][ T3907]  ? __mutex_lock_common+0x45f/0x26e0
[  163.212616][ T3907]  should_fail_ex+0x395/0x4c0
[  163.217283][ T3907]  ? hfs_find_init+0x8b/0x1e0
[  163.221948][ T3907]  should_failslab+0x5/0x20
[  163.226438][ T3907]  __kmem_cache_alloc_node+0x69/0x310
[  163.231882][ T3907]  ? hfs_find_init+0x8b/0x1e0
[  163.236550][ T3907]  __kmalloc+0x9e/0x1a0
[  163.240697][ T3907]  hfs_find_init+0x8b/0x1e0
[  163.245193][ T3907]  hfs_extend_file+0x2f8/0x1420
[  163.250037][ T3907]  ? hfs_get_block+0xbb0/0xbb0
[  163.254797][ T3907]  ? lru_cache_disable+0x30/0x30
[  163.259733][ T3907]  ? __might_sleep+0xc0/0xc0
[  163.264328][ T3907]  hfs_get_block+0x3fc/0xbb0
[  163.268920][ T3907]  ? hfs_free_extents+0x420/0x420
[  163.273929][ T3907]  ? do_raw_spin_unlock+0x134/0x8a0
[  163.279123][ T3907]  ? create_page_buffers+0x244/0x4b0
[  163.284399][ T3907]  __block_write_begin_int+0x54c/0x1a80
[  163.289950][ T3907]  ? hfs_free_extents+0x420/0x420
[  163.294961][ T3907]  ? page_zero_new_buffers+0x940/0x940
[  163.300409][ T3907]  ? PageHeadHuge+0x8a/0x1d0
[  163.304992][ T3907]  ? hfs_free_extents+0x420/0x420
[  163.310027][ T3907]  block_write_begin+0x93/0x1e0
[  163.314896][ T3907]  ? cont_write_begin+0x5e5/0x860
[  163.319930][ T3907]  ? hfs_free_extents+0x420/0x420
[  163.324958][ T3907]  cont_write_begin+0x606/0x860
[  163.329807][ T3907]  ? fault_in_readable+0x1d5/0x310
[  163.334910][ T3907]  ? generic_cont_expand_simple+0x250/0x250
[  163.340802][ T3907]  ? fault_in_readable+0x219/0x310
[  163.345913][ T3907]  ? fault_in_safe_writeable+0x240/0x240
[  163.351539][ T3907]  hfs_write_begin+0x86/0xd0
[  163.356122][ T3907]  ? hfs_free_extents+0x420/0x420
[  163.361310][ T3907]  generic_perform_write+0x2e4/0x5e0
[  163.366593][ T3907]  ? __block_commit_write+0x420/0x420
[  163.371974][ T3907]  ? generic_file_direct_write+0x610/0x610
[  163.377803][ T3907]  ? __file_remove_privs+0x6c0/0x6c0
[  163.383115][ T3907]  ? generic_write_checks+0x15c/0x1c0
[  163.388490][ T3907]  __generic_file_write_iter+0x176/0x400
[  163.394124][ T3907]  generic_file_write_iter+0xab/0x310
[  163.399484][ T3907]  vfs_write+0x7dc/0xc50
[  163.403719][ T3907]  ? file_end_write+0x230/0x230
[  163.408555][ T3907]  ? ptrace_stop+0x74d/0x970
[  163.413142][ T3907]  ? _raw_spin_unlock_irq+0x2a/0x40
[  163.418336][ T3907]  ? __fdget_pos+0x252/0x2e0
[  163.422917][ T3907]  ksys_write+0x177/0x2a0
[  163.427241][ T3907]  ? __ia32_sys_read+0x80/0x80
[  163.432008][ T3907]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  163.438014][ T3907]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  163.443995][ T3907]  do_syscall_64+0x3d/0xb0
[  163.448400][ T3907]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  163.454277][ T3907] RIP: 0033:0x7f0fa5191c89
[  163.458682][ T3907] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  163.478279][ T3907] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  163.486678][ T3907] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  163.494634][ T3907] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  163.502589][ T3907] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  163.510545][ T3907] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  3907] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3907] exit_group(0)               = ?
[pid  3907] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3907, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./260", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./260", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./260/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./260/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./260/binderfs")                = 0
umount2("./260/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./260/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./260/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./260/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./260/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./260/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./260")                          = 0
mkdir("./261", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3908
./strace-static-x86_64: Process 3908 attached
[pid  3908] chdir("./261")              = 0
[pid  3908] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3908] setpgid(0, 0)               = 0
[pid  3908] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3908] write(3, "1000", 4)         = 4
[pid  3908] close(3)                    = 0
[pid  3908] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3908] memfd_create("syzkaller", 0) = 3
[pid  3908] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3908] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3908] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3908] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[  163.518509][ T3907] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000104
[  163.526481][ T3907]  </TASK>
[pid  3908] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3908] close(3)                    = 0
[pid  3908] mkdir("./file0", 0777)      = 0
[pid  3908] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3908] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3908] chdir("./file0")            = 0
[pid  3908] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3908] close(4)                    = 0
[pid  3908] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3908] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3908] write(5, "13", 2)           = 2
[  163.577368][ T3908] loop0: detected capacity change from 0 to 64
[  163.599053][ T3908] FAULT_INJECTION: forcing a failure.
[  163.599053][ T3908] name failslab, interval 1, probability 0, space 0, times 0
[  163.611889][ T3908] CPU: 1 PID: 3908 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  163.622413][ T3908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  163.632476][ T3908] Call Trace:
[  163.635763][ T3908]  <TASK>
[  163.638694][ T3908]  dump_stack_lvl+0x1b1/0x28e
[  163.643375][ T3908]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  163.648832][ T3908]  ? panic+0x710/0x710
[  163.652899][ T3908]  ? __might_sleep+0xc0/0xc0
[  163.657490][ T3908]  ? __mutex_lock_common+0x45f/0x26e0
[  163.662867][ T3908]  should_fail_ex+0x395/0x4c0
[  163.667547][ T3908]  ? hfs_find_init+0x8b/0x1e0
[  163.672228][ T3908]  should_failslab+0x5/0x20
[  163.676733][ T3908]  __kmem_cache_alloc_node+0x69/0x310
[  163.682107][ T3908]  ? rcu_lock_release+0x5/0x20
[  163.686877][ T3908]  ? hfs_find_init+0x8b/0x1e0
[  163.691564][ T3908]  __kmalloc+0x9e/0x1a0
[  163.695727][ T3908]  hfs_find_init+0x8b/0x1e0
[  163.700237][ T3908]  hfs_extend_file+0x2f8/0x1420
[  163.705089][ T3908]  ? xas_find+0x937/0xa60
[  163.709428][ T3908]  ? hfs_get_block+0xbb0/0xbb0
[  163.714186][ T3908]  ? filemap_get_folios+0x557/0x830
[  163.719387][ T3908]  ? find_lock_entries+0xf60/0xf60
[  163.724503][ T3908]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  163.730415][ T3908]  hfs_get_block+0x3fc/0xbb0
[  163.735019][ T3908]  ? hfs_free_extents+0x420/0x420
[  163.740048][ T3908]  ? do_raw_spin_unlock+0x134/0x8a0
[  163.745254][ T3908]  ? create_page_buffers+0x244/0x4b0
[  163.750547][ T3908]  __block_write_begin_int+0x54c/0x1a80
[  163.756119][ T3908]  ? hfs_free_extents+0x420/0x420
[  163.761144][ T3908]  ? page_zero_new_buffers+0x940/0x940
[  163.766607][ T3908]  ? PageHeadHuge+0x8a/0x1d0
[  163.771202][ T3908]  ? hfs_free_extents+0x420/0x420
[  163.776221][ T3908]  block_write_begin+0x93/0x1e0
[  163.781071][ T3908]  ? cont_write_begin+0x5e5/0x860
[  163.786099][ T3908]  ? hfs_free_extents+0x420/0x420
[  163.791122][ T3908]  cont_write_begin+0x606/0x860
[  163.795980][ T3908]  ? fault_in_readable+0x1d5/0x310
[  163.801100][ T3908]  ? generic_cont_expand_simple+0x250/0x250
[  163.806995][ T3908]  ? fault_in_readable+0x219/0x310
[  163.812115][ T3908]  ? fault_in_safe_writeable+0x240/0x240
[  163.817757][ T3908]  hfs_write_begin+0x86/0xd0
[  163.822349][ T3908]  ? hfs_free_extents+0x420/0x420
[  163.827392][ T3908]  generic_perform_write+0x2e4/0x5e0
[  163.832707][ T3908]  ? __block_commit_write+0x420/0x420
[  163.838091][ T3908]  ? generic_file_direct_write+0x610/0x610
[  163.843901][ T3908]  ? __file_remove_privs+0x6c0/0x6c0
[  163.849200][ T3908]  ? generic_write_checks+0x15c/0x1c0
[  163.854588][ T3908]  __generic_file_write_iter+0x176/0x400
[  163.860286][ T3908]  generic_file_write_iter+0xab/0x310
[  163.865663][ T3908]  vfs_write+0x7dc/0xc50
[  163.869918][ T3908]  ? file_end_write+0x230/0x230
[  163.874772][ T3908]  ? ptrace_stop+0x74d/0x970
[  163.879375][ T3908]  ? _raw_spin_unlock_irq+0x2a/0x40
[  163.884582][ T3908]  ? __fdget_pos+0x252/0x2e0
[  163.889202][ T3908]  ksys_write+0x177/0x2a0
[  163.893540][ T3908]  ? __ia32_sys_read+0x80/0x80
[  163.898307][ T3908]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  163.904291][ T3908]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  163.910275][ T3908]  do_syscall_64+0x3d/0xb0
[  163.914698][ T3908]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  163.920593][ T3908] RIP: 0033:0x7f0fa5191c89
[  163.925006][ T3908] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  163.945134][ T3908] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  163.953634][ T3908] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  163.961605][ T3908] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  163.969573][ T3908] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3908] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3908] exit_group(0)               = ?
[pid  3908] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3908, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./261", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./261", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./261/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./261/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./261/binderfs")                = 0
umount2("./261/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./261/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./261/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./261/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./261/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./261/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./261")                          = 0
mkdir("./262", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3909
./strace-static-x86_64: Process 3909 attached
[pid  3909] chdir("./262")              = 0
[pid  3909] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3909] setpgid(0, 0)               = 0
[pid  3909] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3909] write(3, "1000", 4)         = 4
[pid  3909] close(3)                    = 0
[pid  3909] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3909] memfd_create("syzkaller", 0) = 3
[pid  3909] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3909] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3909] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3909] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[  163.977542][ T3908] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  163.985514][ T3908] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000105
[  163.993499][ T3908]  </TASK>
[pid  3909] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3909] close(3)                    = 0
[pid  3909] mkdir("./file0", 0777)      = 0
[pid  3909] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3909] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3909] chdir("./file0")            = 0
[pid  3909] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3909] close(4)                    = 0
[pid  3909] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3909] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3909] write(5, "13", 2)           = 2
[  164.035111][ T3909] loop0: detected capacity change from 0 to 64
[  164.061209][ T3909] FAULT_INJECTION: forcing a failure.
[  164.061209][ T3909] name failslab, interval 1, probability 0, space 0, times 0
[  164.074677][ T3909] CPU: 0 PID: 3909 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  164.085126][ T3909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  164.095189][ T3909] Call Trace:
[  164.098473][ T3909]  <TASK>
[  164.101401][ T3909]  dump_stack_lvl+0x1b1/0x28e
[  164.106075][ T3909]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  164.111529][ T3909]  ? panic+0x710/0x710
[  164.115595][ T3909]  ? __might_sleep+0xc0/0xc0
[  164.120179][ T3909]  ? __mutex_lock_common+0x45f/0x26e0
[  164.125552][ T3909]  should_fail_ex+0x395/0x4c0
[  164.130227][ T3909]  ? hfs_find_init+0x8b/0x1e0
[  164.134907][ T3909]  should_failslab+0x5/0x20
[  164.139418][ T3909]  __kmem_cache_alloc_node+0x69/0x310
[  164.144794][ T3909]  ? rcu_lock_release+0x5/0x20
[  164.149560][ T3909]  ? hfs_find_init+0x8b/0x1e0
[  164.154240][ T3909]  __kmalloc+0x9e/0x1a0
[  164.158401][ T3909]  hfs_find_init+0x8b/0x1e0
[  164.162911][ T3909]  hfs_extend_file+0x2f8/0x1420
[  164.167759][ T3909]  ? xas_find+0x937/0xa60
[  164.172096][ T3909]  ? hfs_get_block+0xbb0/0xbb0
[  164.176854][ T3909]  ? filemap_get_folios+0x557/0x830
[  164.182057][ T3909]  ? find_lock_entries+0xf60/0xf60
[  164.187172][ T3909]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  164.193076][ T3909]  hfs_get_block+0x3fc/0xbb0
[  164.197679][ T3909]  ? hfs_free_extents+0x420/0x420
[  164.202703][ T3909]  ? do_raw_spin_unlock+0x134/0x8a0
[  164.207909][ T3909]  ? create_page_buffers+0x244/0x4b0
[  164.213202][ T3909]  __block_write_begin_int+0x54c/0x1a80
[  164.218771][ T3909]  ? hfs_free_extents+0x420/0x420
[  164.223794][ T3909]  ? page_zero_new_buffers+0x940/0x940
[  164.229256][ T3909]  ? PageHeadHuge+0x8a/0x1d0
[  164.233859][ T3909]  ? hfs_free_extents+0x420/0x420
[  164.238883][ T3909]  block_write_begin+0x93/0x1e0
[  164.243736][ T3909]  ? cont_write_begin+0x5e5/0x860
[  164.248763][ T3909]  ? hfs_free_extents+0x420/0x420
[  164.253790][ T3909]  cont_write_begin+0x606/0x860
[  164.258648][ T3909]  ? fault_in_readable+0x1d5/0x310
[  164.263861][ T3909]  ? generic_cont_expand_simple+0x250/0x250
[  164.269761][ T3909]  ? fault_in_readable+0x219/0x310
[  164.274879][ T3909]  ? fault_in_safe_writeable+0x240/0x240
[  164.280523][ T3909]  hfs_write_begin+0x86/0xd0
[  164.285111][ T3909]  ? hfs_free_extents+0x420/0x420
[  164.290135][ T3909]  generic_perform_write+0x2e4/0x5e0
[  164.295429][ T3909]  ? __block_commit_write+0x420/0x420
[  164.300807][ T3909]  ? generic_file_direct_write+0x610/0x610
[  164.306617][ T3909]  ? __file_remove_privs+0x6c0/0x6c0
[  164.311904][ T3909]  ? generic_write_checks+0x15c/0x1c0
[  164.317282][ T3909]  __generic_file_write_iter+0x176/0x400
[  164.322919][ T3909]  generic_file_write_iter+0xab/0x310
[  164.328317][ T3909]  vfs_write+0x7dc/0xc50
[  164.332593][ T3909]  ? file_end_write+0x230/0x230
[  164.337460][ T3909]  ? ptrace_stop+0x74d/0x970
[  164.342065][ T3909]  ? _raw_spin_unlock_irq+0x2a/0x40
[  164.347273][ T3909]  ? __fdget_pos+0x252/0x2e0
[  164.351868][ T3909]  ksys_write+0x177/0x2a0
[  164.356201][ T3909]  ? __ia32_sys_read+0x80/0x80
[  164.360968][ T3909]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  164.366968][ T3909]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  164.372976][ T3909]  do_syscall_64+0x3d/0xb0
[  164.377434][ T3909]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  164.383334][ T3909] RIP: 0033:0x7f0fa5191c89
[  164.387754][ T3909] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  164.407443][ T3909] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  164.415855][ T3909] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  164.423823][ T3909] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid  3909] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3909] exit_group(0)               = ?
[pid  3909] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3909, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./262", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./262", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./262/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./262/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./262/binderfs")                = 0
umount2("./262/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./262/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./262/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./262/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./262/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./262/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./262")                          = 0
mkdir("./263", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
[  164.431797][ T3909] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  164.439769][ T3909] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  164.447737][ T3909] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000106
[  164.455719][ T3909]  </TASK>
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3910
./strace-static-x86_64: Process 3910 attached
[pid  3910] chdir("./263")              = 0
[pid  3910] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3910] setpgid(0, 0)               = 0
[pid  3910] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3910] write(3, "1000", 4)         = 4
[pid  3910] close(3)                    = 0
[pid  3910] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3910] memfd_create("syzkaller", 0) = 3
[pid  3910] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3910] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3910] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3910] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3910] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3910] close(3)                    = 0
[pid  3910] mkdir("./file0", 0777)      = 0
[pid  3910] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3910] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3910] chdir("./file0")            = 0
[pid  3910] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3910] close(4)                    = 0
[pid  3910] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3910] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3910] write(5, "13", 2)           = 2
[  164.515173][ T3910] loop0: detected capacity change from 0 to 64
[  164.546804][ T3910] FAULT_INJECTION: forcing a failure.
[  164.546804][ T3910] name failslab, interval 1, probability 0, space 0, times 0
[  164.559803][ T3910] CPU: 0 PID: 3910 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  164.570227][ T3910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  164.580287][ T3910] Call Trace:
[  164.583558][ T3910]  <TASK>
[  164.586485][ T3910]  dump_stack_lvl+0x1b1/0x28e
[  164.591161][ T3910]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  164.596612][ T3910]  ? panic+0x710/0x710
[  164.600674][ T3910]  ? __might_sleep+0xc0/0xc0
[  164.606129][ T3910]  ? __mutex_lock_common+0x45f/0x26e0
[  164.611514][ T3910]  should_fail_ex+0x395/0x4c0
[  164.616198][ T3910]  ? hfs_find_init+0x8b/0x1e0
[  164.620878][ T3910]  should_failslab+0x5/0x20
[  164.625382][ T3910]  __kmem_cache_alloc_node+0x69/0x310
[  164.630758][ T3910]  ? hfs_find_init+0x8b/0x1e0
[  164.635439][ T3910]  __kmalloc+0x9e/0x1a0
[  164.639601][ T3910]  hfs_find_init+0x8b/0x1e0
[  164.644109][ T3910]  hfs_extend_file+0x2f8/0x1420
[  164.648967][ T3910]  ? hfs_get_block+0xbb0/0xbb0
[  164.653745][ T3910]  ? lru_cache_disable+0x30/0x30
[  164.658687][ T3910]  ? __might_sleep+0xc0/0xc0
[  164.663292][ T3910]  hfs_get_block+0x3fc/0xbb0
[  164.667894][ T3910]  ? hfs_free_extents+0x420/0x420
[  164.672913][ T3910]  ? do_raw_spin_unlock+0x134/0x8a0
[  164.678122][ T3910]  ? create_page_buffers+0x244/0x4b0
[  164.683412][ T3910]  __block_write_begin_int+0x54c/0x1a80
[  164.688985][ T3910]  ? hfs_free_extents+0x420/0x420
[  164.694006][ T3910]  ? page_zero_new_buffers+0x940/0x940
[  164.699477][ T3910]  ? PageHeadHuge+0x8a/0x1d0
[  164.704071][ T3910]  ? hfs_free_extents+0x420/0x420
[  164.709094][ T3910]  block_write_begin+0x93/0x1e0
[  164.713945][ T3910]  ? cont_write_begin+0x5e5/0x860
[  164.718980][ T3910]  ? hfs_free_extents+0x420/0x420
[  164.724003][ T3910]  cont_write_begin+0x606/0x860
[  164.728861][ T3910]  ? fault_in_readable+0x1d5/0x310
[  164.733978][ T3910]  ? generic_cont_expand_simple+0x250/0x250
[  164.739956][ T3910]  ? fault_in_readable+0x219/0x310
[  164.745073][ T3910]  ? fault_in_safe_writeable+0x240/0x240
[  164.750719][ T3910]  hfs_write_begin+0x86/0xd0
[  164.755308][ T3910]  ? hfs_free_extents+0x420/0x420
[  164.760332][ T3910]  generic_perform_write+0x2e4/0x5e0
[  164.765629][ T3910]  ? __block_commit_write+0x420/0x420
[  164.771002][ T3910]  ? generic_file_direct_write+0x610/0x610
[  164.776807][ T3910]  ? __file_remove_privs+0x6c0/0x6c0
[  164.782090][ T3910]  ? generic_write_checks+0x15c/0x1c0
[  164.787470][ T3910]  __generic_file_write_iter+0x176/0x400
[  164.793110][ T3910]  generic_file_write_iter+0xab/0x310
[  164.798485][ T3910]  vfs_write+0x7dc/0xc50
[  164.802737][ T3910]  ? file_end_write+0x230/0x230
[  164.807588][ T3910]  ? ptrace_stop+0x74d/0x970
[  164.812188][ T3910]  ? _raw_spin_unlock_irq+0x2a/0x40
[  164.817399][ T3910]  ? __fdget_pos+0x252/0x2e0
[  164.821991][ T3910]  ksys_write+0x177/0x2a0
[  164.826324][ T3910]  ? __ia32_sys_read+0x80/0x80
[  164.831521][ T3910]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  164.837503][ T3910]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  164.843485][ T3910]  do_syscall_64+0x3d/0xb0
[  164.847900][ T3910]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  164.853795][ T3910] RIP: 0033:0x7f0fa5191c89
[  164.858211][ T3910] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  164.877812][ T3910] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  164.886222][ T3910] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  164.894190][ T3910] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  164.902159][ T3910] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3910] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3910] exit_group(0)               = ?
[pid  3910] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3910, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./263", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./263", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./263/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./263/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./263/binderfs")                = 0
umount2("./263/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./263/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./263/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./263/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./263/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./263/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./263")                          = 0
mkdir("./264", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3911
./strace-static-x86_64: Process 3911 attached
[pid  3911] chdir("./264")              = 0
[pid  3911] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3911] setpgid(0, 0)               = 0
[pid  3911] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3911] write(3, "1000", 4)         = 4
[pid  3911] close(3)                    = 0
[pid  3911] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3911] memfd_create("syzkaller", 0) = 3
[  164.910130][ T3910] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  164.918098][ T3910] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000107
[  164.926084][ T3910]  </TASK>
[pid  3911] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3911] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3911] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3911] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3911] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3911] close(3)                    = 0
[pid  3911] mkdir("./file0", 0777)      = 0
[pid  3911] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3911] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3911] chdir("./file0")            = 0
[pid  3911] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3911] close(4)                    = 0
[pid  3911] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3911] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3911] write(5, "13", 2)           = 2
[  164.982392][ T3911] loop0: detected capacity change from 0 to 64
[  165.005166][ T3911] FAULT_INJECTION: forcing a failure.
[  165.005166][ T3911] name failslab, interval 1, probability 0, space 0, times 0
[  165.017918][ T3911] CPU: 1 PID: 3911 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  165.028349][ T3911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  165.038415][ T3911] Call Trace:
[  165.041701][ T3911]  <TASK>
[  165.044629][ T3911]  dump_stack_lvl+0x1b1/0x28e
[  165.049302][ T3911]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  165.054750][ T3911]  ? panic+0x710/0x710
[  165.058811][ T3911]  ? __might_sleep+0xc0/0xc0
[  165.063403][ T3911]  ? __mutex_lock_common+0x45f/0x26e0
[  165.068869][ T3911]  should_fail_ex+0x395/0x4c0
[  165.073541][ T3911]  ? hfs_find_init+0x8b/0x1e0
[  165.078224][ T3911]  should_failslab+0x5/0x20
[  165.082732][ T3911]  __kmem_cache_alloc_node+0x69/0x310
[  165.088101][ T3911]  ? rcu_lock_release+0x5/0x20
[  165.092879][ T3911]  ? hfs_find_init+0x8b/0x1e0
[  165.097549][ T3911]  __kmalloc+0x9e/0x1a0
[  165.101700][ T3911]  hfs_find_init+0x8b/0x1e0
[  165.106208][ T3911]  hfs_extend_file+0x2f8/0x1420
[  165.111067][ T3911]  ? xas_find+0x937/0xa60
[  165.115480][ T3911]  ? hfs_get_block+0xbb0/0xbb0
[  165.120245][ T3911]  ? filemap_get_folios+0x557/0x830
[  165.125457][ T3911]  ? find_lock_entries+0xf60/0xf60
[  165.130577][ T3911]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  165.136485][ T3911]  hfs_get_block+0x3fc/0xbb0
[  165.141091][ T3911]  ? hfs_free_extents+0x420/0x420
[  165.146106][ T3911]  ? do_raw_spin_unlock+0x134/0x8a0
[  165.151404][ T3911]  ? create_page_buffers+0x244/0x4b0
[  165.156690][ T3911]  __block_write_begin_int+0x54c/0x1a80
[  165.162254][ T3911]  ? hfs_free_extents+0x420/0x420
[  165.167288][ T3911]  ? page_zero_new_buffers+0x940/0x940
[  165.172758][ T3911]  ? PageHeadHuge+0x8a/0x1d0
[  165.177360][ T3911]  ? hfs_free_extents+0x420/0x420
[  165.182385][ T3911]  block_write_begin+0x93/0x1e0
[  165.187254][ T3911]  ? cont_write_begin+0x5e5/0x860
[  165.192277][ T3911]  ? hfs_free_extents+0x420/0x420
[  165.197293][ T3911]  cont_write_begin+0x606/0x860
[  165.202150][ T3911]  ? fault_in_readable+0x1d5/0x310
[  165.207266][ T3911]  ? generic_cont_expand_simple+0x250/0x250
[  165.213167][ T3911]  ? fault_in_readable+0x219/0x310
[  165.218287][ T3911]  ? fault_in_safe_writeable+0x240/0x240
[  165.223946][ T3911]  hfs_write_begin+0x86/0xd0
[  165.228529][ T3911]  ? hfs_free_extents+0x420/0x420
[  165.233558][ T3911]  generic_perform_write+0x2e4/0x5e0
[  165.238878][ T3911]  ? __block_commit_write+0x420/0x420
[  165.244275][ T3911]  ? generic_file_direct_write+0x610/0x610
[  165.250109][ T3911]  ? __file_remove_privs+0x6c0/0x6c0
[  165.255414][ T3911]  ? generic_write_checks+0x15c/0x1c0
[  165.260821][ T3911]  __generic_file_write_iter+0x176/0x400
[  165.266485][ T3911]  generic_file_write_iter+0xab/0x310
[  165.271876][ T3911]  vfs_write+0x7dc/0xc50
[  165.276138][ T3911]  ? file_end_write+0x230/0x230
[  165.281000][ T3911]  ? ptrace_stop+0x74d/0x970
[  165.285593][ T3911]  ? _raw_spin_unlock_irq+0x2a/0x40
[  165.290800][ T3911]  ? __fdget_pos+0x252/0x2e0
[  165.295416][ T3911]  ksys_write+0x177/0x2a0
[  165.299762][ T3911]  ? __ia32_sys_read+0x80/0x80
[  165.304547][ T3911]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  165.310525][ T3911]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  165.316512][ T3911]  do_syscall_64+0x3d/0xb0
[  165.320943][ T3911]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  165.326827][ T3911] RIP: 0033:0x7f0fa5191c89
[  165.331234][ T3911] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  165.350848][ T3911] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  165.359293][ T3911] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  165.367452][ T3911] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  165.375432][ T3911] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3911] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3911] exit_group(0)               = ?
[pid  3911] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3911, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./264", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./264", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./264/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./264/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./264/binderfs")                = 0
umount2("./264/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./264/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./264/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./264/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./264/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./264/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./264")                          = 0
mkdir("./265", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
[  165.383409][ T3911] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  165.391371][ T3911] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000108
[  165.399344][ T3911]  </TASK>
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3912
./strace-static-x86_64: Process 3912 attached
[pid  3912] chdir("./265")              = 0
[pid  3912] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3912] setpgid(0, 0)               = 0
[pid  3912] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3912] write(3, "1000", 4)         = 4
[pid  3912] close(3)                    = 0
[pid  3912] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3912] memfd_create("syzkaller", 0) = 3
[pid  3912] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3912] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3912] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3912] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3912] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3912] close(3)                    = 0
[pid  3912] mkdir("./file0", 0777)      = 0
[pid  3912] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3912] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3912] chdir("./file0")            = 0
[pid  3912] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3912] close(4)                    = 0
[pid  3912] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3912] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3912] write(5, "13", 2)           = 2
[  165.454938][ T3912] loop0: detected capacity change from 0 to 64
[  165.481444][ T3912] FAULT_INJECTION: forcing a failure.
[  165.481444][ T3912] name failslab, interval 1, probability 0, space 0, times 0
[  165.494225][ T3912] CPU: 1 PID: 3912 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  165.504672][ T3912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  165.514746][ T3912] Call Trace:
[  165.518035][ T3912]  <TASK>
[  165.520967][ T3912]  dump_stack_lvl+0x1b1/0x28e
[  165.525736][ T3912]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  165.531196][ T3912]  ? panic+0x710/0x710
[  165.535288][ T3912]  ? __might_sleep+0xc0/0xc0
[  165.539878][ T3912]  ? __mutex_lock_common+0x45f/0x26e0
[  165.545257][ T3912]  should_fail_ex+0x395/0x4c0
[  165.549935][ T3912]  ? hfs_find_init+0x8b/0x1e0
[  165.554615][ T3912]  should_failslab+0x5/0x20
[  165.559142][ T3912]  __kmem_cache_alloc_node+0x69/0x310
[  165.564512][ T3912]  ? rcu_lock_release+0x5/0x20
[  165.569279][ T3912]  ? hfs_find_init+0x8b/0x1e0
[  165.573962][ T3912]  __kmalloc+0x9e/0x1a0
[  165.578148][ T3912]  hfs_find_init+0x8b/0x1e0
[  165.582671][ T3912]  hfs_extend_file+0x2f8/0x1420
[  165.587524][ T3912]  ? xas_find+0x937/0xa60
[  165.591877][ T3912]  ? hfs_get_block+0xbb0/0xbb0
[  165.596643][ T3912]  ? filemap_get_folios+0x557/0x830
[  165.601848][ T3912]  ? find_lock_entries+0xf60/0xf60
[  165.606970][ T3912]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  165.612879][ T3912]  hfs_get_block+0x3fc/0xbb0
[  165.617480][ T3912]  ? hfs_free_extents+0x420/0x420
[  165.622499][ T3912]  ? do_raw_spin_unlock+0x134/0x8a0
[  165.627706][ T3912]  ? create_page_buffers+0x244/0x4b0
[  165.632998][ T3912]  __block_write_begin_int+0x54c/0x1a80
[  165.638566][ T3912]  ? hfs_free_extents+0x420/0x420
[  165.643591][ T3912]  ? page_zero_new_buffers+0x940/0x940
[  165.649052][ T3912]  ? PageHeadHuge+0x8a/0x1d0
[  165.653647][ T3912]  ? hfs_free_extents+0x420/0x420
[  165.658675][ T3912]  block_write_begin+0x93/0x1e0
[  165.663531][ T3912]  ? cont_write_begin+0x5e5/0x860
[  165.668556][ T3912]  ? hfs_free_extents+0x420/0x420
[  165.673581][ T3912]  cont_write_begin+0x606/0x860
[  165.678444][ T3912]  ? fault_in_readable+0x1d5/0x310
[  165.683558][ T3912]  ? generic_cont_expand_simple+0x250/0x250
[  165.689452][ T3912]  ? fault_in_readable+0x219/0x310
[  165.694577][ T3912]  ? fault_in_safe_writeable+0x240/0x240
[  165.700218][ T3912]  hfs_write_begin+0x86/0xd0
[  165.704805][ T3912]  ? hfs_free_extents+0x420/0x420
[  165.709832][ T3912]  generic_perform_write+0x2e4/0x5e0
[  165.715141][ T3912]  ? __block_commit_write+0x420/0x420
[  165.720518][ T3912]  ? generic_file_direct_write+0x610/0x610
[  165.726324][ T3912]  ? __file_remove_privs+0x6c0/0x6c0
[  165.731611][ T3912]  ? generic_write_checks+0x15c/0x1c0
[  165.736990][ T3912]  __generic_file_write_iter+0x176/0x400
[  165.742627][ T3912]  generic_file_write_iter+0xab/0x310
[  165.748001][ T3912]  vfs_write+0x7dc/0xc50
[  165.752251][ T3912]  ? file_end_write+0x230/0x230
[  165.757101][ T3912]  ? ptrace_stop+0x74d/0x970
[  165.761702][ T3912]  ? _raw_spin_unlock_irq+0x2a/0x40
[  165.766906][ T3912]  ? __fdget_pos+0x252/0x2e0
[  165.771499][ T3912]  ksys_write+0x177/0x2a0
[  165.775855][ T3912]  ? __ia32_sys_read+0x80/0x80
[  165.780624][ T3912]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  165.786610][ T3912]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  165.792591][ T3912]  do_syscall_64+0x3d/0xb0
[  165.797006][ T3912]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  165.802898][ T3912] RIP: 0033:0x7f0fa5191c89
[  165.807311][ T3912] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  165.826924][ T3912] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  165.835524][ T3912] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  165.843507][ T3912] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid  3912] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3912] exit_group(0)               = ?
[pid  3912] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3912, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./265", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./265", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./265/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./265/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./265/binderfs")                = 0
umount2("./265/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./265/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./265/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./265/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./265/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./265/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./265")                          = 0
mkdir("./266", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3913
./strace-static-x86_64: Process 3913 attached
[pid  3913] chdir("./266")              = 0
[pid  3913] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3913] setpgid(0, 0)               = 0
[  165.851475][ T3912] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  165.859443][ T3912] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  165.867422][ T3912] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000109
[  165.875410][ T3912]  </TASK>
[pid  3913] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3913] write(3, "1000", 4)         = 4
[pid  3913] close(3)                    = 0
[pid  3913] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3913] memfd_create("syzkaller", 0) = 3
[pid  3913] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3913] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3913] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3913] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3913] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3913] close(3)                    = 0
[pid  3913] mkdir("./file0", 0777)      = 0
[pid  3913] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3913] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3913] chdir("./file0")            = 0
[pid  3913] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3913] close(4)                    = 0
[pid  3913] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3913] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3913] write(5, "13", 2)           = 2
[  165.927382][ T3913] loop0: detected capacity change from 0 to 64
[  165.957453][ T3913] FAULT_INJECTION: forcing a failure.
[  165.957453][ T3913] name failslab, interval 1, probability 0, space 0, times 0
[  165.970650][ T3913] CPU: 1 PID: 3913 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  165.981075][ T3913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  165.991145][ T3913] Call Trace:
[  165.994416][ T3913]  <TASK>
[  165.997340][ T3913]  dump_stack_lvl+0x1b1/0x28e
[  166.002030][ T3913]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  166.007516][ T3913]  ? panic+0x710/0x710
[  166.011617][ T3913]  ? __might_sleep+0xc0/0xc0
[  166.016215][ T3913]  ? __mutex_lock_common+0x45f/0x26e0
[  166.021590][ T3913]  should_fail_ex+0x395/0x4c0
[  166.026271][ T3913]  ? hfs_find_init+0x8b/0x1e0
[  166.031042][ T3913]  should_failslab+0x5/0x20
[  166.035561][ T3913]  __kmem_cache_alloc_node+0x69/0x310
[  166.040929][ T3913]  ? rcu_lock_release+0x5/0x20
[  166.045706][ T3913]  ? hfs_find_init+0x8b/0x1e0
[  166.050405][ T3913]  __kmalloc+0x9e/0x1a0
[  166.054610][ T3913]  hfs_find_init+0x8b/0x1e0
[  166.059164][ T3913]  hfs_extend_file+0x2f8/0x1420
[  166.064022][ T3913]  ? xas_find+0x937/0xa60
[  166.068364][ T3913]  ? hfs_get_block+0xbb0/0xbb0
[  166.073125][ T3913]  ? filemap_get_folios+0x557/0x830
[  166.078360][ T3913]  ? find_lock_entries+0xf60/0xf60
[  166.083496][ T3913]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  166.089393][ T3913]  hfs_get_block+0x3fc/0xbb0
[  166.094006][ T3913]  ? hfs_free_extents+0x420/0x420
[  166.099019][ T3913]  ? do_raw_spin_unlock+0x134/0x8a0
[  166.104215][ T3913]  ? create_page_buffers+0x244/0x4b0
[  166.109496][ T3913]  __block_write_begin_int+0x54c/0x1a80
[  166.115054][ T3913]  ? hfs_free_extents+0x420/0x420
[  166.120083][ T3913]  ? page_zero_new_buffers+0x940/0x940
[  166.125568][ T3913]  ? PageHeadHuge+0x8a/0x1d0
[  166.130178][ T3913]  ? hfs_free_extents+0x420/0x420
[  166.135206][ T3913]  block_write_begin+0x93/0x1e0
[  166.140070][ T3913]  ? cont_write_begin+0x5e5/0x860
[  166.145089][ T3913]  ? hfs_free_extents+0x420/0x420
[  166.150104][ T3913]  cont_write_begin+0x606/0x860
[  166.154968][ T3913]  ? fault_in_readable+0x1d5/0x310
[  166.160089][ T3913]  ? generic_cont_expand_simple+0x250/0x250
[  166.165993][ T3913]  ? fault_in_readable+0x219/0x310
[  166.171274][ T3913]  ? fault_in_safe_writeable+0x240/0x240
[  166.176903][ T3913]  hfs_write_begin+0x86/0xd0
[  166.181484][ T3913]  ? hfs_free_extents+0x420/0x420
[  166.186589][ T3913]  generic_perform_write+0x2e4/0x5e0
[  166.191893][ T3913]  ? __block_commit_write+0x420/0x420
[  166.197287][ T3913]  ? generic_file_direct_write+0x610/0x610
[  166.203108][ T3913]  ? __file_remove_privs+0x6c0/0x6c0
[  166.208397][ T3913]  ? generic_write_checks+0x15c/0x1c0
[  166.213788][ T3913]  __generic_file_write_iter+0x176/0x400
[  166.219447][ T3913]  generic_file_write_iter+0xab/0x310
[  166.224828][ T3913]  vfs_write+0x7dc/0xc50
[  166.229101][ T3913]  ? file_end_write+0x230/0x230
[  166.233951][ T3913]  ? ptrace_stop+0x74d/0x970
[  166.238560][ T3913]  ? _raw_spin_unlock_irq+0x2a/0x40
[  166.243773][ T3913]  ? __fdget_pos+0x252/0x2e0
[  166.248371][ T3913]  ksys_write+0x177/0x2a0
[  166.252698][ T3913]  ? __ia32_sys_read+0x80/0x80
[  166.257459][ T3913]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  166.263446][ T3913]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  166.269440][ T3913]  do_syscall_64+0x3d/0xb0
[  166.273849][ T3913]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  166.279730][ T3913] RIP: 0033:0x7f0fa5191c89
[  166.284157][ T3913] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  166.303791][ T3913] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  166.312210][ T3913] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  166.320192][ T3913] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid  3913] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3913] exit_group(0)               = ?
[pid  3913] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3913, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./266", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./266", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./266/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./266/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./266/binderfs")                = 0
umount2("./266/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./266/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./266/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./266/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./266/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./266/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./266")                          = 0
mkdir("./267", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3914
./strace-static-x86_64: Process 3914 attached
[pid  3914] chdir("./267")              = 0
[pid  3914] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3914] setpgid(0, 0)               = 0
[pid  3914] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3914] write(3, "1000", 4)         = 4
[pid  3914] close(3)                    = 0
[pid  3914] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3914] memfd_create("syzkaller", 0) = 3
[pid  3914] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3914] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3914] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3914] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[  166.328271][ T3913] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  166.336244][ T3913] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  166.344232][ T3913] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000010a
[  166.352227][ T3913]  </TASK>
[pid  3914] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3914] close(3)                    = 0
[pid  3914] mkdir("./file0", 0777)      = 0
[pid  3914] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3914] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3914] chdir("./file0")            = 0
[pid  3914] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3914] close(4)                    = 0
[pid  3914] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3914] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3914] write(5, "13", 2)           = 2
[  166.404844][ T3914] loop0: detected capacity change from 0 to 64
[  166.424918][ T3914] FAULT_INJECTION: forcing a failure.
[  166.424918][ T3914] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  166.438546][ T3914] CPU: 0 PID: 3914 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  166.448952][ T3914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  166.458996][ T3914] Call Trace:
[  166.462263][ T3914]  <TASK>
[  166.465184][ T3914]  dump_stack_lvl+0x1b1/0x28e
[  166.469852][ T3914]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  166.475470][ T3914]  ? panic+0x710/0x710
[  166.479526][ T3914]  ? do_anonymous_page+0xd4a/0x1150
[  166.484715][ T3914]  ? mark_lock+0x9a/0x350
[  166.489031][ T3914]  should_fail_ex+0x395/0x4c0
[  166.493711][ T3914]  prepare_alloc_pages+0x1d7/0x5a0
[  166.498823][ T3914]  __alloc_pages+0x161/0x560
[  166.503404][ T3914]  ? zone_statistics+0x160/0x160
[  166.508332][ T3914]  ? rcu_lock_release+0x5/0x20
[  166.513082][ T3914]  ? alloc_pages+0x520/0x7b0
[  166.517658][ T3914]  ? xas_descend+0x1f3/0x400
[  166.522324][ T3914]  folio_alloc+0x1a/0x50
[  166.526552][ T3914]  filemap_alloc_folio+0x7e/0x1c0
[  166.531564][ T3914]  __filemap_get_folio+0x898/0x1260
[  166.536752][ T3914]  ? page_cache_prev_miss+0x4e0/0x4e0
[  166.542113][ T3914]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[  166.548083][ T3914]  ? print_irqtrace_events+0x220/0x220
[  166.553531][ T3914]  pagecache_get_page+0x28/0x260
[  166.558453][ T3914]  ? hfs_free_extents+0x420/0x420
[  166.563489][ T3914]  block_write_begin+0x2e/0x1e0
[  166.568327][ T3914]  ? cont_write_begin+0x5e5/0x860
[  166.573336][ T3914]  ? hfs_free_extents+0x420/0x420
[  166.578346][ T3914]  cont_write_begin+0x606/0x860
[  166.583188][ T3914]  ? fault_in_readable+0x1d5/0x310
[  166.588286][ T3914]  ? generic_cont_expand_simple+0x250/0x250
[  166.594170][ T3914]  ? fault_in_readable+0x219/0x310
[  166.599272][ T3914]  ? fault_in_safe_writeable+0x240/0x240
[  166.604897][ T3914]  hfs_write_begin+0x86/0xd0
[  166.609471][ T3914]  ? hfs_free_extents+0x420/0x420
[  166.614482][ T3914]  generic_perform_write+0x2e4/0x5e0
[  166.619760][ T3914]  ? __block_commit_write+0x420/0x420
[  166.625128][ T3914]  ? generic_file_direct_write+0x610/0x610
[  166.630920][ T3914]  ? __file_remove_privs+0x6c0/0x6c0
[  166.636194][ T3914]  ? generic_write_checks+0x15c/0x1c0
[  166.641561][ T3914]  __generic_file_write_iter+0x176/0x400
[  166.647185][ T3914]  generic_file_write_iter+0xab/0x310
[  166.652546][ T3914]  vfs_write+0x7dc/0xc50
[  166.656780][ T3914]  ? file_end_write+0x230/0x230
[  166.661614][ T3914]  ? ptrace_stop+0x74d/0x970
[  166.666199][ T3914]  ? _raw_spin_unlock_irq+0x2a/0x40
[  166.671392][ T3914]  ? __fdget_pos+0x252/0x2e0
[  166.675974][ T3914]  ksys_write+0x177/0x2a0
[  166.680292][ T3914]  ? __ia32_sys_read+0x80/0x80
[  166.685042][ T3914]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  166.691010][ T3914]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  166.696977][ T3914]  do_syscall_64+0x3d/0xb0
[  166.701380][ T3914]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  166.707257][ T3914] RIP: 0033:0x7f0fa5191c89
[  166.711659][ T3914] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  166.731251][ T3914] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  166.739651][ T3914] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  166.747617][ T3914] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid  3914] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3914] exit_group(0)               = ?
[pid  3914] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3914, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./267", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./267", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./267/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./267/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./267/binderfs")                = 0
umount2("./267/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./267/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./267/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./267/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./267/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./267/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./267")                          = 0
mkdir("./268", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3915
./strace-static-x86_64: Process 3915 attached
[pid  3915] chdir("./268")              = 0
[pid  3915] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3915] setpgid(0, 0)               = 0
[pid  3915] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3915] write(3, "1000", 4)         = 4
[pid  3915] close(3)                    = 0
[pid  3915] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3915] memfd_create("syzkaller", 0) = 3
[pid  3915] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3915] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3915] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3915] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[  166.755613][ T3914] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  166.763573][ T3914] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  166.771552][ T3914] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000010b
[  166.779537][ T3914]  </TASK>
[pid  3915] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3915] close(3)                    = 0
[pid  3915] mkdir("./file0", 0777)      = 0
[pid  3915] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3915] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3915] chdir("./file0")            = 0
[pid  3915] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3915] close(4)                    = 0
[pid  3915] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3915] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3915] write(5, "13", 2)           = 2
[  166.813010][ T3915] loop0: detected capacity change from 0 to 64
[  166.828034][ T3915] FAULT_INJECTION: forcing a failure.
[  166.828034][ T3915] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  166.842122][ T3915] CPU: 0 PID: 3915 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  166.852561][ T3915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  166.862619][ T3915] Call Trace:
[  166.865909][ T3915]  <TASK>
[  166.868830][ T3915]  dump_stack_lvl+0x1b1/0x28e
[  166.873504][ T3915]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  166.878952][ T3915]  ? panic+0x710/0x710
[  166.883010][ T3915]  ? do_anonymous_page+0xd4a/0x1150
[  166.888215][ T3915]  ? mark_lock+0x9a/0x350
[  166.892565][ T3915]  should_fail_ex+0x395/0x4c0
[  166.897256][ T3915]  prepare_alloc_pages+0x1d7/0x5a0
[  166.902378][ T3915]  __alloc_pages+0x161/0x560
[  166.906977][ T3915]  ? zone_statistics+0x160/0x160
[  166.911921][ T3915]  ? rcu_lock_release+0x5/0x20
[  166.916683][ T3915]  ? alloc_pages+0x520/0x7b0
[  166.921269][ T3915]  ? xas_descend+0x1f3/0x400
[  166.925862][ T3915]  folio_alloc+0x1a/0x50
[  166.930101][ T3915]  filemap_alloc_folio+0x7e/0x1c0
[  166.935130][ T3915]  __filemap_get_folio+0x898/0x1260
[  166.940333][ T3915]  ? page_cache_prev_miss+0x4e0/0x4e0
[  166.945708][ T3915]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[  166.951688][ T3915]  ? print_irqtrace_events+0x220/0x220
[  166.957151][ T3915]  pagecache_get_page+0x28/0x260
[  166.962087][ T3915]  ? hfs_free_extents+0x420/0x420
[  166.967106][ T3915]  block_write_begin+0x2e/0x1e0
[  166.971960][ T3915]  ? cont_write_begin+0x5e5/0x860
[  166.976987][ T3915]  ? hfs_free_extents+0x420/0x420
[  166.982008][ T3915]  cont_write_begin+0x606/0x860
[  166.986865][ T3915]  ? fault_in_readable+0x1d5/0x310
[  166.991979][ T3915]  ? generic_cont_expand_simple+0x250/0x250
[  166.997876][ T3915]  ? fault_in_readable+0x219/0x310
[  167.002989][ T3915]  ? fault_in_safe_writeable+0x240/0x240
[  167.008629][ T3915]  hfs_write_begin+0x86/0xd0
[  167.013219][ T3915]  ? hfs_free_extents+0x420/0x420
[  167.018253][ T3915]  generic_perform_write+0x2e4/0x5e0
[  167.023547][ T3915]  ? __block_commit_write+0x420/0x420
[  167.028929][ T3915]  ? generic_file_direct_write+0x610/0x610
[  167.034737][ T3915]  ? __file_remove_privs+0x6c0/0x6c0
[  167.040022][ T3915]  ? generic_write_checks+0x15c/0x1c0
[  167.045400][ T3915]  __generic_file_write_iter+0x176/0x400
[  167.051039][ T3915]  generic_file_write_iter+0xab/0x310
[  167.056419][ T3915]  vfs_write+0x7dc/0xc50
[  167.060673][ T3915]  ? file_end_write+0x230/0x230
[  167.065524][ T3915]  ? ptrace_stop+0x74d/0x970
[  167.070120][ T3915]  ? _raw_spin_unlock_irq+0x2a/0x40
[  167.075334][ T3915]  ? __fdget_pos+0x252/0x2e0
[  167.079929][ T3915]  ksys_write+0x177/0x2a0
[  167.084265][ T3915]  ? __ia32_sys_read+0x80/0x80
[  167.089030][ T3915]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  167.095017][ T3915]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  167.101000][ T3915]  do_syscall_64+0x3d/0xb0
[  167.105416][ T3915]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  167.111308][ T3915] RIP: 0033:0x7f0fa5191c89
[  167.115724][ T3915] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  167.135329][ T3915] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  167.143758][ T3915] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  167.151752][ T3915] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid  3915] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3915] exit_group(0)               = ?
[pid  3915] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3915, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./268", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./268", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./268/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./268/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./268/binderfs")                = 0
umount2("./268/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./268/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./268/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./268/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./268/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./268/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./268")                          = 0
mkdir("./269", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3916
./strace-static-x86_64: Process 3916 attached
[pid  3916] chdir("./269")              = 0
[pid  3916] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3916] setpgid(0, 0)               = 0
[pid  3916] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3916] write(3, "1000", 4)         = 4
[pid  3916] close(3)                    = 0
[pid  3916] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3916] memfd_create("syzkaller", 0) = 3
[  167.159829][ T3915] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  167.167807][ T3915] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  167.175778][ T3915] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000010c
[  167.183762][ T3915]  </TASK>
[pid  3916] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3916] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3916] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3916] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3916] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3916] close(3)                    = 0
[pid  3916] mkdir("./file0", 0777)      = 0
[pid  3916] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3916] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3916] chdir("./file0")            = 0
[pid  3916] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3916] close(4)                    = 0
[pid  3916] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3916] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3916] write(5, "13", 2)           = 2
[  167.229652][ T3916] loop0: detected capacity change from 0 to 64
[  167.261481][ T3916] FAULT_INJECTION: forcing a failure.
[  167.261481][ T3916] name failslab, interval 1, probability 0, space 0, times 0
[  167.274308][ T3916] CPU: 0 PID: 3916 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  167.284742][ T3916] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  167.294821][ T3916] Call Trace:
[  167.298110][ T3916]  <TASK>
[  167.301040][ T3916]  dump_stack_lvl+0x1b1/0x28e
[  167.305726][ T3916]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  167.311191][ T3916]  ? panic+0x710/0x710
[  167.315266][ T3916]  ? __might_sleep+0xc0/0xc0
[  167.319851][ T3916]  ? __mutex_lock_common+0x45f/0x26e0
[  167.325242][ T3916]  should_fail_ex+0x395/0x4c0
[  167.329911][ T3916]  ? hfs_find_init+0x8b/0x1e0
[  167.334611][ T3916]  should_failslab+0x5/0x20
[  167.339133][ T3916]  __kmem_cache_alloc_node+0x69/0x310
[  167.344512][ T3916]  ? hfs_find_init+0x8b/0x1e0
[  167.349197][ T3916]  __kmalloc+0x9e/0x1a0
[  167.353381][ T3916]  hfs_find_init+0x8b/0x1e0
[  167.357914][ T3916]  hfs_extend_file+0x2f8/0x1420
[  167.362790][ T3916]  ? hfs_get_block+0xbb0/0xbb0
[  167.367565][ T3916]  ? lru_cache_disable+0x30/0x30
[  167.372518][ T3916]  ? __might_sleep+0xc0/0xc0
[  167.377137][ T3916]  hfs_get_block+0x3fc/0xbb0
[  167.381749][ T3916]  ? hfs_free_extents+0x420/0x420
[  167.386775][ T3916]  ? do_raw_spin_unlock+0x134/0x8a0
[  167.391989][ T3916]  ? create_page_buffers+0x244/0x4b0
[  167.397314][ T3916]  __block_write_begin_int+0x54c/0x1a80
[  167.402883][ T3916]  ? hfs_free_extents+0x420/0x420
[  167.407905][ T3916]  ? page_zero_new_buffers+0x940/0x940
[  167.413373][ T3916]  ? PageHeadHuge+0x8a/0x1d0
[  167.417959][ T3916]  ? hfs_free_extents+0x420/0x420
[  167.422981][ T3916]  block_write_begin+0x93/0x1e0
[  167.427833][ T3916]  ? cont_write_begin+0x5e5/0x860
[  167.432877][ T3916]  ? hfs_free_extents+0x420/0x420
[  167.437910][ T3916]  cont_write_begin+0x606/0x860
[  167.442784][ T3916]  ? fault_in_readable+0x1d5/0x310
[  167.447891][ T3916]  ? generic_cont_expand_simple+0x250/0x250
[  167.453782][ T3916]  ? fault_in_readable+0x219/0x310
[  167.458889][ T3916]  ? fault_in_safe_writeable+0x240/0x240
[  167.464521][ T3916]  hfs_write_begin+0x86/0xd0
[  167.469105][ T3916]  ? hfs_free_extents+0x420/0x420
[  167.474129][ T3916]  generic_perform_write+0x2e4/0x5e0
[  167.479520][ T3916]  ? __block_commit_write+0x420/0x420
[  167.484898][ T3916]  ? generic_file_direct_write+0x610/0x610
[  167.490704][ T3916]  ? __file_remove_privs+0x6c0/0x6c0
[  167.495985][ T3916]  ? generic_write_checks+0x15c/0x1c0
[  167.501372][ T3916]  __generic_file_write_iter+0x176/0x400
[  167.507015][ T3916]  generic_file_write_iter+0xab/0x310
[  167.512392][ T3916]  vfs_write+0x7dc/0xc50
[  167.516646][ T3916]  ? file_end_write+0x230/0x230
[  167.521489][ T3916]  ? ptrace_stop+0x74d/0x970
[  167.526100][ T3916]  ? _raw_spin_unlock_irq+0x2a/0x40
[  167.531323][ T3916]  ? __fdget_pos+0x252/0x2e0
[  167.535931][ T3916]  ksys_write+0x177/0x2a0
[  167.540261][ T3916]  ? __ia32_sys_read+0x80/0x80
[  167.545019][ T3916]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  167.551006][ T3916]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  167.556983][ T3916]  do_syscall_64+0x3d/0xb0
[  167.561393][ T3916]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  167.567284][ T3916] RIP: 0033:0x7f0fa5191c89
[  167.571704][ T3916] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  167.591302][ T3916] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  167.599706][ T3916] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  167.607671][ T3916] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  167.615637][ T3916] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  167.623614][ T3916] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  3916] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3916] exit_group(0)               = ?
[pid  3916] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3916, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./269", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./269", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./269/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./269/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./269/binderfs")                = 0
umount2("./269/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./269/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./269/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./269/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./269/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./269/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./269")                          = 0
mkdir("./270", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3917
./strace-static-x86_64: Process 3917 attached
[pid  3917] chdir("./270")              = 0
[pid  3917] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3917] setpgid(0, 0)               = 0
[pid  3917] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3917] write(3, "1000", 4)         = 4
[pid  3917] close(3)                    = 0
[pid  3917] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3917] memfd_create("syzkaller", 0) = 3
[pid  3917] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3917] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3917] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3917] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[  167.631595][ T3916] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000010d
[  167.639574][ T3916]  </TASK>
[pid  3917] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3917] close(3)                    = 0
[pid  3917] mkdir("./file0", 0777)      = 0
[pid  3917] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3917] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3917] chdir("./file0")            = 0
[pid  3917] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3917] close(4)                    = 0
[pid  3917] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3917] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3917] write(5, "13", 2)           = 2
[  167.684766][ T3917] loop0: detected capacity change from 0 to 64
[  167.721909][ T3917] FAULT_INJECTION: forcing a failure.
[  167.721909][ T3917] name failslab, interval 1, probability 0, space 0, times 0
[  167.734995][ T3917] CPU: 0 PID: 3917 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  167.745407][ T3917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  167.755454][ T3917] Call Trace:
[  167.758726][ T3917]  <TASK>
[  167.761649][ T3917]  dump_stack_lvl+0x1b1/0x28e
[  167.766325][ T3917]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  167.771776][ T3917]  ? panic+0x710/0x710
[  167.775836][ T3917]  ? __might_sleep+0xc0/0xc0
[  167.780428][ T3917]  ? __mutex_lock_common+0x45f/0x26e0
[  167.785918][ T3917]  should_fail_ex+0x395/0x4c0
[  167.790612][ T3917]  ? hfs_find_init+0x8b/0x1e0
[  167.795286][ T3917]  should_failslab+0x5/0x20
[  167.799793][ T3917]  __kmem_cache_alloc_node+0x69/0x310
[  167.805183][ T3917]  ? hfs_find_init+0x8b/0x1e0
[  167.809871][ T3917]  __kmalloc+0x9e/0x1a0
[  167.814022][ T3917]  hfs_find_init+0x8b/0x1e0
[  167.818548][ T3917]  hfs_extend_file+0x2f8/0x1420
[  167.823420][ T3917]  ? hfs_get_block+0xbb0/0xbb0
[  167.828193][ T3917]  ? lru_cache_disable+0x30/0x30
[  167.833129][ T3917]  ? __might_sleep+0xc0/0xc0
[  167.837721][ T3917]  hfs_get_block+0x3fc/0xbb0
[  167.842312][ T3917]  ? hfs_free_extents+0x420/0x420
[  167.847329][ T3917]  ? do_raw_spin_unlock+0x134/0x8a0
[  167.852525][ T3917]  ? create_page_buffers+0x244/0x4b0
[  167.857818][ T3917]  __block_write_begin_int+0x54c/0x1a80
[  167.863387][ T3917]  ? hfs_free_extents+0x420/0x420
[  167.868401][ T3917]  ? page_zero_new_buffers+0x940/0x940
[  167.873854][ T3917]  ? PageHeadHuge+0x8a/0x1d0
[  167.878453][ T3917]  ? hfs_free_extents+0x420/0x420
[  167.883478][ T3917]  block_write_begin+0x93/0x1e0
[  167.888341][ T3917]  ? cont_write_begin+0x5e5/0x860
[  167.893364][ T3917]  ? hfs_free_extents+0x420/0x420
[  167.898383][ T3917]  cont_write_begin+0x606/0x860
[  167.903250][ T3917]  ? fault_in_readable+0x1d5/0x310
[  167.908390][ T3917]  ? generic_cont_expand_simple+0x250/0x250
[  167.914296][ T3917]  ? fault_in_readable+0x219/0x310
[  167.919426][ T3917]  ? fault_in_safe_writeable+0x240/0x240
[  167.925069][ T3917]  hfs_write_begin+0x86/0xd0
[  167.929662][ T3917]  ? hfs_free_extents+0x420/0x420
[  167.934701][ T3917]  generic_perform_write+0x2e4/0x5e0
[  167.939987][ T3917]  ? __block_commit_write+0x420/0x420
[  167.945361][ T3917]  ? generic_file_direct_write+0x610/0x610
[  167.951167][ T3917]  ? __file_remove_privs+0x6c0/0x6c0
[  167.956450][ T3917]  ? generic_write_checks+0x15c/0x1c0
[  167.961823][ T3917]  __generic_file_write_iter+0x176/0x400
[  167.967459][ T3917]  generic_file_write_iter+0xab/0x310
[  167.972835][ T3917]  vfs_write+0x7dc/0xc50
[  167.977080][ T3917]  ? file_end_write+0x230/0x230
[  167.981933][ T3917]  ? ptrace_stop+0x74d/0x970
[  167.986539][ T3917]  ? _raw_spin_unlock_irq+0x2a/0x40
[  167.991737][ T3917]  ? __fdget_pos+0x252/0x2e0
[  167.996322][ T3917]  ksys_write+0x177/0x2a0
[  168.000650][ T3917]  ? __ia32_sys_read+0x80/0x80
[  168.005417][ T3917]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  168.011408][ T3917]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  168.017381][ T3917]  do_syscall_64+0x3d/0xb0
[  168.021799][ T3917]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  168.027701][ T3917] RIP: 0033:0x7f0fa5191c89
[  168.032113][ T3917] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  168.051713][ T3917] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  168.060122][ T3917] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  168.068094][ T3917] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  168.076062][ T3917] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3917] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3917] exit_group(0)               = ?
[pid  3917] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3917, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./270", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./270", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./270/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./270/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./270/binderfs")                = 0
umount2("./270/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./270/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./270/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./270/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./270/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./270/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./270")                          = 0
mkdir("./271", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3918
./strace-static-x86_64: Process 3918 attached
[pid  3918] chdir("./271")              = 0
[pid  3918] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3918] setpgid(0, 0)               = 0
[pid  3918] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3918] write(3, "1000", 4)         = 4
[pid  3918] close(3)                    = 0
[pid  3918] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3918] memfd_create("syzkaller", 0) = 3
[pid  3918] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3918] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3918] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3918] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[  168.084026][ T3917] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  168.092009][ T3917] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000010e
[  168.100007][ T3917]  </TASK>
[pid  3918] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3918] close(3)                    = 0
[pid  3918] mkdir("./file0", 0777)      = 0
[pid  3918] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3918] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3918] chdir("./file0")            = 0
[pid  3918] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3918] close(4)                    = 0
[pid  3918] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3918] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3918] write(5, "13", 2)           = 2
[  168.135516][ T3918] loop0: detected capacity change from 0 to 64
[  168.155158][ T3918] FAULT_INJECTION: forcing a failure.
[  168.155158][ T3918] name failslab, interval 1, probability 0, space 0, times 0
[  168.168502][ T3918] CPU: 1 PID: 3918 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  168.178951][ T3918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  168.189016][ T3918] Call Trace:
[  168.192288][ T3918]  <TASK>
[  168.195212][ T3918]  dump_stack_lvl+0x1b1/0x28e
[  168.199887][ T3918]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  168.205412][ T3918]  ? panic+0x710/0x710
[  168.209478][ T3918]  ? __might_sleep+0xc0/0xc0
[  168.214066][ T3918]  ? __mutex_lock_common+0x45f/0x26e0
[  168.219440][ T3918]  should_fail_ex+0x395/0x4c0
[  168.224117][ T3918]  ? hfs_find_init+0x8b/0x1e0
[  168.228812][ T3918]  should_failslab+0x5/0x20
[  168.233313][ T3918]  __kmem_cache_alloc_node+0x69/0x310
[  168.238686][ T3918]  ? rcu_lock_release+0x5/0x20
[  168.243463][ T3918]  ? hfs_find_init+0x8b/0x1e0
[  168.248135][ T3918]  __kmalloc+0x9e/0x1a0
[  168.252287][ T3918]  hfs_find_init+0x8b/0x1e0
[  168.256798][ T3918]  hfs_extend_file+0x2f8/0x1420
[  168.261660][ T3918]  ? xas_find+0x937/0xa60
[  168.265987][ T3918]  ? hfs_get_block+0xbb0/0xbb0
[  168.270750][ T3918]  ? filemap_get_folios+0x557/0x830
[  168.275993][ T3918]  ? find_lock_entries+0xf60/0xf60
[  168.281103][ T3918]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  168.287000][ T3918]  hfs_get_block+0x3fc/0xbb0
[  168.291600][ T3918]  ? hfs_free_extents+0x420/0x420
[  168.296617][ T3918]  ? do_raw_spin_unlock+0x134/0x8a0
[  168.301815][ T3918]  ? create_page_buffers+0x244/0x4b0
[  168.307097][ T3918]  __block_write_begin_int+0x54c/0x1a80
[  168.312651][ T3918]  ? hfs_free_extents+0x420/0x420
[  168.317678][ T3918]  ? page_zero_new_buffers+0x940/0x940
[  168.323174][ T3918]  ? PageHeadHuge+0x8a/0x1d0
[  168.327780][ T3918]  ? hfs_free_extents+0x420/0x420
[  168.332804][ T3918]  block_write_begin+0x93/0x1e0
[  168.337684][ T3918]  ? cont_write_begin+0x5e5/0x860
[  168.342703][ T3918]  ? hfs_free_extents+0x420/0x420
[  168.347727][ T3918]  cont_write_begin+0x606/0x860
[  168.352599][ T3918]  ? fault_in_readable+0x1d5/0x310
[  168.357728][ T3918]  ? generic_cont_expand_simple+0x250/0x250
[  168.363649][ T3918]  ? fault_in_readable+0x219/0x310
[  168.368772][ T3918]  ? fault_in_safe_writeable+0x240/0x240
[  168.374440][ T3918]  hfs_write_begin+0x86/0xd0
[  168.379044][ T3918]  ? hfs_free_extents+0x420/0x420
[  168.384076][ T3918]  generic_perform_write+0x2e4/0x5e0
[  168.389383][ T3918]  ? __block_commit_write+0x420/0x420
[  168.394760][ T3918]  ? generic_file_direct_write+0x610/0x610
[  168.400575][ T3918]  ? __file_remove_privs+0x6c0/0x6c0
[  168.405864][ T3918]  ? generic_write_checks+0x15c/0x1c0
[  168.411244][ T3918]  __generic_file_write_iter+0x176/0x400
[  168.416877][ T3918]  generic_file_write_iter+0xab/0x310
[  168.422247][ T3918]  vfs_write+0x7dc/0xc50
[  168.426488][ T3918]  ? file_end_write+0x230/0x230
[  168.431331][ T3918]  ? ptrace_stop+0x74d/0x970
[  168.435943][ T3918]  ? _raw_spin_unlock_irq+0x2a/0x40
[  168.441155][ T3918]  ? __fdget_pos+0x252/0x2e0
[  168.445763][ T3918]  ksys_write+0x177/0x2a0
[  168.450086][ T3918]  ? __ia32_sys_read+0x80/0x80
[  168.454843][ T3918]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  168.460827][ T3918]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  168.466816][ T3918]  do_syscall_64+0x3d/0xb0
[  168.471223][ T3918]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  168.477120][ T3918] RIP: 0033:0x7f0fa5191c89
[  168.481541][ T3918] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  168.501140][ T3918] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  168.509550][ T3918] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  168.517515][ T3918] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  168.525476][ T3918] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3918] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3918] exit_group(0)               = ?
[pid  3918] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3918, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./271", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./271", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./271/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./271/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./271/binderfs")                = 0
umount2("./271/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./271/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./271/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./271/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./271/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./271/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./271")                          = 0
mkdir("./272", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3919 attached
, child_tidptr=0x555555b7f5d0) = 3919
[pid  3919] chdir("./272")              = 0
[pid  3919] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3919] setpgid(0, 0)               = 0
[  168.533453][ T3918] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  168.541442][ T3918] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000010f
[  168.549418][ T3918]  </TASK>
[pid  3919] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3919] write(3, "1000", 4)         = 4
[pid  3919] close(3)                    = 0
[pid  3919] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3919] memfd_create("syzkaller", 0) = 3
[pid  3919] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3919] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3919] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3919] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3919] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3919] close(3)                    = 0
[pid  3919] mkdir("./file0", 0777)      = 0
[pid  3919] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3919] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3919] chdir("./file0")            = 0
[pid  3919] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3919] close(4)                    = 0
[pid  3919] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3919] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3919] write(5, "13", 2)           = 2
[pid  3919] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid  3919] exit_group(0)               = ?
[pid  3919] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3919, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./272", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./272", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./272/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./272/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./272/binderfs")                = 0
umount2("./272/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./272/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./272/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./272/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./272/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./272/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./272")                          = 0
mkdir("./273", 0777)                    = 0
[  168.606997][ T3919] loop0: detected capacity change from 0 to 64
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3920
./strace-static-x86_64: Process 3920 attached
[pid  3920] chdir("./273")              = 0
[pid  3920] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3920] setpgid(0, 0)               = 0
[pid  3920] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3920] write(3, "1000", 4)         = 4
[pid  3920] close(3)                    = 0
[pid  3920] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3920] memfd_create("syzkaller", 0) = 3
[pid  3920] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3920] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3920] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3920] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3920] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3920] close(3)                    = 0
[pid  3920] mkdir("./file0", 0777)      = 0
[pid  3920] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3920] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3920] chdir("./file0")            = 0
[pid  3920] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3920] close(4)                    = 0
[pid  3920] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3920] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3920] write(5, "13", 2)           = 2
[  168.693643][ T3920] loop0: detected capacity change from 0 to 64
[  168.721674][ T3920] FAULT_INJECTION: forcing a failure.
[  168.721674][ T3920] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  168.735081][ T3920] CPU: 0 PID: 3920 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  168.745491][ T3920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  168.755539][ T3920] Call Trace:
[  168.758806][ T3920]  <TASK>
[  168.761724][ T3920]  dump_stack_lvl+0x1b1/0x28e
[  168.766391][ T3920]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  168.771838][ T3920]  ? panic+0x710/0x710
[  168.775892][ T3920]  ? do_anonymous_page+0xd4a/0x1150
[  168.781088][ T3920]  ? mark_lock+0x9a/0x350
[  168.785423][ T3920]  should_fail_ex+0x395/0x4c0
[  168.790106][ T3920]  prepare_alloc_pages+0x1d7/0x5a0
[  168.795228][ T3920]  __alloc_pages+0x161/0x560
[  168.799824][ T3920]  ? zone_statistics+0x160/0x160
[  168.804767][ T3920]  ? rcu_lock_release+0x5/0x20
[  168.809530][ T3920]  ? alloc_pages+0x520/0x7b0
[  168.814115][ T3920]  ? xas_descend+0x1f3/0x400
[  168.818713][ T3920]  folio_alloc+0x1a/0x50
[  168.822951][ T3920]  filemap_alloc_folio+0x7e/0x1c0
[  168.827980][ T3920]  __filemap_get_folio+0x898/0x1260
[  168.833205][ T3920]  ? page_cache_prev_miss+0x4e0/0x4e0
[  168.838585][ T3920]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[  168.844564][ T3920]  ? print_irqtrace_events+0x220/0x220
[  168.850029][ T3920]  pagecache_get_page+0x28/0x260
[  168.854967][ T3920]  ? hfs_free_extents+0x420/0x420
[  168.859991][ T3920]  block_write_begin+0x2e/0x1e0
[  168.864842][ T3920]  ? cont_write_begin+0x5e5/0x860
[  168.869883][ T3920]  ? hfs_free_extents+0x420/0x420
[  168.874908][ T3920]  cont_write_begin+0x606/0x860
[  168.879766][ T3920]  ? fault_in_readable+0x1d5/0x310
[  168.884882][ T3920]  ? generic_cont_expand_simple+0x250/0x250
[  168.890777][ T3920]  ? fault_in_readable+0x219/0x310
[  168.895893][ T3920]  ? fault_in_safe_writeable+0x240/0x240
[  168.901534][ T3920]  hfs_write_begin+0x86/0xd0
[  168.906117][ T3920]  ? hfs_free_extents+0x420/0x420
[  168.911144][ T3920]  generic_perform_write+0x2e4/0x5e0
[  168.916439][ T3920]  ? __block_commit_write+0x420/0x420
[  168.921813][ T3920]  ? generic_file_direct_write+0x610/0x610
[  168.927621][ T3920]  ? __file_remove_privs+0x6c0/0x6c0
[  168.932908][ T3920]  ? generic_write_checks+0x15c/0x1c0
[  168.938291][ T3920]  __generic_file_write_iter+0x176/0x400
[  168.943932][ T3920]  generic_file_write_iter+0xab/0x310
[  168.949311][ T3920]  vfs_write+0x7dc/0xc50
[  168.953586][ T3920]  ? file_end_write+0x230/0x230
[  168.958448][ T3920]  ? ptrace_stop+0x74d/0x970
[  168.963058][ T3920]  ? _raw_spin_unlock_irq+0x2a/0x40
[  168.968268][ T3920]  ? __fdget_pos+0x252/0x2e0
[  168.972865][ T3920]  ksys_write+0x177/0x2a0
[  168.977221][ T3920]  ? __ia32_sys_read+0x80/0x80
[  168.982000][ T3920]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  168.988003][ T3920]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  168.993999][ T3920]  do_syscall_64+0x3d/0xb0
[  168.998423][ T3920]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  169.004315][ T3920] RIP: 0033:0x7f0fa5191c89
[  169.008726][ T3920] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  169.028331][ T3920] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  169.036743][ T3920] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[pid  3920] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3920] exit_group(0)               = ?
[pid  3920] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3920, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./273", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./273", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./273/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./273/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./273/binderfs")                = 0
umount2("./273/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./273/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./273/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./273/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./273/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./273/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./273")                          = 0
mkdir("./274", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3921
./strace-static-x86_64: Process 3921 attached
[pid  3921] chdir("./274")              = 0
[pid  3921] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3921] setpgid(0, 0)               = 0
[pid  3921] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3921] write(3, "1000", 4)         = 4
[pid  3921] close(3)                    = 0
[  169.044710][ T3920] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  169.052674][ T3920] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  169.060642][ T3920] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  169.068609][ T3920] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000111
[  169.076590][ T3920]  </TASK>
[pid  3921] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3921] memfd_create("syzkaller", 0) = 3
[pid  3921] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3921] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3921] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3921] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3921] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3921] close(3)                    = 0
[pid  3921] mkdir("./file0", 0777)      = 0
[pid  3921] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3921] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3921] chdir("./file0")            = 0
[pid  3921] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3921] close(4)                    = 0
[pid  3921] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3921] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3921] write(5, "13", 2)           = 2
[pid  3921] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid  3921] exit_group(0)               = ?
[pid  3921] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3921, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./274", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./274", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./274/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./274/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./274/binderfs")                = 0
umount2("./274/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./274/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./274/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./274/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./274/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./274/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./274")                          = 0
mkdir("./275", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3922
./strace-static-x86_64: Process 3922 attached
[pid  3922] chdir("./275")              = 0
[pid  3922] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3922] setpgid(0, 0)               = 0
[pid  3922] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3922] write(3, "1000", 4)         = 4
[pid  3922] close(3)                    = 0
[pid  3922] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3922] memfd_create("syzkaller", 0) = 3
[pid  3922] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3922] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3922] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3922] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[  169.133152][ T3921] loop0: detected capacity change from 0 to 64
[pid  3922] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3922] close(3)                    = 0
[pid  3922] mkdir("./file0", 0777)      = 0
[pid  3922] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3922] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3922] chdir("./file0")            = 0
[pid  3922] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3922] close(4)                    = 0
[pid  3922] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3922] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3922] write(5, "13", 2)           = 2
[  169.183706][ T3922] loop0: detected capacity change from 0 to 64
[  169.185440][ T3640] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  169.216208][ T3922] FAULT_INJECTION: forcing a failure.
[  169.216208][ T3922] name failslab, interval 1, probability 0, space 0, times 0
[  169.231294][ T3922] CPU: 0 PID: 3922 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  169.241757][ T3922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  169.251815][ T3922] Call Trace:
[  169.255102][ T3922]  <TASK>
[  169.258026][ T3922]  dump_stack_lvl+0x1b1/0x28e
[  169.262698][ T3922]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  169.268166][ T3922]  ? panic+0x710/0x710
[  169.272228][ T3922]  ? __might_sleep+0xc0/0xc0
[  169.276806][ T3922]  ? __mutex_lock_common+0x45f/0x26e0
[  169.282221][ T3922]  should_fail_ex+0x395/0x4c0
[  169.286906][ T3922]  ? hfs_find_init+0x8b/0x1e0
[  169.291598][ T3922]  should_failslab+0x5/0x20
[  169.296117][ T3922]  __kmem_cache_alloc_node+0x69/0x310
[  169.301494][ T3922]  ? rcu_lock_release+0x5/0x20
[  169.306271][ T3922]  ? hfs_find_init+0x8b/0x1e0
[  169.310945][ T3922]  __kmalloc+0x9e/0x1a0
[  169.315098][ T3922]  hfs_find_init+0x8b/0x1e0
[  169.319608][ T3922]  hfs_extend_file+0x2f8/0x1420
[  169.324481][ T3922]  ? xas_find+0x937/0xa60
[  169.328819][ T3922]  ? hfs_get_block+0xbb0/0xbb0
[  169.333596][ T3922]  ? filemap_get_folios+0x557/0x830
[  169.338815][ T3922]  ? find_lock_entries+0xf60/0xf60
[  169.343928][ T3922]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  169.349838][ T3922]  hfs_get_block+0x3fc/0xbb0
[  169.354459][ T3922]  ? hfs_free_extents+0x420/0x420
[  169.359492][ T3922]  ? do_raw_spin_unlock+0x134/0x8a0
[  169.364690][ T3922]  ? create_page_buffers+0x244/0x4b0
[  169.369976][ T3922]  __block_write_begin_int+0x54c/0x1a80
[  169.375535][ T3922]  ? hfs_free_extents+0x420/0x420
[  169.380559][ T3922]  ? page_zero_new_buffers+0x940/0x940
[  169.386043][ T3922]  ? PageHeadHuge+0x8a/0x1d0
[  169.390671][ T3922]  ? hfs_free_extents+0x420/0x420
[  169.395715][ T3922]  block_write_begin+0x93/0x1e0
[  169.400590][ T3922]  ? cont_write_begin+0x5e5/0x860
[  169.405624][ T3922]  ? hfs_free_extents+0x420/0x420
[  169.410665][ T3922]  cont_write_begin+0x606/0x860
[  169.415529][ T3922]  ? fault_in_readable+0x1d5/0x310
[  169.420657][ T3922]  ? generic_cont_expand_simple+0x250/0x250
[  169.426553][ T3922]  ? fault_in_readable+0x219/0x310
[  169.431677][ T3922]  ? fault_in_safe_writeable+0x240/0x240
[  169.437327][ T3922]  hfs_write_begin+0x86/0xd0
[  169.441928][ T3922]  ? hfs_free_extents+0x420/0x420
[  169.446963][ T3922]  generic_perform_write+0x2e4/0x5e0
[  169.452274][ T3922]  ? __block_commit_write+0x420/0x420
[  169.457646][ T3922]  ? generic_file_direct_write+0x610/0x610
[  169.463446][ T3922]  ? __file_remove_privs+0x6c0/0x6c0
[  169.468734][ T3922]  ? generic_write_checks+0x15c/0x1c0
[  169.474111][ T3922]  __generic_file_write_iter+0x176/0x400
[  169.479741][ T3922]  generic_file_write_iter+0xab/0x310
[  169.485109][ T3922]  vfs_write+0x7dc/0xc50
[  169.489353][ T3922]  ? file_end_write+0x230/0x230
[  169.494194][ T3922]  ? ptrace_stop+0x74d/0x970
[  169.498783][ T3922]  ? _raw_spin_unlock_irq+0x2a/0x40
[  169.503977][ T3922]  ? __fdget_pos+0x252/0x2e0
[  169.508565][ T3922]  ksys_write+0x177/0x2a0
[  169.512891][ T3922]  ? __ia32_sys_read+0x80/0x80
[  169.517649][ T3922]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  169.523627][ T3922]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  169.529617][ T3922]  do_syscall_64+0x3d/0xb0
[  169.534130][ T3922]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  169.540019][ T3922] RIP: 0033:0x7f0fa5191c89
[  169.544433][ T3922] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  169.564048][ T3922] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  169.572493][ T3922] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[pid  3922] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3922] exit_group(0)               = ?
[pid  3922] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3922, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./275", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./275", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./275/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./275/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./275/binderfs")                = 0
umount2("./275/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./275/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./275/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./275/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./275/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./275/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./275")                          = 0
mkdir("./276", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3923
./strace-static-x86_64: Process 3923 attached
[pid  3923] chdir("./276")              = 0
[pid  3923] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3923] setpgid(0, 0)               = 0
[pid  3923] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3923] write(3, "1000", 4)         = 4
[pid  3923] close(3)                    = 0
[pid  3923] symlink("/dev/binderfs", "./binderfs") = 0
[  169.580482][ T3922] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  169.588460][ T3922] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  169.596428][ T3922] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  169.604392][ T3922] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000113
[  169.612388][ T3922]  </TASK>
[pid  3923] memfd_create("syzkaller", 0) = 3
[pid  3923] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3923] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3923] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3923] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3923] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3923] close(3)                    = 0
[pid  3923] mkdir("./file0", 0777)      = 0
[pid  3923] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3923] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3923] chdir("./file0")            = 0
[pid  3923] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3923] close(4)                    = 0
[pid  3923] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3923] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3923] write(5, "13", 2)           = 2
[  169.673442][ T3923] loop0: detected capacity change from 0 to 64
[  169.697502][ T3923] FAULT_INJECTION: forcing a failure.
[  169.697502][ T3923] name failslab, interval 1, probability 0, space 0, times 0
[  169.710899][ T3923] CPU: 1 PID: 3923 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  169.721356][ T3923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  169.731514][ T3923] Call Trace:
[  169.734787][ T3923]  <TASK>
[  169.737710][ T3923]  dump_stack_lvl+0x1b1/0x28e
[  169.742394][ T3923]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  169.747884][ T3923]  ? panic+0x710/0x710
[  169.751970][ T3923]  ? __might_sleep+0xc0/0xc0
[  169.756566][ T3923]  ? __mutex_lock_common+0x45f/0x26e0
[  169.761953][ T3923]  should_fail_ex+0x395/0x4c0
[  169.766636][ T3923]  ? hfs_find_init+0x8b/0x1e0
[  169.771325][ T3923]  should_failslab+0x5/0x20
[  169.775819][ T3923]  __kmem_cache_alloc_node+0x69/0x310
[  169.781182][ T3923]  ? rcu_lock_release+0x5/0x20
[  169.785940][ T3923]  ? hfs_find_init+0x8b/0x1e0
[  169.790607][ T3923]  __kmalloc+0x9e/0x1a0
[  169.794762][ T3923]  hfs_find_init+0x8b/0x1e0
[  169.799274][ T3923]  hfs_extend_file+0x2f8/0x1420
[  169.804132][ T3923]  ? xas_find+0x937/0xa60
[  169.808455][ T3923]  ? hfs_get_block+0xbb0/0xbb0
[  169.813215][ T3923]  ? filemap_get_folios+0x557/0x830
[  169.818426][ T3923]  ? find_lock_entries+0xf60/0xf60
[  169.823530][ T3923]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  169.829421][ T3923]  hfs_get_block+0x3fc/0xbb0
[  169.834023][ T3923]  ? hfs_free_extents+0x420/0x420
[  169.839040][ T3923]  ? do_raw_spin_unlock+0x134/0x8a0
[  169.844235][ T3923]  ? create_page_buffers+0x244/0x4b0
[  169.849517][ T3923]  __block_write_begin_int+0x54c/0x1a80
[  169.855071][ T3923]  ? hfs_free_extents+0x420/0x420
[  169.860096][ T3923]  ? page_zero_new_buffers+0x940/0x940
[  169.865578][ T3923]  ? PageHeadHuge+0x8a/0x1d0
[  169.870178][ T3923]  ? hfs_free_extents+0x420/0x420
[  169.875200][ T3923]  block_write_begin+0x93/0x1e0
[  169.880062][ T3923]  ? cont_write_begin+0x5e5/0x860
[  169.885078][ T3923]  ? hfs_free_extents+0x420/0x420
[  169.890091][ T3923]  cont_write_begin+0x606/0x860
[  169.894942][ T3923]  ? fault_in_readable+0x1d5/0x310
[  169.900058][ T3923]  ? generic_cont_expand_simple+0x250/0x250
[  169.905957][ T3923]  ? fault_in_readable+0x219/0x310
[  169.911074][ T3923]  ? fault_in_safe_writeable+0x240/0x240
[  169.916729][ T3923]  hfs_write_begin+0x86/0xd0
[  169.921310][ T3923]  ? hfs_free_extents+0x420/0x420
[  169.926329][ T3923]  generic_perform_write+0x2e4/0x5e0
[  169.931627][ T3923]  ? __block_commit_write+0x420/0x420
[  169.937022][ T3923]  ? generic_file_direct_write+0x610/0x610
[  169.942836][ T3923]  ? __file_remove_privs+0x6c0/0x6c0
[  169.948122][ T3923]  ? generic_write_checks+0x15c/0x1c0
[  169.953614][ T3923]  __generic_file_write_iter+0x176/0x400
[  169.959275][ T3923]  generic_file_write_iter+0xab/0x310
[  169.964679][ T3923]  vfs_write+0x7dc/0xc50
[  169.968947][ T3923]  ? file_end_write+0x230/0x230
[  169.973804][ T3923]  ? ptrace_stop+0x74d/0x970
[  169.978406][ T3923]  ? _raw_spin_unlock_irq+0x2a/0x40
[  169.983618][ T3923]  ? __fdget_pos+0x252/0x2e0
[  169.988201][ T3923]  ksys_write+0x177/0x2a0
[  169.992523][ T3923]  ? __ia32_sys_read+0x80/0x80
[  169.997277][ T3923]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  170.003272][ T3923]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  170.009262][ T3923]  do_syscall_64+0x3d/0xb0
[  170.013668][ T3923]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  170.019557][ T3923] RIP: 0033:0x7f0fa5191c89
[  170.023991][ T3923] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  170.043598][ T3923] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  170.052091][ T3923] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  170.060055][ T3923] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid  3923] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3923] exit_group(0)               = ?
[pid  3923] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3923, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./276", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./276", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./276/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./276/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./276/binderfs")                = 0
umount2("./276/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./276/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./276/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./276/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./276/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./276/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./276")                          = 0
mkdir("./277", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3924
./strace-static-x86_64: Process 3924 attached
[pid  3924] chdir("./277")              = 0
[  170.068025][ T3923] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  170.076002][ T3923] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  170.083985][ T3923] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000114
[  170.091959][ T3923]  </TASK>
[pid  3924] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3924] setpgid(0, 0)               = 0
[pid  3924] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3924] write(3, "1000", 4)         = 4
[pid  3924] close(3)                    = 0
[pid  3924] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3924] memfd_create("syzkaller", 0) = 3
[pid  3924] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3924] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3924] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3924] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3924] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3924] close(3)                    = 0
[pid  3924] mkdir("./file0", 0777)      = 0
[pid  3924] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3924] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3924] chdir("./file0")            = 0
[pid  3924] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3924] close(4)                    = 0
[pid  3924] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3924] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3924] write(5, "13", 2)           = 2
[  170.151538][ T3924] loop0: detected capacity change from 0 to 64
[  170.172527][ T3924] FAULT_INJECTION: forcing a failure.
[  170.172527][ T3924] name failslab, interval 1, probability 0, space 0, times 0
[  170.185494][ T3924] CPU: 1 PID: 3924 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  170.195911][ T3924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  170.205966][ T3924] Call Trace:
[  170.209246][ T3924]  <TASK>
[  170.212173][ T3924]  dump_stack_lvl+0x1b1/0x28e
[  170.216855][ T3924]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  170.222315][ T3924]  ? panic+0x710/0x710
[  170.227426][ T3924]  ? __might_sleep+0xc0/0xc0
[  170.232010][ T3924]  ? __mutex_lock_common+0x45f/0x26e0
[  170.237474][ T3924]  should_fail_ex+0x395/0x4c0
[  170.242164][ T3924]  ? hfs_find_init+0x8b/0x1e0
[  170.246862][ T3924]  should_failslab+0x5/0x20
[  170.251366][ T3924]  __kmem_cache_alloc_node+0x69/0x310
[  170.256736][ T3924]  ? rcu_lock_release+0x5/0x20
[  170.261500][ T3924]  ? hfs_find_init+0x8b/0x1e0
[  170.266178][ T3924]  __kmalloc+0x9e/0x1a0
[  170.270340][ T3924]  hfs_find_init+0x8b/0x1e0
[  170.274854][ T3924]  hfs_extend_file+0x2f8/0x1420
[  170.279715][ T3924]  ? xas_find+0x937/0xa60
[  170.284059][ T3924]  ? hfs_get_block+0xbb0/0xbb0
[  170.288821][ T3924]  ? filemap_get_folios+0x557/0x830
[  170.294020][ T3924]  ? find_lock_entries+0xf60/0xf60
[  170.299135][ T3924]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  170.305033][ T3924]  hfs_get_block+0x3fc/0xbb0
[  170.309634][ T3924]  ? hfs_free_extents+0x420/0x420
[  170.314665][ T3924]  ? do_raw_spin_unlock+0x134/0x8a0
[  170.319957][ T3924]  ? create_page_buffers+0x244/0x4b0
[  170.325682][ T3924]  __block_write_begin_int+0x54c/0x1a80
[  170.331254][ T3924]  ? hfs_free_extents+0x420/0x420
[  170.336275][ T3924]  ? page_zero_new_buffers+0x940/0x940
[  170.341761][ T3924]  ? PageHeadHuge+0x8a/0x1d0
[  170.346385][ T3924]  ? hfs_free_extents+0x420/0x420
[  170.351413][ T3924]  block_write_begin+0x93/0x1e0
[  170.356291][ T3924]  ? cont_write_begin+0x5e5/0x860
[  170.361330][ T3924]  ? hfs_free_extents+0x420/0x420
[  170.366368][ T3924]  cont_write_begin+0x606/0x860
[  170.371231][ T3924]  ? fault_in_readable+0x1d5/0x310
[  170.376350][ T3924]  ? generic_cont_expand_simple+0x250/0x250
[  170.382326][ T3924]  ? fault_in_readable+0x219/0x310
[  170.387472][ T3924]  ? fault_in_safe_writeable+0x240/0x240
[  170.393127][ T3924]  hfs_write_begin+0x86/0xd0
[  170.397718][ T3924]  ? hfs_free_extents+0x420/0x420
[  170.402752][ T3924]  generic_perform_write+0x2e4/0x5e0
[  170.408047][ T3924]  ? __block_commit_write+0x420/0x420
[  170.413420][ T3924]  ? generic_file_direct_write+0x610/0x610
[  170.419223][ T3924]  ? __file_remove_privs+0x6c0/0x6c0
[  170.424509][ T3924]  ? generic_write_checks+0x15c/0x1c0
[  170.429889][ T3924]  __generic_file_write_iter+0x176/0x400
[  170.435523][ T3924]  generic_file_write_iter+0xab/0x310
[  170.440895][ T3924]  vfs_write+0x7dc/0xc50
[  170.445145][ T3924]  ? file_end_write+0x230/0x230
[  170.450258][ T3924]  ? ptrace_stop+0x74d/0x970
[  170.454877][ T3924]  ? _raw_spin_unlock_irq+0x2a/0x40
[  170.460082][ T3924]  ? __fdget_pos+0x252/0x2e0
[  170.464679][ T3924]  ksys_write+0x177/0x2a0
[  170.469020][ T3924]  ? __ia32_sys_read+0x80/0x80
[  170.473786][ T3924]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  170.479778][ T3924]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  170.485762][ T3924]  do_syscall_64+0x3d/0xb0
[  170.490177][ T3924]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  170.496068][ T3924] RIP: 0033:0x7f0fa5191c89
[  170.500479][ T3924] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  170.520114][ T3924] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  170.528539][ T3924] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  170.536510][ T3924] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  170.544476][ T3924] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3924] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3924] exit_group(0)               = ?
[pid  3924] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3924, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
umount2("./277", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./277", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./277/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./277/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./277/binderfs")                = 0
umount2("./277/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./277/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./277/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./277/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./277/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./277/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./277")                          = 0
mkdir("./278", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
[  170.552442][ T3924] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  170.560409][ T3924] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000115
[  170.568393][ T3924]  </TASK>
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3925
./strace-static-x86_64: Process 3925 attached
[pid  3925] chdir("./278")              = 0
[pid  3925] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3925] setpgid(0, 0)               = 0
[pid  3925] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3925] write(3, "1000", 4)         = 4
[pid  3925] close(3)                    = 0
[pid  3925] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3925] memfd_create("syzkaller", 0) = 3
[pid  3925] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3925] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3925] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3925] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3925] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3925] close(3)                    = 0
[pid  3925] mkdir("./file0", 0777)      = 0
[pid  3925] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3925] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3925] chdir("./file0")            = 0
[pid  3925] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3925] close(4)                    = 0
[pid  3925] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3925] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3925] write(5, "13", 2)           = 2
[  170.632667][ T3925] loop0: detected capacity change from 0 to 64
[  170.654215][ T3925] FAULT_INJECTION: forcing a failure.
[  170.654215][ T3925] name failslab, interval 1, probability 0, space 0, times 0
[  170.667591][ T3925] CPU: 1 PID: 3925 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  170.678029][ T3925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  170.688286][ T3925] Call Trace:
[  170.691571][ T3925]  <TASK>
[  170.694488][ T3925]  dump_stack_lvl+0x1b1/0x28e
[  170.699159][ T3925]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  170.704606][ T3925]  ? panic+0x710/0x710
[  170.708694][ T3925]  ? __might_sleep+0xc0/0xc0
[  170.713274][ T3925]  ? __mutex_lock_common+0x45f/0x26e0
[  170.718642][ T3925]  should_fail_ex+0x395/0x4c0
[  170.723315][ T3925]  ? hfs_find_init+0x8b/0x1e0
[  170.727992][ T3925]  should_failslab+0x5/0x20
[  170.732507][ T3925]  __kmem_cache_alloc_node+0x69/0x310
[  170.737893][ T3925]  ? rcu_lock_release+0x5/0x20
[  170.742661][ T3925]  ? hfs_find_init+0x8b/0x1e0
[  170.747335][ T3925]  __kmalloc+0x9e/0x1a0
[  170.751488][ T3925]  hfs_find_init+0x8b/0x1e0
[  170.755995][ T3925]  hfs_extend_file+0x2f8/0x1420
[  170.760841][ T3925]  ? xas_find+0x937/0xa60
[  170.765201][ T3925]  ? hfs_get_block+0xbb0/0xbb0
[  170.769967][ T3925]  ? filemap_get_folios+0x557/0x830
[  170.775174][ T3925]  ? find_lock_entries+0xf60/0xf60
[  170.780299][ T3925]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  170.786201][ T3925]  hfs_get_block+0x3fc/0xbb0
[  170.790812][ T3925]  ? hfs_free_extents+0x420/0x420
[  170.795840][ T3925]  ? do_raw_spin_unlock+0x134/0x8a0
[  170.801051][ T3925]  ? create_page_buffers+0x244/0x4b0
[  170.806352][ T3925]  __block_write_begin_int+0x54c/0x1a80
[  170.811903][ T3925]  ? hfs_free_extents+0x420/0x420
[  170.816914][ T3925]  ? page_zero_new_buffers+0x940/0x940
[  170.822364][ T3925]  ? PageHeadHuge+0x8a/0x1d0
[  170.826944][ T3925]  ? hfs_free_extents+0x420/0x420
[  170.831973][ T3925]  block_write_begin+0x93/0x1e0
[  170.836816][ T3925]  ? cont_write_begin+0x5e5/0x860
[  170.841829][ T3925]  ? hfs_free_extents+0x420/0x420
[  170.846857][ T3925]  cont_write_begin+0x606/0x860
[  170.851719][ T3925]  ? fault_in_readable+0x1d5/0x310
[  170.856831][ T3925]  ? generic_cont_expand_simple+0x250/0x250
[  170.862714][ T3925]  ? fault_in_readable+0x219/0x310
[  170.867817][ T3925]  ? fault_in_safe_writeable+0x240/0x240
[  170.873446][ T3925]  hfs_write_begin+0x86/0xd0
[  170.878024][ T3925]  ? hfs_free_extents+0x420/0x420
[  170.883047][ T3925]  generic_perform_write+0x2e4/0x5e0
[  170.888334][ T3925]  ? __block_commit_write+0x420/0x420
[  170.893710][ T3925]  ? generic_file_direct_write+0x610/0x610
[  170.899521][ T3925]  ? __file_remove_privs+0x6c0/0x6c0
[  170.904798][ T3925]  ? generic_write_checks+0x15c/0x1c0
[  170.910185][ T3925]  __generic_file_write_iter+0x176/0x400
[  170.915834][ T3925]  generic_file_write_iter+0xab/0x310
[  170.921212][ T3925]  vfs_write+0x7dc/0xc50
[  170.925466][ T3925]  ? file_end_write+0x230/0x230
[  170.930305][ T3925]  ? ptrace_stop+0x74d/0x970
[  170.934918][ T3925]  ? _raw_spin_unlock_irq+0x2a/0x40
[  170.940487][ T3925]  ? __fdget_pos+0x252/0x2e0
[  170.945085][ T3925]  ksys_write+0x177/0x2a0
[  170.949408][ T3925]  ? __ia32_sys_read+0x80/0x80
[  170.954174][ T3925]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  170.960167][ T3925]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  170.966139][ T3925]  do_syscall_64+0x3d/0xb0
[  170.970553][ T3925]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  170.976454][ T3925] RIP: 0033:0x7f0fa5191c89
[  170.980865][ T3925] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  171.000474][ T3925] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  171.008884][ T3925] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  171.016850][ T3925] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  171.024818][ T3925] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3925] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3925] exit_group(0)               = ?
[pid  3925] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3925, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./278", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./278", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./278/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./278/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./278/binderfs")                = 0
umount2("./278/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./278/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./278/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./278/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./278/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./278/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./278")                          = 0
mkdir("./279", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3926
./strace-static-x86_64: Process 3926 attached
[pid  3926] chdir("./279")              = 0
[pid  3926] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3926] setpgid(0, 0)               = 0
[pid  3926] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3926] write(3, "1000", 4)         = 4
[pid  3926] close(3)                    = 0
[pid  3926] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3926] memfd_create("syzkaller", 0) = 3
[pid  3926] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3926] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3926] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3926] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[  171.032788][ T3925] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  171.040771][ T3925] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000116
[  171.048759][ T3925]  </TASK>
[pid  3926] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3926] close(3)                    = 0
[pid  3926] mkdir("./file0", 0777)      = 0
[pid  3926] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3926] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3926] chdir("./file0")            = 0
[pid  3926] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3926] close(4)                    = 0
[pid  3926] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3926] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3926] write(5, "13", 2)           = 2
[  171.092643][ T3926] loop0: detected capacity change from 0 to 64
[  171.112692][ T3926] FAULT_INJECTION: forcing a failure.
[  171.112692][ T3926] name failslab, interval 1, probability 0, space 0, times 0
[  171.125867][ T3926] CPU: 0 PID: 3926 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  171.136302][ T3926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  171.146340][ T3926] Call Trace:
[  171.149602][ T3926]  <TASK>
[  171.152517][ T3926]  dump_stack_lvl+0x1b1/0x28e
[  171.157187][ T3926]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  171.162740][ T3926]  ? panic+0x710/0x710
[  171.166826][ T3926]  ? __might_sleep+0xc0/0xc0
[  171.171399][ T3926]  ? __mutex_lock_common+0x45f/0x26e0
[  171.176768][ T3926]  should_fail_ex+0x395/0x4c0
[  171.181442][ T3926]  ? hfs_find_init+0x8b/0x1e0
[  171.186127][ T3926]  should_failslab+0x5/0x20
[  171.190617][ T3926]  __kmem_cache_alloc_node+0x69/0x310
[  171.196067][ T3926]  ? rcu_lock_release+0x5/0x20
[  171.200827][ T3926]  ? hfs_find_init+0x8b/0x1e0
[  171.205493][ T3926]  __kmalloc+0x9e/0x1a0
[  171.209651][ T3926]  hfs_find_init+0x8b/0x1e0
[  171.214146][ T3926]  hfs_extend_file+0x2f8/0x1420
[  171.218981][ T3926]  ? xas_find+0x937/0xa60
[  171.223304][ T3926]  ? hfs_get_block+0xbb0/0xbb0
[  171.228050][ T3926]  ? filemap_get_folios+0x557/0x830
[  171.233239][ T3926]  ? find_lock_entries+0xf60/0xf60
[  171.238341][ T3926]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  171.244231][ T3926]  hfs_get_block+0x3fc/0xbb0
[  171.248818][ T3926]  ? hfs_free_extents+0x420/0x420
[  171.253828][ T3926]  ? do_raw_spin_unlock+0x134/0x8a0
[  171.259020][ T3926]  ? create_page_buffers+0x244/0x4b0
[  171.264294][ T3926]  __block_write_begin_int+0x54c/0x1a80
[  171.269845][ T3926]  ? hfs_free_extents+0x420/0x420
[  171.274857][ T3926]  ? page_zero_new_buffers+0x940/0x940
[  171.280303][ T3926]  ? PageHeadHuge+0x8a/0x1d0
[  171.284884][ T3926]  ? hfs_free_extents+0x420/0x420
[  171.289893][ T3926]  block_write_begin+0x93/0x1e0
[  171.294730][ T3926]  ? cont_write_begin+0x5e5/0x860
[  171.299741][ T3926]  ? hfs_free_extents+0x420/0x420
[  171.304777][ T3926]  cont_write_begin+0x606/0x860
[  171.309667][ T3926]  ? fault_in_readable+0x1d5/0x310
[  171.314782][ T3926]  ? generic_cont_expand_simple+0x250/0x250
[  171.320671][ T3926]  ? fault_in_readable+0x219/0x310
[  171.325778][ T3926]  ? fault_in_safe_writeable+0x240/0x240
[  171.331406][ T3926]  hfs_write_begin+0x86/0xd0
[  171.335985][ T3926]  ? hfs_free_extents+0x420/0x420
[  171.341000][ T3926]  generic_perform_write+0x2e4/0x5e0
[  171.346277][ T3926]  ? __block_commit_write+0x420/0x420
[  171.351641][ T3926]  ? generic_file_direct_write+0x610/0x610
[  171.357436][ T3926]  ? __file_remove_privs+0x6c0/0x6c0
[  171.362708][ T3926]  ? generic_write_checks+0x15c/0x1c0
[  171.368093][ T3926]  __generic_file_write_iter+0x176/0x400
[  171.373749][ T3926]  generic_file_write_iter+0xab/0x310
[  171.379124][ T3926]  vfs_write+0x7dc/0xc50
[  171.383371][ T3926]  ? file_end_write+0x230/0x230
[  171.388246][ T3926]  ? ptrace_stop+0x74d/0x970
[  171.392833][ T3926]  ? _raw_spin_unlock_irq+0x2a/0x40
[  171.398026][ T3926]  ? __fdget_pos+0x252/0x2e0
[  171.402611][ T3926]  ksys_write+0x177/0x2a0
[  171.406953][ T3926]  ? __ia32_sys_read+0x80/0x80
[  171.411720][ T3926]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  171.417703][ T3926]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  171.423679][ T3926]  do_syscall_64+0x3d/0xb0
[  171.428091][ T3926]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  171.433981][ T3926] RIP: 0033:0x7f0fa5191c89
[  171.438386][ T3926] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  171.457980][ T3926] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  171.466383][ T3926] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  171.474341][ T3926] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  171.482302][ T3926] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3926] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3926] exit_group(0)               = ?
[pid  3926] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3926, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./279", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./279", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./279/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./279/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./279/binderfs")                = 0
umount2("./279/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./279/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./279/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./279/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./279/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./279/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./279")                          = 0
mkdir("./280", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3927
./strace-static-x86_64: Process 3927 attached
[pid  3927] chdir("./280")              = 0
[pid  3927] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3927] setpgid(0, 0)               = 0
[pid  3927] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3927] write(3, "1000", 4)         = 4
[pid  3927] close(3)                    = 0
[pid  3927] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3927] memfd_create("syzkaller", 0) = 3
[pid  3927] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3927] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[  171.490260][ T3926] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  171.498230][ T3926] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000117
[  171.506217][ T3926]  </TASK>
[pid  3927] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3927] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3927] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3927] close(3)                    = 0
[pid  3927] mkdir("./file0", 0777)      = 0
[pid  3927] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3927] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3927] chdir("./file0")            = 0
[pid  3927] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3927] close(4)                    = 0
[pid  3927] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3927] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3927] write(5, "13", 2)           = 2
[  171.557239][ T3927] loop0: detected capacity change from 0 to 64
[  171.577758][ T3927] FAULT_INJECTION: forcing a failure.
[  171.577758][ T3927] name failslab, interval 1, probability 0, space 0, times 0
[  171.590693][ T3927] CPU: 0 PID: 3927 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  171.601126][ T3927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  171.611254][ T3927] Call Trace:
[  171.614519][ T3927]  <TASK>
[  171.617436][ T3927]  dump_stack_lvl+0x1b1/0x28e
[  171.622104][ T3927]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  171.627679][ T3927]  ? panic+0x710/0x710
[  171.631751][ T3927]  ? __might_sleep+0xc0/0xc0
[  171.636337][ T3927]  ? __mutex_lock_common+0x45f/0x26e0
[  171.641733][ T3927]  should_fail_ex+0x395/0x4c0
[  171.646425][ T3927]  ? hfs_find_init+0x8b/0x1e0
[  171.651108][ T3927]  should_failslab+0x5/0x20
[  171.655634][ T3927]  __kmem_cache_alloc_node+0x69/0x310
[  171.661025][ T3927]  ? rcu_lock_release+0x5/0x20
[  171.665805][ T3927]  ? hfs_find_init+0x8b/0x1e0
[  171.670483][ T3927]  __kmalloc+0x9e/0x1a0
[  171.674644][ T3927]  hfs_find_init+0x8b/0x1e0
[  171.679152][ T3927]  hfs_extend_file+0x2f8/0x1420
[  171.684000][ T3927]  ? xas_find+0x937/0xa60
[  171.688339][ T3927]  ? hfs_get_block+0xbb0/0xbb0
[  171.693098][ T3927]  ? filemap_get_folios+0x557/0x830
[  171.698301][ T3927]  ? find_lock_entries+0xf60/0xf60
[  171.703416][ T3927]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  171.709327][ T3927]  hfs_get_block+0x3fc/0xbb0
[  171.713927][ T3927]  ? hfs_free_extents+0x420/0x420
[  171.718944][ T3927]  ? do_raw_spin_unlock+0x134/0x8a0
[  171.724145][ T3927]  ? create_page_buffers+0x244/0x4b0
[  171.729435][ T3927]  __block_write_begin_int+0x54c/0x1a80
[  171.734999][ T3927]  ? hfs_free_extents+0x420/0x420
[  171.740018][ T3927]  ? page_zero_new_buffers+0x940/0x940
[  171.745479][ T3927]  ? PageHeadHuge+0x8a/0x1d0
[  171.750071][ T3927]  ? hfs_free_extents+0x420/0x420
[  171.755091][ T3927]  block_write_begin+0x93/0x1e0
[  171.759943][ T3927]  ? cont_write_begin+0x5e5/0x860
[  171.764965][ T3927]  ? hfs_free_extents+0x420/0x420
[  171.770005][ T3927]  cont_write_begin+0x606/0x860
[  171.774859][ T3927]  ? fault_in_readable+0x1d5/0x310
[  171.779972][ T3927]  ? generic_cont_expand_simple+0x250/0x250
[  171.785864][ T3927]  ? fault_in_readable+0x219/0x310
[  171.790985][ T3927]  ? fault_in_safe_writeable+0x240/0x240
[  171.796628][ T3927]  hfs_write_begin+0x86/0xd0
[  171.801211][ T3927]  ? hfs_free_extents+0x420/0x420
[  171.806235][ T3927]  generic_perform_write+0x2e4/0x5e0
[  171.811527][ T3927]  ? __block_commit_write+0x420/0x420
[  171.816967][ T3927]  ? generic_file_direct_write+0x610/0x610
[  171.822774][ T3927]  ? __file_remove_privs+0x6c0/0x6c0
[  171.828060][ T3927]  ? generic_write_checks+0x15c/0x1c0
[  171.833437][ T3927]  __generic_file_write_iter+0x176/0x400
[  171.839072][ T3927]  generic_file_write_iter+0xab/0x310
[  171.844467][ T3927]  vfs_write+0x7dc/0xc50
[  171.848720][ T3927]  ? file_end_write+0x230/0x230
[  171.853569][ T3927]  ? ptrace_stop+0x74d/0x970
[  171.858167][ T3927]  ? _raw_spin_unlock_irq+0x2a/0x40
[  171.863366][ T3927]  ? __fdget_pos+0x252/0x2e0
[  171.867959][ T3927]  ksys_write+0x177/0x2a0
[  171.872289][ T3927]  ? __ia32_sys_read+0x80/0x80
[  171.877138][ T3927]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  171.883118][ T3927]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  171.889553][ T3927]  do_syscall_64+0x3d/0xb0
[  171.893994][ T3927]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  171.899884][ T3927] RIP: 0033:0x7f0fa5191c89
[  171.904323][ T3927] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  171.923939][ T3927] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  171.932351][ T3927] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  171.940319][ T3927] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  171.948294][ T3927] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3927] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3927] exit_group(0)               = ?
[pid  3927] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3927, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./280", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./280", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./280/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./280/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./280/binderfs")                = 0
umount2("./280/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./280/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./280/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./280/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./280/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./280/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./280")                          = 0
mkdir("./281", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3928
./strace-static-x86_64: Process 3928 attached
[pid  3928] chdir("./281")              = 0
[pid  3928] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3928] setpgid(0, 0)               = 0
[pid  3928] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3928] write(3, "1000", 4)         = 4
[pid  3928] close(3)                    = 0
[pid  3928] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3928] memfd_create("syzkaller", 0) = 3
[pid  3928] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3928] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[  171.956260][ T3927] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  171.964227][ T3927] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000118
[  171.972296][ T3927]  </TASK>
[pid  3928] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3928] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3928] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3928] close(3)                    = 0
[pid  3928] mkdir("./file0", 0777)      = 0
[pid  3928] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3928] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3928] chdir("./file0")            = 0
[pid  3928] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3928] close(4)                    = 0
[pid  3928] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3928] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3928] write(5, "13", 2)           = 2
[  172.024254][ T3928] loop0: detected capacity change from 0 to 64
[  172.045730][ T3928] FAULT_INJECTION: forcing a failure.
[  172.045730][ T3928] name failslab, interval 1, probability 0, space 0, times 0
[  172.058824][ T3928] CPU: 0 PID: 3928 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  172.069280][ T3928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  172.079442][ T3928] Call Trace:
[  172.082719][ T3928]  <TASK>
[  172.085646][ T3928]  dump_stack_lvl+0x1b1/0x28e
[  172.090330][ T3928]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  172.096061][ T3928]  ? panic+0x710/0x710
[  172.100124][ T3928]  ? __might_sleep+0xc0/0xc0
[  172.104713][ T3928]  ? __mutex_lock_common+0x45f/0x26e0
[  172.110100][ T3928]  should_fail_ex+0x395/0x4c0
[  172.114786][ T3928]  ? hfs_find_init+0x8b/0x1e0
[  172.119469][ T3928]  should_failslab+0x5/0x20
[  172.123977][ T3928]  __kmem_cache_alloc_node+0x69/0x310
[  172.129347][ T3928]  ? rcu_lock_release+0x5/0x20
[  172.134118][ T3928]  ? hfs_find_init+0x8b/0x1e0
[  172.138803][ T3928]  __kmalloc+0x9e/0x1a0
[  172.142964][ T3928]  hfs_find_init+0x8b/0x1e0
[  172.147470][ T3928]  hfs_extend_file+0x2f8/0x1420
[  172.152319][ T3928]  ? xas_find+0x937/0xa60
[  172.156657][ T3928]  ? hfs_get_block+0xbb0/0xbb0
[  172.161418][ T3928]  ? filemap_get_folios+0x557/0x830
[  172.166621][ T3928]  ? find_lock_entries+0xf60/0xf60
[  172.171740][ T3928]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  172.177647][ T3928]  hfs_get_block+0x3fc/0xbb0
[  172.182253][ T3928]  ? hfs_free_extents+0x420/0x420
[  172.187273][ T3928]  ? do_raw_spin_unlock+0x134/0x8a0
[  172.192481][ T3928]  ? create_page_buffers+0x244/0x4b0
[  172.197772][ T3928]  __block_write_begin_int+0x54c/0x1a80
[  172.203427][ T3928]  ? hfs_free_extents+0x420/0x420
[  172.208450][ T3928]  ? page_zero_new_buffers+0x940/0x940
[  172.213911][ T3928]  ? PageHeadHuge+0x8a/0x1d0
[  172.218504][ T3928]  ? hfs_free_extents+0x420/0x420
[  172.223527][ T3928]  block_write_begin+0x93/0x1e0
[  172.228464][ T3928]  ? cont_write_begin+0x5e5/0x860
[  172.233498][ T3928]  ? hfs_free_extents+0x420/0x420
[  172.238521][ T3928]  cont_write_begin+0x606/0x860
[  172.243381][ T3928]  ? fault_in_readable+0x1d5/0x310
[  172.248495][ T3928]  ? generic_cont_expand_simple+0x250/0x250
[  172.254391][ T3928]  ? fault_in_readable+0x219/0x310
[  172.259522][ T3928]  ? fault_in_safe_writeable+0x240/0x240
[  172.265202][ T3928]  hfs_write_begin+0x86/0xd0
[  172.269794][ T3928]  ? hfs_free_extents+0x420/0x420
[  172.274823][ T3928]  generic_perform_write+0x2e4/0x5e0
[  172.280118][ T3928]  ? __block_commit_write+0x420/0x420
[  172.285493][ T3928]  ? generic_file_direct_write+0x610/0x610
[  172.291300][ T3928]  ? __file_remove_privs+0x6c0/0x6c0
[  172.296590][ T3928]  ? generic_write_checks+0x15c/0x1c0
[  172.301970][ T3928]  __generic_file_write_iter+0x176/0x400
[  172.307607][ T3928]  generic_file_write_iter+0xab/0x310
[  172.312985][ T3928]  vfs_write+0x7dc/0xc50
[  172.317234][ T3928]  ? file_end_write+0x230/0x230
[  172.322087][ T3928]  ? ptrace_stop+0x74d/0x970
[  172.326688][ T3928]  ? _raw_spin_unlock_irq+0x2a/0x40
[  172.331899][ T3928]  ? __fdget_pos+0x252/0x2e0
[  172.336496][ T3928]  ksys_write+0x177/0x2a0
[  172.340832][ T3928]  ? __ia32_sys_read+0x80/0x80
[  172.345609][ T3928]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  172.351593][ T3928]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  172.357576][ T3928]  do_syscall_64+0x3d/0xb0
[  172.361995][ T3928]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  172.367888][ T3928] RIP: 0033:0x7f0fa5191c89
[  172.372300][ T3928] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  172.391901][ T3928] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  172.400314][ T3928] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  172.408282][ T3928] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  172.416251][ T3928] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3928] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3928] exit_group(0)               = ?
[pid  3928] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3928, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
umount2("./281", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./281", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./281/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./281/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./281/binderfs")                = 0
umount2("./281/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./281/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./281/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./281/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./281/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./281/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./281")                          = 0
mkdir("./282", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
[  172.424221][ T3928] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  172.432188][ T3928] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000119
[  172.440173][ T3928]  </TASK>
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3929
./strace-static-x86_64: Process 3929 attached
[pid  3929] chdir("./282")              = 0
[pid  3929] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3929] setpgid(0, 0)               = 0
[pid  3929] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3929] write(3, "1000", 4)         = 4
[pid  3929] close(3)                    = 0
[pid  3929] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3929] memfd_create("syzkaller", 0) = 3
[pid  3929] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3929] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3929] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3929] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3929] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3929] close(3)                    = 0
[pid  3929] mkdir("./file0", 0777)      = 0
[pid  3929] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3929] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3929] chdir("./file0")            = 0
[pid  3929] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3929] close(4)                    = 0
[pid  3929] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3929] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3929] write(5, "13", 2)           = 2
[  172.504713][ T3929] loop0: detected capacity change from 0 to 64
[  172.532442][ T3929] FAULT_INJECTION: forcing a failure.
[  172.532442][ T3929] name failslab, interval 1, probability 0, space 0, times 0
[  172.545518][ T3929] CPU: 0 PID: 3929 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  172.555946][ T3929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  172.566013][ T3929] Call Trace:
[  172.569284][ T3929]  <TASK>
[  172.572206][ T3929]  dump_stack_lvl+0x1b1/0x28e
[  172.576878][ T3929]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  172.582344][ T3929]  ? panic+0x710/0x710
[  172.586434][ T3929]  ? __might_sleep+0xc0/0xc0
[  172.591031][ T3929]  ? __mutex_lock_common+0x45f/0x26e0
[  172.596400][ T3929]  should_fail_ex+0x395/0x4c0
[  172.601077][ T3929]  ? hfs_find_init+0x8b/0x1e0
[  172.605762][ T3929]  should_failslab+0x5/0x20
[  172.610265][ T3929]  __kmem_cache_alloc_node+0x69/0x310
[  172.615642][ T3929]  ? hfs_find_init+0x8b/0x1e0
[  172.620327][ T3929]  __kmalloc+0x9e/0x1a0
[  172.624487][ T3929]  hfs_find_init+0x8b/0x1e0
[  172.628996][ T3929]  hfs_extend_file+0x2f8/0x1420
[  172.633855][ T3929]  ? hfs_get_block+0xbb0/0xbb0
[  172.638623][ T3929]  ? lru_cache_disable+0x30/0x30
[  172.643561][ T3929]  ? __might_sleep+0xc0/0xc0
[  172.648166][ T3929]  hfs_get_block+0x3fc/0xbb0
[  172.652790][ T3929]  ? hfs_free_extents+0x420/0x420
[  172.657811][ T3929]  ? do_raw_spin_unlock+0x134/0x8a0
[  172.663016][ T3929]  ? create_page_buffers+0x244/0x4b0
[  172.668325][ T3929]  __block_write_begin_int+0x54c/0x1a80
[  172.673889][ T3929]  ? hfs_free_extents+0x420/0x420
[  172.678908][ T3929]  ? page_zero_new_buffers+0x940/0x940
[  172.684369][ T3929]  ? PageHeadHuge+0x8a/0x1d0
[  172.688969][ T3929]  ? hfs_free_extents+0x420/0x420
[  172.693991][ T3929]  block_write_begin+0x93/0x1e0
[  172.698840][ T3929]  ? cont_write_begin+0x5e5/0x860
[  172.703866][ T3929]  ? hfs_free_extents+0x420/0x420
[  172.708890][ T3929]  cont_write_begin+0x606/0x860
[  172.713749][ T3929]  ? fault_in_readable+0x1d5/0x310
[  172.718910][ T3929]  ? generic_cont_expand_simple+0x250/0x250
[  172.724819][ T3929]  ? fault_in_readable+0x219/0x310
[  172.729952][ T3929]  ? fault_in_safe_writeable+0x240/0x240
[  172.735692][ T3929]  hfs_write_begin+0x86/0xd0
[  172.740299][ T3929]  ? hfs_free_extents+0x420/0x420
[  172.745330][ T3929]  generic_perform_write+0x2e4/0x5e0
[  172.750623][ T3929]  ? __block_commit_write+0x420/0x420
[  172.756004][ T3929]  ? generic_file_direct_write+0x610/0x610
[  172.761811][ T3929]  ? __file_remove_privs+0x6c0/0x6c0
[  172.767097][ T3929]  ? generic_write_checks+0x15c/0x1c0
[  172.772480][ T3929]  __generic_file_write_iter+0x176/0x400
[  172.778121][ T3929]  generic_file_write_iter+0xab/0x310
[  172.783551][ T3929]  vfs_write+0x7dc/0xc50
[  172.787801][ T3929]  ? file_end_write+0x230/0x230
[  172.792651][ T3929]  ? ptrace_stop+0x74d/0x970
[  172.797250][ T3929]  ? _raw_spin_unlock_irq+0x2a/0x40
[  172.802453][ T3929]  ? __fdget_pos+0x252/0x2e0
[  172.807046][ T3929]  ksys_write+0x177/0x2a0
[  172.811378][ T3929]  ? __ia32_sys_read+0x80/0x80
[  172.816146][ T3929]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  172.822137][ T3929]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  172.828117][ T3929]  do_syscall_64+0x3d/0xb0
[  172.832532][ T3929]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  172.838446][ T3929] RIP: 0033:0x7f0fa5191c89
[  172.842860][ T3929] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  172.862465][ T3929] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  172.870876][ T3929] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  172.878845][ T3929] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  172.886812][ T3929] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  172.894863][ T3929] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  3929] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3929] exit_group(0)               = ?
[pid  3929] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3929, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./282", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./282", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./282/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./282/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./282/binderfs")                = 0
umount2("./282/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./282/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./282/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./282/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./282/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./282/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./282")                          = 0
mkdir("./283", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3930
./strace-static-x86_64: Process 3930 attached
[pid  3930] chdir("./283")              = 0
[pid  3930] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3930] setpgid(0, 0)               = 0
[pid  3930] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3930] write(3, "1000", 4)         = 4
[pid  3930] close(3)                    = 0
[pid  3930] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3930] memfd_create("syzkaller", 0) = 3
[pid  3930] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3930] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3930] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3930] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[  172.902831][ T3929] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000011a
[  172.910816][ T3929]  </TASK>
[pid  3930] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3930] close(3)                    = 0
[pid  3930] mkdir("./file0", 0777)      = 0
[pid  3930] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3930] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3930] chdir("./file0")            = 0
[pid  3930] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3930] close(4)                    = 0
[pid  3930] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3930] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3930] write(5, "13", 2)           = 2
[  172.964460][ T3930] loop0: detected capacity change from 0 to 64
[  172.993566][ T3930] FAULT_INJECTION: forcing a failure.
[  172.993566][ T3930] name failslab, interval 1, probability 0, space 0, times 0
[  173.006405][ T3930] CPU: 0 PID: 3930 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  173.016812][ T3930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  173.026860][ T3930] Call Trace:
[  173.030138][ T3930]  <TASK>
[  173.033082][ T3930]  dump_stack_lvl+0x1b1/0x28e
[  173.037754][ T3930]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  173.043202][ T3930]  ? panic+0x710/0x710
[  173.047263][ T3930]  ? __might_sleep+0xc0/0xc0
[  173.051842][ T3930]  ? __mutex_lock_common+0x45f/0x26e0
[  173.057213][ T3930]  should_fail_ex+0x395/0x4c0
[  173.061890][ T3930]  ? hfs_find_init+0x8b/0x1e0
[  173.066574][ T3930]  should_failslab+0x5/0x20
[  173.071084][ T3930]  __kmem_cache_alloc_node+0x69/0x310
[  173.076463][ T3930]  ? hfs_find_init+0x8b/0x1e0
[  173.081142][ T3930]  __kmalloc+0x9e/0x1a0
[  173.085302][ T3930]  hfs_find_init+0x8b/0x1e0
[  173.089812][ T3930]  hfs_extend_file+0x2f8/0x1420
[  173.094670][ T3930]  ? hfs_get_block+0xbb0/0xbb0
[  173.099431][ T3930]  ? lru_cache_disable+0x30/0x30
[  173.104370][ T3930]  ? __might_sleep+0xc0/0xc0
[  173.108977][ T3930]  hfs_get_block+0x3fc/0xbb0
[  173.113581][ T3930]  ? hfs_free_extents+0x420/0x420
[  173.118615][ T3930]  ? do_raw_spin_unlock+0x134/0x8a0
[  173.123819][ T3930]  ? create_page_buffers+0x244/0x4b0
[  173.129125][ T3930]  __block_write_begin_int+0x54c/0x1a80
[  173.134705][ T3930]  ? hfs_free_extents+0x420/0x420
[  173.139724][ T3930]  ? page_zero_new_buffers+0x940/0x940
[  173.145185][ T3930]  ? PageHeadHuge+0x8a/0x1d0
[  173.149785][ T3930]  ? hfs_free_extents+0x420/0x420
[  173.154805][ T3930]  block_write_begin+0x93/0x1e0
[  173.159675][ T3930]  ? cont_write_begin+0x5e5/0x860
[  173.164727][ T3930]  ? hfs_free_extents+0x420/0x420
[  173.169770][ T3930]  cont_write_begin+0x606/0x860
[  173.174645][ T3930]  ? fault_in_readable+0x1d5/0x310
[  173.179761][ T3930]  ? generic_cont_expand_simple+0x250/0x250
[  173.185656][ T3930]  ? fault_in_readable+0x219/0x310
[  173.190771][ T3930]  ? fault_in_safe_writeable+0x240/0x240
[  173.196414][ T3930]  hfs_write_begin+0x86/0xd0
[  173.201001][ T3930]  ? hfs_free_extents+0x420/0x420
[  173.206028][ T3930]  generic_perform_write+0x2e4/0x5e0
[  173.211321][ T3930]  ? __block_commit_write+0x420/0x420
[  173.216695][ T3930]  ? generic_file_direct_write+0x610/0x610
[  173.222508][ T3930]  ? __file_remove_privs+0x6c0/0x6c0
[  173.227885][ T3930]  ? generic_write_checks+0x15c/0x1c0
[  173.233276][ T3930]  __generic_file_write_iter+0x176/0x400
[  173.238914][ T3930]  generic_file_write_iter+0xab/0x310
[  173.244312][ T3930]  vfs_write+0x7dc/0xc50
[  173.248564][ T3930]  ? file_end_write+0x230/0x230
[  173.253414][ T3930]  ? ptrace_stop+0x74d/0x970
[  173.258013][ T3930]  ? _raw_spin_unlock_irq+0x2a/0x40
[  173.263228][ T3930]  ? __fdget_pos+0x252/0x2e0
[  173.267823][ T3930]  ksys_write+0x177/0x2a0
[  173.272155][ T3930]  ? __ia32_sys_read+0x80/0x80
[  173.276920][ T3930]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  173.282900][ T3930]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  173.288884][ T3930]  do_syscall_64+0x3d/0xb0
[  173.293301][ T3930]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  173.299191][ T3930] RIP: 0033:0x7f0fa5191c89
[  173.303604][ T3930] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  173.323205][ T3930] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  173.331619][ T3930] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  173.339598][ T3930] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  173.347564][ T3930] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  173.355559][ T3930] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  3930] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3930] exit_group(0)               = ?
[pid  3930] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3930, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./283", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./283", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./283/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./283/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./283/binderfs")                = 0
umount2("./283/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./283/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./283/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./283/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./283/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./283/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./283")                          = 0
mkdir("./284", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3931
./strace-static-x86_64: Process 3931 attached
[pid  3931] chdir("./284")              = 0
[pid  3931] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3931] setpgid(0, 0)               = 0
[pid  3931] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3931] write(3, "1000", 4)         = 4
[pid  3931] close(3)                    = 0
[pid  3931] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3931] memfd_create("syzkaller", 0) = 3
[pid  3931] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3931] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3931] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3931] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[  173.363537][ T3930] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000011b
[  173.371699][ T3930]  </TASK>
[pid  3931] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3931] close(3)                    = 0
[pid  3931] mkdir("./file0", 0777)      = 0
[pid  3931] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3931] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3931] chdir("./file0")            = 0
[pid  3931] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3931] close(4)                    = 0
[pid  3931] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3931] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3931] write(5, "13", 2)           = 2
[  173.413025][ T3931] loop0: detected capacity change from 0 to 64
[  173.417747][ T3640] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  173.445025][ T3931] FAULT_INJECTION: forcing a failure.
[  173.445025][ T3931] name failslab, interval 1, probability 0, space 0, times 0
[  173.457980][ T3931] CPU: 0 PID: 3931 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  173.468409][ T3931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  173.478451][ T3931] Call Trace:
[  173.481718][ T3931]  <TASK>
[  173.484640][ T3931]  dump_stack_lvl+0x1b1/0x28e
[  173.489310][ T3931]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  173.494754][ T3931]  ? panic+0x710/0x710
[  173.498809][ T3931]  ? __might_sleep+0xc0/0xc0
[  173.503387][ T3931]  ? __mutex_lock_common+0x45f/0x26e0
[  173.508751][ T3931]  should_fail_ex+0x395/0x4c0
[  173.513417][ T3931]  ? hfs_find_init+0x8b/0x1e0
[  173.518086][ T3931]  should_failslab+0x5/0x20
[  173.522584][ T3931]  __kmem_cache_alloc_node+0x69/0x310
[  173.527950][ T3931]  ? rcu_lock_release+0x5/0x20
[  173.532701][ T3931]  ? hfs_find_init+0x8b/0x1e0
[  173.537364][ T3931]  __kmalloc+0x9e/0x1a0
[  173.541511][ T3931]  hfs_find_init+0x8b/0x1e0
[  173.546014][ T3931]  hfs_extend_file+0x2f8/0x1420
[  173.550855][ T3931]  ? xas_find+0x937/0xa60
[  173.555199][ T3931]  ? hfs_get_block+0xbb0/0xbb0
[  173.559953][ T3931]  ? filemap_get_folios+0x557/0x830
[  173.565140][ T3931]  ? find_lock_entries+0xf60/0xf60
[  173.570246][ T3931]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  173.576132][ T3931]  hfs_get_block+0x3fc/0xbb0
[  173.580719][ T3931]  ? hfs_free_extents+0x420/0x420
[  173.585729][ T3931]  ? do_raw_spin_unlock+0x134/0x8a0
[  173.590917][ T3931]  ? create_page_buffers+0x244/0x4b0
[  173.596195][ T3931]  __block_write_begin_int+0x54c/0x1a80
[  173.601748][ T3931]  ? hfs_free_extents+0x420/0x420
[  173.606762][ T3931]  ? page_zero_new_buffers+0x940/0x940
[  173.612208][ T3931]  ? PageHeadHuge+0x8a/0x1d0
[  173.616790][ T3931]  ? hfs_free_extents+0x420/0x420
[  173.621800][ T3931]  block_write_begin+0x93/0x1e0
[  173.626639][ T3931]  ? cont_write_begin+0x5e5/0x860
[  173.631651][ T3931]  ? hfs_free_extents+0x420/0x420
[  173.636660][ T3931]  cont_write_begin+0x606/0x860
[  173.641503][ T3931]  ? fault_in_readable+0x1d5/0x310
[  173.646604][ T3931]  ? generic_cont_expand_simple+0x250/0x250
[  173.652489][ T3931]  ? fault_in_readable+0x219/0x310
[  173.657591][ T3931]  ? fault_in_safe_writeable+0x240/0x240
[  173.663215][ T3931]  hfs_write_begin+0x86/0xd0
[  173.667792][ T3931]  ? hfs_free_extents+0x420/0x420
[  173.672804][ T3931]  generic_perform_write+0x2e4/0x5e0
[  173.678084][ T3931]  ? __block_commit_write+0x420/0x420
[  173.683447][ T3931]  ? generic_file_direct_write+0x610/0x610
[  173.689241][ T3931]  ? __file_remove_privs+0x6c0/0x6c0
[  173.694511][ T3931]  ? generic_write_checks+0x15c/0x1c0
[  173.699876][ T3931]  __generic_file_write_iter+0x176/0x400
[  173.705500][ T3931]  generic_file_write_iter+0xab/0x310
[  173.710862][ T3931]  vfs_write+0x7dc/0xc50
[  173.715097][ T3931]  ? file_end_write+0x230/0x230
[  173.719933][ T3931]  ? ptrace_stop+0x74d/0x970
[  173.724518][ T3931]  ? _raw_spin_unlock_irq+0x2a/0x40
[  173.729758][ T3931]  ? __fdget_pos+0x252/0x2e0
[  173.734340][ T3931]  ksys_write+0x177/0x2a0
[  173.738661][ T3931]  ? __ia32_sys_read+0x80/0x80
[  173.743416][ T3931]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  173.749396][ T3931]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  173.755365][ T3931]  do_syscall_64+0x3d/0xb0
[  173.759772][ T3931]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  173.765651][ T3931] RIP: 0033:0x7f0fa5191c89
[  173.770053][ T3931] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  173.789678][ T3931] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  173.798077][ T3931] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  173.806035][ T3931] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid  3931] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3931] exit_group(0)               = ?
[pid  3931] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3931, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./284", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./284", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./284/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./284/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./284/binderfs")                = 0
umount2("./284/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./284/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./284/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./284/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./284/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./284/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./284")                          = 0
mkdir("./285", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3932
./strace-static-x86_64: Process 3932 attached
[pid  3932] chdir("./285")              = 0
[pid  3932] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3932] setpgid(0, 0)               = 0
[pid  3932] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3932] write(3, "1000", 4)         = 4
[pid  3932] close(3)                    = 0
[pid  3932] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3932] memfd_create("syzkaller", 0) = 3
[pid  3932] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3932] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3932] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3932] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[  173.813992][ T3931] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  173.822035][ T3931] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  173.829989][ T3931] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000011c
[  173.837958][ T3931]  </TASK>
[pid  3932] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3932] close(3)                    = 0
[pid  3932] mkdir("./file0", 0777)      = 0
[pid  3932] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3932] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3932] chdir("./file0")            = 0
[pid  3932] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3932] close(4)                    = 0
[pid  3932] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3932] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3932] write(5, "13", 2)           = 2
[  173.885602][ T3932] loop0: detected capacity change from 0 to 64
[  173.903310][ T3932] FAULT_INJECTION: forcing a failure.
[  173.903310][ T3932] name failslab, interval 1, probability 0, space 0, times 0
[  173.916514][ T3932] CPU: 0 PID: 3932 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  173.926949][ T3932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  173.936990][ T3932] Call Trace:
[  173.940259][ T3932]  <TASK>
[  173.943179][ T3932]  dump_stack_lvl+0x1b1/0x28e
[  173.947847][ T3932]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  173.953293][ T3932]  ? panic+0x710/0x710
[  173.957351][ T3932]  ? __might_sleep+0xc0/0xc0
[  173.961924][ T3932]  ? __mutex_lock_common+0x45f/0x26e0
[  173.967289][ T3932]  should_fail_ex+0x395/0x4c0
[  173.971963][ T3932]  ? hfs_find_init+0x8b/0x1e0
[  173.976645][ T3932]  should_failslab+0x5/0x20
[  173.981146][ T3932]  __kmem_cache_alloc_node+0x69/0x310
[  173.986542][ T3932]  ? rcu_lock_release+0x5/0x20
[  173.991307][ T3932]  ? hfs_find_init+0x8b/0x1e0
[  173.995988][ T3932]  __kmalloc+0x9e/0x1a0
[  174.000151][ T3932]  hfs_find_init+0x8b/0x1e0
[  174.004661][ T3932]  hfs_extend_file+0x2f8/0x1420
[  174.009511][ T3932]  ? xas_find+0x937/0xa60
[  174.013868][ T3932]  ? hfs_get_block+0xbb0/0xbb0
[  174.018628][ T3932]  ? filemap_get_folios+0x557/0x830
[  174.023831][ T3932]  ? find_lock_entries+0xf60/0xf60
[  174.028948][ T3932]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  174.034853][ T3932]  hfs_get_block+0x3fc/0xbb0
[  174.039453][ T3932]  ? hfs_free_extents+0x420/0x420
[  174.044473][ T3932]  ? do_raw_spin_unlock+0x134/0x8a0
[  174.049679][ T3932]  ? create_page_buffers+0x244/0x4b0
[  174.054989][ T3932]  __block_write_begin_int+0x54c/0x1a80
[  174.060592][ T3932]  ? hfs_free_extents+0x420/0x420
[  174.065639][ T3932]  ? page_zero_new_buffers+0x940/0x940
[  174.071107][ T3932]  ? PageHeadHuge+0x8a/0x1d0
[  174.075706][ T3932]  ? hfs_free_extents+0x420/0x420
[  174.080727][ T3932]  block_write_begin+0x93/0x1e0
[  174.085579][ T3932]  ? cont_write_begin+0x5e5/0x860
[  174.090603][ T3932]  ? hfs_free_extents+0x420/0x420
[  174.095711][ T3932]  cont_write_begin+0x606/0x860
[  174.100569][ T3932]  ? fault_in_readable+0x1d5/0x310
[  174.105686][ T3932]  ? generic_cont_expand_simple+0x250/0x250
[  174.111594][ T3932]  ? fault_in_readable+0x219/0x310
[  174.116728][ T3932]  ? fault_in_safe_writeable+0x240/0x240
[  174.122374][ T3932]  hfs_write_begin+0x86/0xd0
[  174.126973][ T3932]  ? hfs_free_extents+0x420/0x420
[  174.131999][ T3932]  generic_perform_write+0x2e4/0x5e0
[  174.137295][ T3932]  ? __block_commit_write+0x420/0x420
[  174.142672][ T3932]  ? generic_file_direct_write+0x610/0x610
[  174.148479][ T3932]  ? __file_remove_privs+0x6c0/0x6c0
[  174.153769][ T3932]  ? generic_write_checks+0x15c/0x1c0
[  174.159148][ T3932]  __generic_file_write_iter+0x176/0x400
[  174.164786][ T3932]  generic_file_write_iter+0xab/0x310
[  174.170163][ T3932]  vfs_write+0x7dc/0xc50
[  174.174417][ T3932]  ? file_end_write+0x230/0x230
[  174.179289][ T3932]  ? ptrace_stop+0x74d/0x970
[  174.183900][ T3932]  ? _raw_spin_unlock_irq+0x2a/0x40
[  174.189118][ T3932]  ? __fdget_pos+0x252/0x2e0
[  174.193735][ T3932]  ksys_write+0x177/0x2a0
[  174.198075][ T3932]  ? __ia32_sys_read+0x80/0x80
[  174.202935][ T3932]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  174.208917][ T3932]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  174.214898][ T3932]  do_syscall_64+0x3d/0xb0
[  174.219316][ T3932]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  174.225640][ T3932] RIP: 0033:0x7f0fa5191c89
[  174.230052][ T3932] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  174.249659][ T3932] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  174.258073][ T3932] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  174.266039][ T3932] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  174.274355][ T3932] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3932] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3932] exit_group(0)               = ?
[pid  3932] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3932, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./285", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./285", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./285/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./285/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./285/binderfs")                = 0
umount2("./285/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./285/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./285/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./285/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./285/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./285/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./285")                          = 0
mkdir("./286", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3933
./strace-static-x86_64: Process 3933 attached
[pid  3933] chdir("./286")              = 0
[pid  3933] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3933] setpgid(0, 0)               = 0
[pid  3933] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3933] write(3, "1000", 4)         = 4
[pid  3933] close(3)                    = 0
[pid  3933] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3933] memfd_create("syzkaller", 0) = 3
[pid  3933] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3933] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[  174.282320][ T3932] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  174.290284][ T3932] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000011d
[  174.298274][ T3932]  </TASK>
[pid  3933] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3933] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3933] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3933] close(3)                    = 0
[pid  3933] mkdir("./file0", 0777)      = 0
[pid  3933] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3933] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3933] chdir("./file0")            = 0
[pid  3933] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3933] close(4)                    = 0
[pid  3933] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3933] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3933] write(5, "13", 2)           = 2
[  174.352612][ T3933] loop0: detected capacity change from 0 to 64
[  174.372297][ T3933] FAULT_INJECTION: forcing a failure.
[  174.372297][ T3933] name failslab, interval 1, probability 0, space 0, times 0
[  174.385638][ T3933] CPU: 0 PID: 3933 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  174.396066][ T3933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  174.406139][ T3933] Call Trace:
[  174.409407][ T3933]  <TASK>
[  174.412323][ T3933]  dump_stack_lvl+0x1b1/0x28e
[  174.416994][ T3933]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  174.422437][ T3933]  ? panic+0x710/0x710
[  174.426492][ T3933]  ? __might_sleep+0xc0/0xc0
[  174.431065][ T3933]  ? __mutex_lock_common+0x45f/0x26e0
[  174.436427][ T3933]  should_fail_ex+0x395/0x4c0
[  174.441094][ T3933]  ? hfs_find_init+0x8b/0x1e0
[  174.445764][ T3933]  should_failslab+0x5/0x20
[  174.450256][ T3933]  __kmem_cache_alloc_node+0x69/0x310
[  174.455611][ T3933]  ? rcu_lock_release+0x5/0x20
[  174.460362][ T3933]  ? hfs_find_init+0x8b/0x1e0
[  174.465028][ T3933]  __kmalloc+0x9e/0x1a0
[  174.469170][ T3933]  hfs_find_init+0x8b/0x1e0
[  174.473664][ T3933]  hfs_extend_file+0x2f8/0x1420
[  174.478500][ T3933]  ? xas_find+0x937/0xa60
[  174.482822][ T3933]  ? hfs_get_block+0xbb0/0xbb0
[  174.487567][ T3933]  ? filemap_get_folios+0x557/0x830
[  174.492756][ T3933]  ? find_lock_entries+0xf60/0xf60
[  174.497857][ T3933]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  174.503743][ T3933]  hfs_get_block+0x3fc/0xbb0
[  174.508327][ T3933]  ? hfs_free_extents+0x420/0x420
[  174.513335][ T3933]  ? do_raw_spin_unlock+0x134/0x8a0
[  174.518526][ T3933]  ? create_page_buffers+0x244/0x4b0
[  174.523804][ T3933]  __block_write_begin_int+0x54c/0x1a80
[  174.529350][ T3933]  ? hfs_free_extents+0x420/0x420
[  174.534358][ T3933]  ? page_zero_new_buffers+0x940/0x940
[  174.539802][ T3933]  ? PageHeadHuge+0x8a/0x1d0
[  174.544384][ T3933]  ? hfs_free_extents+0x420/0x420
[  174.549478][ T3933]  block_write_begin+0x93/0x1e0
[  174.554323][ T3933]  ? cont_write_begin+0x5e5/0x860
[  174.559422][ T3933]  ? hfs_free_extents+0x420/0x420
[  174.564431][ T3933]  cont_write_begin+0x606/0x860
[  174.569273][ T3933]  ? fault_in_readable+0x1d5/0x310
[  174.574385][ T3933]  ? generic_cont_expand_simple+0x250/0x250
[  174.580262][ T3933]  ? fault_in_readable+0x219/0x310
[  174.585358][ T3933]  ? fault_in_safe_writeable+0x240/0x240
[  174.590987][ T3933]  hfs_write_begin+0x86/0xd0
[  174.595562][ T3933]  ? hfs_free_extents+0x420/0x420
[  174.600573][ T3933]  generic_perform_write+0x2e4/0x5e0
[  174.605847][ T3933]  ? __block_commit_write+0x420/0x420
[  174.611204][ T3933]  ? generic_file_direct_write+0x610/0x610
[  174.616996][ T3933]  ? __file_remove_privs+0x6c0/0x6c0
[  174.622269][ T3933]  ? generic_write_checks+0x15c/0x1c0
[  174.627641][ T3933]  __generic_file_write_iter+0x176/0x400
[  174.633266][ T3933]  generic_file_write_iter+0xab/0x310
[  174.638630][ T3933]  vfs_write+0x7dc/0xc50
[  174.642867][ T3933]  ? file_end_write+0x230/0x230
[  174.647703][ T3933]  ? ptrace_stop+0x74d/0x970
[  174.652285][ T3933]  ? _raw_spin_unlock_irq+0x2a/0x40
[  174.657472][ T3933]  ? __fdget_pos+0x252/0x2e0
[  174.662050][ T3933]  ksys_write+0x177/0x2a0
[  174.666372][ T3933]  ? __ia32_sys_read+0x80/0x80
[  174.671121][ T3933]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  174.677091][ T3933]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  174.683070][ T3933]  do_syscall_64+0x3d/0xb0
[  174.687473][ T3933]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  174.693354][ T3933] RIP: 0033:0x7f0fa5191c89
[  174.697756][ T3933] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  174.717436][ T3933] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  174.725923][ T3933] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  174.733886][ T3933] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  174.741845][ T3933] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3933] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3933] exit_group(0)               = ?
[pid  3933] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3933, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./286", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./286", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./286/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./286/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./286/binderfs")                = 0
umount2("./286/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./286/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./286/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./286/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./286/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./286/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./286")                          = 0
mkdir("./287", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3934
./strace-static-x86_64: Process 3934 attached
[pid  3934] chdir("./287")              = 0
[pid  3934] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3934] setpgid(0, 0)               = 0
[pid  3934] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3934] write(3, "1000", 4)         = 4
[pid  3934] close(3)                    = 0
[pid  3934] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3934] memfd_create("syzkaller", 0) = 3
[pid  3934] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3934] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3934] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3934] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[  174.749805][ T3933] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  174.757759][ T3933] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000011e
[  174.765726][ T3933]  </TASK>
[pid  3934] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3934] close(3)                    = 0
[pid  3934] mkdir("./file0", 0777)      = 0
[pid  3934] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3934] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3934] chdir("./file0")            = 0
[pid  3934] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3934] close(4)                    = 0
[pid  3934] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3934] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3934] write(5, "13", 2)           = 2
[  174.810107][ T3934] loop0: detected capacity change from 0 to 64
[  174.842371][ T3934] FAULT_INJECTION: forcing a failure.
[  174.842371][ T3934] name failslab, interval 1, probability 0, space 0, times 0
[  174.855076][ T3934] CPU: 0 PID: 3934 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  174.865502][ T3934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  174.875650][ T3934] Call Trace:
[  174.878931][ T3934]  <TASK>
[  174.881861][ T3934]  dump_stack_lvl+0x1b1/0x28e
[  174.886535][ T3934]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  174.891980][ T3934]  ? panic+0x710/0x710
[  174.896043][ T3934]  ? __might_sleep+0xc0/0xc0
[  174.900628][ T3934]  ? __mutex_lock_common+0x45f/0x26e0
[  174.905998][ T3934]  should_fail_ex+0x395/0x4c0
[  174.910671][ T3934]  ? hfs_find_init+0x8b/0x1e0
[  174.915355][ T3934]  should_failslab+0x5/0x20
[  174.919865][ T3934]  __kmem_cache_alloc_node+0x69/0x310
[  174.925247][ T3934]  ? hfs_find_init+0x8b/0x1e0
[  174.929923][ T3934]  __kmalloc+0x9e/0x1a0
[  174.934084][ T3934]  hfs_find_init+0x8b/0x1e0
[  174.938598][ T3934]  hfs_extend_file+0x2f8/0x1420
[  174.943456][ T3934]  ? hfs_get_block+0xbb0/0xbb0
[  174.948224][ T3934]  ? lru_cache_disable+0x30/0x30
[  174.953160][ T3934]  ? __might_sleep+0xc0/0xc0
[  174.957766][ T3934]  hfs_get_block+0x3fc/0xbb0
[  174.962365][ T3934]  ? hfs_free_extents+0x420/0x420
[  174.967387][ T3934]  ? do_raw_spin_unlock+0x134/0x8a0
[  174.972591][ T3934]  ? create_page_buffers+0x244/0x4b0
[  174.977891][ T3934]  __block_write_begin_int+0x54c/0x1a80
[  174.983466][ T3934]  ? hfs_free_extents+0x420/0x420
[  174.988487][ T3934]  ? page_zero_new_buffers+0x940/0x940
[  174.993946][ T3934]  ? PageHeadHuge+0x8a/0x1d0
[  174.998541][ T3934]  ? hfs_free_extents+0x420/0x420
[  175.003559][ T3934]  block_write_begin+0x93/0x1e0
[  175.008417][ T3934]  ? cont_write_begin+0x5e5/0x860
[  175.013443][ T3934]  ? hfs_free_extents+0x420/0x420
[  175.018472][ T3934]  cont_write_begin+0x606/0x860
[  175.023327][ T3934]  ? fault_in_readable+0x1d5/0x310
[  175.028442][ T3934]  ? generic_cont_expand_simple+0x250/0x250
[  175.034332][ T3934]  ? fault_in_readable+0x219/0x310
[  175.039445][ T3934]  ? fault_in_safe_writeable+0x240/0x240
[  175.045084][ T3934]  hfs_write_begin+0x86/0xd0
[  175.049669][ T3934]  ? hfs_free_extents+0x420/0x420
[  175.054696][ T3934]  generic_perform_write+0x2e4/0x5e0
[  175.059995][ T3934]  ? __block_commit_write+0x420/0x420
[  175.065370][ T3934]  ? generic_file_direct_write+0x610/0x610
[  175.071172][ T3934]  ? __file_remove_privs+0x6c0/0x6c0
[  175.076460][ T3934]  ? generic_write_checks+0x15c/0x1c0
[  175.081837][ T3934]  __generic_file_write_iter+0x176/0x400
[  175.087477][ T3934]  generic_file_write_iter+0xab/0x310
[  175.092856][ T3934]  vfs_write+0x7dc/0xc50
[  175.097108][ T3934]  ? file_end_write+0x230/0x230
[  175.102044][ T3934]  ? ptrace_stop+0x74d/0x970
[  175.106643][ T3934]  ? _raw_spin_unlock_irq+0x2a/0x40
[  175.111848][ T3934]  ? __fdget_pos+0x252/0x2e0
[  175.116441][ T3934]  ksys_write+0x177/0x2a0
[  175.120773][ T3934]  ? __ia32_sys_read+0x80/0x80
[  175.125626][ T3934]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  175.131609][ T3934]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  175.137587][ T3934]  do_syscall_64+0x3d/0xb0
[  175.142020][ T3934]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  175.147943][ T3934] RIP: 0033:0x7f0fa5191c89
[  175.152377][ T3934] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  175.171990][ T3934] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  175.180400][ T3934] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  175.188366][ T3934] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  175.196333][ T3934] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  175.204298][ T3934] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  3934] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3934] exit_group(0)               = ?
[pid  3934] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3934, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./287", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./287", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./287/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./287/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./287/binderfs")                = 0
umount2("./287/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./287/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./287/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./287/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./287/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./287/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./287")                          = 0
mkdir("./288", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3935 attached
, child_tidptr=0x555555b7f5d0) = 3935
[pid  3935] chdir("./288")              = 0
[pid  3935] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3935] setpgid(0, 0)               = 0
[  175.212265][ T3934] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000011f
[  175.220250][ T3934]  </TASK>
[pid  3935] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3935] write(3, "1000", 4)         = 4
[pid  3935] close(3)                    = 0
[pid  3935] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3935] memfd_create("syzkaller", 0) = 3
[pid  3935] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3935] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3935] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3935] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3935] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3935] close(3)                    = 0
[pid  3935] mkdir("./file0", 0777)      = 0
[pid  3935] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3935] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3935] chdir("./file0")            = 0
[pid  3935] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3935] close(4)                    = 0
[pid  3935] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3935] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3935] write(5, "13", 2)           = 2
[  175.280134][ T3935] loop0: detected capacity change from 0 to 64
[  175.299938][ T3935] FAULT_INJECTION: forcing a failure.
[  175.299938][ T3935] name failslab, interval 1, probability 0, space 0, times 0
[  175.313884][ T3935] CPU: 1 PID: 3935 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  175.324342][ T3935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  175.334426][ T3935] Call Trace:
[  175.337730][ T3935]  <TASK>
[  175.340655][ T3935]  dump_stack_lvl+0x1b1/0x28e
[  175.345329][ T3935]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  175.350789][ T3935]  ? panic+0x710/0x710
[  175.354874][ T3935]  ? __might_sleep+0xc0/0xc0
[  175.359467][ T3935]  ? __mutex_lock_common+0x45f/0x26e0
[  175.364842][ T3935]  should_fail_ex+0x395/0x4c0
[  175.369518][ T3935]  ? hfs_find_init+0x8b/0x1e0
[  175.374189][ T3935]  should_failslab+0x5/0x20
[  175.378712][ T3935]  __kmem_cache_alloc_node+0x69/0x310
[  175.384103][ T3935]  ? rcu_lock_release+0x5/0x20
[  175.388865][ T3935]  ? hfs_find_init+0x8b/0x1e0
[  175.393538][ T3935]  __kmalloc+0x9e/0x1a0
[  175.397705][ T3935]  hfs_find_init+0x8b/0x1e0
[  175.402218][ T3935]  hfs_extend_file+0x2f8/0x1420
[  175.407084][ T3935]  ? xas_find+0x937/0xa60
[  175.411443][ T3935]  ? hfs_get_block+0xbb0/0xbb0
[  175.416199][ T3935]  ? filemap_get_folios+0x557/0x830
[  175.421407][ T3935]  ? find_lock_entries+0xf60/0xf60
[  175.426530][ T3935]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  175.432462][ T3935]  hfs_get_block+0x3fc/0xbb0
[  175.437053][ T3935]  ? hfs_free_extents+0x420/0x420
[  175.442070][ T3935]  ? do_raw_spin_unlock+0x134/0x8a0
[  175.447269][ T3935]  ? create_page_buffers+0x244/0x4b0
[  175.452566][ T3935]  __block_write_begin_int+0x54c/0x1a80
[  175.458166][ T3935]  ? hfs_free_extents+0x420/0x420
[  175.463200][ T3935]  ? page_zero_new_buffers+0x940/0x940
[  175.468652][ T3935]  ? PageHeadHuge+0x8a/0x1d0
[  175.473252][ T3935]  ? hfs_free_extents+0x420/0x420
[  175.478281][ T3935]  block_write_begin+0x93/0x1e0
[  175.483129][ T3935]  ? cont_write_begin+0x5e5/0x860
[  175.488149][ T3935]  ? hfs_free_extents+0x420/0x420
[  175.493163][ T3935]  cont_write_begin+0x606/0x860
[  175.498021][ T3935]  ? fault_in_readable+0x1d5/0x310
[  175.503145][ T3935]  ? generic_cont_expand_simple+0x250/0x250
[  175.509040][ T3935]  ? fault_in_readable+0x219/0x310
[  175.514172][ T3935]  ? fault_in_safe_writeable+0x240/0x240
[  175.519802][ T3935]  hfs_write_begin+0x86/0xd0
[  175.524394][ T3935]  ? hfs_free_extents+0x420/0x420
[  175.529438][ T3935]  generic_perform_write+0x2e4/0x5e0
[  175.534721][ T3935]  ? __block_commit_write+0x420/0x420
[  175.540090][ T3935]  ? generic_file_direct_write+0x610/0x610
[  175.545916][ T3935]  ? __file_remove_privs+0x6c0/0x6c0
[  175.551193][ T3935]  ? generic_write_checks+0x15c/0x1c0
[  175.556564][ T3935]  __generic_file_write_iter+0x176/0x400
[  175.562195][ T3935]  generic_file_write_iter+0xab/0x310
[  175.567558][ T3935]  vfs_write+0x7dc/0xc50
[  175.571887][ T3935]  ? file_end_write+0x230/0x230
[  175.576734][ T3935]  ? ptrace_stop+0x74d/0x970
[  175.581342][ T3935]  ? _raw_spin_unlock_irq+0x2a/0x40
[  175.586547][ T3935]  ? __fdget_pos+0x252/0x2e0
[  175.591149][ T3935]  ksys_write+0x177/0x2a0
[  175.595474][ T3935]  ? __ia32_sys_read+0x80/0x80
[  175.600252][ T3935]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  175.606235][ T3935]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  175.612214][ T3935]  do_syscall_64+0x3d/0xb0
[  175.616618][ T3935]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  175.622598][ T3935] RIP: 0033:0x7f0fa5191c89
[  175.627022][ T3935] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  175.646623][ T3935] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  175.655029][ T3935] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  175.662989][ T3935] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  175.670959][ T3935] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3935] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3935] exit_group(0)               = ?
[pid  3935] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3935, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./288", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./288", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./288/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./288/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./288/binderfs")                = 0
umount2("./288/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./288/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./288/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./288/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./288/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./288/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./288")                          = 0
mkdir("./289", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
[  175.678946][ T3935] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  175.686930][ T3935] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000120
[  175.694938][ T3935]  </TASK>
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3936 attached
, child_tidptr=0x555555b7f5d0) = 3936
[pid  3936] chdir("./289")              = 0
[pid  3936] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3936] setpgid(0, 0)               = 0
[pid  3936] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3936] write(3, "1000", 4)         = 4
[pid  3936] close(3)                    = 0
[pid  3936] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3936] memfd_create("syzkaller", 0) = 3
[pid  3936] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3936] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3936] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3936] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3936] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3936] close(3)                    = 0
[pid  3936] mkdir("./file0", 0777)      = 0
[pid  3936] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3936] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3936] chdir("./file0")            = 0
[pid  3936] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3936] close(4)                    = 0
[pid  3936] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3936] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3936] write(5, "13", 2)           = 2
[  175.753317][ T3936] loop0: detected capacity change from 0 to 64
[  175.768945][ T3936] FAULT_INJECTION: forcing a failure.
[  175.768945][ T3936] name failslab, interval 1, probability 0, space 0, times 0
[  175.788046][ T3936] CPU: 0 PID: 3936 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  175.798513][ T3936] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  175.808579][ T3936] Call Trace:
[  175.811852][ T3936]  <TASK>
[  175.814771][ T3936]  dump_stack_lvl+0x1b1/0x28e
[  175.819442][ T3936]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  175.824890][ T3936]  ? panic+0x710/0x710
[  175.828950][ T3936]  ? __might_sleep+0xc0/0xc0
[  175.833532][ T3936]  ? __mutex_lock_common+0x45f/0x26e0
[  175.838900][ T3936]  should_fail_ex+0x395/0x4c0
[  175.843570][ T3936]  ? hfs_find_init+0x8b/0x1e0
[  175.848253][ T3936]  should_failslab+0x5/0x20
[  175.852749][ T3936]  __kmem_cache_alloc_node+0x69/0x310
[  175.858121][ T3936]  ? rcu_lock_release+0x5/0x20
[  175.862898][ T3936]  ? hfs_find_init+0x8b/0x1e0
[  175.867566][ T3936]  __kmalloc+0x9e/0x1a0
[  175.871727][ T3936]  hfs_find_init+0x8b/0x1e0
[  175.876231][ T3936]  hfs_extend_file+0x2f8/0x1420
[  175.881071][ T3936]  ? xas_find+0x937/0xa60
[  175.885585][ T3936]  ? hfs_get_block+0xbb0/0xbb0
[  175.890346][ T3936]  ? filemap_get_folios+0x557/0x830
[  175.895556][ T3936]  ? find_lock_entries+0xf60/0xf60
[  175.900671][ T3936]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  175.906582][ T3936]  hfs_get_block+0x3fc/0xbb0
[  175.911193][ T3936]  ? hfs_free_extents+0x420/0x420
[  175.916209][ T3936]  ? do_raw_spin_unlock+0x134/0x8a0
[  175.921408][ T3936]  ? create_page_buffers+0x244/0x4b0
[  175.926702][ T3936]  __block_write_begin_int+0x54c/0x1a80
[  175.932298][ T3936]  ? hfs_free_extents+0x420/0x420
[  175.937329][ T3936]  ? page_zero_new_buffers+0x940/0x940
[  175.942868][ T3936]  ? PageHeadHuge+0x8a/0x1d0
[  175.947448][ T3936]  ? hfs_free_extents+0x420/0x420
[  175.952457][ T3936]  block_write_begin+0x93/0x1e0
[  175.957302][ T3936]  ? cont_write_begin+0x5e5/0x860
[  175.962330][ T3936]  ? hfs_free_extents+0x420/0x420
[  175.967367][ T3936]  cont_write_begin+0x606/0x860
[  175.972237][ T3936]  ? fault_in_readable+0x1d5/0x310
[  175.977365][ T3936]  ? generic_cont_expand_simple+0x250/0x250
[  175.983257][ T3936]  ? fault_in_readable+0x219/0x310
[  175.988384][ T3936]  ? fault_in_safe_writeable+0x240/0x240
[  175.994127][ T3936]  hfs_write_begin+0x86/0xd0
[  175.998774][ T3936]  ? hfs_free_extents+0x420/0x420
[  176.003808][ T3936]  generic_perform_write+0x2e4/0x5e0
[  176.009099][ T3936]  ? __block_commit_write+0x420/0x420
[  176.014469][ T3936]  ? generic_file_direct_write+0x610/0x610
[  176.020293][ T3936]  ? __file_remove_privs+0x6c0/0x6c0
[  176.025576][ T3936]  ? generic_write_checks+0x15c/0x1c0
[  176.030947][ T3936]  __generic_file_write_iter+0x176/0x400
[  176.036581][ T3936]  generic_file_write_iter+0xab/0x310
[  176.041958][ T3936]  vfs_write+0x7dc/0xc50
[  176.046213][ T3936]  ? file_end_write+0x230/0x230
[  176.051062][ T3936]  ? ptrace_stop+0x74d/0x970
[  176.055671][ T3936]  ? _raw_spin_unlock_irq+0x2a/0x40
[  176.060881][ T3936]  ? __fdget_pos+0x252/0x2e0
[  176.065485][ T3936]  ksys_write+0x177/0x2a0
[  176.069815][ T3936]  ? __ia32_sys_read+0x80/0x80
[  176.074590][ T3936]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  176.080582][ T3936]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  176.086561][ T3936]  do_syscall_64+0x3d/0xb0
[  176.090969][ T3936]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  176.096864][ T3936] RIP: 0033:0x7f0fa5191c89
[  176.101288][ T3936] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  176.121088][ T3936] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  176.129496][ T3936] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  176.137464][ T3936] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  176.145429][ T3936] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3936] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3936] exit_group(0)               = ?
[pid  3936] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3936, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
umount2("./289", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./289", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./289/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./289/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./289/binderfs")                = 0
umount2("./289/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./289/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./289/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./289/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./289/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./289/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./289")                          = 0
mkdir("./290", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3937
./strace-static-x86_64: Process 3937 attached
[pid  3937] chdir("./290")              = 0
[pid  3937] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3937] setpgid(0, 0)               = 0
[pid  3937] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[  176.153404][ T3936] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  176.161389][ T3936] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000121
[  176.169391][ T3936]  </TASK>
[pid  3937] write(3, "1000", 4)         = 4
[pid  3937] close(3)                    = 0
[pid  3937] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3937] memfd_create("syzkaller", 0) = 3
[pid  3937] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3937] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3937] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3937] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3937] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3937] close(3)                    = 0
[pid  3937] mkdir("./file0", 0777)      = 0
[pid  3937] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3937] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3937] chdir("./file0")            = 0
[pid  3937] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3937] close(4)                    = 0
[pid  3937] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3937] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3937] write(5, "13", 2)           = 2
[  176.226628][ T3937] loop0: detected capacity change from 0 to 64
[  176.256852][ T3937] FAULT_INJECTION: forcing a failure.
[  176.256852][ T3937] name failslab, interval 1, probability 0, space 0, times 0
[  176.269811][ T3937] CPU: 1 PID: 3937 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  176.280254][ T3937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  176.290311][ T3937] Call Trace:
[  176.293603][ T3937]  <TASK>
[  176.296641][ T3937]  dump_stack_lvl+0x1b1/0x28e
[  176.301325][ T3937]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  176.306804][ T3937]  ? panic+0x710/0x710
[  176.310900][ T3937]  ? __might_sleep+0xc0/0xc0
[  176.315500][ T3937]  ? __mutex_lock_common+0x45f/0x26e0
[  176.320909][ T3937]  should_fail_ex+0x395/0x4c0
[  176.325603][ T3937]  ? hfs_find_init+0x8b/0x1e0
[  176.330304][ T3937]  should_failslab+0x5/0x20
[  176.334818][ T3937]  __kmem_cache_alloc_node+0x69/0x310
[  176.340193][ T3937]  ? rcu_lock_release+0x5/0x20
[  176.344962][ T3937]  ? hfs_find_init+0x8b/0x1e0
[  176.349641][ T3937]  __kmalloc+0x9e/0x1a0
[  176.353803][ T3937]  hfs_find_init+0x8b/0x1e0
[  176.358333][ T3937]  hfs_extend_file+0x2f8/0x1420
[  176.363213][ T3937]  ? xas_find+0x937/0xa60
[  176.367562][ T3937]  ? hfs_get_block+0xbb0/0xbb0
[  176.372333][ T3937]  ? filemap_get_folios+0x557/0x830
[  176.377558][ T3937]  ? find_lock_entries+0xf60/0xf60
[  176.382687][ T3937]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  176.388596][ T3937]  hfs_get_block+0x3fc/0xbb0
[  176.393208][ T3937]  ? hfs_free_extents+0x420/0x420
[  176.398235][ T3937]  ? do_raw_spin_unlock+0x134/0x8a0
[  176.403442][ T3937]  ? create_page_buffers+0x244/0x4b0
[  176.408734][ T3937]  __block_write_begin_int+0x54c/0x1a80
[  176.414305][ T3937]  ? hfs_free_extents+0x420/0x420
[  176.419326][ T3937]  ? page_zero_new_buffers+0x940/0x940
[  176.424789][ T3937]  ? PageHeadHuge+0x8a/0x1d0
[  176.429385][ T3937]  ? hfs_free_extents+0x420/0x420
[  176.434406][ T3937]  block_write_begin+0x93/0x1e0
[  176.439259][ T3937]  ? cont_write_begin+0x5e5/0x860
[  176.444302][ T3937]  ? hfs_free_extents+0x420/0x420
[  176.449341][ T3937]  cont_write_begin+0x606/0x860
[  176.454213][ T3937]  ? fault_in_readable+0x1d5/0x310
[  176.459336][ T3937]  ? generic_cont_expand_simple+0x250/0x250
[  176.465234][ T3937]  ? fault_in_readable+0x219/0x310
[  176.470352][ T3937]  ? fault_in_safe_writeable+0x240/0x240
[  176.475996][ T3937]  hfs_write_begin+0x86/0xd0
[  176.480581][ T3937]  ? hfs_free_extents+0x420/0x420
[  176.485616][ T3937]  generic_perform_write+0x2e4/0x5e0
[  176.490911][ T3937]  ? __block_commit_write+0x420/0x420
[  176.496284][ T3937]  ? generic_file_direct_write+0x610/0x610
[  176.502088][ T3937]  ? __file_remove_privs+0x6c0/0x6c0
[  176.507378][ T3937]  ? generic_write_checks+0x15c/0x1c0
[  176.512758][ T3937]  __generic_file_write_iter+0x176/0x400
[  176.518395][ T3937]  generic_file_write_iter+0xab/0x310
[  176.523793][ T3937]  vfs_write+0x7dc/0xc50
[  176.528070][ T3937]  ? file_end_write+0x230/0x230
[  176.532935][ T3937]  ? ptrace_stop+0x74d/0x970
[  176.537563][ T3937]  ? _raw_spin_unlock_irq+0x2a/0x40
[  176.542786][ T3937]  ? __fdget_pos+0x252/0x2e0
[  176.547392][ T3937]  ksys_write+0x177/0x2a0
[  176.551729][ T3937]  ? __ia32_sys_read+0x80/0x80
[  176.556503][ T3937]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  176.562487][ T3937]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  176.568469][ T3937]  do_syscall_64+0x3d/0xb0
[  176.572885][ T3937]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  176.578776][ T3937] RIP: 0033:0x7f0fa5191c89
[  176.583190][ T3937] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  176.602789][ T3937] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  176.611199][ T3937] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  176.619166][ T3937] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid  3937] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3937] exit_group(0)               = ?
[pid  3937] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3937, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./290", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./290", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./290/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./290/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./290/binderfs")                = 0
umount2("./290/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./290/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./290/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./290/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./290/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./290/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./290")                          = 0
mkdir("./291", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3938
./strace-static-x86_64: Process 3938 attached
[pid  3938] chdir("./291")              = 0
[pid  3938] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3938] setpgid(0, 0)               = 0
[pid  3938] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3938] write(3, "1000", 4)         = 4
[pid  3938] close(3)                    = 0
[pid  3938] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3938] memfd_create("syzkaller", 0) = 3
[pid  3938] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3938] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3938] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3938] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[  176.627158][ T3937] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  176.635127][ T3937] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  176.643096][ T3937] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000122
[  176.651080][ T3937]  </TASK>
[pid  3938] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3938] close(3)                    = 0
[pid  3938] mkdir("./file0", 0777)      = 0
[pid  3938] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3938] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3938] chdir("./file0")            = 0
[pid  3938] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3938] close(4)                    = 0
[pid  3938] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3938] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3938] write(5, "13", 2)           = 2
[  176.693095][ T3938] loop0: detected capacity change from 0 to 64
[  176.722517][ T3938] FAULT_INJECTION: forcing a failure.
[  176.722517][ T3938] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  176.735646][ T3938] CPU: 0 PID: 3938 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  176.746052][ T3938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  176.756112][ T3938] Call Trace:
[  176.759396][ T3938]  <TASK>
[  176.762320][ T3938]  dump_stack_lvl+0x1b1/0x28e
[  176.767000][ T3938]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  176.772478][ T3938]  ? panic+0x710/0x710
[  176.776560][ T3938]  ? hfs_free_extents+0x420/0x420
[  176.781591][ T3938]  ? PageHeadHuge+0x8a/0x1d0
[  176.786197][ T3938]  should_fail_ex+0x395/0x4c0
[  176.790902][ T3938]  copy_page_from_iter_atomic+0x217/0x1140
[  176.796726][ T3938]  ? generic_cont_expand_simple+0x250/0x250
[  176.802621][ T3938]  ? pipe_zero+0x200/0x200
[  176.807045][ T3938]  ? hfs_write_begin+0x86/0xd0
[  176.811804][ T3938]  ? hfs_free_extents+0x420/0x420
[  176.816828][ T3938]  ? hfs_write_begin+0x9e/0xd0
[  176.821590][ T3938]  generic_perform_write+0x35a/0x5e0
[  176.826882][ T3938]  ? __block_commit_write+0x420/0x420
[  176.832268][ T3938]  ? generic_file_direct_write+0x610/0x610
[  176.838081][ T3938]  ? __file_remove_privs+0x6c0/0x6c0
[  176.843363][ T3938]  ? generic_write_checks+0x15c/0x1c0
[  176.848829][ T3938]  __generic_file_write_iter+0x176/0x400
[  176.854469][ T3938]  generic_file_write_iter+0xab/0x310
[  176.859842][ T3938]  vfs_write+0x7dc/0xc50
[  176.864179][ T3938]  ? file_end_write+0x230/0x230
[  176.869027][ T3938]  ? ptrace_stop+0x74d/0x970
[  176.873636][ T3938]  ? _raw_spin_unlock_irq+0x2a/0x40
[  176.878837][ T3938]  ? __fdget_pos+0x252/0x2e0
[  176.883428][ T3938]  ksys_write+0x177/0x2a0
[  176.887760][ T3938]  ? __ia32_sys_read+0x80/0x80
[  176.892522][ T3938]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  176.898499][ T3938]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  176.904478][ T3938]  do_syscall_64+0x3d/0xb0
[  176.908888][ T3938]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  176.914776][ T3938] RIP: 0033:0x7f0fa5191c89
[  176.919188][ T3938] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid  3938] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid  3938] exit_group(0)               = ?
[pid  3938] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3938, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./291", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./291", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./291/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./291/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./291/binderfs")                = 0
umount2("./291/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./291/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./291/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./291/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./291/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./291/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./291")                          = 0
mkdir("./292", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3939
./strace-static-x86_64: Process 3939 attached
[  176.938801][ T3938] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  176.947211][ T3938] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  176.955178][ T3938] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  176.963232][ T3938] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  176.971196][ T3938] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  176.979162][ T3938] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000123
[  176.987147][ T3938]  </TASK>
[pid  3939] chdir("./292")              = 0
[pid  3939] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3939] setpgid(0, 0)               = 0
[pid  3939] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3939] write(3, "1000", 4)         = 4
[pid  3939] close(3)                    = 0
[pid  3939] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3939] memfd_create("syzkaller", 0) = 3
[pid  3939] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3939] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3939] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3939] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3939] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3939] close(3)                    = 0
[pid  3939] mkdir("./file0", 0777)      = 0
[pid  3939] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3939] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3939] chdir("./file0")            = 0
[pid  3939] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3939] close(4)                    = 0
[pid  3939] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3939] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3939] write(5, "13", 2)           = 2
[  177.042885][ T3939] loop0: detected capacity change from 0 to 64
[  177.074482][ T3939] FAULT_INJECTION: forcing a failure.
[  177.074482][ T3939] name failslab, interval 1, probability 0, space 0, times 0
[  177.087165][ T3939] CPU: 1 PID: 3939 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  177.097566][ T3939] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  177.107615][ T3939] Call Trace:
[  177.110895][ T3939]  <TASK>
[  177.113831][ T3939]  dump_stack_lvl+0x1b1/0x28e
[  177.118596][ T3939]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  177.124048][ T3939]  ? panic+0x710/0x710
[  177.128147][ T3939]  ? __might_sleep+0xc0/0xc0
[  177.132749][ T3939]  ? __mutex_lock_common+0x45f/0x26e0
[  177.138149][ T3939]  should_fail_ex+0x395/0x4c0
[  177.142837][ T3939]  ? hfs_find_init+0x8b/0x1e0
[  177.147522][ T3939]  should_failslab+0x5/0x20
[  177.152025][ T3939]  __kmem_cache_alloc_node+0x69/0x310
[  177.157402][ T3939]  ? hfs_find_init+0x8b/0x1e0
[  177.162428][ T3939]  __kmalloc+0x9e/0x1a0
[  177.166586][ T3939]  hfs_find_init+0x8b/0x1e0
[  177.171097][ T3939]  hfs_extend_file+0x2f8/0x1420
[  177.175952][ T3939]  ? hfs_get_block+0xbb0/0xbb0
[  177.180712][ T3939]  ? lru_cache_disable+0x30/0x30
[  177.185647][ T3939]  ? __might_sleep+0xc0/0xc0
[  177.190271][ T3939]  hfs_get_block+0x3fc/0xbb0
[  177.194894][ T3939]  ? hfs_free_extents+0x420/0x420
[  177.199926][ T3939]  ? do_raw_spin_unlock+0x134/0x8a0
[  177.205138][ T3939]  ? create_page_buffers+0x244/0x4b0
[  177.210435][ T3939]  __block_write_begin_int+0x54c/0x1a80
[  177.216005][ T3939]  ? hfs_free_extents+0x420/0x420
[  177.221026][ T3939]  ? page_zero_new_buffers+0x940/0x940
[  177.226484][ T3939]  ? PageHeadHuge+0x8a/0x1d0
[  177.231086][ T3939]  ? hfs_free_extents+0x420/0x420
[  177.236110][ T3939]  block_write_begin+0x93/0x1e0
[  177.240960][ T3939]  ? cont_write_begin+0x5e5/0x860
[  177.245981][ T3939]  ? hfs_free_extents+0x420/0x420
[  177.250999][ T3939]  cont_write_begin+0x606/0x860
[  177.255856][ T3939]  ? fault_in_readable+0x1d5/0x310
[  177.260969][ T3939]  ? generic_cont_expand_simple+0x250/0x250
[  177.266859][ T3939]  ? fault_in_readable+0x219/0x310
[  177.271970][ T3939]  ? fault_in_safe_writeable+0x240/0x240
[  177.277610][ T3939]  hfs_write_begin+0x86/0xd0
[  177.282198][ T3939]  ? hfs_free_extents+0x420/0x420
[  177.287222][ T3939]  generic_perform_write+0x2e4/0x5e0
[  177.292515][ T3939]  ? __block_commit_write+0x420/0x420
[  177.297886][ T3939]  ? generic_file_direct_write+0x610/0x610
[  177.303688][ T3939]  ? __file_remove_privs+0x6c0/0x6c0
[  177.308972][ T3939]  ? generic_write_checks+0x15c/0x1c0
[  177.314350][ T3939]  __generic_file_write_iter+0x176/0x400
[  177.320006][ T3939]  generic_file_write_iter+0xab/0x310
[  177.325416][ T3939]  vfs_write+0x7dc/0xc50
[  177.329676][ T3939]  ? file_end_write+0x230/0x230
[  177.334527][ T3939]  ? ptrace_stop+0x74d/0x970
[  177.339133][ T3939]  ? _raw_spin_unlock_irq+0x2a/0x40
[  177.344354][ T3939]  ? __fdget_pos+0x252/0x2e0
[  177.348961][ T3939]  ksys_write+0x177/0x2a0
[  177.353296][ T3939]  ? __ia32_sys_read+0x80/0x80
[  177.358074][ T3939]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  177.364065][ T3939]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  177.370049][ T3939]  do_syscall_64+0x3d/0xb0
[  177.374462][ T3939]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  177.380353][ T3939] RIP: 0033:0x7f0fa5191c89
[  177.384779][ T3939] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  177.404403][ T3939] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  177.412821][ T3939] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  177.420882][ T3939] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  177.428861][ T3939] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  177.436852][ T3939] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  3939] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3939] exit_group(0)               = ?
[pid  3939] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3939, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./292", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./292", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./292/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./292/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./292/binderfs")                = 0
umount2("./292/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./292/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./292/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./292/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./292/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./292/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./292")                          = 0
mkdir("./293", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3940
./strace-static-x86_64: Process 3940 attached
[pid  3940] chdir("./293")              = 0
[pid  3940] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3940] setpgid(0, 0)               = 0
[pid  3940] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3940] write(3, "1000", 4)         = 4
[pid  3940] close(3)                    = 0
[pid  3940] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3940] memfd_create("syzkaller", 0) = 3
[pid  3940] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[  177.444830][ T3939] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000124
[  177.452831][ T3939]  </TASK>
[pid  3940] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3940] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3940] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3940] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3940] close(3)                    = 0
[pid  3940] mkdir("./file0", 0777)      = 0
[pid  3940] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3940] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3940] chdir("./file0")            = 0
[pid  3940] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3940] close(4)                    = 0
[pid  3940] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3940] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3940] write(5, "13", 2)           = 2
[  177.513042][ T3940] loop0: detected capacity change from 0 to 64
[  177.537522][ T3940] FAULT_INJECTION: forcing a failure.
[  177.537522][ T3940] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  177.551085][ T3940] CPU: 0 PID: 3940 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  177.561517][ T3940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  177.571740][ T3940] Call Trace:
[  177.575009][ T3940]  <TASK>
[  177.577940][ T3940]  dump_stack_lvl+0x1b1/0x28e
[  177.582628][ T3940]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  177.588082][ T3940]  ? panic+0x710/0x710
[  177.592159][ T3940]  ? do_anonymous_page+0xd4a/0x1150
[  177.597380][ T3940]  ? mark_lock+0x9a/0x350
[  177.601706][ T3940]  should_fail_ex+0x395/0x4c0
[  177.606411][ T3940]  prepare_alloc_pages+0x1d7/0x5a0
[  177.611548][ T3940]  __alloc_pages+0x161/0x560
[  177.616155][ T3940]  ? zone_statistics+0x160/0x160
[  177.621113][ T3940]  ? rcu_lock_release+0x5/0x20
[  177.625878][ T3940]  ? alloc_pages+0x520/0x7b0
[  177.630495][ T3940]  ? xas_descend+0x1f3/0x400
[  177.635095][ T3940]  folio_alloc+0x1a/0x50
[  177.639344][ T3940]  filemap_alloc_folio+0x7e/0x1c0
[  177.644380][ T3940]  __filemap_get_folio+0x898/0x1260
[  177.649584][ T3940]  ? page_cache_prev_miss+0x4e0/0x4e0
[  177.654954][ T3940]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[  177.660936][ T3940]  ? print_irqtrace_events+0x220/0x220
[  177.666422][ T3940]  pagecache_get_page+0x28/0x260
[  177.671369][ T3940]  ? hfs_free_extents+0x420/0x420
[  177.676397][ T3940]  block_write_begin+0x2e/0x1e0
[  177.681249][ T3940]  ? cont_write_begin+0x5e5/0x860
[  177.686348][ T3940]  ? hfs_free_extents+0x420/0x420
[  177.691376][ T3940]  cont_write_begin+0x606/0x860
[  177.696238][ T3940]  ? fault_in_readable+0x1d5/0x310
[  177.701340][ T3940]  ? generic_cont_expand_simple+0x250/0x250
[  177.707223][ T3940]  ? fault_in_readable+0x219/0x310
[  177.712323][ T3940]  ? fault_in_safe_writeable+0x240/0x240
[  177.717948][ T3940]  hfs_write_begin+0x86/0xd0
[  177.722522][ T3940]  ? hfs_free_extents+0x420/0x420
[  177.727534][ T3940]  generic_perform_write+0x2e4/0x5e0
[  177.732817][ T3940]  ? __block_commit_write+0x420/0x420
[  177.738190][ T3940]  ? generic_file_direct_write+0x610/0x610
[  177.743986][ T3940]  ? __file_remove_privs+0x6c0/0x6c0
[  177.749259][ T3940]  ? generic_write_checks+0x15c/0x1c0
[  177.754636][ T3940]  __generic_file_write_iter+0x176/0x400
[  177.760283][ T3940]  generic_file_write_iter+0xab/0x310
[  177.765657][ T3940]  vfs_write+0x7dc/0xc50
[  177.769922][ T3940]  ? file_end_write+0x230/0x230
[  177.774766][ T3940]  ? ptrace_stop+0x74d/0x970
[  177.779370][ T3940]  ? _raw_spin_unlock_irq+0x2a/0x40
[  177.784581][ T3940]  ? __fdget_pos+0x252/0x2e0
[  177.789184][ T3940]  ksys_write+0x177/0x2a0
[  177.793537][ T3940]  ? __ia32_sys_read+0x80/0x80
[  177.798296][ T3940]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  177.804281][ T3940]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  177.810272][ T3940]  do_syscall_64+0x3d/0xb0
[  177.814676][ T3940]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  177.820557][ T3940] RIP: 0033:0x7f0fa5191c89
[  177.824976][ T3940] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  177.844729][ T3940] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  177.853135][ T3940] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[pid  3940] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3940] exit_group(0)               = ?
[pid  3940] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3940, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./293", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./293", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./293/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./293/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./293/binderfs")                = 0
umount2("./293/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./293/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./293/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./293/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./293/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./293/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./293")                          = 0
mkdir("./294", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3941 attached
, child_tidptr=0x555555b7f5d0) = 3941
[pid  3941] chdir("./294")              = 0
[pid  3941] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3941] setpgid(0, 0)               = 0
[pid  3941] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3941] write(3, "1000", 4)         = 4
[pid  3941] close(3)                    = 0
[pid  3941] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3941] memfd_create("syzkaller", 0) = 3
[pid  3941] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[  177.861201][ T3940] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  177.869175][ T3940] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  177.877159][ T3940] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  177.885132][ T3940] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000125
[  177.893105][ T3940]  </TASK>
[pid  3941] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3941] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3941] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3941] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3941] close(3)                    = 0
[pid  3941] mkdir("./file0", 0777)      = 0
[pid  3941] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3941] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3941] chdir("./file0")            = 0
[pid  3941] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3941] close(4)                    = 0
[pid  3941] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3941] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3941] write(5, "13", 2)           = 2
[  177.947431][ T3941] loop0: detected capacity change from 0 to 64
[  177.979216][ T3941] FAULT_INJECTION: forcing a failure.
[  177.979216][ T3941] name failslab, interval 1, probability 0, space 0, times 0
[  177.991966][ T3941] CPU: 1 PID: 3941 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  178.002397][ T3941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  178.012460][ T3941] Call Trace:
[  178.015735][ T3941]  <TASK>
[  178.018663][ T3941]  dump_stack_lvl+0x1b1/0x28e
[  178.023345][ T3941]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  178.028800][ T3941]  ? panic+0x710/0x710
[  178.032870][ T3941]  ? __might_sleep+0xc0/0xc0
[  178.037457][ T3941]  ? __mutex_lock_common+0x45f/0x26e0
[  178.042831][ T3941]  should_fail_ex+0x395/0x4c0
[  178.047515][ T3941]  ? hfs_find_init+0x8b/0x1e0
[  178.052198][ T3941]  should_failslab+0x5/0x20
[  178.056704][ T3941]  __kmem_cache_alloc_node+0x69/0x310
[  178.062072][ T3941]  ? rcu_lock_release+0x5/0x20
[  178.066835][ T3941]  ? hfs_find_init+0x8b/0x1e0
[  178.071524][ T3941]  __kmalloc+0x9e/0x1a0
[  178.075692][ T3941]  hfs_find_init+0x8b/0x1e0
[  178.080199][ T3941]  hfs_extend_file+0x2f8/0x1420
[  178.085047][ T3941]  ? xas_find+0x937/0xa60
[  178.089385][ T3941]  ? hfs_get_block+0xbb0/0xbb0
[  178.094149][ T3941]  ? filemap_get_folios+0x557/0x830
[  178.099351][ T3941]  ? find_lock_entries+0xf60/0xf60
[  178.104464][ T3941]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  178.110365][ T3941]  hfs_get_block+0x3fc/0xbb0
[  178.114963][ T3941]  ? hfs_free_extents+0x420/0x420
[  178.119985][ T3941]  ? do_raw_spin_unlock+0x134/0x8a0
[  178.125191][ T3941]  ? create_page_buffers+0x244/0x4b0
[  178.130481][ T3941]  __block_write_begin_int+0x54c/0x1a80
[  178.136046][ T3941]  ? hfs_free_extents+0x420/0x420
[  178.141069][ T3941]  ? page_zero_new_buffers+0x940/0x940
[  178.146533][ T3941]  ? PageHeadHuge+0x8a/0x1d0
[  178.151217][ T3941]  ? hfs_free_extents+0x420/0x420
[  178.156238][ T3941]  block_write_begin+0x93/0x1e0
[  178.161090][ T3941]  ? cont_write_begin+0x5e5/0x860
[  178.166117][ T3941]  ? hfs_free_extents+0x420/0x420
[  178.171139][ T3941]  cont_write_begin+0x606/0x860
[  178.176262][ T3941]  ? fault_in_readable+0x1d5/0x310
[  178.181378][ T3941]  ? generic_cont_expand_simple+0x250/0x250
[  178.187360][ T3941]  ? fault_in_readable+0x219/0x310
[  178.192480][ T3941]  ? fault_in_safe_writeable+0x240/0x240
[  178.198122][ T3941]  hfs_write_begin+0x86/0xd0
[  178.202709][ T3941]  ? hfs_free_extents+0x420/0x420
[  178.207736][ T3941]  generic_perform_write+0x2e4/0x5e0
[  178.213028][ T3941]  ? __block_commit_write+0x420/0x420
[  178.218401][ T3941]  ? generic_file_direct_write+0x610/0x610
[  178.224208][ T3941]  ? __file_remove_privs+0x6c0/0x6c0
[  178.229491][ T3941]  ? generic_write_checks+0x15c/0x1c0
[  178.234870][ T3941]  __generic_file_write_iter+0x176/0x400
[  178.240509][ T3941]  generic_file_write_iter+0xab/0x310
[  178.245880][ T3941]  vfs_write+0x7dc/0xc50
[  178.250127][ T3941]  ? file_end_write+0x230/0x230
[  178.254975][ T3941]  ? ptrace_stop+0x74d/0x970
[  178.259572][ T3941]  ? _raw_spin_unlock_irq+0x2a/0x40
[  178.264777][ T3941]  ? __fdget_pos+0x252/0x2e0
[  178.269367][ T3941]  ksys_write+0x177/0x2a0
[  178.273699][ T3941]  ? __ia32_sys_read+0x80/0x80
[  178.278467][ T3941]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  178.284450][ T3941]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  178.290429][ T3941]  do_syscall_64+0x3d/0xb0
[  178.294840][ T3941]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  178.300730][ T3941] RIP: 0033:0x7f0fa5191c89
[  178.305141][ T3941] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  178.324741][ T3941] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  178.333149][ T3941] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  178.341129][ T3941] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid  3941] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3941] exit_group(0)               = ?
[pid  3941] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3941, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./294", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./294", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./294/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./294/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./294/binderfs")                = 0
umount2("./294/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./294/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./294/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./294/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./294/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./294/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./294")                          = 0
mkdir("./295", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3942
./strace-static-x86_64: Process 3942 attached
[pid  3942] chdir("./295")              = 0
[pid  3942] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3942] setpgid(0, 0)               = 0
[pid  3942] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3942] write(3, "1000", 4)         = 4
[pid  3942] close(3)                    = 0
[pid  3942] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3942] memfd_create("syzkaller", 0) = 3
[pid  3942] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[  178.349126][ T3941] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  178.357108][ T3941] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  178.365078][ T3941] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000126
[  178.373059][ T3941]  </TASK>
[pid  3942] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3942] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3942] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3942] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3942] close(3)                    = 0
[pid  3942] mkdir("./file0", 0777)      = 0
[pid  3942] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3942] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3942] chdir("./file0")            = 0
[pid  3942] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3942] close(4)                    = 0
[pid  3942] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3942] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3942] write(5, "13", 2)           = 2
[  178.434729][ T3942] loop0: detected capacity change from 0 to 64
[  178.454252][ T3942] FAULT_INJECTION: forcing a failure.
[  178.454252][ T3942] name failslab, interval 1, probability 0, space 0, times 0
[  178.467584][ T3942] CPU: 1 PID: 3942 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  178.478031][ T3942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  178.488087][ T3942] Call Trace:
[  178.491363][ T3942]  <TASK>
[  178.494300][ T3942]  dump_stack_lvl+0x1b1/0x28e
[  178.498977][ T3942]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  178.504437][ T3942]  ? panic+0x710/0x710
[  178.508500][ T3942]  ? __might_sleep+0xc0/0xc0
[  178.513091][ T3942]  ? __mutex_lock_common+0x45f/0x26e0
[  178.518468][ T3942]  should_fail_ex+0x395/0x4c0
[  178.523153][ T3942]  ? hfs_find_init+0x8b/0x1e0
[  178.527841][ T3942]  should_failslab+0x5/0x20
[  178.532339][ T3942]  __kmem_cache_alloc_node+0x69/0x310
[  178.537711][ T3942]  ? rcu_lock_release+0x5/0x20
[  178.542475][ T3942]  ? hfs_find_init+0x8b/0x1e0
[  178.547155][ T3942]  __kmalloc+0x9e/0x1a0
[  178.551335][ T3942]  hfs_find_init+0x8b/0x1e0
[  178.555854][ T3942]  hfs_extend_file+0x2f8/0x1420
[  178.560694][ T3942]  ? xas_find+0x937/0xa60
[  178.565021][ T3942]  ? hfs_get_block+0xbb0/0xbb0
[  178.569782][ T3942]  ? filemap_get_folios+0x557/0x830
[  178.575005][ T3942]  ? find_lock_entries+0xf60/0xf60
[  178.580126][ T3942]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  178.586030][ T3942]  hfs_get_block+0x3fc/0xbb0
[  178.590637][ T3942]  ? hfs_free_extents+0x420/0x420
[  178.595657][ T3942]  ? do_raw_spin_unlock+0x134/0x8a0
[  178.600870][ T3942]  ? create_page_buffers+0x244/0x4b0
[  178.606189][ T3942]  __block_write_begin_int+0x54c/0x1a80
[  178.611746][ T3942]  ? hfs_free_extents+0x420/0x420
[  178.616760][ T3942]  ? page_zero_new_buffers+0x940/0x940
[  178.622211][ T3942]  ? PageHeadHuge+0x8a/0x1d0
[  178.626795][ T3942]  ? hfs_free_extents+0x420/0x420
[  178.631818][ T3942]  block_write_begin+0x93/0x1e0
[  178.636661][ T3942]  ? cont_write_begin+0x5e5/0x860
[  178.641679][ T3942]  ? hfs_free_extents+0x420/0x420
[  178.646701][ T3942]  cont_write_begin+0x606/0x860
[  178.651557][ T3942]  ? fault_in_readable+0x1d5/0x310
[  178.656665][ T3942]  ? generic_cont_expand_simple+0x250/0x250
[  178.662549][ T3942]  ? fault_in_readable+0x219/0x310
[  178.667653][ T3942]  ? fault_in_safe_writeable+0x240/0x240
[  178.673280][ T3942]  hfs_write_begin+0x86/0xd0
[  178.677862][ T3942]  ? hfs_free_extents+0x420/0x420
[  178.682876][ T3942]  generic_perform_write+0x2e4/0x5e0
[  178.688163][ T3942]  ? __block_commit_write+0x420/0x420
[  178.693540][ T3942]  ? generic_file_direct_write+0x610/0x610
[  178.699353][ T3942]  ? __file_remove_privs+0x6c0/0x6c0
[  178.704802][ T3942]  ? generic_write_checks+0x15c/0x1c0
[  178.710176][ T3942]  __generic_file_write_iter+0x176/0x400
[  178.715805][ T3942]  generic_file_write_iter+0xab/0x310
[  178.721257][ T3942]  vfs_write+0x7dc/0xc50
[  178.725502][ T3942]  ? file_end_write+0x230/0x230
[  178.730344][ T3942]  ? ptrace_stop+0x74d/0x970
[  178.734954][ T3942]  ? _raw_spin_unlock_irq+0x2a/0x40
[  178.740155][ T3942]  ? __fdget_pos+0x252/0x2e0
[  178.744759][ T3942]  ksys_write+0x177/0x2a0
[  178.749086][ T3942]  ? __ia32_sys_read+0x80/0x80
[  178.753843][ T3942]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  178.759830][ T3942]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  178.765801][ T3942]  do_syscall_64+0x3d/0xb0
[  178.770293][ T3942]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  178.776185][ T3942] RIP: 0033:0x7f0fa5191c89
[  178.780603][ T3942] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  178.800201][ T3942] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  178.808616][ T3942] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  178.816579][ T3942] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  178.824546][ T3942] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3942] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3942] exit_group(0)               = ?
[pid  3942] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3942, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./295", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./295", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./295/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./295/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./295/binderfs")                = 0
umount2("./295/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./295/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./295/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./295/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./295/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./295/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./295")                          = 0
mkdir("./296", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3943
./strace-static-x86_64: Process 3943 attached
[pid  3943] chdir("./296")              = 0
[pid  3943] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3943] setpgid(0, 0)               = 0
[pid  3943] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3943] write(3, "1000", 4)         = 4
[pid  3943] close(3)                    = 0
[pid  3943] symlink("/dev/binderfs", "./binderfs") = 0
[  178.832515][ T3942] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  178.840490][ T3942] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000127
[  178.848468][ T3942]  </TASK>
[pid  3943] memfd_create("syzkaller", 0) = 3
[pid  3943] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3943] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3943] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3943] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3943] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3943] close(3)                    = 0
[pid  3943] mkdir("./file0", 0777)      = 0
[pid  3943] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3943] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3943] chdir("./file0")            = 0
[pid  3943] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3943] close(4)                    = 0
[pid  3943] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3943] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3943] write(5, "13", 2)           = 2
[  178.901666][ T3943] loop0: detected capacity change from 0 to 64
[  178.921493][ T3943] FAULT_INJECTION: forcing a failure.
[  178.921493][ T3943] name failslab, interval 1, probability 0, space 0, times 0
[  178.936146][ T3943] CPU: 1 PID: 3943 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  178.946599][ T3943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  178.956675][ T3943] Call Trace:
[  178.959959][ T3943]  <TASK>
[  178.962885][ T3943]  dump_stack_lvl+0x1b1/0x28e
[  178.967565][ T3943]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  178.973021][ T3943]  ? panic+0x710/0x710
[  178.977088][ T3943]  ? __might_sleep+0xc0/0xc0
[  178.981675][ T3943]  ? __mutex_lock_common+0x45f/0x26e0
[  178.987055][ T3943]  should_fail_ex+0x395/0x4c0
[  178.991738][ T3943]  ? hfs_find_init+0x8b/0x1e0
[  178.996418][ T3943]  should_failslab+0x5/0x20
[  179.000924][ T3943]  __kmem_cache_alloc_node+0x69/0x310
[  179.006294][ T3943]  ? rcu_lock_release+0x5/0x20
[  179.011061][ T3943]  ? hfs_find_init+0x8b/0x1e0
[  179.015738][ T3943]  __kmalloc+0x9e/0x1a0
[  179.019896][ T3943]  hfs_find_init+0x8b/0x1e0
[  179.024404][ T3943]  hfs_extend_file+0x2f8/0x1420
[  179.029256][ T3943]  ? xas_find+0x937/0xa60
[  179.033593][ T3943]  ? hfs_get_block+0xbb0/0xbb0
[  179.038352][ T3943]  ? filemap_get_folios+0x557/0x830
[  179.043555][ T3943]  ? find_lock_entries+0xf60/0xf60
[  179.048693][ T3943]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  179.054620][ T3943]  hfs_get_block+0x3fc/0xbb0
[  179.059236][ T3943]  ? hfs_free_extents+0x420/0x420
[  179.064264][ T3943]  ? do_raw_spin_unlock+0x134/0x8a0
[  179.069474][ T3943]  ? create_page_buffers+0x244/0x4b0
[  179.079365][ T3943]  __block_write_begin_int+0x54c/0x1a80
[  179.084940][ T3943]  ? hfs_free_extents+0x420/0x420
[  179.089961][ T3943]  ? page_zero_new_buffers+0x940/0x940
[  179.095421][ T3943]  ? PageHeadHuge+0x8a/0x1d0
[  179.100022][ T3943]  ? hfs_free_extents+0x420/0x420
[  179.105131][ T3943]  block_write_begin+0x93/0x1e0
[  179.109985][ T3943]  ? cont_write_begin+0x5e5/0x860
[  179.115011][ T3943]  ? hfs_free_extents+0x420/0x420
[  179.120051][ T3943]  cont_write_begin+0x606/0x860
[  179.124943][ T3943]  ? fault_in_readable+0x1d5/0x310
[  179.130057][ T3943]  ? generic_cont_expand_simple+0x250/0x250
[  179.135949][ T3943]  ? fault_in_readable+0x219/0x310
[  179.141062][ T3943]  ? fault_in_safe_writeable+0x240/0x240
[  179.146702][ T3943]  hfs_write_begin+0x86/0xd0
[  179.151286][ T3943]  ? hfs_free_extents+0x420/0x420
[  179.156309][ T3943]  generic_perform_write+0x2e4/0x5e0
[  179.161601][ T3943]  ? __block_commit_write+0x420/0x420
[  179.167149][ T3943]  ? generic_file_direct_write+0x610/0x610
[  179.173002][ T3943]  ? __file_remove_privs+0x6c0/0x6c0
[  179.178316][ T3943]  ? generic_write_checks+0x15c/0x1c0
[  179.183710][ T3943]  __generic_file_write_iter+0x176/0x400
[  179.189357][ T3943]  generic_file_write_iter+0xab/0x310
[  179.194731][ T3943]  vfs_write+0x7dc/0xc50
[  179.199590][ T3943]  ? file_end_write+0x230/0x230
[  179.204439][ T3943]  ? ptrace_stop+0x74d/0x970
[  179.209033][ T3943]  ? _raw_spin_unlock_irq+0x2a/0x40
[  179.214233][ T3943]  ? __fdget_pos+0x252/0x2e0
[  179.218826][ T3943]  ksys_write+0x177/0x2a0
[  179.223158][ T3943]  ? __ia32_sys_read+0x80/0x80
[  179.227943][ T3943]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  179.233939][ T3943]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  179.239929][ T3943]  do_syscall_64+0x3d/0xb0
[  179.244353][ T3943]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  179.250253][ T3943] RIP: 0033:0x7f0fa5191c89
[  179.254668][ T3943] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  179.274268][ T3943] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  179.282694][ T3943] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  179.290677][ T3943] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid  3943] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3943] exit_group(0)               = ?
[pid  3943] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3943, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./296", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./296", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./296/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./296/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./296/binderfs")                = 0
umount2("./296/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./296/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./296/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./296/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./296/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./296/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./296")                          = 0
mkdir("./297", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3944
./strace-static-x86_64: Process 3944 attached
[  179.298654][ T3943] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  179.306644][ T3943] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  179.314625][ T3943] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000128
[  179.322614][ T3943]  </TASK>
[pid  3944] chdir("./297")              = 0
[pid  3944] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3944] setpgid(0, 0)               = 0
[pid  3944] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3944] write(3, "1000", 4)         = 4
[pid  3944] close(3)                    = 0
[pid  3944] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3944] memfd_create("syzkaller", 0) = 3
[pid  3944] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3944] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3944] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3944] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3944] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3944] close(3)                    = 0
[pid  3944] mkdir("./file0", 0777)      = 0
[pid  3944] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3944] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3944] chdir("./file0")            = 0
[pid  3944] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3944] close(4)                    = 0
[pid  3944] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3944] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3944] write(5, "13", 2)           = 2
[  179.359592][ T3944] loop0: detected capacity change from 0 to 64
[  179.366835][ T3640] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  179.396709][ T3944] FAULT_INJECTION: forcing a failure.
[  179.396709][ T3944] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  179.410090][ T3944] CPU: 1 PID: 3944 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  179.420517][ T3944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  179.430568][ T3944] Call Trace:
[  179.433840][ T3944]  <TASK>
[  179.436761][ T3944]  dump_stack_lvl+0x1b1/0x28e
[  179.441442][ T3944]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  179.446909][ T3944]  ? panic+0x710/0x710
[  179.450967][ T3944]  ? do_anonymous_page+0xd4a/0x1150
[  179.456160][ T3944]  ? mark_lock+0x9a/0x350
[  179.460483][ T3944]  should_fail_ex+0x395/0x4c0
[  179.465178][ T3944]  prepare_alloc_pages+0x1d7/0x5a0
[  179.470289][ T3944]  __alloc_pages+0x161/0x560
[  179.474876][ T3944]  ? zone_statistics+0x160/0x160
[  179.479821][ T3944]  ? rcu_lock_release+0x5/0x20
[  179.484600][ T3944]  ? alloc_pages+0x520/0x7b0
[  179.489180][ T3944]  ? xas_descend+0x1f3/0x400
[  179.493774][ T3944]  folio_alloc+0x1a/0x50
[  179.498022][ T3944]  filemap_alloc_folio+0x7e/0x1c0
[  179.503133][ T3944]  __filemap_get_folio+0x898/0x1260
[  179.508370][ T3944]  ? page_cache_prev_miss+0x4e0/0x4e0
[  179.513740][ T3944]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[  179.519723][ T3944]  ? print_irqtrace_events+0x220/0x220
[  179.525209][ T3944]  pagecache_get_page+0x28/0x260
[  179.530156][ T3944]  ? hfs_free_extents+0x420/0x420
[  179.535182][ T3944]  block_write_begin+0x2e/0x1e0
[  179.540046][ T3944]  ? cont_write_begin+0x5e5/0x860
[  179.545062][ T3944]  ? hfs_free_extents+0x420/0x420
[  179.550096][ T3944]  cont_write_begin+0x606/0x860
[  179.554952][ T3944]  ? fault_in_readable+0x1d5/0x310
[  179.560077][ T3944]  ? generic_cont_expand_simple+0x250/0x250
[  179.565982][ T3944]  ? fault_in_readable+0x219/0x310
[  179.571110][ T3944]  ? fault_in_safe_writeable+0x240/0x240
[  179.576855][ T3944]  hfs_write_begin+0x86/0xd0
[  179.581433][ T3944]  ? hfs_free_extents+0x420/0x420
[  179.586450][ T3944]  generic_perform_write+0x2e4/0x5e0
[  179.591751][ T3944]  ? __block_commit_write+0x420/0x420
[  179.597151][ T3944]  ? generic_file_direct_write+0x610/0x610
[  179.603008][ T3944]  ? __file_remove_privs+0x6c0/0x6c0
[  179.608295][ T3944]  ? generic_write_checks+0x15c/0x1c0
[  179.613698][ T3944]  __generic_file_write_iter+0x176/0x400
[  179.619361][ T3944]  generic_file_write_iter+0xab/0x310
[  179.624764][ T3944]  vfs_write+0x7dc/0xc50
[  179.629037][ T3944]  ? file_end_write+0x230/0x230
[  179.633896][ T3944]  ? ptrace_stop+0x74d/0x970
[  179.638503][ T3944]  ? _raw_spin_unlock_irq+0x2a/0x40
[  179.643715][ T3944]  ? __fdget_pos+0x252/0x2e0
[  179.648306][ T3944]  ksys_write+0x177/0x2a0
[  179.652648][ T3944]  ? __ia32_sys_read+0x80/0x80
[  179.657400][ T3944]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  179.663393][ T3944]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  179.669383][ T3944]  do_syscall_64+0x3d/0xb0
[  179.673796][ T3944]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  179.679696][ T3944] RIP: 0033:0x7f0fa5191c89
[  179.684107][ T3944] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid  3944] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3944] exit_group(0)               = ?
[pid  3944] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3944, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./297", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./297", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./297/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./297/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./297/binderfs")                = 0
umount2("./297/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./297/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./297/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./297/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./297/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./297/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./297")                          = 0
mkdir("./298", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3945
./strace-static-x86_64: Process 3945 attached
[pid  3945] chdir("./298")              = 0
[pid  3945] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3945] setpgid(0, 0)               = 0
[pid  3945] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3945] write(3, "1000", 4)         = 4
[pid  3945] close(3)                    = 0
[pid  3945] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3945] memfd_create("syzkaller", 0) = 3
[pid  3945] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3945] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3945] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3945] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[  179.703720][ T3944] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  179.712125][ T3944] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  179.720100][ T3944] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  179.728080][ T3944] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  179.736058][ T3944] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  179.744022][ T3944] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000129
[  179.752001][ T3944]  </TASK>
[pid  3945] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3945] close(3)                    = 0
[pid  3945] mkdir("./file0", 0777)      = 0
[pid  3945] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3945] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3945] chdir("./file0")            = 0
[pid  3945] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3945] close(4)                    = 0
[pid  3945] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3945] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3945] write(5, "13", 2)           = 2
[  179.789825][ T3945] loop0: detected capacity change from 0 to 64
[  179.792517][ T3640] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  179.818785][ T3945] FAULT_INJECTION: forcing a failure.
[  179.818785][ T3945] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  179.832364][ T3945] CPU: 1 PID: 3945 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  179.842857][ T3945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  179.852897][ T3945] Call Trace:
[  179.856165][ T3945]  <TASK>
[  179.859083][ T3945]  dump_stack_lvl+0x1b1/0x28e
[  179.863755][ T3945]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  179.869230][ T3945]  ? panic+0x710/0x710
[  179.873291][ T3945]  ? do_anonymous_page+0xd4a/0x1150
[  179.878493][ T3945]  ? mark_lock+0x9a/0x350
[  179.882822][ T3945]  should_fail_ex+0x395/0x4c0
[  179.887504][ T3945]  prepare_alloc_pages+0x1d7/0x5a0
[  179.892628][ T3945]  __alloc_pages+0x161/0x560
[  179.897226][ T3945]  ? zone_statistics+0x160/0x160
[  179.902172][ T3945]  ? rcu_lock_release+0x5/0x20
[  179.906939][ T3945]  ? alloc_pages+0x520/0x7b0
[  179.911542][ T3945]  ? xas_descend+0x1f3/0x400
[  179.916150][ T3945]  folio_alloc+0x1a/0x50
[  179.920396][ T3945]  filemap_alloc_folio+0x7e/0x1c0
[  179.925430][ T3945]  __filemap_get_folio+0x898/0x1260
[  179.930633][ T3945]  ? page_cache_prev_miss+0x4e0/0x4e0
[  179.936008][ T3945]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[  179.942077][ T3945]  ? print_irqtrace_events+0x220/0x220
[  179.947540][ T3945]  pagecache_get_page+0x28/0x260
[  179.952479][ T3945]  ? hfs_free_extents+0x420/0x420
[  179.957502][ T3945]  block_write_begin+0x2e/0x1e0
[  179.962399][ T3945]  ? cont_write_begin+0x5e5/0x860
[  179.967442][ T3945]  ? hfs_free_extents+0x420/0x420
[  179.972472][ T3945]  cont_write_begin+0x606/0x860
[  179.977335][ T3945]  ? fault_in_readable+0x1d5/0x310
[  179.982458][ T3945]  ? generic_cont_expand_simple+0x250/0x250
[  179.988376][ T3945]  ? fault_in_readable+0x219/0x310
[  179.993503][ T3945]  ? fault_in_safe_writeable+0x240/0x240
[  179.999158][ T3945]  hfs_write_begin+0x86/0xd0
[  180.003761][ T3945]  ? hfs_free_extents+0x420/0x420
[  180.008796][ T3945]  generic_perform_write+0x2e4/0x5e0
[  180.014092][ T3945]  ? __block_commit_write+0x420/0x420
[  180.019464][ T3945]  ? generic_file_direct_write+0x610/0x610
[  180.025267][ T3945]  ? __file_remove_privs+0x6c0/0x6c0
[  180.030549][ T3945]  ? generic_write_checks+0x15c/0x1c0
[  180.035927][ T3945]  __generic_file_write_iter+0x176/0x400
[  180.041560][ T3945]  generic_file_write_iter+0xab/0x310
[  180.046932][ T3945]  vfs_write+0x7dc/0xc50
[  180.051187][ T3945]  ? file_end_write+0x230/0x230
[  180.056035][ T3945]  ? ptrace_stop+0x74d/0x970
[  180.060631][ T3945]  ? _raw_spin_unlock_irq+0x2a/0x40
[  180.065835][ T3945]  ? __fdget_pos+0x252/0x2e0
[  180.070433][ T3945]  ksys_write+0x177/0x2a0
[  180.074764][ T3945]  ? __ia32_sys_read+0x80/0x80
[  180.079526][ T3945]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  180.085507][ T3945]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  180.091487][ T3945]  do_syscall_64+0x3d/0xb0
[  180.095900][ T3945]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  180.101788][ T3945] RIP: 0033:0x7f0fa5191c89
[  180.106200][ T3945] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  180.125807][ T3945] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid  3945] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3945] exit_group(0)               = ?
[pid  3945] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3945, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./298", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./298", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./298/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./298/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./298/binderfs")                = 0
umount2("./298/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./298/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./298/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./298/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./298/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./298/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./298")                          = 0
[  180.134238][ T3945] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  180.142221][ T3945] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  180.150198][ T3945] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  180.158168][ T3945] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  180.166135][ T3945] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000012a
[  180.174117][ T3945]  </TASK>
mkdir("./299", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3946 attached
, child_tidptr=0x555555b7f5d0) = 3946
[pid  3946] chdir("./299")              = 0
[pid  3946] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3946] setpgid(0, 0)               = 0
[pid  3946] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3946] write(3, "1000", 4)         = 4
[pid  3946] close(3)                    = 0
[pid  3946] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3946] memfd_create("syzkaller", 0) = 3
[pid  3946] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3946] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3946] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3946] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3946] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3946] close(3)                    = 0
[pid  3946] mkdir("./file0", 0777)      = 0
[pid  3946] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3946] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3946] chdir("./file0")            = 0
[pid  3946] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3946] close(4)                    = 0
[pid  3946] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3946] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3946] write(5, "13", 2)           = 2
[  180.243171][ T3946] loop0: detected capacity change from 0 to 64
[  180.267586][ T3946] FAULT_INJECTION: forcing a failure.
[  180.267586][ T3946] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  180.281160][ T3946] CPU: 1 PID: 3946 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  180.291617][ T3946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  180.301690][ T3946] Call Trace:
[  180.304964][ T3946]  <TASK>
[  180.307884][ T3946]  dump_stack_lvl+0x1b1/0x28e
[  180.312583][ T3946]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  180.318034][ T3946]  ? panic+0x710/0x710
[  180.322095][ T3946]  ? do_anonymous_page+0xd4a/0x1150
[  180.327324][ T3946]  ? mark_lock+0x9a/0x350
[  180.331675][ T3946]  should_fail_ex+0x395/0x4c0
[  180.336377][ T3946]  prepare_alloc_pages+0x1d7/0x5a0
[  180.341494][ T3946]  __alloc_pages+0x161/0x560
[  180.346112][ T3946]  ? zone_statistics+0x160/0x160
[  180.351068][ T3946]  ? rcu_lock_release+0x5/0x20
[  180.355862][ T3946]  ? alloc_pages+0x520/0x7b0
[  180.360455][ T3946]  ? xas_descend+0x1f3/0x400
[  180.365040][ T3946]  folio_alloc+0x1a/0x50
[  180.369275][ T3946]  filemap_alloc_folio+0x7e/0x1c0
[  180.374296][ T3946]  __filemap_get_folio+0x898/0x1260
[  180.379502][ T3946]  ? page_cache_prev_miss+0x4e0/0x4e0
[  180.384892][ T3946]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[  180.390893][ T3946]  ? print_irqtrace_events+0x220/0x220
[  180.396354][ T3946]  pagecache_get_page+0x28/0x260
[  180.401287][ T3946]  ? hfs_free_extents+0x420/0x420
[  180.406323][ T3946]  block_write_begin+0x2e/0x1e0
[  180.411187][ T3946]  ? cont_write_begin+0x5e5/0x860
[  180.416224][ T3946]  ? hfs_free_extents+0x420/0x420
[  180.421267][ T3946]  cont_write_begin+0x606/0x860
[  180.426144][ T3946]  ? fault_in_readable+0x1d5/0x310
[  180.431258][ T3946]  ? generic_cont_expand_simple+0x250/0x250
[  180.437150][ T3946]  ? fault_in_readable+0x219/0x310
[  180.442271][ T3946]  ? fault_in_safe_writeable+0x240/0x240
[  180.447923][ T3946]  hfs_write_begin+0x86/0xd0
[  180.452503][ T3946]  ? hfs_free_extents+0x420/0x420
[  180.457520][ T3946]  generic_perform_write+0x2e4/0x5e0
[  180.462824][ T3946]  ? __block_commit_write+0x420/0x420
[  180.468221][ T3946]  ? generic_file_direct_write+0x610/0x610
[  180.474035][ T3946]  ? __file_remove_privs+0x6c0/0x6c0
[  180.479327][ T3946]  ? generic_write_checks+0x15c/0x1c0
[  180.484715][ T3946]  __generic_file_write_iter+0x176/0x400
[  180.490375][ T3946]  generic_file_write_iter+0xab/0x310
[  180.495757][ T3946]  vfs_write+0x7dc/0xc50
[  180.500030][ T3946]  ? file_end_write+0x230/0x230
[  180.504891][ T3946]  ? ptrace_stop+0x74d/0x970
[  180.509478][ T3946]  ? _raw_spin_unlock_irq+0x2a/0x40
[  180.514673][ T3946]  ? __fdget_pos+0x252/0x2e0
[  180.519273][ T3946]  ksys_write+0x177/0x2a0
[  180.523629][ T3946]  ? __ia32_sys_read+0x80/0x80
[  180.528409][ T3946]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  180.534385][ T3946]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  180.540355][ T3946]  do_syscall_64+0x3d/0xb0
[  180.544764][ T3946]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  180.550649][ T3946] RIP: 0033:0x7f0fa5191c89
[  180.555057][ T3946] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  180.574684][ T3946] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  180.583111][ T3946] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[pid  3946] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3946] exit_group(0)               = ?
[pid  3946] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3946, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./299", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./299", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./299/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./299/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./299/binderfs")                = 0
umount2("./299/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./299/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./299/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./299/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./299/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./299/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./299")                          = 0
mkdir("./300", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3947
./strace-static-x86_64: Process 3947 attached
[pid  3947] chdir("./300")              = 0
[pid  3947] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3947] setpgid(0, 0)               = 0
[pid  3947] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3947] write(3, "1000", 4)         = 4
[pid  3947] close(3)                    = 0
[pid  3947] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3947] memfd_create("syzkaller", 0) = 3
[  180.591170][ T3946] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  180.599149][ T3946] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  180.607110][ T3946] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  180.615071][ T3946] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000012b
[  180.623069][ T3946]  </TASK>
[pid  3947] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3947] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3947] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3947] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3947] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3947] close(3)                    = 0
[pid  3947] mkdir("./file0", 0777)      = 0
[pid  3947] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3947] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3947] chdir("./file0")            = 0
[pid  3947] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3947] close(4)                    = 0
[pid  3947] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3947] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3947] write(5, "13", 2)           = 2
[  180.679928][ T3947] loop0: detected capacity change from 0 to 64
[  180.699471][ T3947] FAULT_INJECTION: forcing a failure.
[  180.699471][ T3947] name failslab, interval 1, probability 0, space 0, times 0
[  180.712653][ T3947] CPU: 0 PID: 3947 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  180.723063][ T3947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  180.733197][ T3947] Call Trace:
[  180.736462][ T3947]  <TASK>
[  180.739379][ T3947]  dump_stack_lvl+0x1b1/0x28e
[  180.744044][ T3947]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  180.749488][ T3947]  ? panic+0x710/0x710
[  180.753542][ T3947]  ? __might_sleep+0xc0/0xc0
[  180.758115][ T3947]  ? __mutex_lock_common+0x45f/0x26e0
[  180.763484][ T3947]  should_fail_ex+0x395/0x4c0
[  180.768147][ T3947]  ? hfs_find_init+0x8b/0x1e0
[  180.772819][ T3947]  should_failslab+0x5/0x20
[  180.777324][ T3947]  __kmem_cache_alloc_node+0x69/0x310
[  180.782691][ T3947]  ? rcu_lock_release+0x5/0x20
[  180.787454][ T3947]  ? hfs_find_init+0x8b/0x1e0
[  180.792218][ T3947]  __kmalloc+0x9e/0x1a0
[  180.796378][ T3947]  hfs_find_init+0x8b/0x1e0
[  180.800886][ T3947]  hfs_extend_file+0x2f8/0x1420
[  180.805733][ T3947]  ? xas_find+0x937/0xa60
[  180.810070][ T3947]  ? hfs_get_block+0xbb0/0xbb0
[  180.814825][ T3947]  ? filemap_get_folios+0x557/0x830
[  180.820022][ T3947]  ? find_lock_entries+0xf60/0xf60
[  180.825138][ T3947]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  180.831302][ T3947]  hfs_get_block+0x3fc/0xbb0
[  180.835907][ T3947]  ? hfs_free_extents+0x420/0x420
[  180.840924][ T3947]  ? do_raw_spin_unlock+0x134/0x8a0
[  180.846131][ T3947]  ? create_page_buffers+0x244/0x4b0
[  180.851418][ T3947]  __block_write_begin_int+0x54c/0x1a80
[  180.856993][ T3947]  ? hfs_free_extents+0x420/0x420
[  180.862013][ T3947]  ? page_zero_new_buffers+0x940/0x940
[  180.867476][ T3947]  ? PageHeadHuge+0x8a/0x1d0
[  180.872070][ T3947]  ? hfs_free_extents+0x420/0x420
[  180.877088][ T3947]  block_write_begin+0x93/0x1e0
[  180.881941][ T3947]  ? cont_write_begin+0x5e5/0x860
[  180.886965][ T3947]  ? hfs_free_extents+0x420/0x420
[  180.891983][ T3947]  cont_write_begin+0x606/0x860
[  180.896840][ T3947]  ? fault_in_readable+0x1d5/0x310
[  180.901951][ T3947]  ? generic_cont_expand_simple+0x250/0x250
[  180.907840][ T3947]  ? fault_in_readable+0x219/0x310
[  180.913037][ T3947]  ? fault_in_safe_writeable+0x240/0x240
[  180.918674][ T3947]  hfs_write_begin+0x86/0xd0
[  180.923268][ T3947]  ? hfs_free_extents+0x420/0x420
[  180.928294][ T3947]  generic_perform_write+0x2e4/0x5e0
[  180.933586][ T3947]  ? __block_commit_write+0x420/0x420
[  180.938957][ T3947]  ? generic_file_direct_write+0x610/0x610
[  180.944784][ T3947]  ? __file_remove_privs+0x6c0/0x6c0
[  180.950068][ T3947]  ? generic_write_checks+0x15c/0x1c0
[  180.955444][ T3947]  __generic_file_write_iter+0x176/0x400
[  180.961081][ T3947]  generic_file_write_iter+0xab/0x310
[  180.966455][ T3947]  vfs_write+0x7dc/0xc50
[  180.970705][ T3947]  ? file_end_write+0x230/0x230
[  180.975552][ T3947]  ? ptrace_stop+0x74d/0x970
[  180.980146][ T3947]  ? _raw_spin_unlock_irq+0x2a/0x40
[  180.985357][ T3947]  ? __fdget_pos+0x252/0x2e0
[  180.989955][ T3947]  ksys_write+0x177/0x2a0
[  180.994289][ T3947]  ? __ia32_sys_read+0x80/0x80
[  180.999073][ T3947]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  181.005071][ T3947]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  181.011059][ T3947]  do_syscall_64+0x3d/0xb0
[  181.015474][ T3947]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  181.021361][ T3947] RIP: 0033:0x7f0fa5191c89
[  181.025782][ T3947] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  181.045385][ T3947] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  181.053794][ T3947] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  181.061849][ T3947] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  181.069816][ T3947] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3947] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3947] exit_group(0)               = ?
[pid  3947] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3947, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./300", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./300", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./300/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./300/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./300/binderfs")                = 0
umount2("./300/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./300/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./300/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./300/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./300/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./300/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./300")                          = 0
mkdir("./301", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3948
./strace-static-x86_64: Process 3948 attached
[pid  3948] chdir("./301")              = 0
[pid  3948] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3948] setpgid(0, 0)               = 0
[pid  3948] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3948] write(3, "1000", 4)         = 4
[pid  3948] close(3)                    = 0
[pid  3948] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3948] memfd_create("syzkaller", 0) = 3
[pid  3948] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3948] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[  181.077788][ T3947] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  181.085754][ T3947] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000012c
[  181.093737][ T3947]  </TASK>
[pid  3948] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3948] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3948] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3948] close(3)                    = 0
[pid  3948] mkdir("./file0", 0777)      = 0
[pid  3948] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3948] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3948] chdir("./file0")            = 0
[pid  3948] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3948] close(4)                    = 0
[pid  3948] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3948] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3948] write(5, "13", 2)           = 2
[  181.144080][ T3948] loop0: detected capacity change from 0 to 64
[  181.168026][ T3948] FAULT_INJECTION: forcing a failure.
[  181.168026][ T3948] name failslab, interval 1, probability 0, space 0, times 0
[  181.181040][ T3948] CPU: 0 PID: 3948 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  181.191577][ T3948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  181.201649][ T3948] Call Trace:
[  181.204933][ T3948]  <TASK>
[  181.207860][ T3948]  dump_stack_lvl+0x1b1/0x28e
[  181.212544][ T3948]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  181.217998][ T3948]  ? panic+0x710/0x710
[  181.222060][ T3948]  ? __might_sleep+0xc0/0xc0
[  181.226656][ T3948]  ? __mutex_lock_common+0x45f/0x26e0
[  181.232052][ T3948]  should_fail_ex+0x395/0x4c0
[  181.236748][ T3948]  ? hfs_find_init+0x8b/0x1e0
[  181.241443][ T3948]  should_failslab+0x5/0x20
[  181.245940][ T3948]  __kmem_cache_alloc_node+0x69/0x310
[  181.251397][ T3948]  ? rcu_lock_release+0x5/0x20
[  181.256164][ T3948]  ? hfs_find_init+0x8b/0x1e0
[  181.260844][ T3948]  __kmalloc+0x9e/0x1a0
[  181.265010][ T3948]  hfs_find_init+0x8b/0x1e0
[  181.269604][ T3948]  hfs_extend_file+0x2f8/0x1420
[  181.274469][ T3948]  ? xas_find+0x937/0xa60
[  181.278819][ T3948]  ? hfs_get_block+0xbb0/0xbb0
[  181.283574][ T3948]  ? filemap_get_folios+0x557/0x830
[  181.288772][ T3948]  ? find_lock_entries+0xf60/0xf60
[  181.293885][ T3948]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  181.299785][ T3948]  hfs_get_block+0x3fc/0xbb0
[  181.304378][ T3948]  ? hfs_free_extents+0x420/0x420
[  181.309396][ T3948]  ? do_raw_spin_unlock+0x134/0x8a0
[  181.314600][ T3948]  ? create_page_buffers+0x244/0x4b0
[  181.319900][ T3948]  __block_write_begin_int+0x54c/0x1a80
[  181.325519][ T3948]  ? hfs_free_extents+0x420/0x420
[  181.330553][ T3948]  ? page_zero_new_buffers+0x940/0x940
[  181.336008][ T3948]  ? PageHeadHuge+0x8a/0x1d0
[  181.340608][ T3948]  ? hfs_free_extents+0x420/0x420
[  181.345640][ T3948]  block_write_begin+0x93/0x1e0
[  181.350507][ T3948]  ? cont_write_begin+0x5e5/0x860
[  181.355554][ T3948]  ? hfs_free_extents+0x420/0x420
[  181.360574][ T3948]  cont_write_begin+0x606/0x860
[  181.365515][ T3948]  ? fault_in_readable+0x1d5/0x310
[  181.370623][ T3948]  ? generic_cont_expand_simple+0x250/0x250
[  181.376512][ T3948]  ? fault_in_readable+0x219/0x310
[  181.381619][ T3948]  ? fault_in_safe_writeable+0x240/0x240
[  181.387798][ T3948]  hfs_write_begin+0x86/0xd0
[  181.392399][ T3948]  ? hfs_free_extents+0x420/0x420
[  181.397425][ T3948]  generic_perform_write+0x2e4/0x5e0
[  181.402730][ T3948]  ? __block_commit_write+0x420/0x420
[  181.408102][ T3948]  ? generic_file_direct_write+0x610/0x610
[  181.413909][ T3948]  ? __file_remove_privs+0x6c0/0x6c0
[  181.419213][ T3948]  ? generic_write_checks+0x15c/0x1c0
[  181.424588][ T3948]  __generic_file_write_iter+0x176/0x400
[  181.430223][ T3948]  generic_file_write_iter+0xab/0x310
[  181.435591][ T3948]  vfs_write+0x7dc/0xc50
[  181.439836][ T3948]  ? file_end_write+0x230/0x230
[  181.444692][ T3948]  ? ptrace_stop+0x74d/0x970
[  181.449301][ T3948]  ? _raw_spin_unlock_irq+0x2a/0x40
[  181.454504][ T3948]  ? __fdget_pos+0x252/0x2e0
[  181.459109][ T3948]  ksys_write+0x177/0x2a0
[  181.463438][ T3948]  ? __ia32_sys_read+0x80/0x80
[  181.468205][ T3948]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  181.474195][ T3948]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  181.480171][ T3948]  do_syscall_64+0x3d/0xb0
[  181.484589][ T3948]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  181.490493][ T3948] RIP: 0033:0x7f0fa5191c89
[  181.494896][ T3948] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  181.514499][ T3948] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  181.522903][ T3948] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  181.530875][ T3948] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid  3948] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3948] exit_group(0)               = ?
[pid  3948] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3948, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
umount2("./301", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./301", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./301/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./301/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./301/binderfs")                = 0
umount2("./301/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./301/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./301/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./301/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./301/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./301/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./301")                          = 0
mkdir("./302", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
[  181.538840][ T3948] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  181.546802][ T3948] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  181.554775][ T3948] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000012d
[  181.562766][ T3948]  </TASK>
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3949
./strace-static-x86_64: Process 3949 attached
[pid  3949] chdir("./302")              = 0
[pid  3949] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3949] setpgid(0, 0)               = 0
[pid  3949] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3949] write(3, "1000", 4)         = 4
[pid  3949] close(3)                    = 0
[pid  3949] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3949] memfd_create("syzkaller", 0) = 3
[pid  3949] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3949] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3949] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3949] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3949] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3949] close(3)                    = 0
[pid  3949] mkdir("./file0", 0777)      = 0
[pid  3949] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3949] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3949] chdir("./file0")            = 0
[pid  3949] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3949] close(4)                    = 0
[pid  3949] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3949] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3949] write(5, "13", 2)           = 2
[  181.623152][ T3949] loop0: detected capacity change from 0 to 64
[  181.649171][ T3949] FAULT_INJECTION: forcing a failure.
[  181.649171][ T3949] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  181.662885][ T3949] CPU: 0 PID: 3949 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  181.673403][ T3949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  181.683446][ T3949] Call Trace:
[  181.686714][ T3949]  <TASK>
[  181.689634][ T3949]  dump_stack_lvl+0x1b1/0x28e
[  181.694302][ T3949]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  181.699745][ T3949]  ? panic+0x710/0x710
[  181.703800][ T3949]  ? do_anonymous_page+0xd4a/0x1150
[  181.709000][ T3949]  ? mark_lock+0x9a/0x350
[  181.713324][ T3949]  should_fail_ex+0x395/0x4c0
[  181.718000][ T3949]  prepare_alloc_pages+0x1d7/0x5a0
[  181.723137][ T3949]  __alloc_pages+0x161/0x560
[  181.727746][ T3949]  ? zone_statistics+0x160/0x160
[  181.732695][ T3949]  ? rcu_lock_release+0x5/0x20
[  181.737460][ T3949]  ? alloc_pages+0x520/0x7b0
[  181.742047][ T3949]  ? xas_descend+0x1f3/0x400
[  181.746643][ T3949]  folio_alloc+0x1a/0x50
[  181.750884][ T3949]  filemap_alloc_folio+0x7e/0x1c0
[  181.755913][ T3949]  __filemap_get_folio+0x898/0x1260
[  181.761120][ T3949]  ? page_cache_prev_miss+0x4e0/0x4e0
[  181.766494][ T3949]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[  181.772477][ T3949]  ? print_irqtrace_events+0x220/0x220
[  181.777939][ T3949]  pagecache_get_page+0x28/0x260
[  181.782965][ T3949]  ? hfs_free_extents+0x420/0x420
[  181.787987][ T3949]  block_write_begin+0x2e/0x1e0
[  181.792841][ T3949]  ? cont_write_begin+0x5e5/0x860
[  181.797868][ T3949]  ? hfs_free_extents+0x420/0x420
[  181.802890][ T3949]  cont_write_begin+0x606/0x860
[  181.807747][ T3949]  ? fault_in_readable+0x1d5/0x310
[  181.812863][ T3949]  ? generic_cont_expand_simple+0x250/0x250
[  181.818758][ T3949]  ? fault_in_readable+0x219/0x310
[  181.823870][ T3949]  ? fault_in_safe_writeable+0x240/0x240
[  181.829510][ T3949]  hfs_write_begin+0x86/0xd0
[  181.834097][ T3949]  ? hfs_free_extents+0x420/0x420
[  181.839130][ T3949]  generic_perform_write+0x2e4/0x5e0
[  181.844453][ T3949]  ? __block_commit_write+0x420/0x420
[  181.849826][ T3949]  ? generic_file_direct_write+0x610/0x610
[  181.855633][ T3949]  ? __file_remove_privs+0x6c0/0x6c0
[  181.860918][ T3949]  ? generic_write_checks+0x15c/0x1c0
[  181.866299][ T3949]  __generic_file_write_iter+0x176/0x400
[  181.871940][ T3949]  generic_file_write_iter+0xab/0x310
[  181.877316][ T3949]  vfs_write+0x7dc/0xc50
[  181.881571][ T3949]  ? file_end_write+0x230/0x230
[  181.886422][ T3949]  ? ptrace_stop+0x74d/0x970
[  181.891024][ T3949]  ? _raw_spin_unlock_irq+0x2a/0x40
[  181.896229][ T3949]  ? __fdget_pos+0x252/0x2e0
[  181.900825][ T3949]  ksys_write+0x177/0x2a0
[  181.905162][ T3949]  ? __ia32_sys_read+0x80/0x80
[  181.909960][ T3949]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  181.915944][ T3949]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  181.921927][ T3949]  do_syscall_64+0x3d/0xb0
[  181.926342][ T3949]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  181.932246][ T3949] RIP: 0033:0x7f0fa5191c89
[  181.936666][ T3949] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  181.956275][ T3949] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  181.964691][ T3949] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[pid  3949] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3949] exit_group(0)               = ?
[pid  3949] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3949, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./302", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./302", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./302/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./302/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./302/binderfs")                = 0
umount2("./302/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./302/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./302/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./302/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./302/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./302/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./302")                          = 0
mkdir("./303", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3950
./strace-static-x86_64: Process 3950 attached
[pid  3950] chdir("./303")              = 0
[pid  3950] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3950] setpgid(0, 0)               = 0
[pid  3950] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3950] write(3, "1000", 4)         = 4
[pid  3950] close(3)                    = 0
[pid  3950] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3950] memfd_create("syzkaller", 0) = 3
[pid  3950] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3950] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3950] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3950] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[  181.972659][ T3949] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  181.980628][ T3949] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  181.988600][ T3949] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  181.996569][ T3949] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000012e
[  182.004556][ T3949]  </TASK>
[pid  3950] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3950] close(3)                    = 0
[pid  3950] mkdir("./file0", 0777)      = 0
[pid  3950] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3950] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3950] chdir("./file0")            = 0
[pid  3950] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3950] close(4)                    = 0
[pid  3950] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3950] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3950] write(5, "13", 2)           = 2
[  182.054083][ T3950] loop0: detected capacity change from 0 to 64
[  182.057412][ T3640] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  182.086142][ T3950] FAULT_INJECTION: forcing a failure.
[  182.086142][ T3950] name failslab, interval 1, probability 0, space 0, times 0
[  182.098921][ T3950] CPU: 1 PID: 3950 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  182.109346][ T3950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  182.119398][ T3950] Call Trace:
[  182.122680][ T3950]  <TASK>
[  182.125615][ T3950]  dump_stack_lvl+0x1b1/0x28e
[  182.130300][ T3950]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  182.135767][ T3950]  ? panic+0x710/0x710
[  182.139837][ T3950]  ? __might_sleep+0xc0/0xc0
[  182.144436][ T3950]  ? __mutex_lock_common+0x45f/0x26e0
[  182.149820][ T3950]  should_fail_ex+0x395/0x4c0
[  182.154601][ T3950]  ? hfs_find_init+0x8b/0x1e0
[  182.159298][ T3950]  should_failslab+0x5/0x20
[  182.163805][ T3950]  __kmem_cache_alloc_node+0x69/0x310
[  182.169189][ T3950]  ? hfs_find_init+0x8b/0x1e0
[  182.173870][ T3950]  __kmalloc+0x9e/0x1a0
[  182.178036][ T3950]  hfs_find_init+0x8b/0x1e0
[  182.182565][ T3950]  hfs_extend_file+0x2f8/0x1420
[  182.187454][ T3950]  ? hfs_get_block+0xbb0/0xbb0
[  182.192232][ T3950]  ? lru_cache_disable+0x30/0x30
[  182.197179][ T3950]  ? __might_sleep+0xc0/0xc0
[  182.201804][ T3950]  hfs_get_block+0x3fc/0xbb0
[  182.206423][ T3950]  ? hfs_free_extents+0x420/0x420
[  182.211452][ T3950]  ? do_raw_spin_unlock+0x134/0x8a0
[  182.216666][ T3950]  ? create_page_buffers+0x244/0x4b0
[  182.221964][ T3950]  __block_write_begin_int+0x54c/0x1a80
[  182.227533][ T3950]  ? hfs_free_extents+0x420/0x420
[  182.232558][ T3950]  ? page_zero_new_buffers+0x940/0x940
[  182.238024][ T3950]  ? PageHeadHuge+0x8a/0x1d0
[  182.242624][ T3950]  ? hfs_free_extents+0x420/0x420
[  182.247732][ T3950]  block_write_begin+0x93/0x1e0
[  182.252589][ T3950]  ? cont_write_begin+0x5e5/0x860
[  182.257616][ T3950]  ? hfs_free_extents+0x420/0x420
[  182.262639][ T3950]  cont_write_begin+0x606/0x860
[  182.267501][ T3950]  ? fault_in_readable+0x1d5/0x310
[  182.272620][ T3950]  ? generic_cont_expand_simple+0x250/0x250
[  182.278515][ T3950]  ? fault_in_readable+0x219/0x310
[  182.283630][ T3950]  ? fault_in_safe_writeable+0x240/0x240
[  182.289402][ T3950]  hfs_write_begin+0x86/0xd0
[  182.294006][ T3950]  ? hfs_free_extents+0x420/0x420
[  182.299124][ T3950]  generic_perform_write+0x2e4/0x5e0
[  182.304418][ T3950]  ? __block_commit_write+0x420/0x420
[  182.309817][ T3950]  ? generic_file_direct_write+0x610/0x610
[  182.315646][ T3950]  ? __file_remove_privs+0x6c0/0x6c0
[  182.320946][ T3950]  ? generic_write_checks+0x15c/0x1c0
[  182.326334][ T3950]  __generic_file_write_iter+0x176/0x400
[  182.331976][ T3950]  generic_file_write_iter+0xab/0x310
[  182.337355][ T3950]  vfs_write+0x7dc/0xc50
[  182.341609][ T3950]  ? file_end_write+0x230/0x230
[  182.346461][ T3950]  ? ptrace_stop+0x74d/0x970
[  182.351062][ T3950]  ? _raw_spin_unlock_irq+0x2a/0x40
[  182.356269][ T3950]  ? __fdget_pos+0x252/0x2e0
[  182.360870][ T3950]  ksys_write+0x177/0x2a0
[  182.365206][ T3950]  ? __ia32_sys_read+0x80/0x80
[  182.369977][ T3950]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  182.375990][ T3950]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  182.381987][ T3950]  do_syscall_64+0x3d/0xb0
[  182.386422][ T3950]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  182.392338][ T3950] RIP: 0033:0x7f0fa5191c89
[  182.396754][ T3950] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  182.416361][ T3950] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  182.424774][ T3950] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  182.432743][ T3950] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  182.440733][ T3950] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3950] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3950] exit_group(0)               = ?
[pid  3950] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3950, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./303", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./303", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./303/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./303/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./303/binderfs")                = 0
umount2("./303/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./303/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./303/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./303/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./303/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./303/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./303")                          = 0
mkdir("./304", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3951 attached
, child_tidptr=0x555555b7f5d0) = 3951
[pid  3951] chdir("./304")              = 0
[  182.448709][ T3950] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  182.456679][ T3950] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000012f
[  182.464664][ T3950]  </TASK>
[pid  3951] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3951] setpgid(0, 0)               = 0
[pid  3951] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3951] write(3, "1000", 4)         = 4
[pid  3951] close(3)                    = 0
[pid  3951] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3951] memfd_create("syzkaller", 0) = 3
[pid  3951] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3951] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3951] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3951] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3951] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3951] close(3)                    = 0
[pid  3951] mkdir("./file0", 0777)      = 0
[pid  3951] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3951] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3951] chdir("./file0")            = 0
[pid  3951] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3951] close(4)                    = 0
[pid  3951] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3951] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3951] write(5, "13", 2)           = 2
[  182.524253][ T3951] loop0: detected capacity change from 0 to 64
[  182.548788][ T3951] FAULT_INJECTION: forcing a failure.
[  182.548788][ T3951] name failslab, interval 1, probability 0, space 0, times 0
[  182.561833][ T3951] CPU: 1 PID: 3951 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  182.572247][ T3951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  182.582312][ T3951] Call Trace:
[  182.585579][ T3951]  <TASK>
[  182.588517][ T3951]  dump_stack_lvl+0x1b1/0x28e
[  182.593189][ T3951]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  182.598633][ T3951]  ? panic+0x710/0x710
[  182.602696][ T3951]  ? __might_sleep+0xc0/0xc0
[  182.607270][ T3951]  ? __mutex_lock_common+0x45f/0x26e0
[  182.612635][ T3951]  should_fail_ex+0x395/0x4c0
[  182.617301][ T3951]  ? hfs_find_init+0x8b/0x1e0
[  182.621972][ T3951]  should_failslab+0x5/0x20
[  182.626462][ T3951]  __kmem_cache_alloc_node+0x69/0x310
[  182.631831][ T3951]  ? hfs_find_init+0x8b/0x1e0
[  182.636499][ T3951]  __kmalloc+0x9e/0x1a0
[  182.640648][ T3951]  hfs_find_init+0x8b/0x1e0
[  182.645143][ T3951]  hfs_extend_file+0x2f8/0x1420
[  182.649986][ T3951]  ? hfs_get_block+0xbb0/0xbb0
[  182.654737][ T3951]  ? lru_cache_disable+0x30/0x30
[  182.659665][ T3951]  ? __might_sleep+0xc0/0xc0
[  182.664255][ T3951]  hfs_get_block+0x3fc/0xbb0
[  182.668842][ T3951]  ? hfs_free_extents+0x420/0x420
[  182.673850][ T3951]  ? do_raw_spin_unlock+0x134/0x8a0
[  182.679045][ T3951]  ? create_page_buffers+0x244/0x4b0
[  182.684336][ T3951]  __block_write_begin_int+0x54c/0x1a80
[  182.689895][ T3951]  ? hfs_free_extents+0x420/0x420
[  182.694930][ T3951]  ? page_zero_new_buffers+0x940/0x940
[  182.700380][ T3951]  ? PageHeadHuge+0x8a/0x1d0
[  182.704961][ T3951]  ? hfs_free_extents+0x420/0x420
[  182.709971][ T3951]  block_write_begin+0x93/0x1e0
[  182.714810][ T3951]  ? cont_write_begin+0x5e5/0x860
[  182.719823][ T3951]  ? hfs_free_extents+0x420/0x420
[  182.724833][ T3951]  cont_write_begin+0x606/0x860
[  182.729678][ T3951]  ? fault_in_readable+0x1d5/0x310
[  182.734783][ T3951]  ? generic_cont_expand_simple+0x250/0x250
[  182.740663][ T3951]  ? fault_in_readable+0x219/0x310
[  182.745764][ T3951]  ? fault_in_safe_writeable+0x240/0x240
[  182.751397][ T3951]  hfs_write_begin+0x86/0xd0
[  182.755973][ T3951]  ? hfs_free_extents+0x420/0x420
[  182.760985][ T3951]  generic_perform_write+0x2e4/0x5e0
[  182.766265][ T3951]  ? __block_commit_write+0x420/0x420
[  182.771628][ T3951]  ? generic_file_direct_write+0x610/0x610
[  182.777420][ T3951]  ? __file_remove_privs+0x6c0/0x6c0
[  182.782778][ T3951]  ? generic_write_checks+0x15c/0x1c0
[  182.788141][ T3951]  __generic_file_write_iter+0x176/0x400
[  182.793776][ T3951]  generic_file_write_iter+0xab/0x310
[  182.799139][ T3951]  vfs_write+0x7dc/0xc50
[  182.803375][ T3951]  ? file_end_write+0x230/0x230
[  182.808213][ T3951]  ? ptrace_stop+0x74d/0x970
[  182.812794][ T3951]  ? _raw_spin_unlock_irq+0x2a/0x40
[  182.817984][ T3951]  ? __fdget_pos+0x252/0x2e0
[  182.822563][ T3951]  ksys_write+0x177/0x2a0
[  182.826879][ T3951]  ? __ia32_sys_read+0x80/0x80
[  182.831628][ T3951]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  182.837601][ T3951]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  182.843567][ T3951]  do_syscall_64+0x3d/0xb0
[  182.847969][ T3951]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  182.853850][ T3951] RIP: 0033:0x7f0fa5191c89
[  182.858251][ T3951] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  182.877845][ T3951] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  182.886246][ T3951] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  182.894203][ T3951] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  182.902159][ T3951] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  182.910114][ T3951] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  182.918068][ T3951] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000130
[pid  3951] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3951] exit_group(0)               = ?
[pid  3951] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3951, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./304", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./304", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./304/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./304/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./304/binderfs")                = 0
umount2("./304/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./304/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./304/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./304/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./304/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./304/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./304")                          = 0
mkdir("./305", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3952
./strace-static-x86_64: Process 3952 attached
[pid  3952] chdir("./305")              = 0
[pid  3952] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3952] setpgid(0, 0)               = 0
[pid  3952] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3952] write(3, "1000", 4)         = 4
[pid  3952] close(3)                    = 0
[pid  3952] symlink("/dev/binderfs", "./binderfs") = 0
[  182.926039][ T3951]  </TASK>
[pid  3952] memfd_create("syzkaller", 0) = 3
[pid  3952] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3952] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3952] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3952] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3952] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3952] close(3)                    = 0
[pid  3952] mkdir("./file0", 0777)      = 0
[pid  3952] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3952] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3952] chdir("./file0")            = 0
[pid  3952] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3952] close(4)                    = 0
[pid  3952] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3952] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3952] write(5, "13", 2)           = 2
[  182.970666][ T3952] loop0: detected capacity change from 0 to 64
[  182.995522][ T3952] FAULT_INJECTION: forcing a failure.
[  182.995522][ T3952] name failslab, interval 1, probability 0, space 0, times 0
[  183.008561][ T3952] CPU: 0 PID: 3952 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  183.019008][ T3952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  183.029079][ T3952] Call Trace:
[  183.032365][ T3952]  <TASK>
[  183.035291][ T3952]  dump_stack_lvl+0x1b1/0x28e
[  183.039974][ T3952]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  183.045453][ T3952]  ? panic+0x710/0x710
[  183.049628][ T3952]  ? __might_sleep+0xc0/0xc0
[  183.054224][ T3952]  ? __mutex_lock_common+0x45f/0x26e0
[  183.059599][ T3952]  should_fail_ex+0x395/0x4c0
[  183.064273][ T3952]  ? hfs_find_init+0x8b/0x1e0
[  183.068955][ T3952]  should_failslab+0x5/0x20
[  183.073468][ T3952]  __kmem_cache_alloc_node+0x69/0x310
[  183.078843][ T3952]  ? rcu_lock_release+0x5/0x20
[  183.083622][ T3952]  ? hfs_find_init+0x8b/0x1e0
[  183.088303][ T3952]  __kmalloc+0x9e/0x1a0
[  183.092490][ T3952]  hfs_find_init+0x8b/0x1e0
[  183.097031][ T3952]  hfs_extend_file+0x2f8/0x1420
[  183.101876][ T3952]  ? xas_find+0x937/0xa60
[  183.106222][ T3952]  ? hfs_get_block+0xbb0/0xbb0
[  183.110995][ T3952]  ? filemap_get_folios+0x557/0x830
[  183.116198][ T3952]  ? find_lock_entries+0xf60/0xf60
[  183.121319][ T3952]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  183.127229][ T3952]  hfs_get_block+0x3fc/0xbb0
[  183.131821][ T3952]  ? hfs_free_extents+0x420/0x420
[  183.136834][ T3952]  ? do_raw_spin_unlock+0x134/0x8a0
[  183.142051][ T3952]  ? create_page_buffers+0x244/0x4b0
[  183.147352][ T3952]  __block_write_begin_int+0x54c/0x1a80
[  183.153138][ T3952]  ? hfs_free_extents+0x420/0x420
[  183.158205][ T3952]  ? page_zero_new_buffers+0x940/0x940
[  183.163664][ T3952]  ? PageHeadHuge+0x8a/0x1d0
[  183.168269][ T3952]  ? hfs_free_extents+0x420/0x420
[  183.173391][ T3952]  block_write_begin+0x93/0x1e0
[  183.178279][ T3952]  ? cont_write_begin+0x5e5/0x860
[  183.183336][ T3952]  ? hfs_free_extents+0x420/0x420
[  183.188359][ T3952]  cont_write_begin+0x606/0x860
[  183.193213][ T3952]  ? fault_in_readable+0x1d5/0x310
[  183.198319][ T3952]  ? generic_cont_expand_simple+0x250/0x250
[  183.204206][ T3952]  ? fault_in_readable+0x219/0x310
[  183.209310][ T3952]  ? fault_in_safe_writeable+0x240/0x240
[  183.215007][ T3952]  hfs_write_begin+0x86/0xd0
[  183.219598][ T3952]  ? hfs_free_extents+0x420/0x420
[  183.224625][ T3952]  generic_perform_write+0x2e4/0x5e0
[  183.229928][ T3952]  ? __block_commit_write+0x420/0x420
[  183.235322][ T3952]  ? generic_file_direct_write+0x610/0x610
[  183.241143][ T3952]  ? __file_remove_privs+0x6c0/0x6c0
[  183.246439][ T3952]  ? generic_write_checks+0x15c/0x1c0
[  183.251844][ T3952]  __generic_file_write_iter+0x176/0x400
[  183.257505][ T3952]  generic_file_write_iter+0xab/0x310
[  183.262891][ T3952]  vfs_write+0x7dc/0xc50
[  183.267151][ T3952]  ? file_end_write+0x230/0x230
[  183.271995][ T3952]  ? ptrace_stop+0x74d/0x970
[  183.276605][ T3952]  ? _raw_spin_unlock_irq+0x2a/0x40
[  183.281817][ T3952]  ? __fdget_pos+0x252/0x2e0
[  183.286413][ T3952]  ksys_write+0x177/0x2a0
[  183.290749][ T3952]  ? __ia32_sys_read+0x80/0x80
[  183.295523][ T3952]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  183.301512][ T3952]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  183.307511][ T3952]  do_syscall_64+0x3d/0xb0
[  183.311926][ T3952]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  183.317821][ T3952] RIP: 0033:0x7f0fa5191c89
[  183.322244][ T3952] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  183.341935][ T3952] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  183.350352][ T3952] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  183.358324][ T3952] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid  3952] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3952] exit_group(0)               = ?
[pid  3952] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3952, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./305", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./305", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./305/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./305/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./305/binderfs")                = 0
umount2("./305/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./305/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./305/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./305/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./305/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./305/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./305")                          = 0
mkdir("./306", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3953
./strace-static-x86_64: Process 3953 attached
[pid  3953] chdir("./306")              = 0
[pid  3953] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3953] setpgid(0, 0)               = 0
[pid  3953] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3953] write(3, "1000", 4)         = 4
[  183.366316][ T3952] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  183.374305][ T3952] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  183.382281][ T3952] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000131
[  183.390256][ T3952]  </TASK>
[pid  3953] close(3)                    = 0
[pid  3953] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3953] memfd_create("syzkaller", 0) = 3
[pid  3953] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3953] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3953] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3953] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3953] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3953] close(3)                    = 0
[pid  3953] mkdir("./file0", 0777)      = 0
[pid  3953] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3953] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3953] chdir("./file0")            = 0
[pid  3953] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3953] close(4)                    = 0
[pid  3953] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3953] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3953] write(5, "13", 2)           = 2
[  183.441297][ T3953] loop0: detected capacity change from 0 to 64
[  183.464645][ T3953] FAULT_INJECTION: forcing a failure.
[  183.464645][ T3953] name failslab, interval 1, probability 0, space 0, times 0
[  183.477662][ T3953] CPU: 0 PID: 3953 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  183.488088][ T3953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  183.498129][ T3953] Call Trace:
[  183.501399][ T3953]  <TASK>
[  183.504316][ T3953]  dump_stack_lvl+0x1b1/0x28e
[  183.508987][ T3953]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  183.514430][ T3953]  ? panic+0x710/0x710
[  183.518491][ T3953]  ? __might_sleep+0xc0/0xc0
[  183.523068][ T3953]  ? __mutex_lock_common+0x45f/0x26e0
[  183.528441][ T3953]  should_fail_ex+0x395/0x4c0
[  183.533106][ T3953]  ? hfs_find_init+0x8b/0x1e0
[  183.537771][ T3953]  should_failslab+0x5/0x20
[  183.542263][ T3953]  __kmem_cache_alloc_node+0x69/0x310
[  183.547619][ T3953]  ? rcu_lock_release+0x5/0x20
[  183.552371][ T3953]  ? hfs_find_init+0x8b/0x1e0
[  183.557035][ T3953]  __kmalloc+0x9e/0x1a0
[  183.561182][ T3953]  hfs_find_init+0x8b/0x1e0
[  183.565680][ T3953]  hfs_extend_file+0x2f8/0x1420
[  183.570516][ T3953]  ? xas_find+0x937/0xa60
[  183.574839][ T3953]  ? hfs_get_block+0xbb0/0xbb0
[  183.579588][ T3953]  ? filemap_get_folios+0x557/0x830
[  183.584774][ T3953]  ? find_lock_entries+0xf60/0xf60
[  183.589873][ T3953]  ? trace_writeback_dirty_inode+0xdf/0x2b0
[  183.595760][ T3953]  hfs_get_block+0x3fc/0xbb0
[  183.600342][ T3953]  ? hfs_free_extents+0x420/0x420
[  183.605350][ T3953]  ? do_raw_spin_unlock+0x134/0x8a0
[  183.610544][ T3953]  ? create_page_buffers+0x244/0x4b0
[  183.615817][ T3953]  __block_write_begin_int+0x54c/0x1a80
[  183.621366][ T3953]  ? hfs_free_extents+0x420/0x420
[  183.626374][ T3953]  ? page_zero_new_buffers+0x940/0x940
[  183.631823][ T3953]  ? PageHeadHuge+0x8a/0x1d0
[  183.636400][ T3953]  ? hfs_free_extents+0x420/0x420
[  183.641410][ T3953]  block_write_begin+0x93/0x1e0
[  183.646248][ T3953]  ? cont_write_begin+0x5e5/0x860
[  183.651257][ T3953]  ? hfs_free_extents+0x420/0x420
[  183.656269][ T3953]  cont_write_begin+0x606/0x860
[  183.661110][ T3953]  ? fault_in_readable+0x1d5/0x310
[  183.666213][ T3953]  ? generic_cont_expand_simple+0x250/0x250
[  183.672093][ T3953]  ? fault_in_readable+0x219/0x310
[  183.677193][ T3953]  ? fault_in_safe_writeable+0x240/0x240
[  183.682819][ T3953]  hfs_write_begin+0x86/0xd0
[  183.687392][ T3953]  ? hfs_free_extents+0x420/0x420
[  183.692404][ T3953]  generic_perform_write+0x2e4/0x5e0
[  183.697682][ T3953]  ? __block_commit_write+0x420/0x420
[  183.703043][ T3953]  ? generic_file_direct_write+0x610/0x610
[  183.708836][ T3953]  ? __file_remove_privs+0x6c0/0x6c0
[  183.714111][ T3953]  ? generic_write_checks+0x15c/0x1c0
[  183.719565][ T3953]  __generic_file_write_iter+0x176/0x400
[  183.725202][ T3953]  generic_file_write_iter+0xab/0x310
[  183.730650][ T3953]  vfs_write+0x7dc/0xc50
[  183.734892][ T3953]  ? file_end_write+0x230/0x230
[  183.739729][ T3953]  ? ptrace_stop+0x74d/0x970
[  183.744314][ T3953]  ? _raw_spin_unlock_irq+0x2a/0x40
[  183.749503][ T3953]  ? __fdget_pos+0x252/0x2e0
[  183.754087][ T3953]  ksys_write+0x177/0x2a0
[  183.758406][ T3953]  ? __ia32_sys_read+0x80/0x80
[  183.763156][ T3953]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  183.769142][ T3953]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  183.775113][ T3953]  do_syscall_64+0x3d/0xb0
[  183.779520][ T3953]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  183.785398][ T3953] RIP: 0033:0x7f0fa5191c89
[  183.789802][ T3953] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  183.809396][ T3953] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  183.817813][ T3953] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  183.825797][ T3953] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  183.833774][ T3953] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid  3953] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3953] exit_group(0)               = ?
[pid  3953] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3953, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./306", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./306", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./306/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./306/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./306/binderfs")                = 0
umount2("./306/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./306/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./306/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./306/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./306/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./306/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./306")                          = 0
mkdir("./307", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3954
./strace-static-x86_64: Process 3954 attached
[pid  3954] chdir("./307")              = 0
[pid  3954] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3954] setpgid(0, 0)               = 0
[pid  3954] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3954] write(3, "1000", 4)         = 4
[pid  3954] close(3)                    = 0
[pid  3954] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3954] memfd_create("syzkaller", 0) = 3
[pid  3954] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3954] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3954] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3954] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[  183.841748][ T3953] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  183.849727][ T3953] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000132
[  183.857724][ T3953]  </TASK>
[pid  3954] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3954] close(3)                    = 0
[pid  3954] mkdir("./file0", 0777)      = 0
[pid  3954] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3954] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3954] chdir("./file0")            = 0
[pid  3954] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3954] close(4)                    = 0
[pid  3954] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3954] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3954] write(5, "13", 2)           = 2
[  183.894906][ T3954] loop0: detected capacity change from 0 to 64
[  183.897172][ T3640] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  183.929474][ T3954] FAULT_INJECTION: forcing a failure.
[  183.929474][ T3954] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  183.943251][ T3954] CPU: 0 PID: 3954 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  183.953692][ T3954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  183.963755][ T3954] Call Trace:
[  183.967027][ T3954]  <TASK>
[  183.969950][ T3954]  dump_stack_lvl+0x1b1/0x28e
[  183.974635][ T3954]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  183.980095][ T3954]  ? panic+0x710/0x710
[  183.984171][ T3954]  ? do_anonymous_page+0xd4a/0x1150
[  183.989397][ T3954]  ? mark_lock+0x9a/0x350
[  183.993751][ T3954]  should_fail_ex+0x395/0x4c0
[  183.998533][ T3954]  prepare_alloc_pages+0x1d7/0x5a0
[  184.003648][ T3954]  __alloc_pages+0x161/0x560
[  184.008242][ T3954]  ? zone_statistics+0x160/0x160
[  184.013188][ T3954]  ? rcu_lock_release+0x5/0x20
[  184.017949][ T3954]  ? alloc_pages+0x520/0x7b0
[  184.022539][ T3954]  ? xas_descend+0x1f3/0x400
[  184.027143][ T3954]  folio_alloc+0x1a/0x50
[  184.031379][ T3954]  filemap_alloc_folio+0x7e/0x1c0
[  184.036414][ T3954]  __filemap_get_folio+0x898/0x1260
[  184.041629][ T3954]  ? page_cache_prev_miss+0x4e0/0x4e0
[  184.046994][ T3954]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[  184.052979][ T3954]  ? print_irqtrace_events+0x220/0x220
[  184.058462][ T3954]  pagecache_get_page+0x28/0x260
[  184.063411][ T3954]  ? hfs_free_extents+0x420/0x420
[  184.068422][ T3954]  block_write_begin+0x2e/0x1e0
[  184.073264][ T3954]  ? cont_write_begin+0x5e5/0x860
[  184.078279][ T3954]  ? hfs_free_extents+0x420/0x420
[  184.083309][ T3954]  cont_write_begin+0x606/0x860
[  184.088183][ T3954]  ? fault_in_readable+0x1d5/0x310
[  184.093290][ T3954]  ? generic_cont_expand_simple+0x250/0x250
[  184.099175][ T3954]  ? fault_in_readable+0x219/0x310
[  184.104282][ T3954]  ? fault_in_safe_writeable+0x240/0x240
[  184.109914][ T3954]  hfs_write_begin+0x86/0xd0
[  184.114495][ T3954]  ? hfs_free_extents+0x420/0x420
[  184.119511][ T3954]  generic_perform_write+0x2e4/0x5e0
[  184.124800][ T3954]  ? __block_commit_write+0x420/0x420
[  184.130178][ T3954]  ? generic_file_direct_write+0x610/0x610
[  184.135995][ T3954]  ? __file_remove_privs+0x6c0/0x6c0
[  184.141287][ T3954]  ? generic_write_checks+0x15c/0x1c0
[  184.146772][ T3954]  __generic_file_write_iter+0x176/0x400
[  184.152439][ T3954]  generic_file_write_iter+0xab/0x310
[  184.157825][ T3954]  vfs_write+0x7dc/0xc50
[  184.162103][ T3954]  ? file_end_write+0x230/0x230
[  184.166955][ T3954]  ? ptrace_stop+0x74d/0x970
[  184.171568][ T3954]  ? _raw_spin_unlock_irq+0x2a/0x40
[  184.176786][ T3954]  ? __fdget_pos+0x252/0x2e0
[  184.181390][ T3954]  ksys_write+0x177/0x2a0
[  184.185746][ T3954]  ? __ia32_sys_read+0x80/0x80
[  184.190510][ T3954]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  184.196498][ T3954]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  184.202495][ T3954]  do_syscall_64+0x3d/0xb0
[  184.206915][ T3954]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  184.212803][ T3954] RIP: 0033:0x7f0fa5191c89
[  184.217212][ T3954] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  184.236834][ T3954] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid  3954] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  3954] exit_group(0)               = ?
[pid  3954] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3954, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./307", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./307", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./307/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./307/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./307/binderfs")                = 0
umount2("./307/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./307/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./307/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./307/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./307/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./307/file0")                    = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./307")                          = 0
mkdir("./308", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3955
./strace-static-x86_64: Process 3955 attached
[pid  3955] chdir("./308")              = 0
[pid  3955] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3955] setpgid(0, 0)               = 0
[pid  3955] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3955] write(3, "1000", 4)         = 4
[  184.245244][ T3954] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  184.253219][ T3954] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  184.261196][ T3954] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  184.269167][ T3954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  184.277129][ T3954] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000133
[  184.285107][ T3954]  </TASK>
[pid  3955] close(3)                    = 0
[pid  3955] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3955] memfd_create("syzkaller", 0) = 3
[pid  3955] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid  3955] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  3955] munmap(0x7f0f9cc00000, 32768) = 0
[pid  3955] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3955] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3955] close(3)                    = 0
[pid  3955] mkdir("./file0", 0777)      = 0
[pid  3955] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  3955] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3955] chdir("./file0")            = 0
[pid  3955] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3955] close(4)                    = 0
[pid  3955] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  3955] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3955] write(5, "13", 2)           = 2
[  184.333664][ T3955] loop0: detected capacity change from 0 to 64
[  184.335998][ T3640] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  184.364036][ T3955] FAULT_INJECTION: forcing a failure.
[  184.364036][ T3955] name failslab, interval 1, probability 0, space 0, times 0
[  184.377207][ T3955] CPU: 0 PID: 3955 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  184.387615][ T3955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  184.397658][ T3955] Call Trace:
[  184.400926][ T3955]  <TASK>
[  184.403846][ T3955]  dump_stack_lvl+0x1b1/0x28e
[  184.408516][ T3955]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  184.413958][ T3955]  ? panic+0x710/0x710
[  184.418021][ T3955]  ? __might_sleep+0xc0/0xc0
[  184.422600][ T3955]  should_fail_ex+0x395/0x4c0
[  184.427380][ T3955]  ? __hfs_bnode_create+0xed/0x7a0
[  184.432488][ T3955]  should_failslab+0x5/0x20
[  184.436995][ T3955]  __kmem_cache_alloc_node+0x69/0x310
[  184.442380][ T3955]  ? __hfs_bnode_create+0xed/0x7a0
[  184.447575][ T3955]  __kmalloc+0x9e/0x1a0
[  184.451760][ T3955]  __hfs_bnode_create+0xed/0x7a0
[  184.456699][ T3955]  ? hfs_bnode_create+0x11d/0x460
[  184.461720][ T3955]  ? hfs_bnode_get+0x40/0x40
[  184.466313][ T3955]  ? do_raw_spin_unlock+0x134/0x8a0
[  184.471521][ T3955]  hfs_bnode_create+0x128/0x460
[  184.476369][ T3955]  ? hfs_bnode_put+0x1c3/0x480
[  184.481132][ T3955]  hfs_bmap_alloc+0x598/0x620
[  184.485817][ T3955]  ? hfs_bmap_reserve+0x410/0x410
[  184.490847][ T3955]  hfs_btree_inc_height+0xec/0xca0
[  184.495964][ T3955]  ? hfs_brec_insert+0xc00/0xc00
[  184.500906][ T3955]  ? rcu_read_lock_sched_held+0x87/0x110
[  184.506550][ T3955]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[  184.512534][ T3955]  hfs_brec_insert+0x12f/0xc00
[  184.517298][ T3955]  ? trace_contention_end+0x72/0x1d0
[  184.522590][ T3955]  ? __might_sleep+0xc0/0xc0
[  184.527185][ T3955]  ? hfs_brec_keylen+0x360/0x360
[  184.532132][ T3955]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[  184.538115][ T3955]  __hfs_ext_write_extent+0x2a6/0x460
[  184.543488][ T3955]  __hfs_ext_cache_extent+0x67/0x980
[  184.548775][ T3955]  ? mutex_lock_nested+0x17/0x20
[  184.553711][ T3955]  ? hfs_find_init+0x167/0x1e0
[  184.558481][ T3955]  hfs_extend_file+0x323/0x1420
[  184.563343][ T3955]  ? hfs_get_block+0xbb0/0xbb0
[  184.568105][ T3955]  ? lru_cache_disable+0x30/0x30
[  184.573049][ T3955]  ? __might_sleep+0xc0/0xc0
[  184.577659][ T3955]  hfs_get_block+0x3fc/0xbb0
[  184.582260][ T3955]  ? hfs_free_extents+0x420/0x420
[  184.587282][ T3955]  ? do_raw_spin_unlock+0x134/0x8a0
[  184.592491][ T3955]  ? create_page_buffers+0x244/0x4b0
[  184.597782][ T3955]  __block_write_begin_int+0x54c/0x1a80
[  184.603351][ T3955]  ? hfs_free_extents+0x420/0x420
[  184.608373][ T3955]  ? page_zero_new_buffers+0x940/0x940
[  184.613832][ T3955]  ? PageHeadHuge+0x8a/0x1d0
[  184.618427][ T3955]  ? hfs_free_extents+0x420/0x420
[  184.623449][ T3955]  block_write_begin+0x93/0x1e0
[  184.628312][ T3955]  ? cont_write_begin+0x5e5/0x860
[  184.633340][ T3955]  ? hfs_free_extents+0x420/0x420
[  184.638361][ T3955]  cont_write_begin+0x606/0x860
[  184.643219][ T3955]  ? fault_in_readable+0x1d5/0x310
[  184.648334][ T3955]  ? generic_cont_expand_simple+0x250/0x250
[  184.654252][ T3955]  ? fault_in_readable+0x219/0x310
[  184.659400][ T3955]  ? fault_in_safe_writeable+0x240/0x240
[  184.665068][ T3955]  hfs_write_begin+0x86/0xd0
[  184.669666][ T3955]  ? hfs_free_extents+0x420/0x420
[  184.674715][ T3955]  generic_perform_write+0x2e4/0x5e0
[  184.680023][ T3955]  ? __block_commit_write+0x420/0x420
[  184.685399][ T3955]  ? generic_file_direct_write+0x610/0x610
[  184.691205][ T3955]  ? __file_remove_privs+0x6c0/0x6c0
[  184.696489][ T3955]  ? generic_write_checks+0x15c/0x1c0
[  184.701870][ T3955]  __generic_file_write_iter+0x176/0x400
[  184.707511][ T3955]  generic_file_write_iter+0xab/0x310
[  184.712905][ T3955]  vfs_write+0x7dc/0xc50
[  184.717183][ T3955]  ? file_end_write+0x230/0x230
[  184.722041][ T3955]  ? ptrace_stop+0x74d/0x970
[  184.726645][ T3955]  ? _raw_spin_unlock_irq+0x2a/0x40
[  184.731855][ T3955]  ? __fdget_pos+0x252/0x2e0
[  184.736466][ T3955]  ksys_write+0x177/0x2a0
[  184.740811][ T3955]  ? __ia32_sys_read+0x80/0x80
[  184.745579][ T3955]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  184.751589][ T3955]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  184.757607][ T3955]  do_syscall_64+0x3d/0xb0
[  184.762047][ T3955]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  184.767965][ T3955] RIP: 0033:0x7f0fa5191c89
[  184.772386][ T3955] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  184.791992][ T3955] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  184.800404][ T3955] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  184.808389][ T3955] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  184.816365][ T3955] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  184.824345][ T3955] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  184.832323][ T3955] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000134
[  184.840326][ T3955]  </TASK>
[  184.844151][ T3955] hfs: new node 0 already hashed?
[  184.849512][ T3955] ------------[ cut here ]------------
[  184.855272][ T3955] WARNING: CPU: 1 PID: 3955 at fs/hfs/bnode.c:421 hfs_bnode_create+0x3d4/0x460
[  184.864267][ T3955] Modules linked in:
[  184.868158][ T3955] CPU: 1 PID: 3955 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  184.878609][ T3955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  184.888700][ T3955] RIP: 0010:hfs_bnode_create+0x3d4/0x460
[  184.894376][ T3955] Code: 31 c0 e8 5b fe 31 08 e9 5f fd ff ff e8 55 6a 2c ff 4c 89 ff e8 3d 69 3d 08 48 c7 c7 20 de 07 8b 44 89 e6 31 c0 e8 38 fe 31 08 <0f> 0b eb b1 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 61 fc ff ff 48 89
[  184.914141][ T3955] RSP: 0018:ffffc9000425ef90 EFLAGS: 00010246
[  184.920207][ T3955] RAX: 000000000000001f RBX: ffff88801916f400 RCX: c4d3206178de5900
[  184.928216][ T3955] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[  184.936241][ T3955] RBP: 0000000000000000 R08: ffffffff816e55cd R09: fffff5200084bd69
[  184.944269][ T3955] R10: fffff5200084bd69 R11: 1ffff9200084bd68 R12: 0000000000000000
[  184.952441][ T3955] R13: dffffc0000000000 R14: ffff88802750e000 R15: ffff88802750e0e0
[  184.960413][ T3955] FS:  0000555555b7f300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[  184.969419][ T3955] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  184.976074][ T3955] CR2: 0000000020004200 CR3: 000000007e547000 CR4: 00000000003506e0
[  184.984097][ T3955] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  184.992101][ T3955] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  185.000065][ T3955] Call Trace:
[  185.003381][ T3955]  <TASK>
[  185.006319][ T3955]  ? hfs_bnode_put+0x1c3/0x480
[  185.011141][ T3955]  hfs_bmap_alloc+0x598/0x620
[  185.015834][ T3955]  ? hfs_bmap_reserve+0x410/0x410
[  185.020906][ T3955]  ? hfs_brec_insert+0x6fb/0xc00
[  185.025855][ T3955]  ? trace_lock_release+0x95/0x220
[  185.031028][ T3955]  hfs_btree_inc_height+0xec/0xca0
[  185.036233][ T3955]  ? hfs_brec_insert+0x6fb/0xc00
[  185.041231][ T3955]  ? hfs_brec_insert+0xc00/0xc00
[  185.046190][ T3955]  ? do_raw_spin_unlock+0x134/0x8a0
[  185.051432][ T3955]  ? hfs_bnode_put+0x1c3/0x480
[  185.056212][ T3955]  hfs_brec_insert+0x74a/0xc00
[  185.061045][ T3955]  ? hfs_brec_keylen+0x360/0x360
[  185.065992][ T3955]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[  185.072015][ T3955]  __hfs_ext_write_extent+0x2a6/0x460
[  185.077400][ T3955]  __hfs_ext_cache_extent+0x67/0x980
[  185.082742][ T3955]  ? mutex_lock_nested+0x17/0x20
[  185.087704][ T3955]  ? hfs_find_init+0x167/0x1e0
[  185.092539][ T3955]  hfs_extend_file+0x323/0x1420
[  185.097427][ T3955]  ? hfs_get_block+0xbb0/0xbb0
[  185.102251][ T3955]  ? lru_cache_disable+0x30/0x30
[  185.107223][ T3955]  ? __might_sleep+0xc0/0xc0
[  185.111881][ T3955]  hfs_get_block+0x3fc/0xbb0
[  185.116613][ T3955]  ? hfs_free_extents+0x420/0x420
[  185.121691][ T3955]  ? do_raw_spin_unlock+0x134/0x8a0
[  185.126912][ T3955]  ? create_page_buffers+0x244/0x4b0
[  185.132270][ T3955]  __block_write_begin_int+0x54c/0x1a80
[  185.137879][ T3955]  ? hfs_free_extents+0x420/0x420
[  185.142966][ T3955]  ? page_zero_new_buffers+0x940/0x940
[  185.148446][ T3955]  ? PageHeadHuge+0x8a/0x1d0
[  185.153119][ T3955]  ? hfs_free_extents+0x420/0x420
[  185.158287][ T3955]  block_write_begin+0x93/0x1e0
[  185.163193][ T3955]  ? cont_write_begin+0x5e5/0x860
[  185.168233][ T3955]  ? hfs_free_extents+0x420/0x420
[  185.173332][ T3955]  cont_write_begin+0x606/0x860
[  185.178224][ T3955]  ? fault_in_readable+0x1d5/0x310
[  185.183417][ T3955]  ? generic_cont_expand_simple+0x250/0x250
[  185.189333][ T3955]  ? fault_in_readable+0x219/0x310
[  185.194534][ T3955]  ? fault_in_safe_writeable+0x240/0x240
[  185.200206][ T3955]  hfs_write_begin+0x86/0xd0
[  185.204882][ T3955]  ? hfs_free_extents+0x420/0x420
[  185.209922][ T3955]  generic_perform_write+0x2e4/0x5e0
[  185.215301][ T3955]  ? __block_commit_write+0x420/0x420
[  185.220692][ T3955]  ? generic_file_direct_write+0x610/0x610
[  185.226569][ T3955]  ? __file_remove_privs+0x6c0/0x6c0
[  185.231912][ T3955]  ? generic_write_checks+0x15c/0x1c0
[  185.237298][ T3955]  __generic_file_write_iter+0x176/0x400
[  185.242983][ T3955]  generic_file_write_iter+0xab/0x310
[  185.248383][ T3955]  vfs_write+0x7dc/0xc50
[  185.252805][ T3955]  ? file_end_write+0x230/0x230
[  185.257664][ T3955]  ? ptrace_stop+0x74d/0x970
[  185.262310][ T3955]  ? _raw_spin_unlock_irq+0x2a/0x40
[  185.267527][ T3955]  ? __fdget_pos+0x252/0x2e0
[  185.272175][ T3955]  ksys_write+0x177/0x2a0
[  185.276528][ T3955]  ? __ia32_sys_read+0x80/0x80
[  185.281354][ T3955]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  185.287368][ T3955]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  185.293426][ T3955]  do_syscall_64+0x3d/0xb0
[  185.297870][ T3955]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  185.303810][ T3955] RIP: 0033:0x7f0fa5191c89
[  185.308258][ T3955] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  185.327962][ T3955] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  185.336454][ T3955] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  185.344494][ T3955] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  185.352650][ T3955] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  185.360649][ T3955] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  185.368692][ T3955] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000134
[  185.376710][ T3955]  </TASK>
[  185.379724][ T3955] Kernel panic - not syncing: panic_on_warn set ...
[  185.386313][ T3955] CPU: 1 PID: 3955 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[  185.396741][ T3955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  185.406962][ T3955] Call Trace:
[  185.410235][ T3955]  <TASK>
[  185.413163][ T3955]  dump_stack_lvl+0x1b1/0x28e
[  185.417845][ T3955]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  185.423392][ T3955]  ? panic+0x710/0x710
[  185.427482][ T3955]  ? vscnprintf+0x59/0x80
[  185.431838][ T3955]  ? hfs_bnode_create+0x360/0x460
[  185.436861][ T3955]  panic+0x2d6/0x710
[  185.440747][ T3955]  ? __warn+0x131/0x220
[  185.444908][ T3955]  ? memcpy_page_flushcache+0xfc/0xfc
[  185.450280][ T3955]  ? hfs_bnode_create+0x3d4/0x460
[  185.455294][ T3955]  __warn+0x1fa/0x220
[  185.459269][ T3955]  ? hfs_bnode_create+0x3d4/0x460
[  185.464293][ T3955]  report_bug+0x1b3/0x2d0
[  185.468633][ T3955]  handle_bug+0x3d/0x70
[  185.472786][ T3955]  exc_invalid_op+0x16/0x40
[  185.477295][ T3955]  asm_exc_invalid_op+0x16/0x20
[  185.482143][ T3955] RIP: 0010:hfs_bnode_create+0x3d4/0x460
[  185.487775][ T3955] Code: 31 c0 e8 5b fe 31 08 e9 5f fd ff ff e8 55 6a 2c ff 4c 89 ff e8 3d 69 3d 08 48 c7 c7 20 de 07 8b 44 89 e6 31 c0 e8 38 fe 31 08 <0f> 0b eb b1 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 61 fc ff ff 48 89
[  185.507387][ T3955] RSP: 0018:ffffc9000425ef90 EFLAGS: 00010246
[  185.513453][ T3955] RAX: 000000000000001f RBX: ffff88801916f400 RCX: c4d3206178de5900
[  185.521421][ T3955] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[  185.529392][ T3955] RBP: 0000000000000000 R08: ffffffff816e55cd R09: fffff5200084bd69
[  185.537360][ T3955] R10: fffff5200084bd69 R11: 1ffff9200084bd68 R12: 0000000000000000
[  185.545327][ T3955] R13: dffffc0000000000 R14: ffff88802750e000 R15: ffff88802750e0e0
[  185.553306][ T3955]  ? __wake_up_klogd+0xcd/0x100
[  185.558168][ T3955]  ? hfs_bnode_put+0x1c3/0x480
[  185.562933][ T3955]  hfs_bmap_alloc+0x598/0x620
[  185.567612][ T3955]  ? hfs_bmap_reserve+0x410/0x410
[  185.572635][ T3955]  ? hfs_brec_insert+0x6fb/0xc00
[  185.577577][ T3955]  ? trace_lock_release+0x95/0x220
[  185.582695][ T3955]  hfs_btree_inc_height+0xec/0xca0
[  185.587810][ T3955]  ? hfs_brec_insert+0x6fb/0xc00
[  185.592753][ T3955]  ? hfs_brec_insert+0xc00/0xc00
[  185.597696][ T3955]  ? do_raw_spin_unlock+0x134/0x8a0
[  185.602898][ T3955]  ? hfs_bnode_put+0x1c3/0x480
[  185.607666][ T3955]  hfs_brec_insert+0x74a/0xc00
[  185.612448][ T3955]  ? hfs_brec_keylen+0x360/0x360
[  185.617391][ T3955]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[  185.623378][ T3955]  __hfs_ext_write_extent+0x2a6/0x460
[  185.628756][ T3955]  __hfs_ext_cache_extent+0x67/0x980
[  185.634044][ T3955]  ? mutex_lock_nested+0x17/0x20
[  185.638981][ T3955]  ? hfs_find_init+0x167/0x1e0
[  185.643753][ T3955]  hfs_extend_file+0x323/0x1420
[  185.648618][ T3955]  ? hfs_get_block+0xbb0/0xbb0
[  185.653383][ T3955]  ? lru_cache_disable+0x30/0x30
[  185.658324][ T3955]  ? __might_sleep+0xc0/0xc0
[  185.662934][ T3955]  hfs_get_block+0x3fc/0xbb0
[  185.667539][ T3955]  ? hfs_free_extents+0x420/0x420
[  185.672561][ T3955]  ? do_raw_spin_unlock+0x134/0x8a0
[  185.677767][ T3955]  ? create_page_buffers+0x244/0x4b0
[  185.683064][ T3955]  __block_write_begin_int+0x54c/0x1a80
[  185.688635][ T3955]  ? hfs_free_extents+0x420/0x420
[  185.693659][ T3955]  ? page_zero_new_buffers+0x940/0x940
[  185.699120][ T3955]  ? PageHeadHuge+0x8a/0x1d0
[  185.703717][ T3955]  ? hfs_free_extents+0x420/0x420
[  185.708737][ T3955]  block_write_begin+0x93/0x1e0
[  185.713593][ T3955]  ? cont_write_begin+0x5e5/0x860
[  185.718619][ T3955]  ? hfs_free_extents+0x420/0x420
[  185.723666][ T3955]  cont_write_begin+0x606/0x860
[  185.728526][ T3955]  ? fault_in_readable+0x1d5/0x310
[  185.733728][ T3955]  ? generic_cont_expand_simple+0x250/0x250
[  185.739630][ T3955]  ? fault_in_readable+0x219/0x310
[  185.744745][ T3955]  ? fault_in_safe_writeable+0x240/0x240
[  185.750390][ T3955]  hfs_write_begin+0x86/0xd0
[  185.754977][ T3955]  ? hfs_free_extents+0x420/0x420
[  185.760058][ T3955]  generic_perform_write+0x2e4/0x5e0
[  185.765353][ T3955]  ? __block_commit_write+0x420/0x420
[  185.770729][ T3955]  ? generic_file_direct_write+0x610/0x610
[  185.776541][ T3955]  ? __file_remove_privs+0x6c0/0x6c0
[  185.781825][ T3955]  ? generic_write_checks+0x15c/0x1c0
[  185.787209][ T3955]  __generic_file_write_iter+0x176/0x400
[  185.792849][ T3955]  generic_file_write_iter+0xab/0x310
[  185.798225][ T3955]  vfs_write+0x7dc/0xc50
[  185.802479][ T3955]  ? file_end_write+0x230/0x230
[  185.807329][ T3955]  ? ptrace_stop+0x74d/0x970
[  185.811929][ T3955]  ? _raw_spin_unlock_irq+0x2a/0x40
[  185.817135][ T3955]  ? __fdget_pos+0x252/0x2e0
[  185.821732][ T3955]  ksys_write+0x177/0x2a0
[  185.826066][ T3955]  ? __ia32_sys_read+0x80/0x80
[  185.830835][ T3955]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  185.836823][ T3955]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  185.842805][ T3955]  do_syscall_64+0x3d/0xb0
[  185.847222][ T3955]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  185.853115][ T3955] RIP: 0033:0x7f0fa5191c89
[  185.857532][ T3955] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  185.877223][ T3955] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  185.885639][ T3955] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[  185.893609][ T3955] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[  185.901576][ T3955] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[  185.909544][ T3955] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  185.917510][ T3955] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000134
[  185.925496][ T3955]  </TASK>
[  185.928715][ T3955] Kernel Offset: disabled
[  185.933112][ T3955] Rebooting in 86400 seconds..