./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor286233648
<...>
DUID 00:04:b0:cd:33:f9:4f:8a:55:45:4d:7b:3b:ee:3a:71:f0:8b
forked to background, child pid 3209
[ 29.738057][ T3210] 8021q: adding VLAN 0 to HW filter on device bond0
[ 29.748580][ T3210] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.10.26' (ECDSA) to the list of known hosts.
execve("./syz-executor286233648", ["./syz-executor286233648"], 0x7fffb70bab20 /* 10 vars */) = 0
brk(NULL) = 0x555555b7f000
brk(0x555555b7fc40) = 0x555555b7fc40
arch_prctl(ARCH_SET_FS, 0x555555b7f300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor286233648", 4096) = 27
brk(0x555555ba0c40) = 0x555555ba0c40
brk(0x555555ba1000) = 0x555555ba1000
mprotect(0x7f0fa51fb000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
getpid() = 3638
openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3
write(3, "10000000000", 11) = 11
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3
write(3, "20", 2) = 2
close(3) = 0
openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
write(3, "100", 3) = 3
close(3) = 0
openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3
write(3, "7 4 1 3", 7) = 7
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3
write(3, "3638", 4) = 4
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4
sendto(4, [{nlmsg_len=36, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
recvfrom(4, [{nlmsg_len=680, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3638}, "\x01\x02\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00\x06\x00\x01\x00\x1c\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x25\x00\x00\x00\x48\x02\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x05\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x03\x00"...], 4096, 0, NULL, NULL) = 680
recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3638}, {error=0, msg={nlmsg_len=36, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
access("/proc/net", R_OK) = 0
access("/proc/net/unix", R_OK) = 0
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0
close(5) = 0
sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x06\x00\x0a\x00\xa0\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3638}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0
close(5) = 0
sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0c\x00\x01\x00\x02\x00\xaa\xaa\xaa\xaa\xaa\xaa"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44
recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3638}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
sendto(3, [{nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0}, [[{nla_len=11, nla_type=IFLA_IFNAME}, "lowpan0"...], [{nla_len=16, nla_type=IFLA_LINKINFO}, [{nla_len=10, nla_type=IFLA_INFO_KIND}, "lowpan"...]], [{nla_len=8, nla_type=IFLA_LINK}, 11]]], 68, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 68
recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3638}, {error=0, msg={nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0
close(5) = 0
sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x06\x00\x0a\x00\xa1\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3638}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0
close(5) = 0
sendto(3, [{nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=if_nametoindex("wpan1"), ifi_flags=IFF_UP, ifi_change=0x1}, [{nla_len=12, nla_type=IFLA_ADDRESS}, 02:01:aa:aa:aa:aa:aa]], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44
recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3638}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
close(3) = 0
close(4) = 0
getpid() = 3638
mkdir("./syzkaller.J1ibYh", 0700) = 0
chmod("./syzkaller.J1ibYh", 0777) = 0
chdir("./syzkaller.J1ibYh") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3641
./strace-static-x86_64: Process 3641 attached
[pid 3641] chdir("./0") = 0
[pid 3641] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3641] setpgid(0, 0) = 0
[pid 3641] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3641] write(3, "1000", 4) = 4
[pid 3641] close(3) = 0
[pid 3641] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3641] memfd_create("syzkaller", 0) = 3
[pid 3641] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3641] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3641] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3641] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3641] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3641] close(3) = 0
[pid 3641] mkdir("./file0", 0777) = 0
[pid 3641] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3641] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3641] chdir("./file0") = 0
[pid 3641] ioctl(4, LOOP_CLR_FD) = 0
[pid 3641] close(4) = 0
[pid 3641] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3641] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3641] write(5, "13", 2) = 2
syzkaller login: [ 52.880675][ T3641] loop0: detected capacity change from 0 to 64
[ 52.918495][ T3641] FAULT_INJECTION: forcing a failure.
[ 52.918495][ T3641] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[ 52.932703][ T3641] CPU: 0 PID: 3641 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 52.943224][ T3641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 52.953279][ T3641] Call Trace:
[ 52.956551][ T3641]
[ 52.959471][ T3641] dump_stack_lvl+0x1b1/0x28e
[ 52.964160][ T3641] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 52.969612][ T3641] ? panic+0x710/0x710
[ 52.973665][ T3641] ? do_anonymous_page+0xd4a/0x1150
[ 52.978854][ T3641] ? mark_lock+0x9a/0x350
[ 52.983171][ T3641] should_fail_ex+0x395/0x4c0
[ 52.987837][ T3641] prepare_alloc_pages+0x1d7/0x5a0
[ 52.992952][ T3641] __alloc_pages+0x161/0x560
[ 52.997547][ T3641] ? zone_statistics+0x160/0x160
[ 53.002489][ T3641] ? rcu_lock_release+0x5/0x20
[ 53.007249][ T3641] ? alloc_pages+0x520/0x7b0
[ 53.011831][ T3641] ? xas_descend+0x1f3/0x400
[ 53.016419][ T3641] folio_alloc+0x1a/0x50
[ 53.020665][ T3641] filemap_alloc_folio+0x7e/0x1c0
[ 53.025689][ T3641] __filemap_get_folio+0x898/0x1260
[ 53.030888][ T3641] ? page_cache_prev_miss+0x4e0/0x4e0
[ 53.036273][ T3641] ? lockdep_hardirqs_on_prepare+0x428/0x790
[ 53.042354][ T3641] ? print_irqtrace_events+0x220/0x220
[ 53.047819][ T3641] pagecache_get_page+0x28/0x260
[ 53.052761][ T3641] ? hfs_free_extents+0x420/0x420
[ 53.057786][ T3641] block_write_begin+0x2e/0x1e0
[ 53.062638][ T3641] ? cont_write_begin+0x5e5/0x860
[ 53.067667][ T3641] ? hfs_free_extents+0x420/0x420
[ 53.072687][ T3641] cont_write_begin+0x606/0x860
[ 53.077542][ T3641] ? fault_in_readable+0x1d5/0x310
[ 53.082656][ T3641] ? generic_cont_expand_simple+0x250/0x250
[ 53.088547][ T3641] ? fault_in_readable+0x219/0x310
[ 53.093655][ T3641] ? fault_in_safe_writeable+0x240/0x240
[ 53.099292][ T3641] hfs_write_begin+0x86/0xd0
[ 53.103876][ T3641] ? hfs_free_extents+0x420/0x420
[ 53.108896][ T3641] generic_perform_write+0x2e4/0x5e0
[ 53.114184][ T3641] ? __block_commit_write+0x420/0x420
[ 53.119555][ T3641] ? generic_file_direct_write+0x610/0x610
[ 53.125358][ T3641] ? __file_remove_privs+0x6c0/0x6c0
[ 53.130641][ T3641] ? generic_write_checks+0x15c/0x1c0
[ 53.136032][ T3641] __generic_file_write_iter+0x176/0x400
[ 53.141686][ T3641] generic_file_write_iter+0xab/0x310
[ 53.147069][ T3641] vfs_write+0x7dc/0xc50
[ 53.151323][ T3641] ? file_end_write+0x230/0x230
[ 53.156199][ T3641] ? ptrace_stop+0x74d/0x970
[ 53.160810][ T3641] ? _raw_spin_unlock_irq+0x2a/0x40
[ 53.166026][ T3641] ? __fdget_pos+0x252/0x2e0
[ 53.170800][ T3641] ksys_write+0x177/0x2a0
[ 53.175138][ T3641] ? __ia32_sys_read+0x80/0x80
[ 53.179902][ T3641] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 53.185880][ T3641] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 53.191855][ T3641] do_syscall_64+0x3d/0xb0
[ 53.196267][ T3641] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 53.202152][ T3641] RIP: 0033:0x7f0fa5191c89
[ 53.206561][ T3641] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid 3641] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3641] exit_group(0) = ?
[pid 3641] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3641, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs") = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3642
./strace-static-x86_64: Process 3642 attached
[pid 3642] chdir("./1") = 0
[pid 3642] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3642] setpgid(0, 0) = 0
[pid 3642] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3642] write(3, "1000", 4) = 4
[pid 3642] close(3) = 0
[ 53.226157][ T3641] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 53.234566][ T3641] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 53.242530][ T3641] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 53.250501][ T3641] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 53.258473][ T3641] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 53.266439][ T3641] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000000
[ 53.274422][ T3641]
[pid 3642] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3642] memfd_create("syzkaller", 0) = 3
[pid 3642] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3642] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3642] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3642] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3642] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3642] close(3) = 0
[pid 3642] mkdir("./file0", 0777) = 0
[pid 3642] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3642] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3642] chdir("./file0") = 0
[pid 3642] ioctl(4, LOOP_CLR_FD) = 0
[pid 3642] close(4) = 0
[pid 3642] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3642] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3642] write(5, "13", 2) = 2
[ 53.316719][ T3642] loop0: detected capacity change from 0 to 64
[ 53.319443][ T3640] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 53.349738][ T3642] FAULT_INJECTION: forcing a failure.
[ 53.349738][ T3642] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 53.367063][ T3642] CPU: 0 PID: 3642 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 53.377500][ T3642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 53.387546][ T3642] Call Trace:
[ 53.390822][ T3642]
[ 53.393755][ T3642] dump_stack_lvl+0x1b1/0x28e
[ 53.398424][ T3642] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 53.403872][ T3642] ? panic+0x710/0x710
[ 53.407931][ T3642] ? do_anonymous_page+0xd4a/0x1150
[ 53.413120][ T3642] ? mark_lock+0x9a/0x350
[ 53.417452][ T3642] should_fail_ex+0x395/0x4c0
[ 53.422130][ T3642] prepare_alloc_pages+0x1d7/0x5a0
[ 53.427259][ T3642] __alloc_pages+0x161/0x560
[ 53.431850][ T3642] ? zone_statistics+0x160/0x160
[ 53.436798][ T3642] ? rcu_lock_release+0x5/0x20
[ 53.441561][ T3642] ? alloc_pages+0x520/0x7b0
[ 53.446236][ T3642] ? xas_descend+0x1f3/0x400
[ 53.450838][ T3642] folio_alloc+0x1a/0x50
[ 53.455078][ T3642] filemap_alloc_folio+0x7e/0x1c0
[ 53.460101][ T3642] __filemap_get_folio+0x898/0x1260
[ 53.465477][ T3642] ? page_cache_prev_miss+0x4e0/0x4e0
[ 53.470848][ T3642] ? lockdep_hardirqs_on_prepare+0x428/0x790
[ 53.476829][ T3642] ? print_irqtrace_events+0x220/0x220
[ 53.482284][ T3642] pagecache_get_page+0x28/0x260
[ 53.487217][ T3642] ? hfs_free_extents+0x420/0x420
[ 53.492235][ T3642] block_write_begin+0x2e/0x1e0
[ 53.497086][ T3642] ? cont_write_begin+0x5e5/0x860
[ 53.502129][ T3642] ? hfs_free_extents+0x420/0x420
[ 53.507148][ T3642] cont_write_begin+0x606/0x860
[ 53.512088][ T3642] ? fault_in_readable+0x1d5/0x310
[ 53.517208][ T3642] ? generic_cont_expand_simple+0x250/0x250
[ 53.523099][ T3642] ? fault_in_readable+0x219/0x310
[ 53.528207][ T3642] ? fault_in_safe_writeable+0x240/0x240
[ 53.533844][ T3642] hfs_write_begin+0x86/0xd0
[ 53.538437][ T3642] ? hfs_free_extents+0x420/0x420
[ 53.543459][ T3642] generic_perform_write+0x2e4/0x5e0
[ 53.548747][ T3642] ? __block_commit_write+0x420/0x420
[ 53.554121][ T3642] ? generic_file_direct_write+0x610/0x610
[ 53.559927][ T3642] ? __file_remove_privs+0x6c0/0x6c0
[ 53.565212][ T3642] ? generic_write_checks+0x15c/0x1c0
[ 53.570587][ T3642] __generic_file_write_iter+0x176/0x400
[ 53.576224][ T3642] generic_file_write_iter+0xab/0x310
[ 53.581697][ T3642] vfs_write+0x7dc/0xc50
[ 53.585947][ T3642] ? file_end_write+0x230/0x230
[ 53.590792][ T3642] ? ptrace_stop+0x74d/0x970
[ 53.595391][ T3642] ? _raw_spin_unlock_irq+0x2a/0x40
[ 53.600591][ T3642] ? __fdget_pos+0x252/0x2e0
[ 53.605181][ T3642] ksys_write+0x177/0x2a0
[ 53.609596][ T3642] ? __ia32_sys_read+0x80/0x80
[ 53.614359][ T3642] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 53.620426][ T3642] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 53.626404][ T3642] do_syscall_64+0x3d/0xb0
[ 53.630815][ T3642] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 53.636704][ T3642] RIP: 0033:0x7f0fa5191c89
[ 53.641114][ T3642] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid 3642] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3642] exit_group(0) = ?
[pid 3642] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3642, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./1/binderfs") = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3643
./strace-static-x86_64: Process 3643 attached
[pid 3643] chdir("./2") = 0
[pid 3643] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3643] setpgid(0, 0) = 0
[pid 3643] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3643] write(3, "1000", 4) = 4
[pid 3643] close(3) = 0
[pid 3643] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3643] memfd_create("syzkaller", 0) = 3
[pid 3643] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[ 53.660887][ T3642] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 53.669321][ T3642] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 53.677286][ T3642] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 53.685258][ T3642] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 53.693219][ T3642] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 53.701182][ T3642] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000001
[ 53.709246][ T3642]
[pid 3643] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3643] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3643] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3643] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3643] close(3) = 0
[pid 3643] mkdir("./file0", 0777) = 0
[pid 3643] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3643] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3643] chdir("./file0") = 0
[pid 3643] ioctl(4, LOOP_CLR_FD) = 0
[pid 3643] close(4) = 0
[pid 3643] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3643] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3643] write(5, "13", 2) = 2
[ 53.746202][ T3643] loop0: detected capacity change from 0 to 64
[ 53.767348][ T3643] FAULT_INJECTION: forcing a failure.
[ 53.767348][ T3643] name fail_usercopy, interval 1, probability 0, space 0, times 1
[ 53.780464][ T3643] CPU: 1 PID: 3643 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 53.790871][ T3643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 53.801116][ T3643] Call Trace:
[ 53.804427][ T3643]
[ 53.807344][ T3643] dump_stack_lvl+0x1b1/0x28e
[ 53.812010][ T3643] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 53.817456][ T3643] ? panic+0x710/0x710
[ 53.821515][ T3643] ? hfs_free_extents+0x420/0x420
[ 53.826543][ T3643] ? PageHeadHuge+0x8a/0x1d0
[ 53.831134][ T3643] should_fail_ex+0x395/0x4c0
[ 53.835834][ T3643] copy_page_from_iter_atomic+0x217/0x1140
[ 53.841653][ T3643] ? generic_cont_expand_simple+0x250/0x250
[ 53.847546][ T3643] ? pipe_zero+0x200/0x200
[ 53.851965][ T3643] ? hfs_write_begin+0x86/0xd0
[ 53.856722][ T3643] ? hfs_free_extents+0x420/0x420
[ 53.861736][ T3643] ? hfs_write_begin+0x9e/0xd0
[ 53.866497][ T3643] generic_perform_write+0x35a/0x5e0
[ 53.871787][ T3643] ? __block_commit_write+0x420/0x420
[ 53.877156][ T3643] ? generic_file_direct_write+0x610/0x610
[ 53.882957][ T3643] ? __file_remove_privs+0x6c0/0x6c0
[ 53.888240][ T3643] ? generic_write_checks+0x15c/0x1c0
[ 53.893617][ T3643] __generic_file_write_iter+0x176/0x400
[ 53.899249][ T3643] generic_file_write_iter+0xab/0x310
[ 53.904619][ T3643] vfs_write+0x7dc/0xc50
[ 53.908866][ T3643] ? file_end_write+0x230/0x230
[ 53.913712][ T3643] ? ptrace_stop+0x74d/0x970
[ 53.918307][ T3643] ? _raw_spin_unlock_irq+0x2a/0x40
[ 53.923512][ T3643] ? __fdget_pos+0x252/0x2e0
[ 53.928099][ T3643] ksys_write+0x177/0x2a0
[ 53.932428][ T3643] ? __ia32_sys_read+0x80/0x80
[ 53.939039][ T3643] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 53.947127][ T3643] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 53.953226][ T3643] do_syscall_64+0x3d/0xb0
[ 53.957638][ T3643] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 53.963527][ T3643] RIP: 0033:0x7f0fa5191c89
[ 53.967935][ T3643] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 53.987531][ T3643] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 3643] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 3643] exit_group(0) = ?
[pid 3643] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3643, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./2/binderfs") = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./2/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3644
./strace-static-x86_64: Process 3644 attached
[pid 3644] chdir("./3") = 0
[ 53.995969][ T3643] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 54.003967][ T3643] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 54.011936][ T3643] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 54.019988][ T3643] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 54.027949][ T3643] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000002
[ 54.035928][ T3643]
[pid 3644] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3644] setpgid(0, 0) = 0
[pid 3644] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3644] write(3, "1000", 4) = 4
[pid 3644] close(3) = 0
[pid 3644] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3644] memfd_create("syzkaller", 0) = 3
[pid 3644] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3644] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3644] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3644] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3644] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3644] close(3) = 0
[pid 3644] mkdir("./file0", 0777) = 0
[pid 3644] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3644] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3644] chdir("./file0") = 0
[pid 3644] ioctl(4, LOOP_CLR_FD) = 0
[pid 3644] close(4) = 0
[pid 3644] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3644] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3644] write(5, "13", 2) = 2
[ 54.093652][ T3644] loop0: detected capacity change from 0 to 64
[ 54.116452][ T3644] FAULT_INJECTION: forcing a failure.
[ 54.116452][ T3644] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 54.129595][ T3644] CPU: 0 PID: 3644 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 54.139997][ T3644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 54.150040][ T3644] Call Trace:
[ 54.153308][ T3644]
[ 54.156226][ T3644] dump_stack_lvl+0x1b1/0x28e
[ 54.160905][ T3644] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 54.166369][ T3644] ? panic+0x710/0x710
[ 54.170424][ T3644] ? hfs_free_extents+0x420/0x420
[ 54.175449][ T3644] ? PageHeadHuge+0x8a/0x1d0
[ 54.180043][ T3644] should_fail_ex+0x395/0x4c0
[ 54.184716][ T3644] copy_page_from_iter_atomic+0x217/0x1140
[ 54.190516][ T3644] ? generic_cont_expand_simple+0x250/0x250
[ 54.196402][ T3644] ? pipe_zero+0x200/0x200
[ 54.200828][ T3644] ? hfs_write_begin+0x86/0xd0
[ 54.205602][ T3644] ? hfs_free_extents+0x420/0x420
[ 54.210624][ T3644] ? hfs_write_begin+0x9e/0xd0
[ 54.215391][ T3644] generic_perform_write+0x35a/0x5e0
[ 54.220672][ T3644] ? __block_commit_write+0x420/0x420
[ 54.226033][ T3644] ? generic_file_direct_write+0x610/0x610
[ 54.231837][ T3644] ? __file_remove_privs+0x6c0/0x6c0
[ 54.237138][ T3644] ? generic_write_checks+0x15c/0x1c0
[ 54.242509][ T3644] __generic_file_write_iter+0x176/0x400
[ 54.248133][ T3644] generic_file_write_iter+0xab/0x310
[ 54.253492][ T3644] vfs_write+0x7dc/0xc50
[ 54.257729][ T3644] ? file_end_write+0x230/0x230
[ 54.262568][ T3644] ? ptrace_stop+0x74d/0x970
[ 54.267168][ T3644] ? _raw_spin_unlock_irq+0x2a/0x40
[ 54.272388][ T3644] ? __fdget_pos+0x252/0x2e0
[ 54.276969][ T3644] ksys_write+0x177/0x2a0
[ 54.281306][ T3644] ? __ia32_sys_read+0x80/0x80
[ 54.286059][ T3644] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 54.292125][ T3644] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 54.298105][ T3644] do_syscall_64+0x3d/0xb0
[ 54.302532][ T3644] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 54.308407][ T3644] RIP: 0033:0x7f0fa5191c89
[ 54.312806][ T3644] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 54.332411][ T3644] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 3644] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 3644] exit_group(0) = ?
[pid 3644] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3644, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./3/binderfs") = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./3/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./3") = 0
mkdir("./4", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3645
./strace-static-x86_64: Process 3645 attached
[pid 3645] chdir("./4") = 0
[pid 3645] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3645] setpgid(0, 0) = 0
[ 54.340927][ T3644] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 54.348894][ T3644] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 54.356873][ T3644] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 54.364828][ T3644] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 54.372789][ T3644] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000003
[ 54.380775][ T3644]
[pid 3645] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3645] write(3, "1000", 4) = 4
[pid 3645] close(3) = 0
[pid 3645] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3645] memfd_create("syzkaller", 0) = 3
[pid 3645] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3645] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3645] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3645] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3645] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3645] close(3) = 0
[pid 3645] mkdir("./file0", 0777) = 0
[pid 3645] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3645] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3645] chdir("./file0") = 0
[pid 3645] ioctl(4, LOOP_CLR_FD) = 0
[pid 3645] close(4) = 0
[pid 3645] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3645] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3645] write(5, "13", 2) = 2
[ 54.437054][ T3645] loop0: detected capacity change from 0 to 64
[ 54.469637][ T3645] FAULT_INJECTION: forcing a failure.
[ 54.469637][ T3645] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 54.482753][ T3645] CPU: 0 PID: 3645 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 54.493160][ T3645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 54.503196][ T3645] Call Trace:
[ 54.506461][ T3645]
[ 54.509381][ T3645] dump_stack_lvl+0x1b1/0x28e
[ 54.514047][ T3645] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 54.519486][ T3645] ? panic+0x710/0x710
[ 54.523535][ T3645] ? hfs_free_extents+0x420/0x420
[ 54.528544][ T3645] ? PageHeadHuge+0x8a/0x1d0
[ 54.533122][ T3645] should_fail_ex+0x395/0x4c0
[ 54.537790][ T3645] copy_page_from_iter_atomic+0x217/0x1140
[ 54.543604][ T3645] ? generic_cont_expand_simple+0x250/0x250
[ 54.549508][ T3645] ? pipe_zero+0x200/0x200
[ 54.553931][ T3645] ? hfs_write_begin+0x86/0xd0
[ 54.558689][ T3645] ? hfs_free_extents+0x420/0x420
[ 54.563703][ T3645] ? hfs_write_begin+0x9e/0xd0
[ 54.568461][ T3645] generic_perform_write+0x35a/0x5e0
[ 54.573751][ T3645] ? __block_commit_write+0x420/0x420
[ 54.579123][ T3645] ? generic_file_direct_write+0x610/0x610
[ 54.585012][ T3645] ? __file_remove_privs+0x6c0/0x6c0
[ 54.590296][ T3645] ? generic_write_checks+0x15c/0x1c0
[ 54.595673][ T3645] __generic_file_write_iter+0x176/0x400
[ 54.601307][ T3645] generic_file_write_iter+0xab/0x310
[ 54.606676][ T3645] vfs_write+0x7dc/0xc50
[ 54.610924][ T3645] ? file_end_write+0x230/0x230
[ 54.615769][ T3645] ? ptrace_stop+0x74d/0x970
[ 54.620363][ T3645] ? _raw_spin_unlock_irq+0x2a/0x40
[ 54.625567][ T3645] ? __fdget_pos+0x252/0x2e0
[ 54.630163][ T3645] ksys_write+0x177/0x2a0
[ 54.634489][ T3645] ? __ia32_sys_read+0x80/0x80
[ 54.639250][ T3645] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 54.645228][ T3645] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 54.651208][ T3645] do_syscall_64+0x3d/0xb0
[ 54.655616][ T3645] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 54.661502][ T3645] RIP: 0033:0x7f0fa5191c89
[ 54.665911][ T3645] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid 3645] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 3645] exit_group(0) = ?
[pid 3645] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3645, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./4/binderfs") = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./4/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./4") = 0
mkdir("./5", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[ 54.685510][ T3645] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 54.693916][ T3645] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 54.701878][ T3645] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 54.709841][ T3645] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 54.717802][ T3645] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 54.725763][ T3645] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000004
[ 54.733738][ T3645]
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3646
./strace-static-x86_64: Process 3646 attached
[pid 3646] chdir("./5") = 0
[pid 3646] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3646] setpgid(0, 0) = 0
[pid 3646] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3646] write(3, "1000", 4) = 4
[pid 3646] close(3) = 0
[pid 3646] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3646] memfd_create("syzkaller", 0) = 3
[pid 3646] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3646] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3646] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3646] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3646] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3646] close(3) = 0
[pid 3646] mkdir("./file0", 0777) = 0
[pid 3646] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3646] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3646] chdir("./file0") = 0
[pid 3646] ioctl(4, LOOP_CLR_FD) = 0
[pid 3646] close(4) = 0
[pid 3646] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3646] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3646] write(5, "13", 2) = 2
[ 54.786016][ T3646] loop0: detected capacity change from 0 to 64
[ 54.807447][ T3646] FAULT_INJECTION: forcing a failure.
[ 54.807447][ T3646] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 54.820654][ T3646] CPU: 1 PID: 3646 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 54.831052][ T3646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 54.841094][ T3646] Call Trace:
[ 54.844371][ T3646]
[ 54.847303][ T3646] dump_stack_lvl+0x1b1/0x28e
[ 54.851970][ T3646] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 54.857414][ T3646] ? panic+0x710/0x710
[ 54.861471][ T3646] ? hfs_free_extents+0x420/0x420
[ 54.866484][ T3646] ? PageHeadHuge+0x8a/0x1d0
[ 54.871079][ T3646] should_fail_ex+0x395/0x4c0
[ 54.875768][ T3646] copy_page_from_iter_atomic+0x217/0x1140
[ 54.881568][ T3646] ? generic_cont_expand_simple+0x250/0x250
[ 54.887453][ T3646] ? pipe_zero+0x200/0x200
[ 54.891859][ T3646] ? hfs_write_begin+0x86/0xd0
[ 54.896621][ T3646] ? hfs_free_extents+0x420/0x420
[ 54.901642][ T3646] ? hfs_write_begin+0x9e/0xd0
[ 54.906405][ T3646] generic_perform_write+0x35a/0x5e0
[ 54.911701][ T3646] ? __block_commit_write+0x420/0x420
[ 54.917062][ T3646] ? generic_file_direct_write+0x610/0x610
[ 54.922863][ T3646] ? __file_remove_privs+0x6c0/0x6c0
[ 54.928159][ T3646] ? generic_write_checks+0x15c/0x1c0
[ 54.933526][ T3646] __generic_file_write_iter+0x176/0x400
[ 54.939152][ T3646] generic_file_write_iter+0xab/0x310
[ 54.944512][ T3646] vfs_write+0x7dc/0xc50
[ 54.948744][ T3646] ? file_end_write+0x230/0x230
[ 54.953583][ T3646] ? ptrace_stop+0x74d/0x970
[ 54.958164][ T3646] ? _raw_spin_unlock_irq+0x2a/0x40
[ 54.963352][ T3646] ? __fdget_pos+0x252/0x2e0
[ 54.967930][ T3646] ksys_write+0x177/0x2a0
[ 54.972252][ T3646] ? __ia32_sys_read+0x80/0x80
[ 54.977012][ T3646] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 54.982981][ T3646] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 54.988962][ T3646] do_syscall_64+0x3d/0xb0
[ 54.993386][ T3646] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 54.999265][ T3646] RIP: 0033:0x7f0fa5191c89
[ 55.003668][ T3646] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 55.023262][ T3646] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 3646] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 3646] exit_group(0) = ?
[pid 3646] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3646, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./5/binderfs") = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./5/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./5") = 0
mkdir("./6", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 55.031678][ T3646] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 55.039651][ T3646] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 55.047608][ T3646] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 55.055565][ T3646] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 55.063530][ T3646] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000005
[ 55.071531][ T3646]
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3647
./strace-static-x86_64: Process 3647 attached
[pid 3647] chdir("./6") = 0
[pid 3647] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3647] setpgid(0, 0) = 0
[pid 3647] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3647] write(3, "1000", 4) = 4
[pid 3647] close(3) = 0
[pid 3647] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3647] memfd_create("syzkaller", 0) = 3
[pid 3647] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3647] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3647] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3647] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3647] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3647] close(3) = 0
[pid 3647] mkdir("./file0", 0777) = 0
[pid 3647] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3647] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3647] chdir("./file0") = 0
[pid 3647] ioctl(4, LOOP_CLR_FD) = 0
[pid 3647] close(4) = 0
[pid 3647] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3647] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3647] write(5, "13", 2) = 2
[ 55.132811][ T3647] loop0: detected capacity change from 0 to 64
[ 55.169665][ T3647] FAULT_INJECTION: forcing a failure.
[ 55.169665][ T3647] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 55.182871][ T3647] CPU: 1 PID: 3647 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 55.193289][ T3647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 55.203345][ T3647] Call Trace:
[ 55.206619][ T3647]
[ 55.209543][ T3647] dump_stack_lvl+0x1b1/0x28e
[ 55.214238][ T3647] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 55.219690][ T3647] ? panic+0x710/0x710
[ 55.223755][ T3647] ? hfs_free_extents+0x420/0x420
[ 55.228783][ T3647] ? PageHeadHuge+0x8a/0x1d0
[ 55.233385][ T3647] should_fail_ex+0x395/0x4c0
[ 55.238071][ T3647] copy_page_from_iter_atomic+0x217/0x1140
[ 55.243882][ T3647] ? generic_cont_expand_simple+0x250/0x250
[ 55.249951][ T3647] ? pipe_zero+0x200/0x200
[ 55.254376][ T3647] ? hfs_write_begin+0x86/0xd0
[ 55.259133][ T3647] ? hfs_free_extents+0x420/0x420
[ 55.264146][ T3647] ? hfs_write_begin+0x9e/0xd0
[ 55.268908][ T3647] generic_perform_write+0x35a/0x5e0
[ 55.274198][ T3647] ? __block_commit_write+0x420/0x420
[ 55.279571][ T3647] ? generic_file_direct_write+0x610/0x610
[ 55.285375][ T3647] ? __file_remove_privs+0x6c0/0x6c0
[ 55.290661][ T3647] ? generic_write_checks+0x15c/0x1c0
[ 55.296040][ T3647] __generic_file_write_iter+0x176/0x400
[ 55.301675][ T3647] generic_file_write_iter+0xab/0x310
[ 55.307044][ T3647] vfs_write+0x7dc/0xc50
[ 55.311299][ T3647] ? file_end_write+0x230/0x230
[ 55.316143][ T3647] ? ptrace_stop+0x74d/0x970
[ 55.320740][ T3647] ? _raw_spin_unlock_irq+0x2a/0x40
[ 55.325939][ T3647] ? __fdget_pos+0x252/0x2e0
[ 55.330528][ T3647] ksys_write+0x177/0x2a0
[ 55.334858][ T3647] ? __ia32_sys_read+0x80/0x80
[ 55.339617][ T3647] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 55.345603][ T3647] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 55.351582][ T3647] do_syscall_64+0x3d/0xb0
[ 55.355994][ T3647] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 55.361880][ T3647] RIP: 0033:0x7f0fa5191c89
[ 55.366293][ T3647] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 55.385892][ T3647] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 55.394305][ T3647] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 55.402271][ T3647] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 55.410254][ T3647] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 55.418241][ T3647] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 55.426209][ T3647] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000006
[pid 3647] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 3647] exit_group(0) = ?
[pid 3647] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3647, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./6/binderfs") = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./6/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./6") = 0
mkdir("./7", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 55.434188][ T3647]
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3648
./strace-static-x86_64: Process 3648 attached
[pid 3648] chdir("./7") = 0
[pid 3648] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3648] setpgid(0, 0) = 0
[pid 3648] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3648] write(3, "1000", 4) = 4
[pid 3648] close(3) = 0
[pid 3648] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3648] memfd_create("syzkaller", 0) = 3
[pid 3648] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3648] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3648] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3648] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3648] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3648] close(3) = 0
[pid 3648] mkdir("./file0", 0777) = 0
[pid 3648] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3648] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3648] chdir("./file0") = 0
[pid 3648] ioctl(4, LOOP_CLR_FD) = 0
[pid 3648] close(4) = 0
[pid 3648] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3648] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3648] write(5, "13", 2) = 2
[ 55.490772][ T3648] loop0: detected capacity change from 0 to 64
[ 55.516146][ T3648] FAULT_INJECTION: forcing a failure.
[ 55.516146][ T3648] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 55.529248][ T3648] CPU: 1 PID: 3648 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 55.539648][ T3648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 55.549698][ T3648] Call Trace:
[ 55.552983][ T3648]
[ 55.555909][ T3648] dump_stack_lvl+0x1b1/0x28e
[ 55.560589][ T3648] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 55.566041][ T3648] ? panic+0x710/0x710
[ 55.570124][ T3648] ? hfs_free_extents+0x420/0x420
[ 55.575146][ T3648] ? PageHeadHuge+0x8a/0x1d0
[ 55.579739][ T3648] should_fail_ex+0x395/0x4c0
[ 55.584419][ T3648] copy_page_from_iter_atomic+0x217/0x1140
[ 55.590229][ T3648] ? generic_cont_expand_simple+0x250/0x250
[ 55.596123][ T3648] ? pipe_zero+0x200/0x200
[ 55.600542][ T3648] ? hfs_write_begin+0x86/0xd0
[ 55.605299][ T3648] ? hfs_free_extents+0x420/0x420
[ 55.610321][ T3648] ? hfs_write_begin+0x9e/0xd0
[ 55.615086][ T3648] generic_perform_write+0x35a/0x5e0
[ 55.620378][ T3648] ? __block_commit_write+0x420/0x420
[ 55.625751][ T3648] ? generic_file_direct_write+0x610/0x610
[ 55.631552][ T3648] ? __file_remove_privs+0x6c0/0x6c0
[ 55.636837][ T3648] ? generic_write_checks+0x15c/0x1c0
[ 55.642215][ T3648] __generic_file_write_iter+0x176/0x400
[ 55.647850][ T3648] generic_file_write_iter+0xab/0x310
[ 55.653220][ T3648] vfs_write+0x7dc/0xc50
[ 55.657470][ T3648] ? file_end_write+0x230/0x230
[ 55.662315][ T3648] ? ptrace_stop+0x74d/0x970
[ 55.666911][ T3648] ? _raw_spin_unlock_irq+0x2a/0x40
[ 55.672110][ T3648] ? __fdget_pos+0x252/0x2e0
[ 55.676698][ T3648] ksys_write+0x177/0x2a0
[ 55.681028][ T3648] ? __ia32_sys_read+0x80/0x80
[ 55.685792][ T3648] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 55.691769][ T3648] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 55.697744][ T3648] do_syscall_64+0x3d/0xb0
[ 55.702156][ T3648] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 55.708040][ T3648] RIP: 0033:0x7f0fa5191c89
[ 55.712452][ T3648] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 55.732138][ T3648] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 3648] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 3648] exit_group(0) = ?
[pid 3648] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3648, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./7/binderfs") = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./7/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./7") = 0
mkdir("./8", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[ 55.740547][ T3648] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 55.748512][ T3648] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 55.756479][ T3648] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 55.764444][ T3648] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 55.772406][ T3648] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000007
[ 55.780391][ T3648]
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3649
./strace-static-x86_64: Process 3649 attached
[pid 3649] chdir("./8") = 0
[pid 3649] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3649] setpgid(0, 0) = 0
[pid 3649] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3649] write(3, "1000", 4) = 4
[pid 3649] close(3) = 0
[pid 3649] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3649] memfd_create("syzkaller", 0) = 3
[pid 3649] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3649] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3649] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3649] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3649] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3649] close(3) = 0
[pid 3649] mkdir("./file0", 0777) = 0
[pid 3649] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3649] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3649] chdir("./file0") = 0
[pid 3649] ioctl(4, LOOP_CLR_FD) = 0
[pid 3649] close(4) = 0
[pid 3649] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3649] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3649] write(5, "13", 2) = 2
[ 55.828865][ T3649] loop0: detected capacity change from 0 to 64
[ 55.852206][ T3649] FAULT_INJECTION: forcing a failure.
[ 55.852206][ T3649] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 55.865322][ T3649] CPU: 0 PID: 3649 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 55.875742][ T3649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 55.885785][ T3649] Call Trace:
[ 55.889057][ T3649]
[ 55.891976][ T3649] dump_stack_lvl+0x1b1/0x28e
[ 55.896654][ T3649] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 55.902126][ T3649] ? panic+0x710/0x710
[ 55.906199][ T3649] ? hfs_free_extents+0x420/0x420
[ 55.911213][ T3649] ? PageHeadHuge+0x8a/0x1d0
[ 55.915800][ T3649] should_fail_ex+0x395/0x4c0
[ 55.920471][ T3649] copy_page_from_iter_atomic+0x217/0x1140
[ 55.926276][ T3649] ? generic_cont_expand_simple+0x250/0x250
[ 55.932185][ T3649] ? pipe_zero+0x200/0x200
[ 55.936614][ T3649] ? hfs_write_begin+0x86/0xd0
[ 55.941361][ T3649] ? hfs_free_extents+0x420/0x420
[ 55.946372][ T3649] ? hfs_write_begin+0x9e/0xd0
[ 55.951125][ T3649] generic_perform_write+0x35a/0x5e0
[ 55.956405][ T3649] ? __block_commit_write+0x420/0x420
[ 55.961766][ T3649] ? generic_file_direct_write+0x610/0x610
[ 55.967655][ T3649] ? __file_remove_privs+0x6c0/0x6c0
[ 55.972931][ T3649] ? generic_write_checks+0x15c/0x1c0
[ 55.978298][ T3649] __generic_file_write_iter+0x176/0x400
[ 55.983928][ T3649] generic_file_write_iter+0xab/0x310
[ 55.989333][ T3649] vfs_write+0x7dc/0xc50
[ 55.993592][ T3649] ? file_end_write+0x230/0x230
[ 55.998430][ T3649] ? ptrace_stop+0x74d/0x970
[ 56.003019][ T3649] ? _raw_spin_unlock_irq+0x2a/0x40
[ 56.008219][ T3649] ? __fdget_pos+0x252/0x2e0
[ 56.012818][ T3649] ksys_write+0x177/0x2a0
[ 56.017147][ T3649] ? __ia32_sys_read+0x80/0x80
[ 56.021912][ T3649] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 56.027914][ T3649] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 56.033890][ T3649] do_syscall_64+0x3d/0xb0
[ 56.038297][ T3649] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 56.044187][ T3649] RIP: 0033:0x7f0fa5191c89
[ 56.048604][ T3649] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 56.068200][ T3649] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 3649] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 3649] exit_group(0) = ?
[pid 3649] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3649, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./8/binderfs") = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./8/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./8") = 0
mkdir("./9", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3650
[ 56.076603][ T3649] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 56.084563][ T3649] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 56.092520][ T3649] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 56.100489][ T3649] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 56.108463][ T3649] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000008
[ 56.116436][ T3649]
./strace-static-x86_64: Process 3650 attached
[pid 3650] chdir("./9") = 0
[pid 3650] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3650] setpgid(0, 0) = 0
[pid 3650] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3650] write(3, "1000", 4) = 4
[pid 3650] close(3) = 0
[pid 3650] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3650] memfd_create("syzkaller", 0) = 3
[pid 3650] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3650] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3650] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3650] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3650] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3650] close(3) = 0
[pid 3650] mkdir("./file0", 0777) = 0
[pid 3650] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3650] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3650] chdir("./file0") = 0
[pid 3650] ioctl(4, LOOP_CLR_FD) = 0
[pid 3650] close(4) = 0
[pid 3650] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3650] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3650] write(5, "13", 2) = 2
[ 56.177836][ T3650] loop0: detected capacity change from 0 to 64
[ 56.194125][ T3650] FAULT_INJECTION: forcing a failure.
[ 56.194125][ T3650] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 56.207774][ T3650] CPU: 0 PID: 3650 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 56.218204][ T3650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 56.228247][ T3650] Call Trace:
[ 56.231521][ T3650]
[ 56.234439][ T3650] dump_stack_lvl+0x1b1/0x28e
[ 56.239194][ T3650] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 56.244642][ T3650] ? panic+0x710/0x710
[ 56.248711][ T3650] ? do_anonymous_page+0xd4a/0x1150
[ 56.253932][ T3650] ? mark_lock+0x9a/0x350
[ 56.258291][ T3650] should_fail_ex+0x395/0x4c0
[ 56.262986][ T3650] prepare_alloc_pages+0x1d7/0x5a0
[ 56.268122][ T3650] __alloc_pages+0x161/0x560
[ 56.272723][ T3650] ? zone_statistics+0x160/0x160
[ 56.277679][ T3650] ? rcu_lock_release+0x5/0x20
[ 56.282432][ T3650] ? alloc_pages+0x520/0x7b0
[ 56.287030][ T3650] ? xas_descend+0x1f3/0x400
[ 56.291632][ T3650] folio_alloc+0x1a/0x50
[ 56.295864][ T3650] filemap_alloc_folio+0x7e/0x1c0
[ 56.300902][ T3650] __filemap_get_folio+0x898/0x1260
[ 56.306109][ T3650] ? page_cache_prev_miss+0x4e0/0x4e0
[ 56.311476][ T3650] ? lockdep_hardirqs_on_prepare+0x428/0x790
[ 56.317449][ T3650] ? print_irqtrace_events+0x220/0x220
[ 56.322901][ T3650] pagecache_get_page+0x28/0x260
[ 56.327827][ T3650] ? hfs_free_extents+0x420/0x420
[ 56.332844][ T3650] block_write_begin+0x2e/0x1e0
[ 56.337695][ T3650] ? cont_write_begin+0x5e5/0x860
[ 56.342713][ T3650] ? hfs_free_extents+0x420/0x420
[ 56.347740][ T3650] cont_write_begin+0x606/0x860
[ 56.352613][ T3650] ? fault_in_readable+0x1d5/0x310
[ 56.357721][ T3650] ? generic_cont_expand_simple+0x250/0x250
[ 56.363611][ T3650] ? fault_in_readable+0x219/0x310
[ 56.368732][ T3650] ? fault_in_safe_writeable+0x240/0x240
[ 56.374370][ T3650] hfs_write_begin+0x86/0xd0
[ 56.378951][ T3650] ? hfs_free_extents+0x420/0x420
[ 56.383971][ T3650] generic_perform_write+0x2e4/0x5e0
[ 56.389275][ T3650] ? __block_commit_write+0x420/0x420
[ 56.394670][ T3650] ? generic_file_direct_write+0x610/0x610
[ 56.400484][ T3650] ? __file_remove_privs+0x6c0/0x6c0
[ 56.405769][ T3650] ? generic_write_checks+0x15c/0x1c0
[ 56.411171][ T3650] __generic_file_write_iter+0x176/0x400
[ 56.416829][ T3650] generic_file_write_iter+0xab/0x310
[ 56.422222][ T3650] vfs_write+0x7dc/0xc50
[ 56.426501][ T3650] ? file_end_write+0x230/0x230
[ 56.431345][ T3650] ? ptrace_stop+0x74d/0x970
[ 56.435944][ T3650] ? _raw_spin_unlock_irq+0x2a/0x40
[ 56.441153][ T3650] ? __fdget_pos+0x252/0x2e0
[ 56.445733][ T3650] ksys_write+0x177/0x2a0
[ 56.450053][ T3650] ? __ia32_sys_read+0x80/0x80
[ 56.454807][ T3650] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 56.460784][ T3650] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 56.466760][ T3650] do_syscall_64+0x3d/0xb0
[ 56.471165][ T3650] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 56.477055][ T3650] RIP: 0033:0x7f0fa5191c89
[ 56.481474][ T3650] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 56.501100][ T3650] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 56.509519][ T3650] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 56.517482][ T3650] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid 3650] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3650] exit_group(0) = ?
[pid 3650] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3650, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./9/binderfs") = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./9/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./9") = 0
mkdir("./10", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3651
[ 56.525464][ T3650] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 56.533437][ T3650] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 56.541416][ T3650] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000009
[ 56.549401][ T3650]
./strace-static-x86_64: Process 3651 attached
[pid 3651] chdir("./10") = 0
[pid 3651] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3651] setpgid(0, 0) = 0
[pid 3651] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3651] write(3, "1000", 4) = 4
[pid 3651] close(3) = 0
[pid 3651] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3651] memfd_create("syzkaller", 0) = 3
[pid 3651] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3651] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3651] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3651] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3651] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3651] close(3) = 0
[pid 3651] mkdir("./file0", 0777) = 0
[pid 3651] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3651] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3651] chdir("./file0") = 0
[pid 3651] ioctl(4, LOOP_CLR_FD) = 0
[pid 3651] close(4) = 0
[pid 3651] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3651] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3651] write(5, "13", 2) = 2
[ 56.601277][ T3651] loop0: detected capacity change from 0 to 64
[ 56.630441][ T3651] FAULT_INJECTION: forcing a failure.
[ 56.630441][ T3651] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 56.644045][ T3651] CPU: 0 PID: 3651 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 56.654449][ T3651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 56.664486][ T3651] Call Trace:
[ 56.667748][ T3651]
[ 56.670696][ T3651] dump_stack_lvl+0x1b1/0x28e
[ 56.675362][ T3651] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 56.680802][ T3651] ? panic+0x710/0x710
[ 56.684861][ T3651] ? do_anonymous_page+0xd4a/0x1150
[ 56.690048][ T3651] ? mark_lock+0x9a/0x350
[ 56.694363][ T3651] should_fail_ex+0x395/0x4c0
[ 56.699032][ T3651] prepare_alloc_pages+0x1d7/0x5a0
[ 56.704144][ T3651] __alloc_pages+0x161/0x560
[ 56.708745][ T3651] ? zone_statistics+0x160/0x160
[ 56.713689][ T3651] ? rcu_lock_release+0x5/0x20
[ 56.718451][ T3651] ? alloc_pages+0x520/0x7b0
[ 56.723037][ T3651] ? xas_descend+0x1f3/0x400
[ 56.727629][ T3651] folio_alloc+0x1a/0x50
[ 56.731868][ T3651] filemap_alloc_folio+0x7e/0x1c0
[ 56.736890][ T3651] __filemap_get_folio+0x898/0x1260
[ 56.742093][ T3651] ? page_cache_prev_miss+0x4e0/0x4e0
[ 56.747465][ T3651] ? lockdep_hardirqs_on_prepare+0x428/0x790
[ 56.753445][ T3651] ? print_irqtrace_events+0x220/0x220
[ 56.758907][ T3651] pagecache_get_page+0x28/0x260
[ 56.763844][ T3651] ? hfs_free_extents+0x420/0x420
[ 56.768864][ T3651] block_write_begin+0x2e/0x1e0
[ 56.773714][ T3651] ? cont_write_begin+0x5e5/0x860
[ 56.778739][ T3651] ? hfs_free_extents+0x420/0x420
[ 56.783761][ T3651] cont_write_begin+0x606/0x860
[ 56.788617][ T3651] ? fault_in_readable+0x1d5/0x310
[ 56.793746][ T3651] ? generic_cont_expand_simple+0x250/0x250
[ 56.799644][ T3651] ? fault_in_readable+0x219/0x310
[ 56.804759][ T3651] ? fault_in_safe_writeable+0x240/0x240
[ 56.810418][ T3651] hfs_write_begin+0x86/0xd0
[ 56.815004][ T3651] ? hfs_free_extents+0x420/0x420
[ 56.820028][ T3651] generic_perform_write+0x2e4/0x5e0
[ 56.825322][ T3651] ? __block_commit_write+0x420/0x420
[ 56.830695][ T3651] ? generic_file_direct_write+0x610/0x610
[ 56.836500][ T3651] ? __file_remove_privs+0x6c0/0x6c0
[ 56.841782][ T3651] ? generic_write_checks+0x15c/0x1c0
[ 56.847162][ T3651] __generic_file_write_iter+0x176/0x400
[ 56.852805][ T3651] generic_file_write_iter+0xab/0x310
[ 56.858177][ T3651] vfs_write+0x7dc/0xc50
[ 56.862431][ T3651] ? file_end_write+0x230/0x230
[ 56.867282][ T3651] ? ptrace_stop+0x74d/0x970
[ 56.871880][ T3651] ? _raw_spin_unlock_irq+0x2a/0x40
[ 56.877087][ T3651] ? __fdget_pos+0x252/0x2e0
[ 56.881681][ T3651] ksys_write+0x177/0x2a0
[ 56.886012][ T3651] ? __ia32_sys_read+0x80/0x80
[ 56.890773][ T3651] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 56.896753][ T3651] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 56.902731][ T3651] do_syscall_64+0x3d/0xb0
[ 56.907146][ T3651] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 56.913035][ T3651] RIP: 0033:0x7f0fa5191c89
[ 56.917446][ T3651] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 56.937047][ T3651] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 3651] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3651] exit_group(0) = ?
[pid 3651] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3651, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./10/binderfs") = 0
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./10/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./10") = 0
mkdir("./11", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3652
./strace-static-x86_64: Process 3652 attached
[pid 3652] chdir("./11") = 0
[pid 3652] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3652] setpgid(0, 0) = 0
[pid 3652] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3652] write(3, "1000", 4) = 4
[pid 3652] close(3) = 0
[ 56.945455][ T3651] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 56.953420][ T3651] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 56.961386][ T3651] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 56.969368][ T3651] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 56.977330][ T3651] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000000a
[ 56.985310][ T3651]
[pid 3652] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3652] memfd_create("syzkaller", 0) = 3
[pid 3652] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3652] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3652] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3652] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3652] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3652] close(3) = 0
[pid 3652] mkdir("./file0", 0777) = 0
[pid 3652] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3652] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3652] chdir("./file0") = 0
[pid 3652] ioctl(4, LOOP_CLR_FD) = 0
[pid 3652] close(4) = 0
[pid 3652] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3652] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3652] write(5, "13", 2) = 2
[ 57.039460][ T3652] loop0: detected capacity change from 0 to 64
[ 57.068078][ T3652] FAULT_INJECTION: forcing a failure.
[ 57.068078][ T3652] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 57.081415][ T3652] CPU: 1 PID: 3652 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 57.091837][ T3652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 57.101882][ T3652] Call Trace:
[ 57.105169][ T3652]
[ 57.108113][ T3652] dump_stack_lvl+0x1b1/0x28e
[ 57.112799][ T3652] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 57.118259][ T3652] ? panic+0x710/0x710
[ 57.122344][ T3652] ? do_anonymous_page+0xd4a/0x1150
[ 57.127554][ T3652] ? mark_lock+0x9a/0x350
[ 57.131876][ T3652] should_fail_ex+0x395/0x4c0
[ 57.136566][ T3652] prepare_alloc_pages+0x1d7/0x5a0
[ 57.141706][ T3652] __alloc_pages+0x161/0x560
[ 57.146303][ T3652] ? zone_statistics+0x160/0x160
[ 57.151262][ T3652] ? rcu_lock_release+0x5/0x20
[ 57.156040][ T3652] ? alloc_pages+0x520/0x7b0
[ 57.160625][ T3652] ? xas_descend+0x1f3/0x400
[ 57.165221][ T3652] folio_alloc+0x1a/0x50
[ 57.169489][ T3652] filemap_alloc_folio+0x7e/0x1c0
[ 57.174530][ T3652] __filemap_get_folio+0x898/0x1260
[ 57.179743][ T3652] ? page_cache_prev_miss+0x4e0/0x4e0
[ 57.185129][ T3652] ? lockdep_hardirqs_on_prepare+0x428/0x790
[ 57.191122][ T3652] ? print_irqtrace_events+0x220/0x220
[ 57.196575][ T3652] pagecache_get_page+0x28/0x260
[ 57.201514][ T3652] ? hfs_free_extents+0x420/0x420
[ 57.206532][ T3652] block_write_begin+0x2e/0x1e0
[ 57.211388][ T3652] ? cont_write_begin+0x5e5/0x860
[ 57.216424][ T3652] ? hfs_free_extents+0x420/0x420
[ 57.221440][ T3652] cont_write_begin+0x606/0x860
[ 57.226378][ T3652] ? fault_in_readable+0x1d5/0x310
[ 57.231484][ T3652] ? generic_cont_expand_simple+0x250/0x250
[ 57.237368][ T3652] ? fault_in_readable+0x219/0x310
[ 57.242498][ T3652] ? fault_in_safe_writeable+0x240/0x240
[ 57.248128][ T3652] hfs_write_begin+0x86/0xd0
[ 57.252706][ T3652] ? hfs_free_extents+0x420/0x420
[ 57.257720][ T3652] generic_perform_write+0x2e4/0x5e0
[ 57.263003][ T3652] ? __block_commit_write+0x420/0x420
[ 57.268386][ T3652] ? generic_file_direct_write+0x610/0x610
[ 57.274191][ T3652] ? __file_remove_privs+0x6c0/0x6c0
[ 57.279493][ T3652] ? generic_write_checks+0x15c/0x1c0
[ 57.284893][ T3652] __generic_file_write_iter+0x176/0x400
[ 57.290531][ T3652] generic_file_write_iter+0xab/0x310
[ 57.295933][ T3652] vfs_write+0x7dc/0xc50
[ 57.300185][ T3652] ? file_end_write+0x230/0x230
[ 57.305048][ T3652] ? ptrace_stop+0x74d/0x970
[ 57.309661][ T3652] ? _raw_spin_unlock_irq+0x2a/0x40
[ 57.314859][ T3652] ? __fdget_pos+0x252/0x2e0
[ 57.319465][ T3652] ksys_write+0x177/0x2a0
[ 57.323800][ T3652] ? __ia32_sys_read+0x80/0x80
[ 57.328582][ T3652] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 57.334583][ T3652] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 57.340560][ T3652] do_syscall_64+0x3d/0xb0
[ 57.344974][ T3652] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 57.350867][ T3652] RIP: 0033:0x7f0fa5191c89
[ 57.355299][ T3652] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 57.374901][ T3652] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 57.383308][ T3652] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[pid 3652] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3652] exit_group(0) = ?
[pid 3652] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3652, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./11/binderfs") = 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./11/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./11") = 0
mkdir("./12", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3653
./strace-static-x86_64: Process 3653 attached
[pid 3653] chdir("./12") = 0
[pid 3653] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3653] setpgid(0, 0) = 0
[pid 3653] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3653] write(3, "1000", 4) = 4
[pid 3653] close(3) = 0
[pid 3653] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3653] memfd_create("syzkaller", 0) = 3
[pid 3653] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[ 57.391270][ T3652] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 57.399247][ T3652] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 57.407230][ T3652] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 57.415200][ T3652] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000000b
[ 57.423197][ T3652]
[pid 3653] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3653] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3653] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3653] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3653] close(3) = 0
[pid 3653] mkdir("./file0", 0777) = 0
[pid 3653] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3653] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3653] chdir("./file0") = 0
[pid 3653] ioctl(4, LOOP_CLR_FD) = 0
[pid 3653] close(4) = 0
[pid 3653] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3653] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3653] write(5, "13", 2) = 2
[ 57.475701][ T3653] loop0: detected capacity change from 0 to 64
[ 57.505884][ T3653] FAULT_INJECTION: forcing a failure.
[ 57.505884][ T3653] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 57.519371][ T3653] CPU: 1 PID: 3653 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 57.529805][ T3653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 57.539872][ T3653] Call Trace:
[ 57.543154][ T3653]
[ 57.546091][ T3653] dump_stack_lvl+0x1b1/0x28e
[ 57.550780][ T3653] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 57.556241][ T3653] ? panic+0x710/0x710
[ 57.560312][ T3653] ? do_anonymous_page+0xd4a/0x1150
[ 57.565516][ T3653] ? mark_lock+0x9a/0x350
[ 57.569857][ T3653] should_fail_ex+0x395/0x4c0
[ 57.574554][ T3653] prepare_alloc_pages+0x1d7/0x5a0
[ 57.579678][ T3653] __alloc_pages+0x161/0x560
[ 57.584270][ T3653] ? zone_statistics+0x160/0x160
[ 57.589213][ T3653] ? rcu_lock_release+0x5/0x20
[ 57.594067][ T3653] ? alloc_pages+0x520/0x7b0
[ 57.598652][ T3653] ? xas_descend+0x1f3/0x400
[ 57.603247][ T3653] folio_alloc+0x1a/0x50
[ 57.607483][ T3653] filemap_alloc_folio+0x7e/0x1c0
[ 57.612509][ T3653] __filemap_get_folio+0x898/0x1260
[ 57.617711][ T3653] ? page_cache_prev_miss+0x4e0/0x4e0
[ 57.623082][ T3653] ? lockdep_hardirqs_on_prepare+0x428/0x790
[ 57.629064][ T3653] ? print_irqtrace_events+0x220/0x220
[ 57.634523][ T3653] pagecache_get_page+0x28/0x260
[ 57.639461][ T3653] ? hfs_free_extents+0x420/0x420
[ 57.644482][ T3653] block_write_begin+0x2e/0x1e0
[ 57.649358][ T3653] ? cont_write_begin+0x5e5/0x860
[ 57.654382][ T3653] ? hfs_free_extents+0x420/0x420
[ 57.659406][ T3653] cont_write_begin+0x606/0x860
[ 57.664262][ T3653] ? fault_in_readable+0x1d5/0x310
[ 57.669379][ T3653] ? generic_cont_expand_simple+0x250/0x250
[ 57.675269][ T3653] ? fault_in_readable+0x219/0x310
[ 57.680381][ T3653] ? fault_in_safe_writeable+0x240/0x240
[ 57.686110][ T3653] hfs_write_begin+0x86/0xd0
[ 57.690694][ T3653] ? hfs_free_extents+0x420/0x420
[ 57.695717][ T3653] generic_perform_write+0x2e4/0x5e0
[ 57.701009][ T3653] ? __block_commit_write+0x420/0x420
[ 57.706387][ T3653] ? generic_file_direct_write+0x610/0x610
[ 57.712191][ T3653] ? __file_remove_privs+0x6c0/0x6c0
[ 57.717909][ T3653] ? generic_write_checks+0x15c/0x1c0
[ 57.723293][ T3653] __generic_file_write_iter+0x176/0x400
[ 57.728932][ T3653] generic_file_write_iter+0xab/0x310
[ 57.734303][ T3653] vfs_write+0x7dc/0xc50
[ 57.738557][ T3653] ? file_end_write+0x230/0x230
[ 57.743404][ T3653] ? ptrace_stop+0x74d/0x970
[ 57.748000][ T3653] ? _raw_spin_unlock_irq+0x2a/0x40
[ 57.753204][ T3653] ? __fdget_pos+0x252/0x2e0
[ 57.757798][ T3653] ksys_write+0x177/0x2a0
[ 57.762133][ T3653] ? __ia32_sys_read+0x80/0x80
[ 57.766897][ T3653] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 57.772963][ T3653] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 57.778939][ T3653] do_syscall_64+0x3d/0xb0
[ 57.783352][ T3653] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 57.789241][ T3653] RIP: 0033:0x7f0fa5191c89
[ 57.793652][ T3653] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 57.813252][ T3653] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 3653] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3653] exit_group(0) = ?
[pid 3653] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3653, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./12/binderfs") = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./12/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./12") = 0
mkdir("./13", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3654
./strace-static-x86_64: Process 3654 attached
[pid 3654] chdir("./13") = 0
[pid 3654] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3654] setpgid(0, 0) = 0
[pid 3654] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3654] write(3, "1000", 4) = 4
[pid 3654] close(3) = 0
[pid 3654] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3654] memfd_create("syzkaller", 0) = 3
[pid 3654] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[ 57.821660][ T3653] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 57.829625][ T3653] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 57.837587][ T3653] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 57.845558][ T3653] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 57.853521][ T3653] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000000c
[ 57.861509][ T3653]
[pid 3654] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3654] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3654] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3654] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3654] close(3) = 0
[pid 3654] mkdir("./file0", 0777) = 0
[pid 3654] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3654] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3654] chdir("./file0") = 0
[pid 3654] ioctl(4, LOOP_CLR_FD) = 0
[pid 3654] close(4) = 0
[pid 3654] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3654] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3654] write(5, "13", 2) = 2
[ 57.914602][ T3654] loop0: detected capacity change from 0 to 64
[ 57.947739][ T3654] FAULT_INJECTION: forcing a failure.
[ 57.947739][ T3654] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 57.961374][ T3654] CPU: 0 PID: 3654 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 57.971802][ T3654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 57.981857][ T3654] Call Trace:
[ 57.985223][ T3654]
[ 57.988143][ T3654] dump_stack_lvl+0x1b1/0x28e
[ 57.992826][ T3654] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 57.998298][ T3654] ? panic+0x710/0x710
[ 58.002373][ T3654] ? do_anonymous_page+0xd4a/0x1150
[ 58.007582][ T3654] ? mark_lock+0x9a/0x350
[ 58.011964][ T3654] should_fail_ex+0x395/0x4c0
[ 58.016639][ T3654] prepare_alloc_pages+0x1d7/0x5a0
[ 58.021757][ T3654] __alloc_pages+0x161/0x560
[ 58.026354][ T3654] ? zone_statistics+0x160/0x160
[ 58.031296][ T3654] ? rcu_lock_release+0x5/0x20
[ 58.036063][ T3654] ? alloc_pages+0x520/0x7b0
[ 58.040651][ T3654] ? xas_descend+0x1f3/0x400
[ 58.045243][ T3654] folio_alloc+0x1a/0x50
[ 58.049483][ T3654] filemap_alloc_folio+0x7e/0x1c0
[ 58.054508][ T3654] __filemap_get_folio+0x898/0x1260
[ 58.059709][ T3654] ? page_cache_prev_miss+0x4e0/0x4e0
[ 58.065081][ T3654] ? lockdep_hardirqs_on_prepare+0x428/0x790
[ 58.071060][ T3654] ? print_irqtrace_events+0x220/0x220
[ 58.076523][ T3654] pagecache_get_page+0x28/0x260
[ 58.081459][ T3654] ? hfs_free_extents+0x420/0x420
[ 58.086478][ T3654] block_write_begin+0x2e/0x1e0
[ 58.091327][ T3654] ? cont_write_begin+0x5e5/0x860
[ 58.096349][ T3654] ? hfs_free_extents+0x420/0x420
[ 58.101368][ T3654] cont_write_begin+0x606/0x860
[ 58.106226][ T3654] ? fault_in_readable+0x1d5/0x310
[ 58.111336][ T3654] ? generic_cont_expand_simple+0x250/0x250
[ 58.117225][ T3654] ? fault_in_readable+0x219/0x310
[ 58.122339][ T3654] ? fault_in_safe_writeable+0x240/0x240
[ 58.127974][ T3654] hfs_write_begin+0x86/0xd0
[ 58.132563][ T3654] ? hfs_free_extents+0x420/0x420
[ 58.137587][ T3654] generic_perform_write+0x2e4/0x5e0
[ 58.142875][ T3654] ? __block_commit_write+0x420/0x420
[ 58.148248][ T3654] ? generic_file_direct_write+0x610/0x610
[ 58.154050][ T3654] ? __file_remove_privs+0x6c0/0x6c0
[ 58.159334][ T3654] ? generic_write_checks+0x15c/0x1c0
[ 58.164730][ T3654] __generic_file_write_iter+0x176/0x400
[ 58.170376][ T3654] generic_file_write_iter+0xab/0x310
[ 58.175759][ T3654] vfs_write+0x7dc/0xc50
[ 58.180022][ T3654] ? file_end_write+0x230/0x230
[ 58.184879][ T3654] ? ptrace_stop+0x74d/0x970
[ 58.189501][ T3654] ? _raw_spin_unlock_irq+0x2a/0x40
[ 58.194711][ T3654] ? __fdget_pos+0x252/0x2e0
[ 58.199323][ T3654] ksys_write+0x177/0x2a0
[ 58.203681][ T3654] ? __ia32_sys_read+0x80/0x80
[ 58.208455][ T3654] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 58.214446][ T3654] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 58.220434][ T3654] do_syscall_64+0x3d/0xb0
[ 58.224852][ T3654] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 58.230745][ T3654] RIP: 0033:0x7f0fa5191c89
[ 58.235159][ T3654] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 58.254757][ T3654] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 3654] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3654] exit_group(0) = ?
[pid 3654] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3654, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./13/binderfs") = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./13/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./13") = 0
mkdir("./14", 0777) = 0
[ 58.263165][ T3654] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 58.271131][ T3654] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 58.279099][ T3654] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 58.287084][ T3654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 58.295058][ T3654] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000000d
[ 58.303036][ T3654]
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3655 attached
[pid 3655] chdir("./14") = 0
[pid 3655] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3655] setpgid(0, 0) = 0
[pid 3638] <... clone resumed>, child_tidptr=0x555555b7f5d0) = 3655
[pid 3655] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3655] write(3, "1000", 4) = 4
[pid 3655] close(3) = 0
[pid 3655] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3655] memfd_create("syzkaller", 0) = 3
[pid 3655] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3655] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3655] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3655] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3655] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3655] close(3) = 0
[pid 3655] mkdir("./file0", 0777) = 0
[pid 3655] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3655] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3655] chdir("./file0") = 0
[pid 3655] ioctl(4, LOOP_CLR_FD) = 0
[pid 3655] close(4) = 0
[pid 3655] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3655] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3655] write(5, "13", 2) = 2
[ 58.364566][ T3655] loop0: detected capacity change from 0 to 64
[ 58.382596][ T3655] FAULT_INJECTION: forcing a failure.
[ 58.382596][ T3655] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 58.395698][ T3655] CPU: 0 PID: 3655 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 58.406164][ T3655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 58.416206][ T3655] Call Trace:
[ 58.419471][ T3655]
[ 58.422391][ T3655] dump_stack_lvl+0x1b1/0x28e
[ 58.427059][ T3655] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 58.432501][ T3655] ? panic+0x710/0x710
[ 58.436552][ T3655] ? hfs_free_extents+0x420/0x420
[ 58.441563][ T3655] ? PageHeadHuge+0x8a/0x1d0
[ 58.446144][ T3655] should_fail_ex+0x395/0x4c0
[ 58.450810][ T3655] copy_page_from_iter_atomic+0x217/0x1140
[ 58.456638][ T3655] ? generic_cont_expand_simple+0x250/0x250
[ 58.462544][ T3655] ? pipe_zero+0x200/0x200
[ 58.466966][ T3655] ? hfs_write_begin+0x86/0xd0
[ 58.471725][ T3655] ? hfs_free_extents+0x420/0x420
[ 58.476828][ T3655] ? hfs_write_begin+0x9e/0xd0
[ 58.481613][ T3655] generic_perform_write+0x35a/0x5e0
[ 58.486921][ T3655] ? __block_commit_write+0x420/0x420
[ 58.492304][ T3655] ? generic_file_direct_write+0x610/0x610
[ 58.498120][ T3655] ? __file_remove_privs+0x6c0/0x6c0
[ 58.503421][ T3655] ? generic_write_checks+0x15c/0x1c0
[ 58.508811][ T3655] __generic_file_write_iter+0x176/0x400
[ 58.514464][ T3655] generic_file_write_iter+0xab/0x310
[ 58.519846][ T3655] vfs_write+0x7dc/0xc50
[ 58.524101][ T3655] ? file_end_write+0x230/0x230
[ 58.528956][ T3655] ? ptrace_stop+0x74d/0x970
[ 58.533559][ T3655] ? _raw_spin_unlock_irq+0x2a/0x40
[ 58.538771][ T3655] ? __fdget_pos+0x252/0x2e0
[ 58.543403][ T3655] ksys_write+0x177/0x2a0
[ 58.547745][ T3655] ? __ia32_sys_read+0x80/0x80
[ 58.552511][ T3655] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 58.558498][ T3655] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 58.564584][ T3655] do_syscall_64+0x3d/0xb0
[ 58.568997][ T3655] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 58.574887][ T3655] RIP: 0033:0x7f0fa5191c89
[ 58.579297][ T3655] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 58.598898][ T3655] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 58.607307][ T3655] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[pid 3655] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 3655] exit_group(0) = ?
[pid 3655] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3655, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./14/binderfs") = 0
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./14/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./14") = 0
mkdir("./15", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3656
./strace-static-x86_64: Process 3656 attached
[pid 3656] chdir("./15") = 0
[pid 3656] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3656] setpgid(0, 0) = 0
[pid 3656] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3656] write(3, "1000", 4) = 4
[pid 3656] close(3) = 0
[pid 3656] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3656] memfd_create("syzkaller", 0) = 3
[pid 3656] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3656] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3656] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3656] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 58.615274][ T3655] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 58.623238][ T3655] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 58.631207][ T3655] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 58.639186][ T3655] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000000e
[ 58.647176][ T3655]
[pid 3656] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3656] close(3) = 0
[pid 3656] mkdir("./file0", 0777) = 0
[pid 3656] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3656] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3656] chdir("./file0") = 0
[pid 3656] ioctl(4, LOOP_CLR_FD) = 0
[pid 3656] close(4) = 0
[pid 3656] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3656] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3656] write(5, "13", 2) = 2
[ 58.689481][ T3656] loop0: detected capacity change from 0 to 64
[ 58.728907][ T3656] FAULT_INJECTION: forcing a failure.
[ 58.728907][ T3656] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 58.742684][ T3656] CPU: 0 PID: 3656 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 58.753095][ T3656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 58.763151][ T3656] Call Trace:
[ 58.766436][ T3656]
[ 58.769361][ T3656] dump_stack_lvl+0x1b1/0x28e
[ 58.774044][ T3656] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 58.779518][ T3656] ? panic+0x710/0x710
[ 58.783598][ T3656] ? do_anonymous_page+0xd4a/0x1150
[ 58.788806][ T3656] ? mark_lock+0x9a/0x350
[ 58.793128][ T3656] should_fail_ex+0x395/0x4c0
[ 58.797798][ T3656] prepare_alloc_pages+0x1d7/0x5a0
[ 58.802923][ T3656] __alloc_pages+0x161/0x560
[ 58.807526][ T3656] ? zone_statistics+0x160/0x160
[ 58.812470][ T3656] ? rcu_lock_release+0x5/0x20
[ 58.817240][ T3656] ? alloc_pages+0x520/0x7b0
[ 58.821937][ T3656] ? xas_descend+0x1f3/0x400
[ 58.826531][ T3656] folio_alloc+0x1a/0x50
[ 58.830777][ T3656] filemap_alloc_folio+0x7e/0x1c0
[ 58.835791][ T3656] __filemap_get_folio+0x898/0x1260
[ 58.840982][ T3656] ? page_cache_prev_miss+0x4e0/0x4e0
[ 58.846344][ T3656] ? lockdep_hardirqs_on_prepare+0x428/0x790
[ 58.852324][ T3656] ? print_irqtrace_events+0x220/0x220
[ 58.857796][ T3656] pagecache_get_page+0x28/0x260
[ 58.862753][ T3656] ? hfs_free_extents+0x420/0x420
[ 58.867779][ T3656] block_write_begin+0x2e/0x1e0
[ 58.872643][ T3656] ? cont_write_begin+0x5e5/0x860
[ 58.877669][ T3656] ? hfs_free_extents+0x420/0x420
[ 58.882700][ T3656] cont_write_begin+0x606/0x860
[ 58.887547][ T3656] ? fault_in_readable+0x1d5/0x310
[ 58.892663][ T3656] ? generic_cont_expand_simple+0x250/0x250
[ 58.898566][ T3656] ? fault_in_readable+0x219/0x310
[ 58.903680][ T3656] ? fault_in_safe_writeable+0x240/0x240
[ 58.909344][ T3656] hfs_write_begin+0x86/0xd0
[ 58.913938][ T3656] ? hfs_free_extents+0x420/0x420
[ 58.918964][ T3656] generic_perform_write+0x2e4/0x5e0
[ 58.924267][ T3656] ? __block_commit_write+0x420/0x420
[ 58.929649][ T3656] ? generic_file_direct_write+0x610/0x610
[ 58.935467][ T3656] ? __file_remove_privs+0x6c0/0x6c0
[ 58.940761][ T3656] ? generic_write_checks+0x15c/0x1c0
[ 58.946144][ T3656] __generic_file_write_iter+0x176/0x400
[ 58.951771][ T3656] generic_file_write_iter+0xab/0x310
[ 58.957150][ T3656] vfs_write+0x7dc/0xc50
[ 58.961390][ T3656] ? file_end_write+0x230/0x230
[ 58.966232][ T3656] ? ptrace_stop+0x74d/0x970
[ 58.970822][ T3656] ? _raw_spin_unlock_irq+0x2a/0x40
[ 58.976027][ T3656] ? __fdget_pos+0x252/0x2e0
[ 58.980607][ T3656] ksys_write+0x177/0x2a0
[ 58.984939][ T3656] ? __ia32_sys_read+0x80/0x80
[ 58.989718][ T3656] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 58.995697][ T3656] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 59.001686][ T3656] do_syscall_64+0x3d/0xb0
[ 59.006152][ T3656] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 59.012062][ T3656] RIP: 0033:0x7f0fa5191c89
[ 59.016471][ T3656] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid 3656] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3656] exit_group(0) = ?
[pid 3656] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3656, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./15/binderfs") = 0
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./15/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./15") = 0
mkdir("./16", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 59.036073][ T3656] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 59.044484][ T3656] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 59.052512][ T3656] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 59.060475][ T3656] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 59.068433][ T3656] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 59.076403][ T3656] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000000f
[ 59.084408][ T3656]
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3657
./strace-static-x86_64: Process 3657 attached
[pid 3657] chdir("./16") = 0
[pid 3657] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3657] setpgid(0, 0) = 0
[pid 3657] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3657] write(3, "1000", 4) = 4
[pid 3657] close(3) = 0
[pid 3657] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3657] memfd_create("syzkaller", 0) = 3
[pid 3657] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3657] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3657] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3657] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3657] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3657] close(3) = 0
[pid 3657] mkdir("./file0", 0777) = 0
[pid 3657] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3657] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3657] chdir("./file0") = 0
[pid 3657] ioctl(4, LOOP_CLR_FD) = 0
[pid 3657] close(4) = 0
[pid 3657] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3657] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3657] write(5, "13", 2) = 2
[ 59.142072][ T3657] loop0: detected capacity change from 0 to 64
[ 59.164534][ T3657] FAULT_INJECTION: forcing a failure.
[ 59.164534][ T3657] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 59.177710][ T3657] CPU: 1 PID: 3657 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 59.188228][ T3657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 59.198301][ T3657] Call Trace:
[ 59.201591][ T3657]
[ 59.204522][ T3657] dump_stack_lvl+0x1b1/0x28e
[ 59.209219][ T3657] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 59.214673][ T3657] ? panic+0x710/0x710
[ 59.218736][ T3657] ? hfs_free_extents+0x420/0x420
[ 59.223758][ T3657] ? PageHeadHuge+0x8a/0x1d0
[ 59.228354][ T3657] should_fail_ex+0x395/0x4c0
[ 59.233071][ T3657] copy_page_from_iter_atomic+0x217/0x1140
[ 59.238905][ T3657] ? generic_cont_expand_simple+0x250/0x250
[ 59.244808][ T3657] ? pipe_zero+0x200/0x200
[ 59.249330][ T3657] ? hfs_write_begin+0x86/0xd0
[ 59.254090][ T3657] ? hfs_free_extents+0x420/0x420
[ 59.259107][ T3657] ? hfs_write_begin+0x9e/0xd0
[ 59.263870][ T3657] generic_perform_write+0x35a/0x5e0
[ 59.269162][ T3657] ? __block_commit_write+0x420/0x420
[ 59.274534][ T3657] ? generic_file_direct_write+0x610/0x610
[ 59.280339][ T3657] ? __file_remove_privs+0x6c0/0x6c0
[ 59.285623][ T3657] ? generic_write_checks+0x15c/0x1c0
[ 59.291024][ T3657] __generic_file_write_iter+0x176/0x400
[ 59.296657][ T3657] generic_file_write_iter+0xab/0x310
[ 59.302050][ T3657] vfs_write+0x7dc/0xc50
[ 59.306304][ T3657] ? file_end_write+0x230/0x230
[ 59.311172][ T3657] ? ptrace_stop+0x74d/0x970
[ 59.315770][ T3657] ? _raw_spin_unlock_irq+0x2a/0x40
[ 59.320971][ T3657] ? __fdget_pos+0x252/0x2e0
[ 59.325564][ T3657] ksys_write+0x177/0x2a0
[ 59.329895][ T3657] ? __ia32_sys_read+0x80/0x80
[ 59.334659][ T3657] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 59.340638][ T3657] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 59.346704][ T3657] do_syscall_64+0x3d/0xb0
[ 59.351117][ T3657] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 59.357016][ T3657] RIP: 0033:0x7f0fa5191c89
[ 59.361442][ T3657] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 59.381139][ T3657] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 3657] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 3657] exit_group(0) = ?
[pid 3657] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3657, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./16/binderfs") = 0
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./16/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./16") = 0
mkdir("./17", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3658
./strace-static-x86_64: Process 3658 attached
[ 59.389556][ T3657] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 59.397534][ T3657] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 59.405511][ T3657] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 59.413479][ T3657] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 59.421444][ T3657] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000010
[ 59.429428][ T3657]
[pid 3658] chdir("./17") = 0
[pid 3658] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3658] setpgid(0, 0) = 0
[pid 3658] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3658] write(3, "1000", 4) = 4
[pid 3658] close(3) = 0
[pid 3658] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3658] memfd_create("syzkaller", 0) = 3
[pid 3658] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3658] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3658] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3658] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3658] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3658] close(3) = 0
[pid 3658] mkdir("./file0", 0777) = 0
[pid 3658] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3658] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3658] chdir("./file0") = 0
[pid 3658] ioctl(4, LOOP_CLR_FD) = 0
[pid 3658] close(4) = 0
[pid 3658] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3658] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3658] write(5, "13", 2) = 2
[ 59.490685][ T3658] loop0: detected capacity change from 0 to 64
[ 59.523310][ T3658] FAULT_INJECTION: forcing a failure.
[ 59.523310][ T3658] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 59.536452][ T3658] CPU: 0 PID: 3658 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 59.546882][ T3658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 59.556942][ T3658] Call Trace:
[ 59.560212][ T3658]
[ 59.563136][ T3658] dump_stack_lvl+0x1b1/0x28e
[ 59.567808][ T3658] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 59.573347][ T3658] ? panic+0x710/0x710
[ 59.577406][ T3658] ? hfs_free_extents+0x420/0x420
[ 59.582423][ T3658] ? PageHeadHuge+0x8a/0x1d0
[ 59.587027][ T3658] should_fail_ex+0x395/0x4c0
[ 59.591701][ T3658] copy_page_from_iter_atomic+0x217/0x1140
[ 59.597505][ T3658] ? generic_cont_expand_simple+0x250/0x250
[ 59.603403][ T3658] ? pipe_zero+0x200/0x200
[ 59.607840][ T3658] ? hfs_write_begin+0x86/0xd0
[ 59.612607][ T3658] ? hfs_free_extents+0x420/0x420
[ 59.617618][ T3658] ? hfs_write_begin+0x9e/0xd0
[ 59.622373][ T3658] generic_perform_write+0x35a/0x5e0
[ 59.627654][ T3658] ? __block_commit_write+0x420/0x420
[ 59.633019][ T3658] ? generic_file_direct_write+0x610/0x610
[ 59.638813][ T3658] ? __file_remove_privs+0x6c0/0x6c0
[ 59.644087][ T3658] ? generic_write_checks+0x15c/0x1c0
[ 59.649455][ T3658] __generic_file_write_iter+0x176/0x400
[ 59.655082][ T3658] generic_file_write_iter+0xab/0x310
[ 59.660444][ T3658] vfs_write+0x7dc/0xc50
[ 59.664683][ T3658] ? file_end_write+0x230/0x230
[ 59.669531][ T3658] ? ptrace_stop+0x74d/0x970
[ 59.674133][ T3658] ? _raw_spin_unlock_irq+0x2a/0x40
[ 59.679338][ T3658] ? __fdget_pos+0x252/0x2e0
[ 59.683938][ T3658] ksys_write+0x177/0x2a0
[ 59.688261][ T3658] ? __ia32_sys_read+0x80/0x80
[ 59.693026][ T3658] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 59.699012][ T3658] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 59.704988][ T3658] do_syscall_64+0x3d/0xb0
[ 59.709409][ T3658] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 59.715306][ T3658] RIP: 0033:0x7f0fa5191c89
[ 59.719726][ T3658] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid 3658] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 3658] exit_group(0) = ?
[pid 3658] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3658, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./17/binderfs") = 0
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./17/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./17") = 0
mkdir("./18", 0777) = 0
[ 59.739409][ T3658] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 59.747823][ T3658] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 59.755800][ T3658] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 59.763761][ T3658] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 59.771721][ T3658] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 59.779697][ T3658] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000011
[ 59.787698][ T3658]
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3659
./strace-static-x86_64: Process 3659 attached
[pid 3659] chdir("./18") = 0
[pid 3659] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3659] setpgid(0, 0) = 0
[pid 3659] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3659] write(3, "1000", 4) = 4
[pid 3659] close(3) = 0
[pid 3659] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3659] memfd_create("syzkaller", 0) = 3
[pid 3659] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3659] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3659] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3659] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3659] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3659] close(3) = 0
[pid 3659] mkdir("./file0", 0777) = 0
[pid 3659] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3659] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3659] chdir("./file0") = 0
[pid 3659] ioctl(4, LOOP_CLR_FD) = 0
[pid 3659] close(4) = 0
[pid 3659] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3659] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3659] write(5, "13", 2) = 2
[ 59.844137][ T3659] loop0: detected capacity change from 0 to 64
[ 59.874713][ T3659] FAULT_INJECTION: forcing a failure.
[ 59.874713][ T3659] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 59.888193][ T3659] CPU: 0 PID: 3659 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 59.898792][ T3659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 59.908841][ T3659] Call Trace:
[ 59.912116][ T3659]
[ 59.915045][ T3659] dump_stack_lvl+0x1b1/0x28e
[ 59.919724][ T3659] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 59.925176][ T3659] ? panic+0x710/0x710
[ 59.929240][ T3659] ? do_anonymous_page+0xd4a/0x1150
[ 59.934444][ T3659] ? mark_lock+0x9a/0x350
[ 59.938773][ T3659] should_fail_ex+0x395/0x4c0
[ 59.943465][ T3659] prepare_alloc_pages+0x1d7/0x5a0
[ 59.948584][ T3659] __alloc_pages+0x161/0x560
[ 59.953176][ T3659] ? zone_statistics+0x160/0x160
[ 59.958129][ T3659] ? rcu_lock_release+0x5/0x20
[ 59.962890][ T3659] ? alloc_pages+0x520/0x7b0
[ 59.967482][ T3659] ? xas_descend+0x1f3/0x400
[ 59.972072][ T3659] folio_alloc+0x1a/0x50
[ 59.976312][ T3659] filemap_alloc_folio+0x7e/0x1c0
[ 59.981335][ T3659] __filemap_get_folio+0x898/0x1260
[ 59.986545][ T3659] ? page_cache_prev_miss+0x4e0/0x4e0
[ 59.991923][ T3659] ? lockdep_hardirqs_on_prepare+0x428/0x790
[ 59.997900][ T3659] ? print_irqtrace_events+0x220/0x220
[ 60.003361][ T3659] pagecache_get_page+0x28/0x260
[ 60.008295][ T3659] ? hfs_free_extents+0x420/0x420
[ 60.013338][ T3659] block_write_begin+0x2e/0x1e0
[ 60.018194][ T3659] ? cont_write_begin+0x5e5/0x860
[ 60.023220][ T3659] ? hfs_free_extents+0x420/0x420
[ 60.028242][ T3659] cont_write_begin+0x606/0x860
[ 60.033095][ T3659] ? fault_in_readable+0x1d5/0x310
[ 60.038208][ T3659] ? generic_cont_expand_simple+0x250/0x250
[ 60.044097][ T3659] ? fault_in_readable+0x219/0x310
[ 60.049208][ T3659] ? fault_in_safe_writeable+0x240/0x240
[ 60.054847][ T3659] hfs_write_begin+0x86/0xd0
[ 60.059431][ T3659] ? hfs_free_extents+0x420/0x420
[ 60.064455][ T3659] generic_perform_write+0x2e4/0x5e0
[ 60.069745][ T3659] ? __block_commit_write+0x420/0x420
[ 60.075121][ T3659] ? generic_file_direct_write+0x610/0x610
[ 60.080924][ T3659] ? __file_remove_privs+0x6c0/0x6c0
[ 60.086210][ T3659] ? generic_write_checks+0x15c/0x1c0
[ 60.091585][ T3659] __generic_file_write_iter+0x176/0x400
[ 60.097222][ T3659] generic_file_write_iter+0xab/0x310
[ 60.102592][ T3659] vfs_write+0x7dc/0xc50
[ 60.106840][ T3659] ? file_end_write+0x230/0x230
[ 60.111688][ T3659] ? ptrace_stop+0x74d/0x970
[ 60.116284][ T3659] ? _raw_spin_unlock_irq+0x2a/0x40
[ 60.121491][ T3659] ? __fdget_pos+0x252/0x2e0
[ 60.126083][ T3659] ksys_write+0x177/0x2a0
[ 60.130414][ T3659] ? __ia32_sys_read+0x80/0x80
[ 60.135175][ T3659] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 60.141153][ T3659] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 60.147131][ T3659] do_syscall_64+0x3d/0xb0
[ 60.151544][ T3659] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 60.157431][ T3659] RIP: 0033:0x7f0fa5191c89
[ 60.161845][ T3659] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 60.181442][ T3659] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 3659] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3659] exit_group(0) = ?
[pid 3659] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3659, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./18/binderfs") = 0
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./18/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./18") = 0
mkdir("./19", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3660
./strace-static-x86_64: Process 3660 attached
[pid 3660] chdir("./19") = 0
[pid 3660] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3660] setpgid(0, 0) = 0
[pid 3660] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3660] write(3, "1000", 4) = 4
[pid 3660] close(3) = 0
[pid 3660] symlink("/dev/binderfs", "./binderfs") = 0
[ 60.189855][ T3659] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 60.197818][ T3659] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 60.205785][ T3659] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 60.213750][ T3659] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 60.221737][ T3659] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000012
[ 60.229717][ T3659]
[pid 3660] memfd_create("syzkaller", 0) = 3
[pid 3660] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3660] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3660] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3660] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3660] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3660] close(3) = 0
[pid 3660] mkdir("./file0", 0777) = 0
[pid 3660] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3660] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3660] chdir("./file0") = 0
[pid 3660] ioctl(4, LOOP_CLR_FD) = 0
[pid 3660] close(4) = 0
[pid 3660] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3660] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3660] write(5, "13", 2) = 2
[ 60.282233][ T3660] loop0: detected capacity change from 0 to 64
[ 60.313044][ T3660] FAULT_INJECTION: forcing a failure.
[ 60.313044][ T3660] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 60.326176][ T3660] CPU: 0 PID: 3660 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 60.336612][ T3660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 60.346665][ T3660] Call Trace:
[ 60.349965][ T3660]
[ 60.352889][ T3660] dump_stack_lvl+0x1b1/0x28e
[ 60.357573][ T3660] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 60.363022][ T3660] ? panic+0x710/0x710
[ 60.367077][ T3660] ? hfs_free_extents+0x420/0x420
[ 60.372094][ T3660] ? PageHeadHuge+0x8a/0x1d0
[ 60.376689][ T3660] should_fail_ex+0x395/0x4c0
[ 60.381375][ T3660] copy_page_from_iter_atomic+0x217/0x1140
[ 60.387183][ T3660] ? generic_cont_expand_simple+0x250/0x250
[ 60.393094][ T3660] ? pipe_zero+0x200/0x200
[ 60.397541][ T3660] ? hfs_write_begin+0x86/0xd0
[ 60.402298][ T3660] ? hfs_free_extents+0x420/0x420
[ 60.407316][ T3660] ? hfs_write_begin+0x9e/0xd0
[ 60.412075][ T3660] generic_perform_write+0x35a/0x5e0
[ 60.417359][ T3660] ? __block_commit_write+0x420/0x420
[ 60.422729][ T3660] ? generic_file_direct_write+0x610/0x610
[ 60.428579][ T3660] ? __file_remove_privs+0x6c0/0x6c0
[ 60.433858][ T3660] ? generic_write_checks+0x15c/0x1c0
[ 60.439232][ T3660] __generic_file_write_iter+0x176/0x400
[ 60.444861][ T3660] generic_file_write_iter+0xab/0x310
[ 60.450227][ T3660] vfs_write+0x7dc/0xc50
[ 60.454465][ T3660] ? file_end_write+0x230/0x230
[ 60.459310][ T3660] ? ptrace_stop+0x74d/0x970
[ 60.463915][ T3660] ? _raw_spin_unlock_irq+0x2a/0x40
[ 60.469117][ T3660] ? __fdget_pos+0x252/0x2e0
[ 60.473725][ T3660] ksys_write+0x177/0x2a0
[ 60.478050][ T3660] ? __ia32_sys_read+0x80/0x80
[ 60.482816][ T3660] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 60.488805][ T3660] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 60.494805][ T3660] do_syscall_64+0x3d/0xb0
[ 60.499226][ T3660] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 60.505125][ T3660] RIP: 0033:0x7f0fa5191c89
[ 60.509525][ T3660] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid 3660] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 3660] exit_group(0) = ?
[pid 3660] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3660, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./19/binderfs") = 0
umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./19/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./19") = 0
mkdir("./20", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 60.529125][ T3660] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 60.537530][ T3660] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 60.545498][ T3660] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 60.553461][ T3660] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 60.561420][ T3660] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 60.569387][ T3660] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000013
[ 60.577375][ T3660]
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3661 attached
[pid 3661] chdir("./20"
[pid 3638] <... clone resumed>, child_tidptr=0x555555b7f5d0) = 3661
[pid 3661] <... chdir resumed>) = 0
[pid 3661] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3661] setpgid(0, 0) = 0
[pid 3661] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3661] write(3, "1000", 4) = 4
[pid 3661] close(3) = 0
[pid 3661] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3661] memfd_create("syzkaller", 0) = 3
[pid 3661] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3661] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3661] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3661] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3661] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3661] close(3) = 0
[pid 3661] mkdir("./file0", 0777) = 0
[pid 3661] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3661] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3661] chdir("./file0") = 0
[pid 3661] ioctl(4, LOOP_CLR_FD) = 0
[pid 3661] close(4) = 0
[pid 3661] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3661] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3661] write(5, "13", 2) = 2
[ 60.633810][ T3661] loop0: detected capacity change from 0 to 64
[ 60.661455][ T3661] FAULT_INJECTION: forcing a failure.
[ 60.661455][ T3661] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 60.675012][ T3661] CPU: 0 PID: 3661 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 60.685428][ T3661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 60.695492][ T3661] Call Trace:
[ 60.698768][ T3661]
[ 60.701699][ T3661] dump_stack_lvl+0x1b1/0x28e
[ 60.706402][ T3661] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 60.711874][ T3661] ? panic+0x710/0x710
[ 60.715951][ T3661] ? do_anonymous_page+0xd4a/0x1150
[ 60.721161][ T3661] ? mark_lock+0x9a/0x350
[ 60.725503][ T3661] should_fail_ex+0x395/0x4c0
[ 60.730207][ T3661] prepare_alloc_pages+0x1d7/0x5a0
[ 60.735332][ T3661] __alloc_pages+0x161/0x560
[ 60.739927][ T3661] ? zone_statistics+0x160/0x160
[ 60.744871][ T3661] ? rcu_lock_release+0x5/0x20
[ 60.749632][ T3661] ? alloc_pages+0x520/0x7b0
[ 60.754217][ T3661] ? xas_descend+0x1f3/0x400
[ 60.758813][ T3661] folio_alloc+0x1a/0x50
[ 60.763050][ T3661] filemap_alloc_folio+0x7e/0x1c0
[ 60.768073][ T3661] __filemap_get_folio+0x898/0x1260
[ 60.773277][ T3661] ? page_cache_prev_miss+0x4e0/0x4e0
[ 60.778648][ T3661] ? lockdep_hardirqs_on_prepare+0x428/0x790
[ 60.784625][ T3661] ? print_irqtrace_events+0x220/0x220
[ 60.790084][ T3661] pagecache_get_page+0x28/0x260
[ 60.795018][ T3661] ? hfs_free_extents+0x420/0x420
[ 60.800059][ T3661] block_write_begin+0x2e/0x1e0
[ 60.804907][ T3661] ? cont_write_begin+0x5e5/0x860
[ 60.809932][ T3661] ? hfs_free_extents+0x420/0x420
[ 60.814990][ T3661] cont_write_begin+0x606/0x860
[ 60.819846][ T3661] ? fault_in_readable+0x1d5/0x310
[ 60.824961][ T3661] ? generic_cont_expand_simple+0x250/0x250
[ 60.830857][ T3661] ? fault_in_readable+0x219/0x310
[ 60.835978][ T3661] ? fault_in_safe_writeable+0x240/0x240
[ 60.841616][ T3661] hfs_write_begin+0x86/0xd0
[ 60.846204][ T3661] ? hfs_free_extents+0x420/0x420
[ 60.851231][ T3661] generic_perform_write+0x2e4/0x5e0
[ 60.856522][ T3661] ? __block_commit_write+0x420/0x420
[ 60.861898][ T3661] ? generic_file_direct_write+0x610/0x610
[ 60.867702][ T3661] ? __file_remove_privs+0x6c0/0x6c0
[ 60.872987][ T3661] ? generic_write_checks+0x15c/0x1c0
[ 60.878368][ T3661] __generic_file_write_iter+0x176/0x400
[ 60.884005][ T3661] generic_file_write_iter+0xab/0x310
[ 60.889386][ T3661] vfs_write+0x7dc/0xc50
[ 60.893633][ T3661] ? file_end_write+0x230/0x230
[ 60.898479][ T3661] ? ptrace_stop+0x74d/0x970
[ 60.903078][ T3661] ? _raw_spin_unlock_irq+0x2a/0x40
[ 60.908279][ T3661] ? __fdget_pos+0x252/0x2e0
[ 60.912873][ T3661] ksys_write+0x177/0x2a0
[ 60.917201][ T3661] ? __ia32_sys_read+0x80/0x80
[ 60.921964][ T3661] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 60.927943][ T3661] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 60.933937][ T3661] do_syscall_64+0x3d/0xb0
[ 60.938348][ T3661] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 60.944237][ T3661] RIP: 0033:0x7f0fa5191c89
[ 60.948649][ T3661] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 60.968247][ T3661] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 60.976657][ T3661] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[pid 3661] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3661] exit_group(0) = ?
[pid 3661] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3661, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./20/binderfs") = 0
umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./20/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./20") = 0
mkdir("./21", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3662
./strace-static-x86_64: Process 3662 attached
[pid 3662] chdir("./21") = 0
[pid 3662] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3662] setpgid(0, 0) = 0
[pid 3662] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3662] write(3, "1000", 4) = 4
[ 60.984622][ T3661] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 60.992588][ T3661] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 61.000554][ T3661] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 61.008517][ T3661] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000014
[ 61.016500][ T3661]
[pid 3662] close(3) = 0
[pid 3662] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3662] memfd_create("syzkaller", 0) = 3
[pid 3662] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3662] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3662] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3662] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3662] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3662] close(3) = 0
[pid 3662] mkdir("./file0", 0777) = 0
[pid 3662] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3662] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3662] chdir("./file0") = 0
[pid 3662] ioctl(4, LOOP_CLR_FD) = 0
[pid 3662] close(4) = 0
[pid 3662] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3662] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3662] write(5, "13", 2) = 2
[ 61.078205][ T3662] loop0: detected capacity change from 0 to 64
[ 61.104166][ T3662] FAULT_INJECTION: forcing a failure.
[ 61.104166][ T3662] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 61.117707][ T3662] CPU: 1 PID: 3662 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 61.128141][ T3662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 61.138212][ T3662] Call Trace:
[ 61.141498][ T3662]
[ 61.144420][ T3662] dump_stack_lvl+0x1b1/0x28e
[ 61.149093][ T3662] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 61.154627][ T3662] ? panic+0x710/0x710
[ 61.158696][ T3662] ? do_anonymous_page+0xd4a/0x1150
[ 61.163898][ T3662] ? mark_lock+0x9a/0x350
[ 61.168223][ T3662] should_fail_ex+0x395/0x4c0
[ 61.172918][ T3662] prepare_alloc_pages+0x1d7/0x5a0
[ 61.178044][ T3662] __alloc_pages+0x161/0x560
[ 61.182643][ T3662] ? zone_statistics+0x160/0x160
[ 61.187604][ T3662] ? rcu_lock_release+0x5/0x20
[ 61.192369][ T3662] ? alloc_pages+0x520/0x7b0
[ 61.196962][ T3662] ? xas_descend+0x1f3/0x400
[ 61.201572][ T3662] folio_alloc+0x1a/0x50
[ 61.205809][ T3662] filemap_alloc_folio+0x7e/0x1c0
[ 61.210851][ T3662] __filemap_get_folio+0x898/0x1260
[ 61.216074][ T3662] ? page_cache_prev_miss+0x4e0/0x4e0
[ 61.221450][ T3662] ? lockdep_hardirqs_on_prepare+0x428/0x790
[ 61.227425][ T3662] ? print_irqtrace_events+0x220/0x220
[ 61.232885][ T3662] pagecache_get_page+0x28/0x260
[ 61.237816][ T3662] ? hfs_free_extents+0x420/0x420
[ 61.242837][ T3662] block_write_begin+0x2e/0x1e0
[ 61.247698][ T3662] ? cont_write_begin+0x5e5/0x860
[ 61.252724][ T3662] ? hfs_free_extents+0x420/0x420
[ 61.257754][ T3662] cont_write_begin+0x606/0x860
[ 61.262603][ T3662] ? fault_in_readable+0x1d5/0x310
[ 61.267723][ T3662] ? generic_cont_expand_simple+0x250/0x250
[ 61.273632][ T3662] ? fault_in_readable+0x219/0x310
[ 61.278754][ T3662] ? fault_in_safe_writeable+0x240/0x240
[ 61.284420][ T3662] hfs_write_begin+0x86/0xd0
[ 61.289009][ T3662] ? hfs_free_extents+0x420/0x420
[ 61.294036][ T3662] generic_perform_write+0x2e4/0x5e0
[ 61.299343][ T3662] ? __block_commit_write+0x420/0x420
[ 61.304737][ T3662] ? generic_file_direct_write+0x610/0x610
[ 61.310569][ T3662] ? __file_remove_privs+0x6c0/0x6c0
[ 61.315855][ T3662] ? generic_write_checks+0x15c/0x1c0
[ 61.321249][ T3662] __generic_file_write_iter+0x176/0x400
[ 61.326912][ T3662] generic_file_write_iter+0xab/0x310
[ 61.332311][ T3662] vfs_write+0x7dc/0xc50
[ 61.336583][ T3662] ? file_end_write+0x230/0x230
[ 61.341446][ T3662] ? ptrace_stop+0x74d/0x970
[ 61.346038][ T3662] ? _raw_spin_unlock_irq+0x2a/0x40
[ 61.351253][ T3662] ? __fdget_pos+0x252/0x2e0
[ 61.355848][ T3662] ksys_write+0x177/0x2a0
[ 61.360210][ T3662] ? __ia32_sys_read+0x80/0x80
[ 61.364997][ T3662] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 61.370977][ T3662] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 61.376971][ T3662] do_syscall_64+0x3d/0xb0
[ 61.381401][ T3662] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 61.387285][ T3662] RIP: 0033:0x7f0fa5191c89
[ 61.391690][ T3662] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 61.411292][ T3662] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 61.419696][ T3662] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[pid 3662] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3662] exit_group(0) = ?
[pid 3662] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3662, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./21/binderfs") = 0
umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./21/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./21") = 0
mkdir("./22", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3663
./strace-static-x86_64: Process 3663 attached
[pid 3663] chdir("./22") = 0
[pid 3663] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3663] setpgid(0, 0) = 0
[pid 3663] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3663] write(3, "1000", 4) = 4
[pid 3663] close(3) = 0
[pid 3663] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3663] memfd_create("syzkaller", 0) = 3
[ 61.427662][ T3662] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 61.435625][ T3662] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 61.443682][ T3662] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 61.451674][ T3662] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000015
[ 61.459661][ T3662]
[pid 3663] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3663] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3663] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3663] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3663] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3663] close(3) = 0
[pid 3663] mkdir("./file0", 0777) = 0
[pid 3663] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3663] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3663] chdir("./file0") = 0
[pid 3663] ioctl(4, LOOP_CLR_FD) = 0
[pid 3663] close(4) = 0
[pid 3663] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3663] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3663] write(5, "13", 2) = 2
[ 61.515879][ T3663] loop0: detected capacity change from 0 to 64
[ 61.536875][ T3663] FAULT_INJECTION: forcing a failure.
[ 61.536875][ T3663] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 61.550049][ T3663] CPU: 1 PID: 3663 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 61.560475][ T3663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 61.570518][ T3663] Call Trace:
[ 61.573787][ T3663]
[ 61.576707][ T3663] dump_stack_lvl+0x1b1/0x28e
[ 61.581374][ T3663] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 61.586818][ T3663] ? panic+0x710/0x710
[ 61.590876][ T3663] ? hfs_free_extents+0x420/0x420
[ 61.595886][ T3663] ? PageHeadHuge+0x8a/0x1d0
[ 61.600469][ T3663] should_fail_ex+0x395/0x4c0
[ 61.605150][ T3663] copy_page_from_iter_atomic+0x217/0x1140
[ 61.610971][ T3663] ? generic_cont_expand_simple+0x250/0x250
[ 61.616872][ T3663] ? pipe_zero+0x200/0x200
[ 61.621306][ T3663] ? hfs_write_begin+0x86/0xd0
[ 61.626064][ T3663] ? hfs_free_extents+0x420/0x420
[ 61.631081][ T3663] ? hfs_write_begin+0x9e/0xd0
[ 61.635844][ T3663] generic_perform_write+0x35a/0x5e0
[ 61.641135][ T3663] ? __block_commit_write+0x420/0x420
[ 61.646509][ T3663] ? generic_file_direct_write+0x610/0x610
[ 61.652312][ T3663] ? __file_remove_privs+0x6c0/0x6c0
[ 61.657597][ T3663] ? generic_write_checks+0x15c/0x1c0
[ 61.662979][ T3663] __generic_file_write_iter+0x176/0x400
[ 61.668643][ T3663] generic_file_write_iter+0xab/0x310
[ 61.674029][ T3663] vfs_write+0x7dc/0xc50
[ 61.678311][ T3663] ? file_end_write+0x230/0x230
[ 61.683185][ T3663] ? ptrace_stop+0x74d/0x970
[ 61.687796][ T3663] ? _raw_spin_unlock_irq+0x2a/0x40
[ 61.693004][ T3663] ? __fdget_pos+0x252/0x2e0
[ 61.697606][ T3663] ksys_write+0x177/0x2a0
[ 61.701948][ T3663] ? __ia32_sys_read+0x80/0x80
[ 61.706716][ T3663] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 61.712701][ T3663] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 61.718686][ T3663] do_syscall_64+0x3d/0xb0
[ 61.723106][ T3663] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 61.728994][ T3663] RIP: 0033:0x7f0fa5191c89
[ 61.733410][ T3663] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 61.753012][ T3663] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 3663] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 3663] exit_group(0) = ?
[pid 3663] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3663, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./22/binderfs") = 0
umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./22/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./22") = 0
mkdir("./23", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3664
./strace-static-x86_64: Process 3664 attached
[pid 3664] chdir("./23") = 0
[ 61.761426][ T3663] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 61.769415][ T3663] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 61.777398][ T3663] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 61.785384][ T3663] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 61.793361][ T3663] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000016
[ 61.802740][ T3663]
[pid 3664] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3664] setpgid(0, 0) = 0
[pid 3664] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3664] write(3, "1000", 4) = 4
[pid 3664] close(3) = 0
[pid 3664] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3664] memfd_create("syzkaller", 0) = 3
[pid 3664] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3664] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3664] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3664] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3664] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3664] close(3) = 0
[pid 3664] mkdir("./file0", 0777) = 0
[pid 3664] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3664] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3664] chdir("./file0") = 0
[pid 3664] ioctl(4, LOOP_CLR_FD) = 0
[pid 3664] close(4) = 0
[pid 3664] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3664] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3664] write(5, "13", 2) = 2
[ 61.859071][ T3664] loop0: detected capacity change from 0 to 64
[ 61.891840][ T3664] FAULT_INJECTION: forcing a failure.
[ 61.891840][ T3664] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 61.905229][ T3664] CPU: 0 PID: 3664 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 61.915660][ T3664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 61.925737][ T3664] Call Trace:
[ 61.929022][ T3664]
[ 61.931949][ T3664] dump_stack_lvl+0x1b1/0x28e
[ 61.936633][ T3664] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 61.942090][ T3664] ? panic+0x710/0x710
[ 61.946156][ T3664] ? hfs_free_extents+0x420/0x420
[ 61.951183][ T3664] ? PageHeadHuge+0x8a/0x1d0
[ 61.955775][ T3664] should_fail_ex+0x395/0x4c0
[ 61.960509][ T3664] copy_page_from_iter_atomic+0x217/0x1140
[ 61.966372][ T3664] ? generic_cont_expand_simple+0x250/0x250
[ 61.972297][ T3664] ? pipe_zero+0x200/0x200
[ 61.976730][ T3664] ? hfs_write_begin+0x86/0xd0
[ 61.981496][ T3664] ? hfs_free_extents+0x420/0x420
[ 61.986518][ T3664] ? hfs_write_begin+0x9e/0xd0
[ 61.991289][ T3664] generic_perform_write+0x35a/0x5e0
[ 61.996585][ T3664] ? __block_commit_write+0x420/0x420
[ 62.001959][ T3664] ? generic_file_direct_write+0x610/0x610
[ 62.007780][ T3664] ? __file_remove_privs+0x6c0/0x6c0
[ 62.013078][ T3664] ? generic_write_checks+0x15c/0x1c0
[ 62.018475][ T3664] __generic_file_write_iter+0x176/0x400
[ 62.024136][ T3664] generic_file_write_iter+0xab/0x310
[ 62.029541][ T3664] vfs_write+0x7dc/0xc50
[ 62.033810][ T3664] ? file_end_write+0x230/0x230
[ 62.038668][ T3664] ? ptrace_stop+0x74d/0x970
[ 62.043279][ T3664] ? _raw_spin_unlock_irq+0x2a/0x40
[ 62.048489][ T3664] ? __fdget_pos+0x252/0x2e0
[ 62.053087][ T3664] ksys_write+0x177/0x2a0
[ 62.057420][ T3664] ? __ia32_sys_read+0x80/0x80
[ 62.062186][ T3664] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 62.068169][ T3664] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 62.074149][ T3664] do_syscall_64+0x3d/0xb0
[ 62.078562][ T3664] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 62.084450][ T3664] RIP: 0033:0x7f0fa5191c89
[ 62.088860][ T3664] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid 3664] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 3664] exit_group(0) = ?
[pid 3664] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3664, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./23/binderfs") = 0
umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
[ 62.108461][ T3664] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 62.116872][ T3664] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 62.124838][ T3664] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 62.133010][ T3664] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 62.140976][ T3664] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 62.148958][ T3664] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000017
[ 62.156944][ T3664]
umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./23/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./23") = 0
mkdir("./24", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3665
./strace-static-x86_64: Process 3665 attached
[pid 3665] chdir("./24") = 0
[pid 3665] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3665] setpgid(0, 0) = 0
[pid 3665] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3665] write(3, "1000", 4) = 4
[pid 3665] close(3) = 0
[pid 3665] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3665] memfd_create("syzkaller", 0) = 3
[pid 3665] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3665] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3665] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3665] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3665] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3665] close(3) = 0
[pid 3665] mkdir("./file0", 0777) = 0
[pid 3665] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3665] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3665] chdir("./file0") = 0
[pid 3665] ioctl(4, LOOP_CLR_FD) = 0
[pid 3665] close(4) = 0
[pid 3665] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3665] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3665] write(5, "13", 2) = 2
[ 62.203562][ T3665] loop0: detected capacity change from 0 to 64
[ 62.212182][ T3640] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 62.244540][ T3665] FAULT_INJECTION: forcing a failure.
[ 62.244540][ T3665] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 62.257791][ T3665] CPU: 0 PID: 3665 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 62.268370][ T3665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 62.278412][ T3665] Call Trace:
[ 62.281693][ T3665]
[ 62.284613][ T3665] dump_stack_lvl+0x1b1/0x28e
[ 62.289282][ T3665] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 62.294726][ T3665] ? panic+0x710/0x710
[ 62.298780][ T3665] ? hfs_free_extents+0x420/0x420
[ 62.303792][ T3665] ? PageHeadHuge+0x8a/0x1d0
[ 62.308389][ T3665] should_fail_ex+0x395/0x4c0
[ 62.313067][ T3665] copy_page_from_iter_atomic+0x217/0x1140
[ 62.318892][ T3665] ? generic_cont_expand_simple+0x250/0x250
[ 62.324807][ T3665] ? pipe_zero+0x200/0x200
[ 62.329244][ T3665] ? hfs_write_begin+0x86/0xd0
[ 62.334036][ T3665] ? hfs_free_extents+0x420/0x420
[ 62.339063][ T3665] ? hfs_write_begin+0x9e/0xd0
[ 62.343834][ T3665] generic_perform_write+0x35a/0x5e0
[ 62.349137][ T3665] ? __block_commit_write+0x420/0x420
[ 62.354509][ T3665] ? generic_file_direct_write+0x610/0x610
[ 62.360312][ T3665] ? __file_remove_privs+0x6c0/0x6c0
[ 62.365604][ T3665] ? generic_write_checks+0x15c/0x1c0
[ 62.370982][ T3665] __generic_file_write_iter+0x176/0x400
[ 62.376621][ T3665] generic_file_write_iter+0xab/0x310
[ 62.381996][ T3665] vfs_write+0x7dc/0xc50
[ 62.386255][ T3665] ? file_end_write+0x230/0x230
[ 62.391108][ T3665] ? ptrace_stop+0x74d/0x970
[ 62.395722][ T3665] ? _raw_spin_unlock_irq+0x2a/0x40
[ 62.400928][ T3665] ? __fdget_pos+0x252/0x2e0
[ 62.405525][ T3665] ksys_write+0x177/0x2a0
[ 62.409856][ T3665] ? __ia32_sys_read+0x80/0x80
[ 62.414621][ T3665] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 62.420601][ T3665] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 62.426583][ T3665] do_syscall_64+0x3d/0xb0
[ 62.430997][ T3665] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 62.436912][ T3665] RIP: 0033:0x7f0fa5191c89
[ 62.441326][ T3665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 62.460931][ T3665] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 62.469342][ T3665] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 62.477308][ T3665] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 62.485273][ T3665] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid 3665] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 3665] exit_group(0) = ?
[pid 3665] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3665, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./24/binderfs") = 0
umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./24/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./24") = 0
mkdir("./25", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
[ 62.493255][ T3665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 62.501219][ T3665] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000018
[ 62.509202][ T3665]
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3666
./strace-static-x86_64: Process 3666 attached
[pid 3666] chdir("./25") = 0
[pid 3666] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3666] setpgid(0, 0) = 0
[pid 3666] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3666] write(3, "1000", 4) = 4
[pid 3666] close(3) = 0
[pid 3666] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3666] memfd_create("syzkaller", 0) = 3
[pid 3666] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3666] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3666] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3666] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3666] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3666] close(3) = 0
[pid 3666] mkdir("./file0", 0777) = 0
[pid 3666] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3666] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3666] chdir("./file0") = 0
[pid 3666] ioctl(4, LOOP_CLR_FD) = 0
[pid 3666] close(4) = 0
[pid 3666] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3666] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3666] write(5, "13", 2) = 2
[ 62.542825][ T3666] loop0: detected capacity change from 0 to 64
[ 62.564845][ T3666] FAULT_INJECTION: forcing a failure.
[ 62.564845][ T3666] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 62.578243][ T3666] CPU: 1 PID: 3666 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 62.588680][ T3666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 62.598733][ T3666] Call Trace:
[ 62.602004][ T3666]
[ 62.604926][ T3666] dump_stack_lvl+0x1b1/0x28e
[ 62.609611][ T3666] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 62.615076][ T3666] ? panic+0x710/0x710
[ 62.619162][ T3666] ? do_anonymous_page+0xd4a/0x1150
[ 62.624362][ T3666] ? mark_lock+0x9a/0x350
[ 62.628696][ T3666] should_fail_ex+0x395/0x4c0
[ 62.633384][ T3666] prepare_alloc_pages+0x1d7/0x5a0
[ 62.638504][ T3666] __alloc_pages+0x161/0x560
[ 62.643099][ T3666] ? zone_statistics+0x160/0x160
[ 62.648043][ T3666] ? rcu_lock_release+0x5/0x20
[ 62.652805][ T3666] ? alloc_pages+0x520/0x7b0
[ 62.657395][ T3666] ? xas_descend+0x1f3/0x400
[ 62.661987][ T3666] folio_alloc+0x1a/0x50
[ 62.666227][ T3666] filemap_alloc_folio+0x7e/0x1c0
[ 62.671250][ T3666] __filemap_get_folio+0x898/0x1260
[ 62.676474][ T3666] ? page_cache_prev_miss+0x4e0/0x4e0
[ 62.681846][ T3666] ? lockdep_hardirqs_on_prepare+0x428/0x790
[ 62.687823][ T3666] ? print_irqtrace_events+0x220/0x220
[ 62.693284][ T3666] pagecache_get_page+0x28/0x260
[ 62.698218][ T3666] ? hfs_free_extents+0x420/0x420
[ 62.703237][ T3666] block_write_begin+0x2e/0x1e0
[ 62.708086][ T3666] ? cont_write_begin+0x5e5/0x860
[ 62.713109][ T3666] ? hfs_free_extents+0x420/0x420
[ 62.718129][ T3666] cont_write_begin+0x606/0x860
[ 62.722984][ T3666] ? fault_in_readable+0x1d5/0x310
[ 62.728096][ T3666] ? generic_cont_expand_simple+0x250/0x250
[ 62.733987][ T3666] ? fault_in_readable+0x219/0x310
[ 62.739102][ T3666] ? fault_in_safe_writeable+0x240/0x240
[ 62.744744][ T3666] hfs_write_begin+0x86/0xd0
[ 62.749346][ T3666] ? hfs_free_extents+0x420/0x420
[ 62.754372][ T3666] generic_perform_write+0x2e4/0x5e0
[ 62.759666][ T3666] ? __block_commit_write+0x420/0x420
[ 62.765039][ T3666] ? generic_file_direct_write+0x610/0x610
[ 62.770846][ T3666] ? __file_remove_privs+0x6c0/0x6c0
[ 62.776135][ T3666] ? generic_write_checks+0x15c/0x1c0
[ 62.781513][ T3666] __generic_file_write_iter+0x176/0x400
[ 62.787155][ T3666] generic_file_write_iter+0xab/0x310
[ 62.792532][ T3666] vfs_write+0x7dc/0xc50
[ 62.796788][ T3666] ? file_end_write+0x230/0x230
[ 62.801648][ T3666] ? ptrace_stop+0x74d/0x970
[ 62.806244][ T3666] ? _raw_spin_unlock_irq+0x2a/0x40
[ 62.811796][ T3666] ? __fdget_pos+0x252/0x2e0
[ 62.816388][ T3666] ksys_write+0x177/0x2a0
[ 62.822108][ T3666] ? __ia32_sys_read+0x80/0x80
[ 62.826875][ T3666] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 62.832854][ T3666] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 62.838832][ T3666] do_syscall_64+0x3d/0xb0
[ 62.843245][ T3666] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 62.849133][ T3666] RIP: 0033:0x7f0fa5191c89
[ 62.853550][ T3666] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 62.873153][ T3666] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 62.881573][ T3666] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[pid 3666] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3666] exit_group(0) = ?
[pid 3666] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3666, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./25/binderfs") = 0
umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./25/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./25") = 0
mkdir("./26", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3667 attached
, child_tidptr=0x555555b7f5d0) = 3667
[pid 3667] chdir("./26") = 0
[pid 3667] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3667] setpgid(0, 0) = 0
[pid 3667] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[ 62.889545][ T3666] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 62.897522][ T3666] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 62.905495][ T3666] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 62.913468][ T3666] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000019
[ 62.921448][ T3666]
[pid 3667] write(3, "1000", 4) = 4
[pid 3667] close(3) = 0
[pid 3667] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3667] memfd_create("syzkaller", 0) = 3
[pid 3667] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3667] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3667] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3667] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3667] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3667] close(3) = 0
[pid 3667] mkdir("./file0", 0777) = 0
[pid 3667] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3667] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3667] chdir("./file0") = 0
[pid 3667] ioctl(4, LOOP_CLR_FD) = 0
[pid 3667] close(4) = 0
[pid 3667] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3667] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3667] write(5, "13", 2) = 2
[ 62.983782][ T3667] loop0: detected capacity change from 0 to 64
[ 63.005498][ T3667] FAULT_INJECTION: forcing a failure.
[ 63.005498][ T3667] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 63.019197][ T3667] CPU: 1 PID: 3667 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 63.029606][ T3667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 63.039650][ T3667] Call Trace:
[ 63.042920][ T3667]
[ 63.045851][ T3667] dump_stack_lvl+0x1b1/0x28e
[ 63.050517][ T3667] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 63.055972][ T3667] ? panic+0x710/0x710
[ 63.060030][ T3667] ? do_anonymous_page+0xd4a/0x1150
[ 63.065220][ T3667] ? mark_lock+0x9a/0x350
[ 63.069540][ T3667] should_fail_ex+0x395/0x4c0
[ 63.074211][ T3667] prepare_alloc_pages+0x1d7/0x5a0
[ 63.079316][ T3667] __alloc_pages+0x161/0x560
[ 63.083897][ T3667] ? zone_statistics+0x160/0x160
[ 63.088888][ T3667] ? rcu_lock_release+0x5/0x20
[ 63.093639][ T3667] ? alloc_pages+0x520/0x7b0
[ 63.098211][ T3667] ? xas_descend+0x1f3/0x400
[ 63.102792][ T3667] folio_alloc+0x1a/0x50
[ 63.107018][ T3667] filemap_alloc_folio+0x7e/0x1c0
[ 63.112031][ T3667] __filemap_get_folio+0x898/0x1260
[ 63.117220][ T3667] ? page_cache_prev_miss+0x4e0/0x4e0
[ 63.122580][ T3667] ? lockdep_hardirqs_on_prepare+0x428/0x790
[ 63.128549][ T3667] ? print_irqtrace_events+0x220/0x220
[ 63.133999][ T3667] pagecache_get_page+0x28/0x260
[ 63.138921][ T3667] ? hfs_free_extents+0x420/0x420
[ 63.143931][ T3667] block_write_begin+0x2e/0x1e0
[ 63.148778][ T3667] ? cont_write_begin+0x5e5/0x860
[ 63.153801][ T3667] ? hfs_free_extents+0x420/0x420
[ 63.158820][ T3667] cont_write_begin+0x606/0x860
[ 63.163677][ T3667] ? fault_in_readable+0x1d5/0x310
[ 63.168779][ T3667] ? generic_cont_expand_simple+0x250/0x250
[ 63.174660][ T3667] ? fault_in_readable+0x219/0x310
[ 63.179758][ T3667] ? fault_in_safe_writeable+0x240/0x240
[ 63.185382][ T3667] hfs_write_begin+0x86/0xd0
[ 63.189957][ T3667] ? hfs_free_extents+0x420/0x420
[ 63.194968][ T3667] generic_perform_write+0x2e4/0x5e0
[ 63.200244][ T3667] ? __block_commit_write+0x420/0x420
[ 63.205691][ T3667] ? generic_file_direct_write+0x610/0x610
[ 63.211487][ T3667] ? __file_remove_privs+0x6c0/0x6c0
[ 63.216760][ T3667] ? generic_write_checks+0x15c/0x1c0
[ 63.222127][ T3667] __generic_file_write_iter+0x176/0x400
[ 63.227755][ T3667] generic_file_write_iter+0xab/0x310
[ 63.233114][ T3667] vfs_write+0x7dc/0xc50
[ 63.237348][ T3667] ? file_end_write+0x230/0x230
[ 63.242183][ T3667] ? ptrace_stop+0x74d/0x970
[ 63.246766][ T3667] ? _raw_spin_unlock_irq+0x2a/0x40
[ 63.251954][ T3667] ? __fdget_pos+0x252/0x2e0
[ 63.256535][ T3667] ksys_write+0x177/0x2a0
[ 63.260872][ T3667] ? __ia32_sys_read+0x80/0x80
[ 63.265637][ T3667] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 63.271608][ T3667] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 63.277573][ T3667] do_syscall_64+0x3d/0xb0
[ 63.281977][ T3667] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 63.287859][ T3667] RIP: 0033:0x7f0fa5191c89
[ 63.292261][ T3667] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 63.311852][ T3667] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 63.320250][ T3667] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[pid 3667] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3667] exit_group(0) = ?
[pid 3667] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3667, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./26/binderfs") = 0
umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./26/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./26") = 0
mkdir("./27", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3668
./strace-static-x86_64: Process 3668 attached
[pid 3668] chdir("./27") = 0
[pid 3668] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3668] setpgid(0, 0) = 0
[ 63.328207][ T3667] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 63.336160][ T3667] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 63.344115][ T3667] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 63.352079][ T3667] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000001a
[ 63.360053][ T3667]
[pid 3668] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3668] write(3, "1000", 4) = 4
[pid 3668] close(3) = 0
[pid 3668] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3668] memfd_create("syzkaller", 0) = 3
[pid 3668] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3668] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3668] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3668] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3668] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3668] close(3) = 0
[pid 3668] mkdir("./file0", 0777) = 0
[pid 3668] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3668] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3668] chdir("./file0") = 0
[pid 3668] ioctl(4, LOOP_CLR_FD) = 0
[pid 3668] close(4) = 0
[pid 3668] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3668] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3668] write(5, "13", 2) = 2
[ 63.424796][ T3668] loop0: detected capacity change from 0 to 64
[ 63.456382][ T3668] FAULT_INJECTION: forcing a failure.
[ 63.456382][ T3668] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 63.470374][ T3668] CPU: 0 PID: 3668 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 63.480799][ T3668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 63.490860][ T3668] Call Trace:
[ 63.494130][ T3668]
[ 63.497050][ T3668] dump_stack_lvl+0x1b1/0x28e
[ 63.501716][ T3668] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 63.507158][ T3668] ? panic+0x710/0x710
[ 63.511212][ T3668] ? do_anonymous_page+0xd4a/0x1150
[ 63.516408][ T3668] ? mark_lock+0x9a/0x350
[ 63.520727][ T3668] should_fail_ex+0x395/0x4c0
[ 63.525440][ T3668] prepare_alloc_pages+0x1d7/0x5a0
[ 63.530549][ T3668] __alloc_pages+0x161/0x560
[ 63.535131][ T3668] ? zone_statistics+0x160/0x160
[ 63.540061][ T3668] ? rcu_lock_release+0x5/0x20
[ 63.544811][ T3668] ? alloc_pages+0x520/0x7b0
[ 63.549385][ T3668] ? xas_descend+0x1f3/0x400
[ 63.553969][ T3668] folio_alloc+0x1a/0x50
[ 63.558195][ T3668] filemap_alloc_folio+0x7e/0x1c0
[ 63.563207][ T3668] __filemap_get_folio+0x898/0x1260
[ 63.568399][ T3668] ? page_cache_prev_miss+0x4e0/0x4e0
[ 63.573757][ T3668] ? lockdep_hardirqs_on_prepare+0x428/0x790
[ 63.579723][ T3668] ? print_irqtrace_events+0x220/0x220
[ 63.585172][ T3668] pagecache_get_page+0x28/0x260
[ 63.590115][ T3668] ? hfs_free_extents+0x420/0x420
[ 63.595134][ T3668] block_write_begin+0x2e/0x1e0
[ 63.599970][ T3668] ? cont_write_begin+0x5e5/0x860
[ 63.604983][ T3668] ? hfs_free_extents+0x420/0x420
[ 63.609995][ T3668] cont_write_begin+0x606/0x860
[ 63.614836][ T3668] ? fault_in_readable+0x1d5/0x310
[ 63.619935][ T3668] ? generic_cont_expand_simple+0x250/0x250
[ 63.625818][ T3668] ? fault_in_readable+0x219/0x310
[ 63.630916][ T3668] ? fault_in_safe_writeable+0x240/0x240
[ 63.636541][ T3668] hfs_write_begin+0x86/0xd0
[ 63.641113][ T3668] ? hfs_free_extents+0x420/0x420
[ 63.646125][ T3668] generic_perform_write+0x2e4/0x5e0
[ 63.651409][ T3668] ? __block_commit_write+0x420/0x420
[ 63.656769][ T3668] ? generic_file_direct_write+0x610/0x610
[ 63.662562][ T3668] ? __file_remove_privs+0x6c0/0x6c0
[ 63.667836][ T3668] ? generic_write_checks+0x15c/0x1c0
[ 63.673202][ T3668] __generic_file_write_iter+0x176/0x400
[ 63.678826][ T3668] generic_file_write_iter+0xab/0x310
[ 63.684186][ T3668] vfs_write+0x7dc/0xc50
[ 63.688422][ T3668] ? file_end_write+0x230/0x230
[ 63.693255][ T3668] ? ptrace_stop+0x74d/0x970
[ 63.697837][ T3668] ? _raw_spin_unlock_irq+0x2a/0x40
[ 63.703027][ T3668] ? __fdget_pos+0x252/0x2e0
[ 63.707603][ T3668] ksys_write+0x177/0x2a0
[ 63.711922][ T3668] ? __ia32_sys_read+0x80/0x80
[ 63.716671][ T3668] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 63.722651][ T3668] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 63.728618][ T3668] do_syscall_64+0x3d/0xb0
[ 63.733019][ T3668] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 63.738912][ T3668] RIP: 0033:0x7f0fa5191c89
[ 63.743347][ T3668] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 63.762973][ T3668] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 3668] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3668] exit_group(0) = ?
[pid 3668] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3668, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./27/binderfs") = 0
umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./27/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./27") = 0
mkdir("./28", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3669
./strace-static-x86_64: Process 3669 attached
[pid 3669] chdir("./28") = 0
[pid 3669] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3669] setpgid(0, 0) = 0
[pid 3669] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[ 63.771382][ T3668] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 63.779341][ T3668] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 63.787304][ T3668] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 63.795258][ T3668] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 63.803211][ T3668] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000001b
[ 63.811189][ T3668]
[pid 3669] write(3, "1000", 4) = 4
[pid 3669] close(3) = 0
[pid 3669] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3669] memfd_create("syzkaller", 0) = 3
[pid 3669] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3669] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3669] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3669] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3669] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3669] close(3) = 0
[pid 3669] mkdir("./file0", 0777) = 0
[pid 3669] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3669] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3669] chdir("./file0") = 0
[pid 3669] ioctl(4, LOOP_CLR_FD) = 0
[pid 3669] close(4) = 0
[pid 3669] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3669] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3669] write(5, "13", 2) = 2
[ 63.871975][ T3669] loop0: detected capacity change from 0 to 64
[ 63.894816][ T3669] FAULT_INJECTION: forcing a failure.
[ 63.894816][ T3669] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 63.908013][ T3669] CPU: 0 PID: 3669 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 63.918444][ T3669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 63.928518][ T3669] Call Trace:
[ 63.931795][ T3669]
[ 63.934716][ T3669] dump_stack_lvl+0x1b1/0x28e
[ 63.939384][ T3669] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 63.944832][ T3669] ? panic+0x710/0x710
[ 63.948888][ T3669] ? hfs_free_extents+0x420/0x420
[ 63.953913][ T3669] ? PageHeadHuge+0x8a/0x1d0
[ 63.958511][ T3669] should_fail_ex+0x395/0x4c0
[ 63.963187][ T3669] copy_page_from_iter_atomic+0x217/0x1140
[ 63.969006][ T3669] ? generic_cont_expand_simple+0x250/0x250
[ 63.974893][ T3669] ? pipe_zero+0x200/0x200
[ 63.979325][ T3669] ? hfs_write_begin+0x86/0xd0
[ 63.984100][ T3669] ? hfs_free_extents+0x420/0x420
[ 63.989117][ T3669] ? hfs_write_begin+0x9e/0xd0
[ 63.993888][ T3669] generic_perform_write+0x35a/0x5e0
[ 63.999451][ T3669] ? __block_commit_write+0x420/0x420
[ 64.004814][ T3669] ? generic_file_direct_write+0x610/0x610
[ 64.010608][ T3669] ? __file_remove_privs+0x6c0/0x6c0
[ 64.015887][ T3669] ? generic_write_checks+0x15c/0x1c0
[ 64.021267][ T3669] __generic_file_write_iter+0x176/0x400
[ 64.026903][ T3669] generic_file_write_iter+0xab/0x310
[ 64.032277][ T3669] vfs_write+0x7dc/0xc50
[ 64.036531][ T3669] ? file_end_write+0x230/0x230
[ 64.041377][ T3669] ? ptrace_stop+0x74d/0x970
[ 64.045973][ T3669] ? _raw_spin_unlock_irq+0x2a/0x40
[ 64.051184][ T3669] ? __fdget_pos+0x252/0x2e0
[ 64.055775][ T3669] ksys_write+0x177/0x2a0
[ 64.060126][ T3669] ? __ia32_sys_read+0x80/0x80
[ 64.064896][ T3669] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 64.070886][ T3669] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 64.076892][ T3669] do_syscall_64+0x3d/0xb0
[ 64.081305][ T3669] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 64.087196][ T3669] RIP: 0033:0x7f0fa5191c89
[ 64.091605][ T3669] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 64.111205][ T3669] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 3669] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 3669] exit_group(0) = ?
[pid 3669] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3669, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./28/binderfs") = 0
umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./28/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
[ 64.119617][ T3669] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 64.127583][ T3669] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 64.135551][ T3669] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 64.143515][ T3669] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 64.151589][ T3669] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000001c
[ 64.159570][ T3669]
close(3) = 0
rmdir("./28") = 0
mkdir("./29", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3670
./strace-static-x86_64: Process 3670 attached
[pid 3670] chdir("./29") = 0
[pid 3670] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3670] setpgid(0, 0) = 0
[pid 3670] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3670] write(3, "1000", 4) = 4
[pid 3670] close(3) = 0
[pid 3670] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3670] memfd_create("syzkaller", 0) = 3
[pid 3670] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3670] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3670] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3670] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3670] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3670] close(3) = 0
[pid 3670] mkdir("./file0", 0777) = 0
[pid 3670] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3670] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3670] chdir("./file0") = 0
[pid 3670] ioctl(4, LOOP_CLR_FD) = 0
[pid 3670] close(4) = 0
[pid 3670] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3670] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3670] write(5, "13", 2) = 2
[ 64.229962][ T3670] loop0: detected capacity change from 0 to 64
[ 64.258504][ T3670] FAULT_INJECTION: forcing a failure.
[ 64.258504][ T3670] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 64.272094][ T3670] CPU: 0 PID: 3670 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 64.282511][ T3670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 64.292565][ T3670] Call Trace:
[ 64.295846][ T3670]
[ 64.298773][ T3670] dump_stack_lvl+0x1b1/0x28e
[ 64.303454][ T3670] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 64.308935][ T3670] ? panic+0x710/0x710
[ 64.313017][ T3670] ? do_anonymous_page+0xd4a/0x1150
[ 64.318240][ T3670] ? mark_lock+0x9a/0x350
[ 64.322582][ T3670] should_fail_ex+0x395/0x4c0
[ 64.327279][ T3670] prepare_alloc_pages+0x1d7/0x5a0
[ 64.332408][ T3670] __alloc_pages+0x161/0x560
[ 64.337002][ T3670] ? zone_statistics+0x160/0x160
[ 64.341944][ T3670] ? rcu_lock_release+0x5/0x20
[ 64.346708][ T3670] ? alloc_pages+0x520/0x7b0
[ 64.351292][ T3670] ? xas_descend+0x1f3/0x400
[ 64.355893][ T3670] folio_alloc+0x1a/0x50
[ 64.360130][ T3670] filemap_alloc_folio+0x7e/0x1c0
[ 64.365156][ T3670] __filemap_get_folio+0x898/0x1260
[ 64.370385][ T3670] ? page_cache_prev_miss+0x4e0/0x4e0
[ 64.375773][ T3670] ? lockdep_hardirqs_on_prepare+0x428/0x790
[ 64.381755][ T3670] ? print_irqtrace_events+0x220/0x220
[ 64.387223][ T3670] pagecache_get_page+0x28/0x260
[ 64.392773][ T3670] ? hfs_free_extents+0x420/0x420
[ 64.397802][ T3670] block_write_begin+0x2e/0x1e0
[ 64.402655][ T3670] ? cont_write_begin+0x5e5/0x860
[ 64.407771][ T3670] ? hfs_free_extents+0x420/0x420
[ 64.412795][ T3670] cont_write_begin+0x606/0x860
[ 64.417650][ T3670] ? fault_in_readable+0x1d5/0x310
[ 64.422762][ T3670] ? generic_cont_expand_simple+0x250/0x250
[ 64.428696][ T3670] ? fault_in_readable+0x219/0x310
[ 64.433822][ T3670] ? fault_in_safe_writeable+0x240/0x240
[ 64.439467][ T3670] hfs_write_begin+0x86/0xd0
[ 64.444061][ T3670] ? hfs_free_extents+0x420/0x420
[ 64.449088][ T3670] generic_perform_write+0x2e4/0x5e0
[ 64.454386][ T3670] ? __block_commit_write+0x420/0x420
[ 64.459763][ T3670] ? generic_file_direct_write+0x610/0x610
[ 64.465577][ T3670] ? __file_remove_privs+0x6c0/0x6c0
[ 64.470870][ T3670] ? generic_write_checks+0x15c/0x1c0
[ 64.476246][ T3670] __generic_file_write_iter+0x176/0x400
[ 64.481884][ T3670] generic_file_write_iter+0xab/0x310
[ 64.487257][ T3670] vfs_write+0x7dc/0xc50
[ 64.491526][ T3670] ? file_end_write+0x230/0x230
[ 64.496483][ T3670] ? ptrace_stop+0x74d/0x970
[ 64.501084][ T3670] ? _raw_spin_unlock_irq+0x2a/0x40
[ 64.506284][ T3670] ? __fdget_pos+0x252/0x2e0
[ 64.510874][ T3670] ksys_write+0x177/0x2a0
[ 64.515203][ T3670] ? __ia32_sys_read+0x80/0x80
[ 64.519968][ T3670] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 64.525949][ T3670] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 64.531928][ T3670] do_syscall_64+0x3d/0xb0
[ 64.536346][ T3670] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 64.542232][ T3670] RIP: 0033:0x7f0fa5191c89
[ 64.546644][ T3670] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 64.566246][ T3670] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 3670] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3670] exit_group(0) = ?
[pid 3670] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3670, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./29/binderfs") = 0
umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./29/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./29") = 0
mkdir("./30", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3671 attached
, child_tidptr=0x555555b7f5d0) = 3671
[pid 3671] chdir("./30") = 0
[pid 3671] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3671] setpgid(0, 0) = 0
[pid 3671] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3671] write(3, "1000", 4) = 4
[pid 3671] close(3) = 0
[pid 3671] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3671] memfd_create("syzkaller", 0) = 3
[pid 3671] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3671] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[ 64.574654][ T3670] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 64.582621][ T3670] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 64.590585][ T3670] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 64.598551][ T3670] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 64.606514][ T3670] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000001d
[ 64.614494][ T3670]
[pid 3671] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3671] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3671] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3671] close(3) = 0
[pid 3671] mkdir("./file0", 0777) = 0
[pid 3671] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3671] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3671] chdir("./file0") = 0
[pid 3671] ioctl(4, LOOP_CLR_FD) = 0
[pid 3671] close(4) = 0
[pid 3671] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3671] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3671] write(5, "13", 2) = 2
[ 64.664897][ T3671] loop0: detected capacity change from 0 to 64
[ 64.681576][ T3671] FAULT_INJECTION: forcing a failure.
[ 64.681576][ T3671] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 64.695559][ T3671] CPU: 0 PID: 3671 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 64.705991][ T3671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 64.716040][ T3671] Call Trace:
[ 64.719305][ T3671]
[ 64.722220][ T3671] dump_stack_lvl+0x1b1/0x28e
[ 64.726888][ T3671] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 64.732329][ T3671] ? panic+0x710/0x710
[ 64.736384][ T3671] ? do_anonymous_page+0xd4a/0x1150
[ 64.741573][ T3671] ? mark_lock+0x9a/0x350
[ 64.745891][ T3671] should_fail_ex+0x395/0x4c0
[ 64.750561][ T3671] prepare_alloc_pages+0x1d7/0x5a0
[ 64.755731][ T3671] __alloc_pages+0x161/0x560
[ 64.760316][ T3671] ? zone_statistics+0x160/0x160
[ 64.765244][ T3671] ? rcu_lock_release+0x5/0x20
[ 64.769995][ T3671] ? alloc_pages+0x520/0x7b0
[ 64.774573][ T3671] ? xas_descend+0x1f3/0x400
[ 64.779150][ T3671] folio_alloc+0x1a/0x50
[ 64.783375][ T3671] filemap_alloc_folio+0x7e/0x1c0
[ 64.788395][ T3671] __filemap_get_folio+0x898/0x1260
[ 64.793585][ T3671] ? page_cache_prev_miss+0x4e0/0x4e0
[ 64.798943][ T3671] ? lockdep_hardirqs_on_prepare+0x428/0x790
[ 64.804912][ T3671] ? print_irqtrace_events+0x220/0x220
[ 64.810359][ T3671] pagecache_get_page+0x28/0x260
[ 64.815285][ T3671] ? hfs_free_extents+0x420/0x420
[ 64.820297][ T3671] block_write_begin+0x2e/0x1e0
[ 64.825144][ T3671] ? cont_write_begin+0x5e5/0x860
[ 64.830153][ T3671] ? hfs_free_extents+0x420/0x420
[ 64.835158][ T3671] cont_write_begin+0x606/0x860
[ 64.839999][ T3671] ? fault_in_readable+0x1d5/0x310
[ 64.845108][ T3671] ? generic_cont_expand_simple+0x250/0x250
[ 64.850987][ T3671] ? fault_in_readable+0x219/0x310
[ 64.856085][ T3671] ? fault_in_safe_writeable+0x240/0x240
[ 64.861707][ T3671] hfs_write_begin+0x86/0xd0
[ 64.866289][ T3671] ? hfs_free_extents+0x420/0x420
[ 64.871299][ T3671] generic_perform_write+0x2e4/0x5e0
[ 64.876574][ T3671] ? __block_commit_write+0x420/0x420
[ 64.881934][ T3671] ? generic_file_direct_write+0x610/0x610
[ 64.887725][ T3671] ? __file_remove_privs+0x6c0/0x6c0
[ 64.892997][ T3671] ? generic_write_checks+0x15c/0x1c0
[ 64.898360][ T3671] __generic_file_write_iter+0x176/0x400
[ 64.903984][ T3671] generic_file_write_iter+0xab/0x310
[ 64.909343][ T3671] vfs_write+0x7dc/0xc50
[ 64.913578][ T3671] ? file_end_write+0x230/0x230
[ 64.918412][ T3671] ? ptrace_stop+0x74d/0x970
[ 64.922992][ T3671] ? _raw_spin_unlock_irq+0x2a/0x40
[ 64.928184][ T3671] ? __fdget_pos+0x252/0x2e0
[ 64.932760][ T3671] ksys_write+0x177/0x2a0
[ 64.937083][ T3671] ? __ia32_sys_read+0x80/0x80
[ 64.941921][ T3671] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 64.947893][ T3671] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 64.953860][ T3671] do_syscall_64+0x3d/0xb0
[ 64.958264][ T3671] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 64.964140][ T3671] RIP: 0033:0x7f0fa5191c89
[ 64.968543][ T3671] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 64.988132][ T3671] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 64.996526][ T3671] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 65.004479][ T3671] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid 3671] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3671] exit_group(0) = ?
[pid 3671] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3671, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./30/binderfs") = 0
umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./30/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./30") = 0
mkdir("./31", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3672
./strace-static-x86_64: Process 3672 attached
[pid 3672] chdir("./31") = 0
[pid 3672] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3672] setpgid(0, 0) = 0
[pid 3672] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3672] write(3, "1000", 4) = 4
[pid 3672] close(3) = 0
[pid 3672] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3672] memfd_create("syzkaller", 0) = 3
[pid 3672] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3672] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3672] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3672] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 65.012434][ T3671] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 65.020395][ T3671] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 65.028350][ T3671] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000001e
[ 65.036316][ T3671]
[pid 3672] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3672] close(3) = 0
[pid 3672] mkdir("./file0", 0777) = 0
[pid 3672] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3672] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3672] chdir("./file0") = 0
[pid 3672] ioctl(4, LOOP_CLR_FD) = 0
[pid 3672] close(4) = 0
[pid 3672] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3672] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3672] write(5, "13", 2) = 2
[ 65.075718][ T3672] loop0: detected capacity change from 0 to 64
[ 65.104223][ T3672] FAULT_INJECTION: forcing a failure.
[ 65.104223][ T3672] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 65.117379][ T3672] CPU: 0 PID: 3672 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 65.127799][ T3672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 65.137927][ T3672] Call Trace:
[ 65.141239][ T3672]
[ 65.144178][ T3672] dump_stack_lvl+0x1b1/0x28e
[ 65.148860][ T3672] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 65.154316][ T3672] ? panic+0x710/0x710
[ 65.158380][ T3672] ? hfs_free_extents+0x420/0x420
[ 65.163399][ T3672] ? PageHeadHuge+0x8a/0x1d0
[ 65.167989][ T3672] should_fail_ex+0x395/0x4c0
[ 65.172671][ T3672] copy_page_from_iter_atomic+0x217/0x1140
[ 65.178482][ T3672] ? generic_cont_expand_simple+0x250/0x250
[ 65.184387][ T3672] ? pipe_zero+0x200/0x200
[ 65.188825][ T3672] ? hfs_write_begin+0x86/0xd0
[ 65.193579][ T3672] ? hfs_free_extents+0x420/0x420
[ 65.198594][ T3672] ? hfs_write_begin+0x9e/0xd0
[ 65.203359][ T3672] generic_perform_write+0x35a/0x5e0
[ 65.208650][ T3672] ? __block_commit_write+0x420/0x420
[ 65.214019][ T3672] ? generic_file_direct_write+0x610/0x610
[ 65.219816][ T3672] ? __file_remove_privs+0x6c0/0x6c0
[ 65.225096][ T3672] ? generic_write_checks+0x15c/0x1c0
[ 65.230466][ T3672] __generic_file_write_iter+0x176/0x400
[ 65.236095][ T3672] generic_file_write_iter+0xab/0x310
[ 65.241477][ T3672] vfs_write+0x7dc/0xc50
[ 65.245719][ T3672] ? file_end_write+0x230/0x230
[ 65.250561][ T3672] ? ptrace_stop+0x74d/0x970
[ 65.255163][ T3672] ? _raw_spin_unlock_irq+0x2a/0x40
[ 65.260370][ T3672] ? __fdget_pos+0x252/0x2e0
[ 65.264970][ T3672] ksys_write+0x177/0x2a0
[ 65.269317][ T3672] ? __ia32_sys_read+0x80/0x80
[ 65.274098][ T3672] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 65.280091][ T3672] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 65.286065][ T3672] do_syscall_64+0x3d/0xb0
[ 65.290474][ T3672] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 65.296374][ T3672] RIP: 0033:0x7f0fa5191c89
[ 65.300806][ T3672] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid 3672] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 3672] exit_group(0) = ?
[pid 3672] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3672, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./31/binderfs") = 0
umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./31/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./31") = 0
mkdir("./32", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 65.320418][ T3672] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 65.328851][ T3672] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 65.336831][ T3672] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 65.344814][ T3672] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 65.352778][ T3672] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 65.360740][ T3672] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000001f
[ 65.368740][ T3672]
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3673 attached
, child_tidptr=0x555555b7f5d0) = 3673
[pid 3673] chdir("./32") = 0
[pid 3673] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3673] setpgid(0, 0) = 0
[pid 3673] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3673] write(3, "1000", 4) = 4
[pid 3673] close(3) = 0
[pid 3673] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3673] memfd_create("syzkaller", 0) = 3
[pid 3673] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3673] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3673] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3673] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3673] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3673] close(3) = 0
[pid 3673] mkdir("./file0", 0777) = 0
[pid 3673] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3673] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3673] chdir("./file0") = 0
[pid 3673] ioctl(4, LOOP_CLR_FD) = 0
[pid 3673] close(4) = 0
[pid 3673] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3673] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3673] write(5, "13", 2) = 2
[ 65.421959][ T3673] loop0: detected capacity change from 0 to 64
[ 65.455467][ T3673] FAULT_INJECTION: forcing a failure.
[ 65.455467][ T3673] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 65.468907][ T3673] CPU: 1 PID: 3673 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 65.479329][ T3673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 65.489377][ T3673] Call Trace:
[ 65.492752][ T3673]
[ 65.495693][ T3673] dump_stack_lvl+0x1b1/0x28e
[ 65.500379][ T3673] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 65.505830][ T3673] ? panic+0x710/0x710
[ 65.509976][ T3673] ? do_anonymous_page+0xd4a/0x1150
[ 65.515170][ T3673] ? mark_lock+0x9a/0x350
[ 65.519492][ T3673] should_fail_ex+0x395/0x4c0
[ 65.524187][ T3673] prepare_alloc_pages+0x1d7/0x5a0
[ 65.529301][ T3673] __alloc_pages+0x161/0x560
[ 65.533901][ T3673] ? zone_statistics+0x160/0x160
[ 65.538852][ T3673] ? rcu_lock_release+0x5/0x20
[ 65.543621][ T3673] ? alloc_pages+0x520/0x7b0
[ 65.548217][ T3673] ? xas_descend+0x1f3/0x400
[ 65.552804][ T3673] folio_alloc+0x1a/0x50
[ 65.557034][ T3673] filemap_alloc_folio+0x7e/0x1c0
[ 65.562054][ T3673] __filemap_get_folio+0x898/0x1260
[ 65.567249][ T3673] ? page_cache_prev_miss+0x4e0/0x4e0
[ 65.572625][ T3673] ? lockdep_hardirqs_on_prepare+0x428/0x790
[ 65.578611][ T3673] ? print_irqtrace_events+0x220/0x220
[ 65.584065][ T3673] pagecache_get_page+0x28/0x260
[ 65.589005][ T3673] ? hfs_free_extents+0x420/0x420
[ 65.594034][ T3673] block_write_begin+0x2e/0x1e0
[ 65.598887][ T3673] ? cont_write_begin+0x5e5/0x860
[ 65.603919][ T3673] ? hfs_free_extents+0x420/0x420
[ 65.608930][ T3673] cont_write_begin+0x606/0x860
[ 65.613788][ T3673] ? fault_in_readable+0x1d5/0x310
[ 65.618919][ T3673] ? generic_cont_expand_simple+0x250/0x250
[ 65.624810][ T3673] ? fault_in_readable+0x219/0x310
[ 65.629931][ T3673] ? fault_in_safe_writeable+0x240/0x240
[ 65.635558][ T3673] hfs_write_begin+0x86/0xd0
[ 65.640143][ T3673] ? hfs_free_extents+0x420/0x420
[ 65.645189][ T3673] generic_perform_write+0x2e4/0x5e0
[ 65.650475][ T3673] ? __block_commit_write+0x420/0x420
[ 65.655839][ T3673] ? generic_file_direct_write+0x610/0x610
[ 65.661664][ T3673] ? __file_remove_privs+0x6c0/0x6c0
[ 65.666939][ T3673] ? generic_write_checks+0x15c/0x1c0
[ 65.672307][ T3673] __generic_file_write_iter+0x176/0x400
[ 65.677936][ T3673] generic_file_write_iter+0xab/0x310
[ 65.683301][ T3673] vfs_write+0x7dc/0xc50
[ 65.687546][ T3673] ? file_end_write+0x230/0x230
[ 65.692393][ T3673] ? ptrace_stop+0x74d/0x970
[ 65.696994][ T3673] ? _raw_spin_unlock_irq+0x2a/0x40
[ 65.702228][ T3673] ? __fdget_pos+0x252/0x2e0
[ 65.706815][ T3673] ksys_write+0x177/0x2a0
[ 65.711137][ T3673] ? __ia32_sys_read+0x80/0x80
[ 65.715903][ T3673] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 65.721891][ T3673] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 65.727863][ T3673] do_syscall_64+0x3d/0xb0
[ 65.732280][ T3673] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 65.738180][ T3673] RIP: 0033:0x7f0fa5191c89
[ 65.742586][ T3673] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 65.762186][ T3673] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 3673] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3673] exit_group(0) = ?
[pid 3673] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3673, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./32/binderfs") = 0
umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./32/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./32") = 0
mkdir("./33", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 65.770598][ T3673] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 65.778558][ T3673] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 65.786517][ T3673] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 65.794487][ T3673] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 65.802469][ T3673] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000020
[ 65.810456][ T3673]
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3674 attached
, child_tidptr=0x555555b7f5d0) = 3674
[pid 3674] chdir("./33") = 0
[pid 3674] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3674] setpgid(0, 0) = 0
[pid 3674] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3674] write(3, "1000", 4) = 4
[pid 3674] close(3) = 0
[pid 3674] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3674] memfd_create("syzkaller", 0) = 3
[pid 3674] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3674] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3674] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3674] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3674] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3674] close(3) = 0
[pid 3674] mkdir("./file0", 0777) = 0
[pid 3674] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3674] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3674] chdir("./file0") = 0
[pid 3674] ioctl(4, LOOP_CLR_FD) = 0
[pid 3674] close(4) = 0
[pid 3674] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3674] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3674] write(5, "13", 2) = 2
[ 65.874142][ T3674] loop0: detected capacity change from 0 to 64
[ 65.901629][ T3674] FAULT_INJECTION: forcing a failure.
[ 65.901629][ T3674] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 65.914745][ T3674] CPU: 1 PID: 3674 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 65.925153][ T3674] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 65.935215][ T3674] Call Trace:
[ 65.938490][ T3674]
[ 65.941418][ T3674] dump_stack_lvl+0x1b1/0x28e
[ 65.946098][ T3674] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 65.951554][ T3674] ? panic+0x710/0x710
[ 65.955617][ T3674] ? hfs_free_extents+0x420/0x420
[ 65.960641][ T3674] ? PageHeadHuge+0x8a/0x1d0
[ 65.965249][ T3674] should_fail_ex+0x395/0x4c0
[ 65.969933][ T3674] copy_page_from_iter_atomic+0x217/0x1140
[ 65.975745][ T3674] ? generic_cont_expand_simple+0x250/0x250
[ 65.981643][ T3674] ? pipe_zero+0x200/0x200
[ 65.986064][ T3674] ? hfs_write_begin+0x86/0xd0
[ 65.990828][ T3674] ? hfs_free_extents+0x420/0x420
[ 65.995852][ T3674] ? hfs_write_begin+0x9e/0xd0
[ 66.000615][ T3674] generic_perform_write+0x35a/0x5e0
[ 66.005909][ T3674] ? __block_commit_write+0x420/0x420
[ 66.011284][ T3674] ? generic_file_direct_write+0x610/0x610
[ 66.017116][ T3674] ? __file_remove_privs+0x6c0/0x6c0
[ 66.022404][ T3674] ? generic_write_checks+0x15c/0x1c0
[ 66.027780][ T3674] __generic_file_write_iter+0x176/0x400
[ 66.033428][ T3674] generic_file_write_iter+0xab/0x310
[ 66.038798][ T3674] vfs_write+0x7dc/0xc50
[ 66.043045][ T3674] ? file_end_write+0x230/0x230
[ 66.047891][ T3674] ? ptrace_stop+0x74d/0x970
[ 66.052488][ T3674] ? _raw_spin_unlock_irq+0x2a/0x40
[ 66.057690][ T3674] ? __fdget_pos+0x252/0x2e0
[ 66.062292][ T3674] ksys_write+0x177/0x2a0
[ 66.066622][ T3674] ? __ia32_sys_read+0x80/0x80
[ 66.071389][ T3674] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 66.077368][ T3674] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 66.083345][ T3674] do_syscall_64+0x3d/0xb0
[ 66.087758][ T3674] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 66.093660][ T3674] RIP: 0033:0x7f0fa5191c89
[ 66.098073][ T3674] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid 3674] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 3674] exit_group(0) = ?
[pid 3674] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3674, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./33/binderfs") = 0
umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./33/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./33") = 0
mkdir("./34", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3675
./strace-static-x86_64: Process 3675 attached
[pid 3675] chdir("./34") = 0
[pid 3675] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3675] setpgid(0, 0) = 0
[ 66.117672][ T3674] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 66.126078][ T3674] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 66.134045][ T3674] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 66.142007][ T3674] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 66.149971][ T3674] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 66.157936][ T3674] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000021
[ 66.165933][ T3674]
[pid 3675] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3675] write(3, "1000", 4) = 4
[pid 3675] close(3) = 0
[pid 3675] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3675] memfd_create("syzkaller", 0) = 3
[pid 3675] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3675] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3675] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3675] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3675] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3675] close(3) = 0
[pid 3675] mkdir("./file0", 0777) = 0
[pid 3675] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3675] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3675] chdir("./file0") = 0
[pid 3675] ioctl(4, LOOP_CLR_FD) = 0
[pid 3675] close(4) = 0
[pid 3675] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3675] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3675] write(5, "13", 2) = 2
[ 66.213459][ T3675] loop0: detected capacity change from 0 to 64
[ 66.232982][ T3675] FAULT_INJECTION: forcing a failure.
[ 66.232982][ T3675] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 66.254202][ T3675] CPU: 0 PID: 3675 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 66.264648][ T3675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 66.274700][ T3675] Call Trace:
[ 66.277969][ T3675]
[ 66.280890][ T3675] dump_stack_lvl+0x1b1/0x28e
[ 66.285558][ T3675] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 66.291015][ T3675] ? panic+0x710/0x710
[ 66.295069][ T3675] ? do_anonymous_page+0xd4a/0x1150
[ 66.300268][ T3675] ? mark_lock+0x9a/0x350
[ 66.304587][ T3675] should_fail_ex+0x395/0x4c0
[ 66.309258][ T3675] prepare_alloc_pages+0x1d7/0x5a0
[ 66.314374][ T3675] __alloc_pages+0x161/0x560
[ 66.318962][ T3675] ? zone_statistics+0x160/0x160
[ 66.323892][ T3675] ? rcu_lock_release+0x5/0x20
[ 66.328663][ T3675] ? alloc_pages+0x520/0x7b0
[ 66.333247][ T3675] ? xas_descend+0x1f3/0x400
[ 66.337843][ T3675] folio_alloc+0x1a/0x50
[ 66.342106][ T3675] filemap_alloc_folio+0x7e/0x1c0
[ 66.347166][ T3675] __filemap_get_folio+0x898/0x1260
[ 66.352364][ T3675] ? page_cache_prev_miss+0x4e0/0x4e0
[ 66.357744][ T3675] ? lockdep_hardirqs_on_prepare+0x428/0x790
[ 66.363720][ T3675] ? print_irqtrace_events+0x220/0x220
[ 66.369210][ T3675] pagecache_get_page+0x28/0x260
[ 66.374151][ T3675] ? hfs_free_extents+0x420/0x420
[ 66.379182][ T3675] block_write_begin+0x2e/0x1e0
[ 66.384036][ T3675] ? cont_write_begin+0x5e5/0x860
[ 66.389072][ T3675] ? hfs_free_extents+0x420/0x420
[ 66.394089][ T3675] cont_write_begin+0x606/0x860
[ 66.398942][ T3675] ? fault_in_readable+0x1d5/0x310
[ 66.404071][ T3675] ? generic_cont_expand_simple+0x250/0x250
[ 66.409961][ T3675] ? fault_in_readable+0x219/0x310
[ 66.415081][ T3675] ? fault_in_safe_writeable+0x240/0x240
[ 66.420730][ T3675] hfs_write_begin+0x86/0xd0
[ 66.425316][ T3675] ? hfs_free_extents+0x420/0x420
[ 66.430343][ T3675] generic_perform_write+0x2e4/0x5e0
[ 66.435623][ T3675] ? __block_commit_write+0x420/0x420
[ 66.440985][ T3675] ? generic_file_direct_write+0x610/0x610
[ 66.446780][ T3675] ? __file_remove_privs+0x6c0/0x6c0
[ 66.452052][ T3675] ? generic_write_checks+0x15c/0x1c0
[ 66.457417][ T3675] __generic_file_write_iter+0x176/0x400
[ 66.463041][ T3675] generic_file_write_iter+0xab/0x310
[ 66.468409][ T3675] vfs_write+0x7dc/0xc50
[ 66.472645][ T3675] ? file_end_write+0x230/0x230
[ 66.477492][ T3675] ? ptrace_stop+0x74d/0x970
[ 66.482096][ T3675] ? _raw_spin_unlock_irq+0x2a/0x40
[ 66.487286][ T3675] ? __fdget_pos+0x252/0x2e0
[ 66.491865][ T3675] ksys_write+0x177/0x2a0
[ 66.496184][ T3675] ? __ia32_sys_read+0x80/0x80
[ 66.500948][ T3675] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 66.506933][ T3675] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 66.512905][ T3675] do_syscall_64+0x3d/0xb0
[ 66.517323][ T3675] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 66.523221][ T3675] RIP: 0033:0x7f0fa5191c89
[ 66.527620][ T3675] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 66.547214][ T3675] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 66.555619][ T3675] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[pid 3675] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3675] exit_group(0) = ?
[pid 3675] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3675, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./34/binderfs") = 0
umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./34/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./34") = 0
mkdir("./35", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3676
./strace-static-x86_64: Process 3676 attached
[pid 3676] chdir("./35") = 0
[pid 3676] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[ 66.563582][ T3675] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 66.571545][ T3675] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 66.579512][ T3675] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 66.587477][ T3675] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000022
[ 66.595461][ T3675]
[pid 3676] setpgid(0, 0) = 0
[pid 3676] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3676] write(3, "1000", 4) = 4
[pid 3676] close(3) = 0
[pid 3676] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3676] memfd_create("syzkaller", 0) = 3
[pid 3676] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3676] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3676] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3676] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3676] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3676] close(3) = 0
[pid 3676] mkdir("./file0", 0777) = 0
[pid 3676] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3676] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3676] chdir("./file0") = 0
[pid 3676] ioctl(4, LOOP_CLR_FD) = 0
[pid 3676] close(4) = 0
[pid 3676] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3676] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3676] write(5, "13", 2) = 2
[ 66.657296][ T3676] loop0: detected capacity change from 0 to 64
[ 66.682251][ T3676] FAULT_INJECTION: forcing a failure.
[ 66.682251][ T3676] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 66.695386][ T3676] CPU: 1 PID: 3676 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 66.705812][ T3676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 66.715863][ T3676] Call Trace:
[ 66.719139][ T3676]
[ 66.722064][ T3676] dump_stack_lvl+0x1b1/0x28e
[ 66.726746][ T3676] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 66.732198][ T3676] ? panic+0x710/0x710
[ 66.736265][ T3676] ? hfs_free_extents+0x420/0x420
[ 66.741297][ T3676] ? PageHeadHuge+0x8a/0x1d0
[ 66.745889][ T3676] should_fail_ex+0x395/0x4c0
[ 66.750573][ T3676] copy_page_from_iter_atomic+0x217/0x1140
[ 66.756385][ T3676] ? generic_cont_expand_simple+0x250/0x250
[ 66.762288][ T3676] ? pipe_zero+0x200/0x200
[ 66.766711][ T3676] ? hfs_write_begin+0x86/0xd0
[ 66.771470][ T3676] ? hfs_free_extents+0x420/0x420
[ 66.776571][ T3676] ? hfs_write_begin+0x9e/0xd0
[ 66.781332][ T3676] generic_perform_write+0x35a/0x5e0
[ 66.786622][ T3676] ? __block_commit_write+0x420/0x420
[ 66.791991][ T3676] ? generic_file_direct_write+0x610/0x610
[ 66.797878][ T3676] ? __file_remove_privs+0x6c0/0x6c0
[ 66.803159][ T3676] ? generic_write_checks+0x15c/0x1c0
[ 66.808535][ T3676] __generic_file_write_iter+0x176/0x400
[ 66.814192][ T3676] generic_file_write_iter+0xab/0x310
[ 66.819565][ T3676] vfs_write+0x7dc/0xc50
[ 66.823810][ T3676] ? file_end_write+0x230/0x230
[ 66.828655][ T3676] ? ptrace_stop+0x74d/0x970
[ 66.833253][ T3676] ? _raw_spin_unlock_irq+0x2a/0x40
[ 66.838455][ T3676] ? __fdget_pos+0x252/0x2e0
[ 66.843140][ T3676] ksys_write+0x177/0x2a0
[ 66.847469][ T3676] ? __ia32_sys_read+0x80/0x80
[ 66.852230][ T3676] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 66.858207][ T3676] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 66.864188][ T3676] do_syscall_64+0x3d/0xb0
[ 66.868604][ T3676] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 66.874752][ T3676] RIP: 0033:0x7f0fa5191c89
[ 66.879163][ T3676] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 66.898762][ T3676] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 3676] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 3676] exit_group(0) = ?
[pid 3676] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3676, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./35/binderfs") = 0
umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./35/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./35") = 0
mkdir("./36", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3677
./strace-static-x86_64: Process 3677 attached
[pid 3677] chdir("./36") = 0
[pid 3677] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3677] setpgid(0, 0) = 0
[pid 3677] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3677] write(3, "1000", 4) = 4
[pid 3677] close(3) = 0
[pid 3677] symlink("/dev/binderfs", "./binderfs") = 0
[ 66.907174][ T3676] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 66.915142][ T3676] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 66.923107][ T3676] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 66.931070][ T3676] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 66.939033][ T3676] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000023
[ 66.947357][ T3676]
[pid 3677] memfd_create("syzkaller", 0) = 3
[pid 3677] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3677] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3677] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3677] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3677] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3677] close(3) = 0
[pid 3677] mkdir("./file0", 0777) = 0
[pid 3677] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3677] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3677] chdir("./file0") = 0
[pid 3677] ioctl(4, LOOP_CLR_FD) = 0
[pid 3677] close(4) = 0
[pid 3677] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3677] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3677] write(5, "13", 2) = 2
[ 66.995732][ T3677] loop0: detected capacity change from 0 to 64
[ 67.020052][ T3677] FAULT_INJECTION: forcing a failure.
[ 67.020052][ T3677] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 67.033289][ T3677] CPU: 0 PID: 3677 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 67.043701][ T3677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 67.053791][ T3677] Call Trace:
[ 67.057092][ T3677]
[ 67.060011][ T3677] dump_stack_lvl+0x1b1/0x28e
[ 67.064694][ T3677] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 67.070152][ T3677] ? panic+0x710/0x710
[ 67.074208][ T3677] ? hfs_free_extents+0x420/0x420
[ 67.079235][ T3677] ? PageHeadHuge+0x8a/0x1d0
[ 67.083842][ T3677] should_fail_ex+0x395/0x4c0
[ 67.088515][ T3677] copy_page_from_iter_atomic+0x217/0x1140
[ 67.094323][ T3677] ? generic_cont_expand_simple+0x250/0x250
[ 67.100221][ T3677] ? pipe_zero+0x200/0x200
[ 67.104656][ T3677] ? hfs_write_begin+0x86/0xd0
[ 67.109405][ T3677] ? hfs_free_extents+0x420/0x420
[ 67.114414][ T3677] ? hfs_write_begin+0x9e/0xd0
[ 67.119170][ T3677] generic_perform_write+0x35a/0x5e0
[ 67.124453][ T3677] ? __block_commit_write+0x420/0x420
[ 67.129821][ T3677] ? generic_file_direct_write+0x610/0x610
[ 67.135626][ T3677] ? __file_remove_privs+0x6c0/0x6c0
[ 67.140913][ T3677] ? generic_write_checks+0x15c/0x1c0
[ 67.146300][ T3677] __generic_file_write_iter+0x176/0x400
[ 67.151942][ T3677] generic_file_write_iter+0xab/0x310
[ 67.157316][ T3677] vfs_write+0x7dc/0xc50
[ 67.161569][ T3677] ? file_end_write+0x230/0x230
[ 67.166416][ T3677] ? ptrace_stop+0x74d/0x970
[ 67.171013][ T3677] ? _raw_spin_unlock_irq+0x2a/0x40
[ 67.176216][ T3677] ? __fdget_pos+0x252/0x2e0
[ 67.180808][ T3677] ksys_write+0x177/0x2a0
[ 67.185148][ T3677] ? __ia32_sys_read+0x80/0x80
[ 67.189910][ T3677] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 67.195890][ T3677] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 67.201874][ T3677] do_syscall_64+0x3d/0xb0
[ 67.206286][ T3677] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 67.212175][ T3677] RIP: 0033:0x7f0fa5191c89
[ 67.216589][ T3677] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 67.236191][ T3677] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 3677] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 3677] exit_group(0) = ?
[pid 3677] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3677, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./36/binderfs") = 0
umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./36/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./36") = 0
mkdir("./37", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3678
./strace-static-x86_64: Process 3678 attached
[pid 3678] chdir("./37") = 0
[ 67.244601][ T3677] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 67.252564][ T3677] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 67.260528][ T3677] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 67.268492][ T3677] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 67.276454][ T3677] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000024
[ 67.284435][ T3677]
[pid 3678] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3678] setpgid(0, 0) = 0
[pid 3678] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3678] write(3, "1000", 4) = 4
[pid 3678] close(3) = 0
[pid 3678] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3678] memfd_create("syzkaller", 0) = 3
[pid 3678] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3678] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3678] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3678] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3678] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3678] close(3) = 0
[pid 3678] mkdir("./file0", 0777) = 0
[pid 3678] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3678] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3678] chdir("./file0") = 0
[pid 3678] ioctl(4, LOOP_CLR_FD) = 0
[pid 3678] close(4) = 0
[pid 3678] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3678] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3678] write(5, "13", 2) = 2
[ 67.350681][ T3678] loop0: detected capacity change from 0 to 64
[ 67.383585][ T3678] FAULT_INJECTION: forcing a failure.
[ 67.383585][ T3678] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 67.396934][ T3678] CPU: 0 PID: 3678 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 67.407356][ T3678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 67.417419][ T3678] Call Trace:
[ 67.420700][ T3678]
[ 67.423625][ T3678] dump_stack_lvl+0x1b1/0x28e
[ 67.428304][ T3678] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 67.433756][ T3678] ? panic+0x710/0x710
[ 67.437816][ T3678] ? do_anonymous_page+0xd4a/0x1150
[ 67.443019][ T3678] ? mark_lock+0x9a/0x350
[ 67.447348][ T3678] should_fail_ex+0x395/0x4c0
[ 67.452033][ T3678] prepare_alloc_pages+0x1d7/0x5a0
[ 67.457151][ T3678] __alloc_pages+0x161/0x560
[ 67.461746][ T3678] ? zone_statistics+0x160/0x160
[ 67.466689][ T3678] ? rcu_lock_release+0x5/0x20
[ 67.471467][ T3678] ? alloc_pages+0x520/0x7b0
[ 67.476051][ T3678] ? xas_descend+0x1f3/0x400
[ 67.480638][ T3678] folio_alloc+0x1a/0x50
[ 67.484874][ T3678] filemap_alloc_folio+0x7e/0x1c0
[ 67.489898][ T3678] __filemap_get_folio+0x898/0x1260
[ 67.495095][ T3678] ? page_cache_prev_miss+0x4e0/0x4e0
[ 67.500465][ T3678] ? lockdep_hardirqs_on_prepare+0x428/0x790
[ 67.506442][ T3678] ? print_irqtrace_events+0x220/0x220
[ 67.511899][ T3678] pagecache_get_page+0x28/0x260
[ 67.516829][ T3678] ? hfs_free_extents+0x420/0x420
[ 67.521845][ T3678] block_write_begin+0x2e/0x1e0
[ 67.526713][ T3678] ? cont_write_begin+0x5e5/0x860
[ 67.531760][ T3678] ? hfs_free_extents+0x420/0x420
[ 67.536791][ T3678] cont_write_begin+0x606/0x860
[ 67.541662][ T3678] ? fault_in_readable+0x1d5/0x310
[ 67.546785][ T3678] ? generic_cont_expand_simple+0x250/0x250
[ 67.553203][ T3678] ? fault_in_readable+0x219/0x310
[ 67.558319][ T3678] ? fault_in_safe_writeable+0x240/0x240
[ 67.563962][ T3678] hfs_write_begin+0x86/0xd0
[ 67.568638][ T3678] ? hfs_free_extents+0x420/0x420
[ 67.573660][ T3678] generic_perform_write+0x2e4/0x5e0
[ 67.578958][ T3678] ? __block_commit_write+0x420/0x420
[ 67.584330][ T3678] ? generic_file_direct_write+0x610/0x610
[ 67.590132][ T3678] ? __file_remove_privs+0x6c0/0x6c0
[ 67.595416][ T3678] ? generic_write_checks+0x15c/0x1c0
[ 67.600790][ T3678] __generic_file_write_iter+0x176/0x400
[ 67.606426][ T3678] generic_file_write_iter+0xab/0x310
[ 67.611799][ T3678] vfs_write+0x7dc/0xc50
[ 67.616046][ T3678] ? file_end_write+0x230/0x230
[ 67.620898][ T3678] ? ptrace_stop+0x74d/0x970
[ 67.625492][ T3678] ? _raw_spin_unlock_irq+0x2a/0x40
[ 67.630691][ T3678] ? __fdget_pos+0x252/0x2e0
[ 67.635280][ T3678] ksys_write+0x177/0x2a0
[ 67.639607][ T3678] ? __ia32_sys_read+0x80/0x80
[ 67.644379][ T3678] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 67.650360][ T3678] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 67.656337][ T3678] do_syscall_64+0x3d/0xb0
[ 67.660750][ T3678] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 67.666643][ T3678] RIP: 0033:0x7f0fa5191c89
[ 67.671053][ T3678] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 67.690650][ T3678] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 3678] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3678] exit_group(0) = ?
[pid 3678] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3678, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./37/binderfs") = 0
umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./37/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./37") = 0
mkdir("./38", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3679 attached
[pid 3679] chdir("./38") = 0
[pid 3679] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3679] setpgid(0, 0) = 0
[pid 3679] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC
[pid 3638] <... clone resumed>, child_tidptr=0x555555b7f5d0) = 3679
[pid 3679] <... openat resumed>) = 3
[pid 3679] write(3, "1000", 4) = 4
[pid 3679] close(3) = 0
[pid 3679] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3679] memfd_create("syzkaller", 0) = 3
[pid 3679] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3679] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3679] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3679] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 67.699057][ T3678] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 67.707024][ T3678] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 67.715038][ T3678] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 67.723001][ T3678] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 67.730961][ T3678] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000025
[ 67.738942][ T3678]
[pid 3679] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3679] close(3) = 0
[pid 3679] mkdir("./file0", 0777) = 0
[pid 3679] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3679] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3679] chdir("./file0") = 0
[pid 3679] ioctl(4, LOOP_CLR_FD) = 0
[pid 3679] close(4) = 0
[pid 3679] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3679] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3679] write(5, "13", 2) = 2
[ 67.781497][ T3679] loop0: detected capacity change from 0 to 64
[ 67.802437][ T3679] FAULT_INJECTION: forcing a failure.
[ 67.802437][ T3679] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 67.816334][ T3679] CPU: 0 PID: 3679 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 67.826765][ T3679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 67.836804][ T3679] Call Trace:
[ 67.840070][ T3679]
[ 67.842986][ T3679] dump_stack_lvl+0x1b1/0x28e
[ 67.847649][ T3679] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 67.853091][ T3679] ? panic+0x710/0x710
[ 67.857139][ T3679] ? do_anonymous_page+0xd4a/0x1150
[ 67.862324][ T3679] ? mark_lock+0x9a/0x350
[ 67.866640][ T3679] should_fail_ex+0x395/0x4c0
[ 67.871310][ T3679] prepare_alloc_pages+0x1d7/0x5a0
[ 67.876414][ T3679] __alloc_pages+0x161/0x560
[ 67.880998][ T3679] ? zone_statistics+0x160/0x160
[ 67.885928][ T3679] ? rcu_lock_release+0x5/0x20
[ 67.890674][ T3679] ? alloc_pages+0x520/0x7b0
[ 67.895248][ T3679] ? xas_descend+0x1f3/0x400
[ 67.899827][ T3679] folio_alloc+0x1a/0x50
[ 67.904051][ T3679] filemap_alloc_folio+0x7e/0x1c0
[ 67.909062][ T3679] __filemap_get_folio+0x898/0x1260
[ 67.914248][ T3679] ? page_cache_prev_miss+0x4e0/0x4e0
[ 67.919614][ T3679] ? lockdep_hardirqs_on_prepare+0x428/0x790
[ 67.925578][ T3679] ? print_irqtrace_events+0x220/0x220
[ 67.931028][ T3679] pagecache_get_page+0x28/0x260
[ 67.935949][ T3679] ? hfs_free_extents+0x420/0x420
[ 67.940958][ T3679] block_write_begin+0x2e/0x1e0
[ 67.945795][ T3679] ? cont_write_begin+0x5e5/0x860
[ 67.950806][ T3679] ? hfs_free_extents+0x420/0x420
[ 67.955823][ T3679] cont_write_begin+0x606/0x860
[ 67.960666][ T3679] ? fault_in_readable+0x1d5/0x310
[ 67.965767][ T3679] ? generic_cont_expand_simple+0x250/0x250
[ 67.971652][ T3679] ? fault_in_readable+0x219/0x310
[ 67.976751][ T3679] ? fault_in_safe_writeable+0x240/0x240
[ 67.982371][ T3679] hfs_write_begin+0x86/0xd0
[ 67.986945][ T3679] ? hfs_free_extents+0x420/0x420
[ 67.991955][ T3679] generic_perform_write+0x2e4/0x5e0
[ 67.997230][ T3679] ? __block_commit_write+0x420/0x420
[ 68.002593][ T3679] ? generic_file_direct_write+0x610/0x610
[ 68.008381][ T3679] ? __file_remove_privs+0x6c0/0x6c0
[ 68.013650][ T3679] ? generic_write_checks+0x15c/0x1c0
[ 68.019012][ T3679] __generic_file_write_iter+0x176/0x400
[ 68.024637][ T3679] generic_file_write_iter+0xab/0x310
[ 68.029994][ T3679] vfs_write+0x7dc/0xc50
[ 68.034228][ T3679] ? file_end_write+0x230/0x230
[ 68.039061][ T3679] ? ptrace_stop+0x74d/0x970
[ 68.043645][ T3679] ? _raw_spin_unlock_irq+0x2a/0x40
[ 68.048830][ T3679] ? __fdget_pos+0x252/0x2e0
[ 68.053406][ T3679] ksys_write+0x177/0x2a0
[ 68.057723][ T3679] ? __ia32_sys_read+0x80/0x80
[ 68.062470][ T3679] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 68.068437][ T3679] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 68.074403][ T3679] do_syscall_64+0x3d/0xb0
[ 68.078803][ T3679] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 68.084679][ T3679] RIP: 0033:0x7f0fa5191c89
[ 68.089079][ T3679] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 68.108667][ T3679] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 68.117066][ T3679] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 68.125021][ T3679] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid 3679] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3679] exit_group(0) = ?
[pid 3679] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3679, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./38/binderfs") = 0
umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./38/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./38") = 0
mkdir("./39", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3680
./strace-static-x86_64: Process 3680 attached
[pid 3680] chdir("./39") = 0
[pid 3680] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3680] setpgid(0, 0) = 0
[pid 3680] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3680] write(3, "1000", 4) = 4
[pid 3680] close(3) = 0
[pid 3680] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3680] memfd_create("syzkaller", 0) = 3
[ 68.132971][ T3679] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 68.140922][ T3679] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 68.148873][ T3679] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000026
[ 68.156836][ T3679]
[pid 3680] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3680] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3680] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3680] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3680] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3680] close(3) = 0
[pid 3680] mkdir("./file0", 0777) = 0
[pid 3680] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3680] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3680] chdir("./file0") = 0
[pid 3680] ioctl(4, LOOP_CLR_FD) = 0
[pid 3680] close(4) = 0
[pid 3680] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3680] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3680] write(5, "13", 2) = 2
[ 68.195926][ T3680] loop0: detected capacity change from 0 to 64
[ 68.200097][ T3640] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 68.224452][ T3680] FAULT_INJECTION: forcing a failure.
[ 68.224452][ T3680] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 68.237803][ T3680] CPU: 0 PID: 3680 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 68.248233][ T3680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 68.258280][ T3680] Call Trace:
[ 68.261546][ T3680]
[ 68.264470][ T3680] dump_stack_lvl+0x1b1/0x28e
[ 68.269150][ T3680] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 68.274614][ T3680] ? panic+0x710/0x710
[ 68.278674][ T3680] ? do_anonymous_page+0xd4a/0x1150
[ 68.283887][ T3680] ? mark_lock+0x9a/0x350
[ 68.288251][ T3680] should_fail_ex+0x395/0x4c0
[ 68.292944][ T3680] prepare_alloc_pages+0x1d7/0x5a0
[ 68.298068][ T3680] __alloc_pages+0x161/0x560
[ 68.302673][ T3680] ? zone_statistics+0x160/0x160
[ 68.307619][ T3680] ? rcu_lock_release+0x5/0x20
[ 68.312386][ T3680] ? alloc_pages+0x520/0x7b0
[ 68.316984][ T3680] ? xas_descend+0x1f3/0x400
[ 68.321565][ T3680] folio_alloc+0x1a/0x50
[ 68.325794][ T3680] filemap_alloc_folio+0x7e/0x1c0
[ 68.330820][ T3680] __filemap_get_folio+0x898/0x1260
[ 68.336053][ T3680] ? page_cache_prev_miss+0x4e0/0x4e0
[ 68.341465][ T3680] ? lockdep_hardirqs_on_prepare+0x428/0x790
[ 68.347463][ T3680] ? print_irqtrace_events+0x220/0x220
[ 68.352916][ T3680] pagecache_get_page+0x28/0x260
[ 68.357856][ T3680] ? hfs_free_extents+0x420/0x420
[ 68.362894][ T3680] block_write_begin+0x2e/0x1e0
[ 68.367753][ T3680] ? cont_write_begin+0x5e5/0x860
[ 68.372783][ T3680] ? hfs_free_extents+0x420/0x420
[ 68.377798][ T3680] cont_write_begin+0x606/0x860
[ 68.382648][ T3680] ? fault_in_readable+0x1d5/0x310
[ 68.387752][ T3680] ? generic_cont_expand_simple+0x250/0x250
[ 68.393636][ T3680] ? fault_in_readable+0x219/0x310
[ 68.399798][ T3680] ? fault_in_safe_writeable+0x240/0x240
[ 68.405463][ T3680] hfs_write_begin+0x86/0xd0
[ 68.410052][ T3680] ? hfs_free_extents+0x420/0x420
[ 68.415073][ T3680] generic_perform_write+0x2e4/0x5e0
[ 68.420376][ T3680] ? __block_commit_write+0x420/0x420
[ 68.425771][ T3680] ? generic_file_direct_write+0x610/0x610
[ 68.431589][ T3680] ? __file_remove_privs+0x6c0/0x6c0
[ 68.436881][ T3680] ? generic_write_checks+0x15c/0x1c0
[ 68.442285][ T3680] __generic_file_write_iter+0x176/0x400
[ 68.447952][ T3680] generic_file_write_iter+0xab/0x310
[ 68.453352][ T3680] vfs_write+0x7dc/0xc50
[ 68.457620][ T3680] ? file_end_write+0x230/0x230
[ 68.462471][ T3680] ? ptrace_stop+0x74d/0x970
[ 68.467071][ T3680] ? _raw_spin_unlock_irq+0x2a/0x40
[ 68.472282][ T3680] ? __fdget_pos+0x252/0x2e0
[ 68.476889][ T3680] ksys_write+0x177/0x2a0
[ 68.481214][ T3680] ? __ia32_sys_read+0x80/0x80
[ 68.485973][ T3680] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 68.491961][ T3680] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 68.497955][ T3680] do_syscall_64+0x3d/0xb0
[ 68.502360][ T3680] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 68.508252][ T3680] RIP: 0033:0x7f0fa5191c89
[ 68.512681][ T3680] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 68.532453][ T3680] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 3680] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3680] exit_group(0) = ?
[pid 3680] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3680, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./39/binderfs") = 0
umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./39/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./39") = 0
mkdir("./40", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3681
./strace-static-x86_64: Process 3681 attached
[pid 3681] chdir("./40") = 0
[pid 3681] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3681] setpgid(0, 0) = 0
[pid 3681] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3681] write(3, "1000", 4) = 4
[pid 3681] close(3) = 0
[pid 3681] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3681] memfd_create("syzkaller", 0) = 3
[pid 3681] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3681] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3681] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3681] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 68.540867][ T3680] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 68.548842][ T3680] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 68.556800][ T3680] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 68.564769][ T3680] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 68.572740][ T3680] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000027
[ 68.580800][ T3680]
[pid 3681] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3681] close(3) = 0
[pid 3681] mkdir("./file0", 0777) = 0
[pid 3681] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3681] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3681] chdir("./file0") = 0
[pid 3681] ioctl(4, LOOP_CLR_FD) = 0
[pid 3681] close(4) = 0
[pid 3681] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3681] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3681] write(5, "13", 2) = 2
[ 68.619820][ T3681] loop0: detected capacity change from 0 to 64
[ 68.646996][ T3681] FAULT_INJECTION: forcing a failure.
[ 68.646996][ T3681] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 68.660141][ T3681] CPU: 1 PID: 3681 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 68.670543][ T3681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 68.680676][ T3681] Call Trace:
[ 68.683972][ T3681]
[ 68.687003][ T3681] dump_stack_lvl+0x1b1/0x28e
[ 68.691674][ T3681] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 68.697118][ T3681] ? panic+0x710/0x710
[ 68.701184][ T3681] ? hfs_free_extents+0x420/0x420
[ 68.706214][ T3681] ? PageHeadHuge+0x8a/0x1d0
[ 68.710820][ T3681] should_fail_ex+0x395/0x4c0
[ 68.715509][ T3681] copy_page_from_iter_atomic+0x217/0x1140
[ 68.721339][ T3681] ? generic_cont_expand_simple+0x250/0x250
[ 68.727226][ T3681] ? pipe_zero+0x200/0x200
[ 68.731640][ T3681] ? hfs_write_begin+0x86/0xd0
[ 68.736392][ T3681] ? hfs_free_extents+0x420/0x420
[ 68.741402][ T3681] ? hfs_write_begin+0x9e/0xd0
[ 68.746167][ T3681] generic_perform_write+0x35a/0x5e0
[ 68.751457][ T3681] ? __block_commit_write+0x420/0x420
[ 68.756833][ T3681] ? generic_file_direct_write+0x610/0x610
[ 68.762646][ T3681] ? __file_remove_privs+0x6c0/0x6c0
[ 68.767929][ T3681] ? generic_write_checks+0x15c/0x1c0
[ 68.773303][ T3681] __generic_file_write_iter+0x176/0x400
[ 68.778940][ T3681] generic_file_write_iter+0xab/0x310
[ 68.784327][ T3681] vfs_write+0x7dc/0xc50
[ 68.788595][ T3681] ? file_end_write+0x230/0x230
[ 68.793440][ T3681] ? ptrace_stop+0x74d/0x970
[ 68.798041][ T3681] ? _raw_spin_unlock_irq+0x2a/0x40
[ 68.803261][ T3681] ? __fdget_pos+0x252/0x2e0
[ 68.807857][ T3681] ksys_write+0x177/0x2a0
[ 68.812199][ T3681] ? __ia32_sys_read+0x80/0x80
[ 68.816954][ T3681] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 68.822941][ T3681] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 68.828939][ T3681] do_syscall_64+0x3d/0xb0
[ 68.833349][ T3681] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 68.839234][ T3681] RIP: 0033:0x7f0fa5191c89
[ 68.843638][ T3681] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid 3681] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 3681] exit_group(0) = ?
[pid 3681] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3681, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./40/binderfs") = 0
umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./40/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./40") = 0
mkdir("./41", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 68.863262][ T3681] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 68.871686][ T3681] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 68.879657][ T3681] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 68.887639][ T3681] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 68.895626][ T3681] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 68.903591][ T3681] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000028
[ 68.911572][ T3681]
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3682
./strace-static-x86_64: Process 3682 attached
[pid 3682] chdir("./41") = 0
[pid 3682] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3682] setpgid(0, 0) = 0
[pid 3682] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3682] write(3, "1000", 4) = 4
[pid 3682] close(3) = 0
[pid 3682] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3682] memfd_create("syzkaller", 0) = 3
[pid 3682] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3682] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3682] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3682] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3682] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3682] close(3) = 0
[pid 3682] mkdir("./file0", 0777) = 0
[pid 3682] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3682] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3682] chdir("./file0") = 0
[pid 3682] ioctl(4, LOOP_CLR_FD) = 0
[pid 3682] close(4) = 0
[pid 3682] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3682] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3682] write(5, "13", 2) = 2
[ 68.966561][ T3682] loop0: detected capacity change from 0 to 64
[ 68.997922][ T3682] FAULT_INJECTION: forcing a failure.
[ 68.997922][ T3682] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 69.011313][ T3682] CPU: 0 PID: 3682 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 69.021766][ T3682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 69.031830][ T3682] Call Trace:
[ 69.035110][ T3682]
[ 69.038033][ T3682] dump_stack_lvl+0x1b1/0x28e
[ 69.042717][ T3682] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 69.048169][ T3682] ? panic+0x710/0x710
[ 69.052225][ T3682] ? do_anonymous_page+0xd4a/0x1150
[ 69.057416][ T3682] ? mark_lock+0x9a/0x350
[ 69.061752][ T3682] should_fail_ex+0x395/0x4c0
[ 69.066431][ T3682] prepare_alloc_pages+0x1d7/0x5a0
[ 69.071555][ T3682] __alloc_pages+0x161/0x560
[ 69.076146][ T3682] ? zone_statistics+0x160/0x160
[ 69.081081][ T3682] ? rcu_lock_release+0x5/0x20
[ 69.085836][ T3682] ? alloc_pages+0x520/0x7b0
[ 69.090416][ T3682] ? xas_descend+0x1f3/0x400
[ 69.094997][ T3682] folio_alloc+0x1a/0x50
[ 69.099241][ T3682] filemap_alloc_folio+0x7e/0x1c0
[ 69.104274][ T3682] __filemap_get_folio+0x898/0x1260
[ 69.109465][ T3682] ? page_cache_prev_miss+0x4e0/0x4e0
[ 69.114834][ T3682] ? lockdep_hardirqs_on_prepare+0x428/0x790
[ 69.120806][ T3682] ? print_irqtrace_events+0x220/0x220
[ 69.126271][ T3682] pagecache_get_page+0x28/0x260
[ 69.131216][ T3682] ? hfs_free_extents+0x420/0x420
[ 69.136254][ T3682] block_write_begin+0x2e/0x1e0
[ 69.141102][ T3682] ? cont_write_begin+0x5e5/0x860
[ 69.146123][ T3682] ? hfs_free_extents+0x420/0x420
[ 69.151139][ T3682] cont_write_begin+0x606/0x860
[ 69.156006][ T3682] ? fault_in_readable+0x1d5/0x310
[ 69.161129][ T3682] ? generic_cont_expand_simple+0x250/0x250
[ 69.167023][ T3682] ? fault_in_readable+0x219/0x310
[ 69.172156][ T3682] ? fault_in_safe_writeable+0x240/0x240
[ 69.177884][ T3682] hfs_write_begin+0x86/0xd0
[ 69.182479][ T3682] ? hfs_free_extents+0x420/0x420
[ 69.187514][ T3682] generic_perform_write+0x2e4/0x5e0
[ 69.192799][ T3682] ? __block_commit_write+0x420/0x420
[ 69.198165][ T3682] ? generic_file_direct_write+0x610/0x610
[ 69.203962][ T3682] ? __file_remove_privs+0x6c0/0x6c0
[ 69.209253][ T3682] ? generic_write_checks+0x15c/0x1c0
[ 69.214695][ T3682] __generic_file_write_iter+0x176/0x400
[ 69.220327][ T3682] generic_file_write_iter+0xab/0x310
[ 69.225699][ T3682] vfs_write+0x7dc/0xc50
[ 69.229936][ T3682] ? file_end_write+0x230/0x230
[ 69.234784][ T3682] ? ptrace_stop+0x74d/0x970
[ 69.239393][ T3682] ? _raw_spin_unlock_irq+0x2a/0x40
[ 69.244585][ T3682] ? __fdget_pos+0x252/0x2e0
[ 69.249168][ T3682] ksys_write+0x177/0x2a0
[ 69.253488][ T3682] ? __ia32_sys_read+0x80/0x80
[ 69.258240][ T3682] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 69.264210][ T3682] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 69.270179][ T3682] do_syscall_64+0x3d/0xb0
[ 69.274618][ T3682] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 69.280540][ T3682] RIP: 0033:0x7f0fa5191c89
[ 69.284948][ T3682] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 69.304552][ T3682] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 3682] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3682] exit_group(0) = ?
[pid 3682] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3682, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./41/binderfs") = 0
umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./41/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./41") = 0
mkdir("./42", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3683
./strace-static-x86_64: Process 3683 attached
[ 69.312963][ T3682] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 69.320934][ T3682] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 69.328908][ T3682] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 69.336888][ T3682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 69.344852][ T3682] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000029
[ 69.352840][ T3682]
[pid 3683] chdir("./42") = 0
[pid 3683] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3683] setpgid(0, 0) = 0
[pid 3683] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3683] write(3, "1000", 4) = 4
[pid 3683] close(3) = 0
[pid 3683] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3683] memfd_create("syzkaller", 0) = 3
[pid 3683] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3683] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3683] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3683] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3683] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3683] close(3) = 0
[pid 3683] mkdir("./file0", 0777) = 0
[pid 3683] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3683] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3683] chdir("./file0") = 0
[pid 3683] ioctl(4, LOOP_CLR_FD) = 0
[pid 3683] close(4) = 0
[pid 3683] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3683] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3683] write(5, "13", 2) = 2
[ 69.408716][ T3683] loop0: detected capacity change from 0 to 64
[ 69.445502][ T3683] FAULT_INJECTION: forcing a failure.
[ 69.445502][ T3683] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 69.459044][ T3683] CPU: 0 PID: 3683 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 69.469470][ T3683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 69.479599][ T3683] Call Trace:
[ 69.482867][ T3683]
[ 69.485785][ T3683] dump_stack_lvl+0x1b1/0x28e
[ 69.490449][ T3683] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 69.495906][ T3683] ? panic+0x710/0x710
[ 69.499958][ T3683] ? do_anonymous_page+0xd4a/0x1150
[ 69.505150][ T3683] ? mark_lock+0x9a/0x350
[ 69.509468][ T3683] should_fail_ex+0x395/0x4c0
[ 69.514151][ T3683] prepare_alloc_pages+0x1d7/0x5a0
[ 69.519264][ T3683] __alloc_pages+0x161/0x560
[ 69.523861][ T3683] ? zone_statistics+0x160/0x160
[ 69.528812][ T3683] ? rcu_lock_release+0x5/0x20
[ 69.533564][ T3683] ? alloc_pages+0x520/0x7b0
[ 69.538156][ T3683] ? xas_descend+0x1f3/0x400
[ 69.542752][ T3683] folio_alloc+0x1a/0x50
[ 69.546982][ T3683] filemap_alloc_folio+0x7e/0x1c0
[ 69.552000][ T3683] __filemap_get_folio+0x898/0x1260
[ 69.557188][ T3683] ? page_cache_prev_miss+0x4e0/0x4e0
[ 69.562551][ T3683] ? lockdep_hardirqs_on_prepare+0x428/0x790
[ 69.568522][ T3683] ? print_irqtrace_events+0x220/0x220
[ 69.573972][ T3683] pagecache_get_page+0x28/0x260
[ 69.578902][ T3683] ? hfs_free_extents+0x420/0x420
[ 69.583915][ T3683] block_write_begin+0x2e/0x1e0
[ 69.588756][ T3683] ? cont_write_begin+0x5e5/0x860
[ 69.593768][ T3683] ? hfs_free_extents+0x420/0x420
[ 69.598778][ T3683] cont_write_begin+0x606/0x860
[ 69.603627][ T3683] ? fault_in_readable+0x1d5/0x310
[ 69.608752][ T3683] ? generic_cont_expand_simple+0x250/0x250
[ 69.614656][ T3683] ? fault_in_readable+0x219/0x310
[ 69.619784][ T3683] ? fault_in_safe_writeable+0x240/0x240
[ 69.625443][ T3683] hfs_write_begin+0x86/0xd0
[ 69.630032][ T3683] ? hfs_free_extents+0x420/0x420
[ 69.635059][ T3683] generic_perform_write+0x2e4/0x5e0
[ 69.640377][ T3683] ? __block_commit_write+0x420/0x420
[ 69.645761][ T3683] ? generic_file_direct_write+0x610/0x610
[ 69.651581][ T3683] ? __file_remove_privs+0x6c0/0x6c0
[ 69.656877][ T3683] ? generic_write_checks+0x15c/0x1c0
[ 69.662269][ T3683] __generic_file_write_iter+0x176/0x400
[ 69.667925][ T3683] generic_file_write_iter+0xab/0x310
[ 69.673317][ T3683] vfs_write+0x7dc/0xc50
[ 69.677590][ T3683] ? file_end_write+0x230/0x230
[ 69.682445][ T3683] ? ptrace_stop+0x74d/0x970
[ 69.687047][ T3683] ? _raw_spin_unlock_irq+0x2a/0x40
[ 69.692260][ T3683] ? __fdget_pos+0x252/0x2e0
[ 69.696851][ T3683] ksys_write+0x177/0x2a0
[ 69.701190][ T3683] ? __ia32_sys_read+0x80/0x80
[ 69.705941][ T3683] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 69.711921][ T3683] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 69.717910][ T3683] do_syscall_64+0x3d/0xb0
[ 69.722316][ T3683] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 69.728195][ T3683] RIP: 0033:0x7f0fa5191c89
[ 69.732616][ T3683] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 69.752225][ T3683] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 3683] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3683] exit_group(0) = ?
[pid 3683] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3683, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./42/binderfs") = 0
umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./42/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./42") = 0
mkdir("./43", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
[ 69.760627][ T3683] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 69.768587][ T3683] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 69.776556][ T3683] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 69.784529][ T3683] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 69.792491][ T3683] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000002a
[ 69.800463][ T3683]
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3684
./strace-static-x86_64: Process 3684 attached
[pid 3684] chdir("./43") = 0
[pid 3684] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3684] setpgid(0, 0) = 0
[pid 3684] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3684] write(3, "1000", 4) = 4
[pid 3684] close(3) = 0
[pid 3684] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3684] memfd_create("syzkaller", 0) = 3
[pid 3684] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3684] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3684] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3684] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3684] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3684] close(3) = 0
[pid 3684] mkdir("./file0", 0777) = 0
[pid 3684] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3684] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3684] chdir("./file0") = 0
[pid 3684] ioctl(4, LOOP_CLR_FD) = 0
[pid 3684] close(4) = 0
[pid 3684] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3684] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3684] write(5, "13", 2) = 2
[ 69.851568][ T3684] loop0: detected capacity change from 0 to 64
[ 69.883066][ T3684] FAULT_INJECTION: forcing a failure.
[ 69.883066][ T3684] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 69.896624][ T3684] CPU: 0 PID: 3684 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 69.907040][ T3684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 69.917087][ T3684] Call Trace:
[ 69.920374][ T3684]
[ 69.923316][ T3684] dump_stack_lvl+0x1b1/0x28e
[ 69.928000][ T3684] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 69.933444][ T3684] ? panic+0x710/0x710
[ 69.937497][ T3684] ? do_anonymous_page+0xd4a/0x1150
[ 69.942689][ T3684] ? mark_lock+0x9a/0x350
[ 69.947020][ T3684] should_fail_ex+0x395/0x4c0
[ 69.951711][ T3684] prepare_alloc_pages+0x1d7/0x5a0
[ 69.956834][ T3684] __alloc_pages+0x161/0x560
[ 69.961434][ T3684] ? zone_statistics+0x160/0x160
[ 69.966386][ T3684] ? rcu_lock_release+0x5/0x20
[ 69.971154][ T3684] ? alloc_pages+0x520/0x7b0
[ 69.975732][ T3684] ? xas_descend+0x1f3/0x400
[ 69.980314][ T3684] folio_alloc+0x1a/0x50
[ 69.984546][ T3684] filemap_alloc_folio+0x7e/0x1c0
[ 69.989569][ T3684] __filemap_get_folio+0x898/0x1260
[ 69.994775][ T3684] ? page_cache_prev_miss+0x4e0/0x4e0
[ 70.000135][ T3684] ? lockdep_hardirqs_on_prepare+0x428/0x790
[ 70.006105][ T3684] ? print_irqtrace_events+0x220/0x220
[ 70.011562][ T3684] pagecache_get_page+0x28/0x260
[ 70.016488][ T3684] ? hfs_free_extents+0x420/0x420
[ 70.021508][ T3684] block_write_begin+0x2e/0x1e0
[ 70.026366][ T3684] ? cont_write_begin+0x5e5/0x860
[ 70.031381][ T3684] ? hfs_free_extents+0x420/0x420
[ 70.036404][ T3684] cont_write_begin+0x606/0x860
[ 70.041269][ T3684] ? fault_in_readable+0x1d5/0x310
[ 70.046371][ T3684] ? generic_cont_expand_simple+0x250/0x250
[ 70.052254][ T3684] ? fault_in_readable+0x219/0x310
[ 70.057362][ T3684] ? fault_in_safe_writeable+0x240/0x240
[ 70.062991][ T3684] hfs_write_begin+0x86/0xd0
[ 70.067571][ T3684] ? hfs_free_extents+0x420/0x420
[ 70.072586][ T3684] generic_perform_write+0x2e4/0x5e0
[ 70.077884][ T3684] ? __block_commit_write+0x420/0x420
[ 70.083262][ T3684] ? generic_file_direct_write+0x610/0x610
[ 70.089076][ T3684] ? __file_remove_privs+0x6c0/0x6c0
[ 70.094522][ T3684] ? generic_write_checks+0x15c/0x1c0
[ 70.099890][ T3684] __generic_file_write_iter+0x176/0x400
[ 70.105518][ T3684] generic_file_write_iter+0xab/0x310
[ 70.110895][ T3684] vfs_write+0x7dc/0xc50
[ 70.115145][ T3684] ? file_end_write+0x230/0x230
[ 70.119983][ T3684] ? ptrace_stop+0x74d/0x970
[ 70.124583][ T3684] ? _raw_spin_unlock_irq+0x2a/0x40
[ 70.129810][ T3684] ? __fdget_pos+0x252/0x2e0
[ 70.134414][ T3684] ksys_write+0x177/0x2a0
[ 70.138737][ T3684] ? __ia32_sys_read+0x80/0x80
[ 70.143495][ T3684] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 70.149726][ T3684] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 70.155697][ T3684] do_syscall_64+0x3d/0xb0
[ 70.160113][ T3684] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 70.166011][ T3684] RIP: 0033:0x7f0fa5191c89
[ 70.170415][ T3684] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 70.190198][ T3684] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 3684] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3684] exit_group(0) = ?
[pid 3684] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3684, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./43/binderfs") = 0
umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./43/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./43") = 0
mkdir("./44", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
[ 70.198707][ T3684] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 70.206712][ T3684] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 70.214684][ T3684] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 70.222663][ T3684] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 70.230640][ T3684] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000002b
[ 70.238613][ T3684]
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3685
./strace-static-x86_64: Process 3685 attached
[pid 3685] chdir("./44") = 0
[pid 3685] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3685] setpgid(0, 0) = 0
[pid 3685] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3685] write(3, "1000", 4) = 4
[pid 3685] close(3) = 0
[pid 3685] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3685] memfd_create("syzkaller", 0) = 3
[pid 3685] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3685] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3685] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3685] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3685] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3685] close(3) = 0
[pid 3685] mkdir("./file0", 0777) = 0
[pid 3685] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3685] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3685] chdir("./file0") = 0
[pid 3685] ioctl(4, LOOP_CLR_FD) = 0
[pid 3685] close(4) = 0
[pid 3685] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3685] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3685] write(5, "13", 2) = 2
[ 70.295110][ T3685] loop0: detected capacity change from 0 to 64
[ 70.326856][ T3685] FAULT_INJECTION: forcing a failure.
[ 70.326856][ T3685] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 70.340073][ T3685] CPU: 0 PID: 3685 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 70.350480][ T3685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 70.360527][ T3685] Call Trace:
[ 70.363807][ T3685]
[ 70.366751][ T3685] dump_stack_lvl+0x1b1/0x28e
[ 70.371438][ T3685] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 70.376906][ T3685] ? panic+0x710/0x710
[ 70.381002][ T3685] ? hfs_free_extents+0x420/0x420
[ 70.386044][ T3685] ? PageHeadHuge+0x8a/0x1d0
[ 70.390637][ T3685] should_fail_ex+0x395/0x4c0
[ 70.395333][ T3685] copy_page_from_iter_atomic+0x217/0x1140
[ 70.401159][ T3685] ? generic_cont_expand_simple+0x250/0x250
[ 70.407075][ T3685] ? pipe_zero+0x200/0x200
[ 70.411507][ T3685] ? hfs_write_begin+0x86/0xd0
[ 70.416268][ T3685] ? hfs_free_extents+0x420/0x420
[ 70.421296][ T3685] ? hfs_write_begin+0x9e/0xd0
[ 70.426057][ T3685] generic_perform_write+0x35a/0x5e0
[ 70.431367][ T3685] ? __block_commit_write+0x420/0x420
[ 70.436742][ T3685] ? generic_file_direct_write+0x610/0x610
[ 70.442549][ T3685] ? __file_remove_privs+0x6c0/0x6c0
[ 70.447835][ T3685] ? generic_write_checks+0x15c/0x1c0
[ 70.453226][ T3685] __generic_file_write_iter+0x176/0x400
[ 70.458885][ T3685] generic_file_write_iter+0xab/0x310
[ 70.464271][ T3685] vfs_write+0x7dc/0xc50
[ 70.468529][ T3685] ? file_end_write+0x230/0x230
[ 70.473380][ T3685] ? ptrace_stop+0x74d/0x970
[ 70.477979][ T3685] ? _raw_spin_unlock_irq+0x2a/0x40
[ 70.483179][ T3685] ? __fdget_pos+0x252/0x2e0
[ 70.487772][ T3685] ksys_write+0x177/0x2a0
[ 70.492105][ T3685] ? __ia32_sys_read+0x80/0x80
[ 70.496867][ T3685] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 70.502846][ T3685] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 70.508839][ T3685] do_syscall_64+0x3d/0xb0
[ 70.513256][ T3685] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 70.519143][ T3685] RIP: 0033:0x7f0fa5191c89
[ 70.523554][ T3685] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid 3685] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 3685] exit_group(0) = ?
[pid 3685] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3685, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./44/binderfs") = 0
umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./44/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./44") = 0
mkdir("./45", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 70.543155][ T3685] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 70.551564][ T3685] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 70.559530][ T3685] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 70.567505][ T3685] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 70.575471][ T3685] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 70.583435][ T3685] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000002c
[ 70.591417][ T3685]
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3686
./strace-static-x86_64: Process 3686 attached
[pid 3686] chdir("./45") = 0
[pid 3686] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3686] setpgid(0, 0) = 0
[pid 3686] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3686] write(3, "1000", 4) = 4
[pid 3686] close(3) = 0
[pid 3686] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3686] memfd_create("syzkaller", 0) = 3
[pid 3686] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3686] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3686] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3686] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3686] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3686] close(3) = 0
[pid 3686] mkdir("./file0", 0777) = 0
[pid 3686] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3686] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3686] chdir("./file0") = 0
[pid 3686] ioctl(4, LOOP_CLR_FD) = 0
[pid 3686] close(4) = 0
[pid 3686] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3686] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3686] write(5, "13", 2) = 2
[ 70.643291][ T3686] loop0: detected capacity change from 0 to 64
[ 70.666114][ T3686] FAULT_INJECTION: forcing a failure.
[ 70.666114][ T3686] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 70.680201][ T3686] CPU: 0 PID: 3686 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 70.690640][ T3686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 70.700694][ T3686] Call Trace:
[ 70.703979][ T3686]
[ 70.706916][ T3686] dump_stack_lvl+0x1b1/0x28e
[ 70.711586][ T3686] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 70.717034][ T3686] ? panic+0x710/0x710
[ 70.721103][ T3686] ? do_anonymous_page+0xd4a/0x1150
[ 70.726313][ T3686] ? mark_lock+0x9a/0x350
[ 70.730634][ T3686] should_fail_ex+0x395/0x4c0
[ 70.735332][ T3686] prepare_alloc_pages+0x1d7/0x5a0
[ 70.740461][ T3686] __alloc_pages+0x161/0x560
[ 70.745187][ T3686] ? zone_statistics+0x160/0x160
[ 70.750147][ T3686] ? rcu_lock_release+0x5/0x20
[ 70.754922][ T3686] ? alloc_pages+0x520/0x7b0
[ 70.759515][ T3686] ? xas_descend+0x1f3/0x400
[ 70.764118][ T3686] folio_alloc+0x1a/0x50
[ 70.768368][ T3686] filemap_alloc_folio+0x7e/0x1c0
[ 70.773399][ T3686] __filemap_get_folio+0x898/0x1260
[ 70.778689][ T3686] ? page_cache_prev_miss+0x4e0/0x4e0
[ 70.784059][ T3686] ? lockdep_hardirqs_on_prepare+0x428/0x790
[ 70.790034][ T3686] ? print_irqtrace_events+0x220/0x220
[ 70.795489][ T3686] pagecache_get_page+0x28/0x260
[ 70.800419][ T3686] ? hfs_free_extents+0x420/0x420
[ 70.805449][ T3686] block_write_begin+0x2e/0x1e0
[ 70.810311][ T3686] ? cont_write_begin+0x5e5/0x860
[ 70.815412][ T3686] ? hfs_free_extents+0x420/0x420
[ 70.820424][ T3686] cont_write_begin+0x606/0x860
[ 70.825269][ T3686] ? fault_in_readable+0x1d5/0x310
[ 70.830390][ T3686] ? generic_cont_expand_simple+0x250/0x250
[ 70.836307][ T3686] ? fault_in_readable+0x219/0x310
[ 70.841423][ T3686] ? fault_in_safe_writeable+0x240/0x240
[ 70.847066][ T3686] hfs_write_begin+0x86/0xd0
[ 70.851645][ T3686] ? hfs_free_extents+0x420/0x420
[ 70.856658][ T3686] generic_perform_write+0x2e4/0x5e0
[ 70.861953][ T3686] ? __block_commit_write+0x420/0x420
[ 70.867345][ T3686] ? generic_file_direct_write+0x610/0x610
[ 70.873159][ T3686] ? __file_remove_privs+0x6c0/0x6c0
[ 70.878442][ T3686] ? generic_write_checks+0x15c/0x1c0
[ 70.883843][ T3686] __generic_file_write_iter+0x176/0x400
[ 70.889505][ T3686] generic_file_write_iter+0xab/0x310
[ 70.894895][ T3686] vfs_write+0x7dc/0xc50
[ 70.899164][ T3686] ? file_end_write+0x230/0x230
[ 70.904021][ T3686] ? ptrace_stop+0x74d/0x970
[ 70.908622][ T3686] ? _raw_spin_unlock_irq+0x2a/0x40
[ 70.913833][ T3686] ? __fdget_pos+0x252/0x2e0
[ 70.918426][ T3686] ksys_write+0x177/0x2a0
[ 70.922769][ T3686] ? __ia32_sys_read+0x80/0x80
[ 70.927522][ T3686] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 70.933517][ T3686] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 70.939510][ T3686] do_syscall_64+0x3d/0xb0
[ 70.943920][ T3686] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 70.949818][ T3686] RIP: 0033:0x7f0fa5191c89
[ 70.954236][ T3686] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 70.973835][ T3686] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 70.982327][ T3686] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[pid 3686] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3686] exit_group(0) = ?
[pid 3686] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3686, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./45/binderfs") = 0
umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./45/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./45") = 0
mkdir("./46", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3687
./strace-static-x86_64: Process 3687 attached
[pid 3687] chdir("./46") = 0
[pid 3687] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3687] setpgid(0, 0) = 0
[pid 3687] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3687] write(3, "1000", 4) = 4
[pid 3687] close(3) = 0
[pid 3687] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3687] memfd_create("syzkaller", 0) = 3
[pid 3687] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[ 70.990290][ T3686] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 70.998253][ T3686] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 71.006219][ T3686] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 71.014203][ T3686] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000002d
[ 71.022177][ T3686]
[pid 3687] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3687] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3687] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3687] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3687] close(3) = 0
[pid 3687] mkdir("./file0", 0777) = 0
[pid 3687] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3687] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3687] chdir("./file0") = 0
[pid 3687] ioctl(4, LOOP_CLR_FD) = 0
[pid 3687] close(4) = 0
[pid 3687] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3687] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3687] write(5, "13", 2) = 2
[ 71.077807][ T3687] loop0: detected capacity change from 0 to 64
[ 71.097501][ T3687] FAULT_INJECTION: forcing a failure.
[ 71.097501][ T3687] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 71.113902][ T1250] ieee802154 phy0 wpan0: encryption failed: -22
[ 71.120329][ T1250] ieee802154 phy1 wpan1: encryption failed: -22
[ 71.126866][ T3687] CPU: 0 PID: 3687 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 71.137305][ T3687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 71.147369][ T3687] Call Trace:
[ 71.150651][ T3687]
[ 71.153600][ T3687] dump_stack_lvl+0x1b1/0x28e
[ 71.158286][ T3687] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 71.163744][ T3687] ? panic+0x710/0x710
[ 71.167815][ T3687] ? do_anonymous_page+0xd4a/0x1150
[ 71.173035][ T3687] ? mark_lock+0x9a/0x350
[ 71.177365][ T3687] should_fail_ex+0x395/0x4c0
[ 71.182053][ T3687] prepare_alloc_pages+0x1d7/0x5a0
[ 71.187171][ T3687] __alloc_pages+0x161/0x560
[ 71.191764][ T3687] ? zone_statistics+0x160/0x160
[ 71.196711][ T3687] ? rcu_lock_release+0x5/0x20
[ 71.201475][ T3687] ? alloc_pages+0x520/0x7b0
[ 71.206060][ T3687] ? xas_descend+0x1f3/0x400
[ 71.210739][ T3687] folio_alloc+0x1a/0x50
[ 71.214975][ T3687] filemap_alloc_folio+0x7e/0x1c0
[ 71.219998][ T3687] __filemap_get_folio+0x898/0x1260
[ 71.225199][ T3687] ? page_cache_prev_miss+0x4e0/0x4e0
[ 71.230571][ T3687] ? lockdep_hardirqs_on_prepare+0x428/0x790
[ 71.236562][ T3687] ? print_irqtrace_events+0x220/0x220
[ 71.242023][ T3687] pagecache_get_page+0x28/0x260
[ 71.246960][ T3687] ? hfs_free_extents+0x420/0x420
[ 71.251980][ T3687] block_write_begin+0x2e/0x1e0
[ 71.256837][ T3687] ? cont_write_begin+0x5e5/0x860
[ 71.261861][ T3687] ? hfs_free_extents+0x420/0x420
[ 71.266884][ T3687] cont_write_begin+0x606/0x860
[ 71.271740][ T3687] ? fault_in_readable+0x1d5/0x310
[ 71.276856][ T3687] ? generic_cont_expand_simple+0x250/0x250
[ 71.282748][ T3687] ? fault_in_readable+0x219/0x310
[ 71.287860][ T3687] ? fault_in_safe_writeable+0x240/0x240
[ 71.293499][ T3687] hfs_write_begin+0x86/0xd0
[ 71.298082][ T3687] ? hfs_free_extents+0x420/0x420
[ 71.303104][ T3687] generic_perform_write+0x2e4/0x5e0
[ 71.308397][ T3687] ? __block_commit_write+0x420/0x420
[ 71.313769][ T3687] ? generic_file_direct_write+0x610/0x610
[ 71.319582][ T3687] ? __file_remove_privs+0x6c0/0x6c0
[ 71.324882][ T3687] ? generic_write_checks+0x15c/0x1c0
[ 71.330259][ T3687] __generic_file_write_iter+0x176/0x400
[ 71.335893][ T3687] generic_file_write_iter+0xab/0x310
[ 71.341267][ T3687] vfs_write+0x7dc/0xc50
[ 71.345537][ T3687] ? file_end_write+0x230/0x230
[ 71.350396][ T3687] ? ptrace_stop+0x74d/0x970
[ 71.355007][ T3687] ? _raw_spin_unlock_irq+0x2a/0x40
[ 71.360220][ T3687] ? __fdget_pos+0x252/0x2e0
[ 71.364824][ T3687] ksys_write+0x177/0x2a0
[ 71.369166][ T3687] ? __ia32_sys_read+0x80/0x80
[ 71.373939][ T3687] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 71.379922][ T3687] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 71.385925][ T3687] do_syscall_64+0x3d/0xb0
[ 71.390352][ T3687] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 71.396249][ T3687] RIP: 0033:0x7f0fa5191c89
[ 71.400667][ T3687] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 71.420271][ T3687] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 3687] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3687] exit_group(0) = ?
[pid 3687] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3687, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./46/binderfs") = 0
umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[ 71.428681][ T3687] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 71.436654][ T3687] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 71.444627][ T3687] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 71.452591][ T3687] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 71.460560][ T3687] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000002e
[ 71.468633][ T3687]
umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./46/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./46") = 0
mkdir("./47", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3688
./strace-static-x86_64: Process 3688 attached
[pid 3688] chdir("./47") = 0
[pid 3688] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3688] setpgid(0, 0) = 0
[pid 3688] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3688] write(3, "1000", 4) = 4
[pid 3688] close(3) = 0
[pid 3688] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3688] memfd_create("syzkaller", 0) = 3
[pid 3688] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3688] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3688] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3688] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3688] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3688] close(3) = 0
[pid 3688] mkdir("./file0", 0777) = 0
[pid 3688] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3688] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3688] chdir("./file0") = 0
[pid 3688] ioctl(4, LOOP_CLR_FD) = 0
[pid 3688] close(4) = 0
[pid 3688] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3688] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3688] write(5, "13", 2) = 2
[ 71.563388][ T3688] loop0: detected capacity change from 0 to 64
[ 71.598888][ T3688] FAULT_INJECTION: forcing a failure.
[ 71.598888][ T3688] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 71.623848][ T3688] CPU: 1 PID: 3688 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 71.634307][ T3688] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 71.644372][ T3688] Call Trace:
[ 71.647661][ T3688]
[ 71.650597][ T3688] dump_stack_lvl+0x1b1/0x28e
[ 71.655297][ T3688] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 71.660764][ T3688] ? panic+0x710/0x710
[ 71.664844][ T3688] ? do_anonymous_page+0xd4a/0x1150
[ 71.670059][ T3688] ? mark_lock+0x9a/0x350
[ 71.674411][ T3688] should_fail_ex+0x395/0x4c0
[ 71.679109][ T3688] prepare_alloc_pages+0x1d7/0x5a0
[ 71.684247][ T3688] __alloc_pages+0x161/0x560
[ 71.688855][ T3688] ? zone_statistics+0x160/0x160
[ 71.693817][ T3688] ? rcu_lock_release+0x5/0x20
[ 71.698593][ T3688] ? alloc_pages+0x520/0x7b0
[ 71.703192][ T3688] ? xas_descend+0x1f3/0x400
[ 71.707794][ T3688] folio_alloc+0x1a/0x50
[ 71.712031][ T3688] filemap_alloc_folio+0x7e/0x1c0
[ 71.717055][ T3688] __filemap_get_folio+0x898/0x1260
[ 71.722255][ T3688] ? page_cache_prev_miss+0x4e0/0x4e0
[ 71.727629][ T3688] ? lockdep_hardirqs_on_prepare+0x428/0x790
[ 71.733610][ T3688] ? print_irqtrace_events+0x220/0x220
[ 71.739068][ T3688] pagecache_get_page+0x28/0x260
[ 71.744007][ T3688] ? hfs_free_extents+0x420/0x420
[ 71.749026][ T3688] block_write_begin+0x2e/0x1e0
[ 71.753877][ T3688] ? cont_write_begin+0x5e5/0x860
[ 71.758903][ T3688] ? hfs_free_extents+0x420/0x420
[ 71.763922][ T3688] cont_write_begin+0x606/0x860
[ 71.769038][ T3688] ? fault_in_readable+0x1d5/0x310
[ 71.774152][ T3688] ? generic_cont_expand_simple+0x250/0x250
[ 71.780047][ T3688] ? fault_in_readable+0x219/0x310
[ 71.785165][ T3688] ? fault_in_safe_writeable+0x240/0x240
[ 71.790803][ T3688] hfs_write_begin+0x86/0xd0
[ 71.795395][ T3688] ? hfs_free_extents+0x420/0x420
[ 71.800418][ T3688] generic_perform_write+0x2e4/0x5e0
[ 71.805710][ T3688] ? __block_commit_write+0x420/0x420
[ 71.811085][ T3688] ? generic_file_direct_write+0x610/0x610
[ 71.816892][ T3688] ? __file_remove_privs+0x6c0/0x6c0
[ 71.822182][ T3688] ? generic_write_checks+0x15c/0x1c0
[ 71.827559][ T3688] __generic_file_write_iter+0x176/0x400
[ 71.833195][ T3688] generic_file_write_iter+0xab/0x310
[ 71.838569][ T3688] vfs_write+0x7dc/0xc50
[ 71.842828][ T3688] ? file_end_write+0x230/0x230
[ 71.847676][ T3688] ? ptrace_stop+0x74d/0x970
[ 71.852273][ T3688] ? _raw_spin_unlock_irq+0x2a/0x40
[ 71.857475][ T3688] ? __fdget_pos+0x252/0x2e0
[ 71.862066][ T3688] ksys_write+0x177/0x2a0
[ 71.866397][ T3688] ? __ia32_sys_read+0x80/0x80
[ 71.871167][ T3688] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 71.877152][ T3688] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 71.883132][ T3688] do_syscall_64+0x3d/0xb0
[ 71.887553][ T3688] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 71.893441][ T3688] RIP: 0033:0x7f0fa5191c89
[ 71.897854][ T3688] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid 3688] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3688] exit_group(0) = ?
[pid 3688] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3688, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./47/binderfs") = 0
umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[ 71.917455][ T3688] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 71.925873][ T3688] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 71.933942][ T3688] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 71.941909][ T3688] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 71.949876][ T3688] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 71.957841][ T3688] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000002f
[ 71.965826][ T3688]
umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./47/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./47") = 0
mkdir("./48", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3689
./strace-static-x86_64: Process 3689 attached
[pid 3689] chdir("./48") = 0
[pid 3689] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3689] setpgid(0, 0) = 0
[pid 3689] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3689] write(3, "1000", 4) = 4
[pid 3689] close(3) = 0
[pid 3689] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3689] memfd_create("syzkaller", 0) = 3
[pid 3689] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3689] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3689] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3689] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3689] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3689] close(3) = 0
[pid 3689] mkdir("./file0", 0777) = 0
[pid 3689] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3689] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3689] chdir("./file0") = 0
[pid 3689] ioctl(4, LOOP_CLR_FD) = 0
[pid 3689] close(4) = 0
[pid 3689] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3689] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3689] write(5, "13", 2) = 2
[ 72.058820][ T3689] loop0: detected capacity change from 0 to 64
[ 72.109881][ T3689] FAULT_INJECTION: forcing a failure.
[ 72.109881][ T3689] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 72.123403][ T3689] CPU: 1 PID: 3689 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 72.133840][ T3689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 72.143906][ T3689] Call Trace:
[ 72.147194][ T3689]
[ 72.150144][ T3689] dump_stack_lvl+0x1b1/0x28e
[ 72.154842][ T3689] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 72.160328][ T3689] ? panic+0x710/0x710
[ 72.164496][ T3689] ? do_anonymous_page+0xd4a/0x1150
[ 72.169716][ T3689] ? mark_lock+0x9a/0x350
[ 72.174063][ T3689] should_fail_ex+0x395/0x4c0
[ 72.178807][ T3689] prepare_alloc_pages+0x1d7/0x5a0
[ 72.183948][ T3689] __alloc_pages+0x161/0x560
[ 72.188567][ T3689] ? zone_statistics+0x160/0x160
[ 72.193531][ T3689] ? rcu_lock_release+0x5/0x20
[ 72.198311][ T3689] ? alloc_pages+0x520/0x7b0
[ 72.202913][ T3689] ? xas_descend+0x1f3/0x400
[ 72.207521][ T3689] folio_alloc+0x1a/0x50
[ 72.211774][ T3689] filemap_alloc_folio+0x7e/0x1c0
[ 72.216818][ T3689] __filemap_get_folio+0x898/0x1260
[ 72.222038][ T3689] ? page_cache_prev_miss+0x4e0/0x4e0
[ 72.227427][ T3689] ? lockdep_hardirqs_on_prepare+0x428/0x790
[ 72.233425][ T3689] ? print_irqtrace_events+0x220/0x220
[ 72.238924][ T3689] pagecache_get_page+0x28/0x260
[ 72.243875][ T3689] ? hfs_free_extents+0x420/0x420
[ 72.248907][ T3689] block_write_begin+0x2e/0x1e0
[ 72.253862][ T3689] ? cont_write_begin+0x5e5/0x860
[ 72.258903][ T3689] ? hfs_free_extents+0x420/0x420
[ 72.263943][ T3689] cont_write_begin+0x606/0x860
[ 72.268818][ T3689] ? fault_in_readable+0x1d5/0x310
[ 72.273947][ T3689] ? generic_cont_expand_simple+0x250/0x250
[ 72.279853][ T3689] ? fault_in_readable+0x219/0x310
[ 72.284986][ T3689] ? fault_in_safe_writeable+0x240/0x240
[ 72.290821][ T3689] hfs_write_begin+0x86/0xd0
[ 72.295411][ T3689] ? hfs_free_extents+0x420/0x420
[ 72.300426][ T3689] generic_perform_write+0x2e4/0x5e0
[ 72.305722][ T3689] ? __block_commit_write+0x420/0x420
[ 72.311087][ T3689] ? generic_file_direct_write+0x610/0x610
[ 72.316899][ T3689] ? __file_remove_privs+0x6c0/0x6c0
[ 72.322179][ T3689] ? generic_write_checks+0x15c/0x1c0
[ 72.327653][ T3689] __generic_file_write_iter+0x176/0x400
[ 72.333315][ T3689] generic_file_write_iter+0xab/0x310
[ 72.338702][ T3689] vfs_write+0x7dc/0xc50
[ 72.342961][ T3689] ? file_end_write+0x230/0x230
[ 72.347816][ T3689] ? ptrace_stop+0x74d/0x970
[ 72.352402][ T3689] ? _raw_spin_unlock_irq+0x2a/0x40
[ 72.357592][ T3689] ? __fdget_pos+0x252/0x2e0
[ 72.362174][ T3689] ksys_write+0x177/0x2a0
[ 72.366505][ T3689] ? __ia32_sys_read+0x80/0x80
[ 72.371363][ T3689] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 72.377347][ T3689] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 72.383336][ T3689] do_syscall_64+0x3d/0xb0
[ 72.387740][ T3689] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 72.393708][ T3689] RIP: 0033:0x7f0fa5191c89
[ 72.398123][ T3689] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 72.417736][ T3689] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 72.426145][ T3689] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 72.434121][ T3689] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 72.442086][ T3689] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 72.450065][ T3689] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid 3689] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3689] exit_group(0) = ?
[pid 3689] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3689, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./48/binderfs") = 0
umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./48/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./48") = 0
mkdir("./49", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3690
./strace-static-x86_64: Process 3690 attached
[pid 3690] chdir("./49") = 0
[pid 3690] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3690] setpgid(0, 0) = 0
[pid 3690] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3690] write(3, "1000", 4) = 4
[pid 3690] close(3) = 0
[pid 3690] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3690] memfd_create("syzkaller", 0) = 3
[pid 3690] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3690] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3690] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3690] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 72.458030][ T3689] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000030
[ 72.466004][ T3689]
[pid 3690] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3690] close(3) = 0
[pid 3690] mkdir("./file0", 0777) = 0
[pid 3690] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3690] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3690] chdir("./file0") = 0
[pid 3690] ioctl(4, LOOP_CLR_FD) = 0
[pid 3690] close(4) = 0
[pid 3690] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3690] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3690] write(5, "13", 2) = 2
[ 72.517909][ T3690] loop0: detected capacity change from 0 to 64
[ 72.542928][ T3690] FAULT_INJECTION: forcing a failure.
[ 72.542928][ T3690] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 72.556234][ T3690] CPU: 0 PID: 3690 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 72.566668][ T3690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 72.576730][ T3690] Call Trace:
[ 72.580023][ T3690]
[ 72.582965][ T3690] dump_stack_lvl+0x1b1/0x28e
[ 72.587663][ T3690] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 72.593131][ T3690] ? panic+0x710/0x710
[ 72.597209][ T3690] ? hfs_free_extents+0x420/0x420
[ 72.602247][ T3690] ? PageHeadHuge+0x8a/0x1d0
[ 72.606862][ T3690] should_fail_ex+0x395/0x4c0
[ 72.611574][ T3690] copy_page_from_iter_atomic+0x217/0x1140
[ 72.617414][ T3690] ? generic_cont_expand_simple+0x250/0x250
[ 72.623333][ T3690] ? pipe_zero+0x200/0x200
[ 72.627784][ T3690] ? hfs_write_begin+0x86/0xd0
[ 72.632558][ T3690] ? hfs_free_extents+0x420/0x420
[ 72.637606][ T3690] ? hfs_write_begin+0x9e/0xd0
[ 72.642374][ T3690] generic_perform_write+0x35a/0x5e0
[ 72.647826][ T3690] ? __block_commit_write+0x420/0x420
[ 72.653222][ T3690] ? generic_file_direct_write+0x610/0x610
[ 72.659131][ T3690] ? __file_remove_privs+0x6c0/0x6c0
[ 72.664524][ T3690] ? generic_write_checks+0x15c/0x1c0
[ 72.669926][ T3690] __generic_file_write_iter+0x176/0x400
[ 72.675593][ T3690] generic_file_write_iter+0xab/0x310
[ 72.680988][ T3690] vfs_write+0x7dc/0xc50
[ 72.685256][ T3690] ? file_end_write+0x230/0x230
[ 72.690122][ T3690] ? ptrace_stop+0x74d/0x970
[ 72.694747][ T3690] ? _raw_spin_unlock_irq+0x2a/0x40
[ 72.699969][ T3690] ? __fdget_pos+0x252/0x2e0
[ 72.704658][ T3690] ksys_write+0x177/0x2a0
[ 72.708996][ T3690] ? __ia32_sys_read+0x80/0x80
[ 72.713778][ T3690] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 72.719780][ T3690] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 72.725780][ T3690] do_syscall_64+0x3d/0xb0
[ 72.730215][ T3690] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 72.736128][ T3690] RIP: 0033:0x7f0fa5191c89
[ 72.740555][ T3690] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 72.760189][ T3690] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 3690] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 3690] exit_group(0) = ?
[pid 3690] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3690, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./49/binderfs") = 0
umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./49/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./49") = 0
mkdir("./50", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3691
./strace-static-x86_64: Process 3691 attached
[pid 3691] chdir("./50") = 0
[pid 3691] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3691] setpgid(0, 0) = 0
[pid 3691] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3691] write(3, "1000", 4) = 4
[pid 3691] close(3) = 0
[pid 3691] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3691] memfd_create("syzkaller", 0) = 3
[ 72.768605][ T3690] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 72.776582][ T3690] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 72.784629][ T3690] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 72.792588][ T3690] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 72.800565][ T3690] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000031
[ 72.808546][ T3690]
[pid 3691] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3691] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3691] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3691] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3691] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3691] close(3) = 0
[pid 3691] mkdir("./file0", 0777) = 0
[pid 3691] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3691] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3691] chdir("./file0") = 0
[pid 3691] ioctl(4, LOOP_CLR_FD) = 0
[pid 3691] close(4) = 0
[pid 3691] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3691] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3691] write(5, "13", 2) = 2
[ 72.854732][ T3691] loop0: detected capacity change from 0 to 64
[ 72.884573][ T3691] FAULT_INJECTION: forcing a failure.
[ 72.884573][ T3691] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 72.897728][ T3691] CPU: 0 PID: 3691 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 72.908141][ T3691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 72.918200][ T3691] Call Trace:
[ 72.921464][ T3691]
[ 72.924379][ T3691] dump_stack_lvl+0x1b1/0x28e
[ 72.929047][ T3691] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 72.934487][ T3691] ? panic+0x710/0x710
[ 72.938541][ T3691] ? hfs_free_extents+0x420/0x420
[ 72.943559][ T3691] ? PageHeadHuge+0x8a/0x1d0
[ 72.948136][ T3691] should_fail_ex+0x395/0x4c0
[ 72.952814][ T3691] copy_page_from_iter_atomic+0x217/0x1140
[ 72.958629][ T3691] ? generic_cont_expand_simple+0x250/0x250
[ 72.964530][ T3691] ? pipe_zero+0x200/0x200
[ 72.968952][ T3691] ? hfs_write_begin+0x86/0xd0
[ 72.973706][ T3691] ? hfs_free_extents+0x420/0x420
[ 72.978724][ T3691] ? hfs_write_begin+0x9e/0xd0
[ 72.983484][ T3691] generic_perform_write+0x35a/0x5e0
[ 72.988775][ T3691] ? __block_commit_write+0x420/0x420
[ 72.994148][ T3691] ? generic_file_direct_write+0x610/0x610
[ 72.999951][ T3691] ? __file_remove_privs+0x6c0/0x6c0
[ 73.005233][ T3691] ? generic_write_checks+0x15c/0x1c0
[ 73.010610][ T3691] __generic_file_write_iter+0x176/0x400
[ 73.016246][ T3691] generic_file_write_iter+0xab/0x310
[ 73.021617][ T3691] vfs_write+0x7dc/0xc50
[ 73.025866][ T3691] ? file_end_write+0x230/0x230
[ 73.030710][ T3691] ? ptrace_stop+0x74d/0x970
[ 73.035307][ T3691] ? _raw_spin_unlock_irq+0x2a/0x40
[ 73.040505][ T3691] ? __fdget_pos+0x252/0x2e0
[ 73.045095][ T3691] ksys_write+0x177/0x2a0
[ 73.049439][ T3691] ? __ia32_sys_read+0x80/0x80
[ 73.054201][ T3691] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 73.060180][ T3691] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 73.066157][ T3691] do_syscall_64+0x3d/0xb0
[ 73.070569][ T3691] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 73.076453][ T3691] RIP: 0033:0x7f0fa5191c89
[ 73.080859][ T3691] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid 3691] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 3691] exit_group(0) = ?
[pid 3691] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3691, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./50/binderfs") = 0
umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./50/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./50") = 0
mkdir("./51", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 73.100454][ T3691] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 73.108874][ T3691] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 73.116847][ T3691] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 73.124897][ T3691] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 73.132861][ T3691] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 73.140826][ T3691] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000032
[ 73.148807][ T3691]
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3692
./strace-static-x86_64: Process 3692 attached
[pid 3692] chdir("./51") = 0
[pid 3692] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3692] setpgid(0, 0) = 0
[pid 3692] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3692] write(3, "1000", 4) = 4
[pid 3692] close(3) = 0
[pid 3692] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3692] memfd_create("syzkaller", 0) = 3
[pid 3692] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3692] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3692] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3692] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3692] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3692] close(3) = 0
[pid 3692] mkdir("./file0", 0777) = 0
[pid 3692] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3692] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3692] chdir("./file0") = 0
[pid 3692] ioctl(4, LOOP_CLR_FD) = 0
[pid 3692] close(4) = 0
[pid 3692] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3692] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3692] write(5, "13", 2) = 2
[ 73.202259][ T3692] loop0: detected capacity change from 0 to 64
[ 73.228544][ T3692] FAULT_INJECTION: forcing a failure.
[ 73.228544][ T3692] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 73.241853][ T3692] CPU: 1 PID: 3692 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 73.252276][ T3692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 73.262331][ T3692] Call Trace:
[ 73.265608][ T3692]
[ 73.268535][ T3692] dump_stack_lvl+0x1b1/0x28e
[ 73.273213][ T3692] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 73.278672][ T3692] ? panic+0x710/0x710
[ 73.282734][ T3692] ? do_anonymous_page+0xd4a/0x1150
[ 73.287935][ T3692] ? mark_lock+0x9a/0x350
[ 73.292264][ T3692] should_fail_ex+0x395/0x4c0
[ 73.296947][ T3692] prepare_alloc_pages+0x1d7/0x5a0
[ 73.302066][ T3692] __alloc_pages+0x161/0x560
[ 73.306658][ T3692] ? zone_statistics+0x160/0x160
[ 73.311598][ T3692] ? rcu_lock_release+0x5/0x20
[ 73.316357][ T3692] ? alloc_pages+0x520/0x7b0
[ 73.320944][ T3692] ? xas_descend+0x1f3/0x400
[ 73.325541][ T3692] folio_alloc+0x1a/0x50
[ 73.329808][ T3692] filemap_alloc_folio+0x7e/0x1c0
[ 73.334861][ T3692] __filemap_get_folio+0x898/0x1260
[ 73.340087][ T3692] ? page_cache_prev_miss+0x4e0/0x4e0
[ 73.345494][ T3692] ? lockdep_hardirqs_on_prepare+0x428/0x790
[ 73.351470][ T3692] ? print_irqtrace_events+0x220/0x220
[ 73.356927][ T3692] pagecache_get_page+0x28/0x260
[ 73.361862][ T3692] ? hfs_free_extents+0x420/0x420
[ 73.366880][ T3692] block_write_begin+0x2e/0x1e0
[ 73.371733][ T3692] ? cont_write_begin+0x5e5/0x860
[ 73.376753][ T3692] ? hfs_free_extents+0x420/0x420
[ 73.381770][ T3692] cont_write_begin+0x606/0x860
[ 73.386630][ T3692] ? fault_in_readable+0x1d5/0x310
[ 73.391744][ T3692] ? generic_cont_expand_simple+0x250/0x250
[ 73.397661][ T3692] ? fault_in_readable+0x219/0x310
[ 73.402788][ T3692] ? fault_in_safe_writeable+0x240/0x240
[ 73.408435][ T3692] hfs_write_begin+0x86/0xd0
[ 73.413027][ T3692] ? hfs_free_extents+0x420/0x420
[ 73.418057][ T3692] generic_perform_write+0x2e4/0x5e0
[ 73.423365][ T3692] ? __block_commit_write+0x420/0x420
[ 73.428759][ T3692] ? generic_file_direct_write+0x610/0x610
[ 73.434571][ T3692] ? __file_remove_privs+0x6c0/0x6c0
[ 73.439861][ T3692] ? generic_write_checks+0x15c/0x1c0
[ 73.445245][ T3692] __generic_file_write_iter+0x176/0x400
[ 73.450892][ T3692] generic_file_write_iter+0xab/0x310
[ 73.456269][ T3692] vfs_write+0x7dc/0xc50
[ 73.460525][ T3692] ? file_end_write+0x230/0x230
[ 73.465374][ T3692] ? ptrace_stop+0x74d/0x970
[ 73.469979][ T3692] ? _raw_spin_unlock_irq+0x2a/0x40
[ 73.475178][ T3692] ? __fdget_pos+0x252/0x2e0
[ 73.479769][ T3692] ksys_write+0x177/0x2a0
[ 73.484102][ T3692] ? __ia32_sys_read+0x80/0x80
[ 73.488864][ T3692] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 73.494841][ T3692] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 73.500818][ T3692] do_syscall_64+0x3d/0xb0
[ 73.505240][ T3692] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 73.511125][ T3692] RIP: 0033:0x7f0fa5191c89
[ 73.515535][ T3692] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 73.535133][ T3692] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 73.543542][ T3692] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[pid 3692] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3692] exit_group(0) = ?
[pid 3692] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3692, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./51/binderfs") = 0
umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./51/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./51") = 0
mkdir("./52", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3693
./strace-static-x86_64: Process 3693 attached
[pid 3693] chdir("./52") = 0
[pid 3693] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3693] setpgid(0, 0) = 0
[pid 3693] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3693] write(3, "1000", 4) = 4
[pid 3693] close(3) = 0
[pid 3693] symlink("/dev/binderfs", "./binderfs") = 0
[ 73.551506][ T3692] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 73.559489][ T3692] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 73.567472][ T3692] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 73.575434][ T3692] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000033
[ 73.583412][ T3692]
[pid 3693] memfd_create("syzkaller", 0) = 3
[pid 3693] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3693] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3693] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3693] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3693] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3693] close(3) = 0
[pid 3693] mkdir("./file0", 0777) = 0
[pid 3693] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3693] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3693] chdir("./file0") = 0
[pid 3693] ioctl(4, LOOP_CLR_FD) = 0
[pid 3693] close(4) = 0
[pid 3693] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3693] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3693] write(5, "13", 2) = 2
[ 73.638026][ T3693] loop0: detected capacity change from 0 to 64
[ 73.673574][ T3693] FAULT_INJECTION: forcing a failure.
[ 73.673574][ T3693] name failslab, interval 1, probability 0, space 0, times 1
[ 73.686470][ T3693] CPU: 0 PID: 3693 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 73.696895][ T3693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 73.707025][ T3693] Call Trace:
[ 73.710301][ T3693]
[ 73.713234][ T3693] dump_stack_lvl+0x1b1/0x28e
[ 73.717900][ T3693] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 73.723347][ T3693] ? panic+0x710/0x710
[ 73.727416][ T3693] ? __might_sleep+0xc0/0xc0
[ 73.731997][ T3693] ? __mutex_lock_common+0x45f/0x26e0
[ 73.737365][ T3693] should_fail_ex+0x395/0x4c0
[ 73.742039][ T3693] ? hfs_find_init+0x8b/0x1e0
[ 73.746710][ T3693] should_failslab+0x5/0x20
[ 73.751208][ T3693] __kmem_cache_alloc_node+0x69/0x310
[ 73.756571][ T3693] ? hfs_find_init+0x8b/0x1e0
[ 73.761249][ T3693] __kmalloc+0x9e/0x1a0
[ 73.765405][ T3693] hfs_find_init+0x8b/0x1e0
[ 73.769900][ T3693] hfs_extend_file+0x2f8/0x1420
[ 73.774763][ T3693] ? hfs_get_block+0xbb0/0xbb0
[ 73.779531][ T3693] ? lru_cache_disable+0x30/0x30
[ 73.784468][ T3693] ? __might_sleep+0xc0/0xc0
[ 73.789074][ T3693] hfs_get_block+0x3fc/0xbb0
[ 73.793661][ T3693] ? hfs_free_extents+0x420/0x420
[ 73.798668][ T3693] ? do_raw_spin_unlock+0x134/0x8a0
[ 73.803877][ T3693] ? create_page_buffers+0x244/0x4b0
[ 73.809168][ T3693] __block_write_begin_int+0x54c/0x1a80
[ 73.814782][ T3693] ? hfs_free_extents+0x420/0x420
[ 73.819805][ T3693] ? page_zero_new_buffers+0x940/0x940
[ 73.825254][ T3693] ? PageHeadHuge+0x8a/0x1d0
[ 73.829846][ T3693] ? hfs_free_extents+0x420/0x420
[ 73.834870][ T3693] block_write_begin+0x93/0x1e0
[ 73.839709][ T3693] ? cont_write_begin+0x5e5/0x860
[ 73.844723][ T3693] ? hfs_free_extents+0x420/0x420
[ 73.849821][ T3693] cont_write_begin+0x606/0x860
[ 73.854682][ T3693] ? fault_in_readable+0x1d5/0x310
[ 73.859800][ T3693] ? generic_cont_expand_simple+0x250/0x250
[ 73.865693][ T3693] ? fault_in_readable+0x219/0x310
[ 73.870814][ T3693] ? fault_in_safe_writeable+0x240/0x240
[ 73.876470][ T3693] hfs_write_begin+0x86/0xd0
[ 73.881062][ T3693] ? hfs_free_extents+0x420/0x420
[ 73.886086][ T3693] generic_perform_write+0x2e4/0x5e0
[ 73.891384][ T3693] ? __block_commit_write+0x420/0x420
[ 73.896759][ T3693] ? generic_file_direct_write+0x610/0x610
[ 73.902653][ T3693] ? __file_remove_privs+0x6c0/0x6c0
[ 73.907953][ T3693] ? generic_write_checks+0x15c/0x1c0
[ 73.913339][ T3693] __generic_file_write_iter+0x176/0x400
[ 73.919064][ T3693] generic_file_write_iter+0xab/0x310
[ 73.924459][ T3693] vfs_write+0x7dc/0xc50
[ 73.928728][ T3693] ? file_end_write+0x230/0x230
[ 73.933582][ T3693] ? ptrace_stop+0x74d/0x970
[ 73.938169][ T3693] ? _raw_spin_unlock_irq+0x2a/0x40
[ 73.943363][ T3693] ? __fdget_pos+0x252/0x2e0
[ 73.947959][ T3693] ksys_write+0x177/0x2a0
[ 73.952309][ T3693] ? __ia32_sys_read+0x80/0x80
[ 73.957076][ T3693] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 73.963047][ T3693] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 73.969017][ T3693] do_syscall_64+0x3d/0xb0
[ 73.973426][ T3693] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 73.979305][ T3693] RIP: 0033:0x7f0fa5191c89
[ 73.983725][ T3693] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 74.003346][ T3693] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 74.011751][ T3693] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 74.019720][ T3693] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 74.027693][ T3693] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid 3693] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3693] exit_group(0) = ?
[pid 3693] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3693, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./52/binderfs") = 0
umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./52/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./52") = 0
mkdir("./53", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3694
./strace-static-x86_64: Process 3694 attached
[pid 3694] chdir("./53") = 0
[pid 3694] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3694] setpgid(0, 0) = 0
[pid 3694] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3694] write(3, "1000", 4) = 4
[pid 3694] close(3) = 0
[pid 3694] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3694] memfd_create("syzkaller", 0) = 3
[pid 3694] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3694] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3694] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3694] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 74.035661][ T3693] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 74.043630][ T3693] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000034
[ 74.051625][ T3693]
[pid 3694] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3694] close(3) = 0
[pid 3694] mkdir("./file0", 0777) = 0
[pid 3694] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3694] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3694] chdir("./file0") = 0
[pid 3694] ioctl(4, LOOP_CLR_FD) = 0
[pid 3694] close(4) = 0
[pid 3694] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3694] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3694] write(5, "13", 2) = 2
[ 74.090277][ T3694] loop0: detected capacity change from 0 to 64
[ 74.092536][ T3640] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 74.119260][ T3694] FAULT_INJECTION: forcing a failure.
[ 74.119260][ T3694] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 74.133624][ T3694] CPU: 1 PID: 3694 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 74.144057][ T3694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 74.154098][ T3694] Call Trace:
[ 74.157362][ T3694]
[ 74.160279][ T3694] dump_stack_lvl+0x1b1/0x28e
[ 74.165032][ T3694] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 74.170476][ T3694] ? panic+0x710/0x710
[ 74.174528][ T3694] ? do_anonymous_page+0xd4a/0x1150
[ 74.179830][ T3694] ? mark_lock+0x9a/0x350
[ 74.184161][ T3694] should_fail_ex+0x395/0x4c0
[ 74.188848][ T3694] prepare_alloc_pages+0x1d7/0x5a0
[ 74.193963][ T3694] __alloc_pages+0x161/0x560
[ 74.198546][ T3694] ? zone_statistics+0x160/0x160
[ 74.203478][ T3694] ? rcu_lock_release+0x5/0x20
[ 74.208227][ T3694] ? alloc_pages+0x520/0x7b0
[ 74.212802][ T3694] ? xas_descend+0x1f3/0x400
[ 74.217385][ T3694] folio_alloc+0x1a/0x50
[ 74.221612][ T3694] filemap_alloc_folio+0x7e/0x1c0
[ 74.226623][ T3694] __filemap_get_folio+0x898/0x1260
[ 74.232244][ T3694] ? page_cache_prev_miss+0x4e0/0x4e0
[ 74.237600][ T3694] ? lockdep_hardirqs_on_prepare+0x428/0x790
[ 74.243566][ T3694] ? print_irqtrace_events+0x220/0x220
[ 74.249013][ T3694] pagecache_get_page+0x28/0x260
[ 74.253938][ T3694] ? hfs_free_extents+0x420/0x420
[ 74.258951][ T3694] block_write_begin+0x2e/0x1e0
[ 74.263797][ T3694] ? cont_write_begin+0x5e5/0x860
[ 74.268894][ T3694] ? hfs_free_extents+0x420/0x420
[ 74.273901][ T3694] cont_write_begin+0x606/0x860
[ 74.278758][ T3694] ? fault_in_readable+0x1d5/0x310
[ 74.283863][ T3694] ? generic_cont_expand_simple+0x250/0x250
[ 74.289741][ T3694] ? fault_in_readable+0x219/0x310
[ 74.294839][ T3694] ? fault_in_safe_writeable+0x240/0x240
[ 74.300471][ T3694] hfs_write_begin+0x86/0xd0
[ 74.305054][ T3694] ? hfs_free_extents+0x420/0x420
[ 74.310061][ T3694] generic_perform_write+0x2e4/0x5e0
[ 74.315338][ T3694] ? __block_commit_write+0x420/0x420
[ 74.320695][ T3694] ? generic_file_direct_write+0x610/0x610
[ 74.326500][ T3694] ? __file_remove_privs+0x6c0/0x6c0
[ 74.331770][ T3694] ? generic_write_checks+0x15c/0x1c0
[ 74.337133][ T3694] __generic_file_write_iter+0x176/0x400
[ 74.342750][ T3694] generic_file_write_iter+0xab/0x310
[ 74.348105][ T3694] vfs_write+0x7dc/0xc50
[ 74.352357][ T3694] ? file_end_write+0x230/0x230
[ 74.357254][ T3694] ? ptrace_stop+0x74d/0x970
[ 74.361847][ T3694] ? _raw_spin_unlock_irq+0x2a/0x40
[ 74.367048][ T3694] ? __fdget_pos+0x252/0x2e0
[ 74.371629][ T3694] ksys_write+0x177/0x2a0
[ 74.375954][ T3694] ? __ia32_sys_read+0x80/0x80
[ 74.380706][ T3694] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 74.386674][ T3694] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 74.392640][ T3694] do_syscall_64+0x3d/0xb0
[ 74.397039][ T3694] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 74.402917][ T3694] RIP: 0033:0x7f0fa5191c89
[ 74.407320][ T3694] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 74.426938][ T3694] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 3694] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3694] exit_group(0) = ?
[pid 3694] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3694, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./53/binderfs") = 0
umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./53/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./53") = 0
mkdir("./54", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3695
./strace-static-x86_64: Process 3695 attached
[pid 3695] chdir("./54") = 0
[pid 3695] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3695] setpgid(0, 0) = 0
[pid 3695] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3695] write(3, "1000", 4) = 4
[pid 3695] close(3) = 0
[pid 3695] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3695] memfd_create("syzkaller", 0) = 3
[pid 3695] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3695] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3695] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3695] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 74.435450][ T3694] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 74.443424][ T3694] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 74.451378][ T3694] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 74.459334][ T3694] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 74.467294][ T3694] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000035
[ 74.475262][ T3694]
[pid 3695] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3695] close(3) = 0
[pid 3695] mkdir("./file0", 0777) = 0
[pid 3695] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3695] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3695] chdir("./file0") = 0
[pid 3695] ioctl(4, LOOP_CLR_FD) = 0
[pid 3695] close(4) = 0
[pid 3695] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3695] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3695] write(5, "13", 2) = 2
[ 74.521693][ T3695] loop0: detected capacity change from 0 to 64
[ 74.557619][ T3695] FAULT_INJECTION: forcing a failure.
[ 74.557619][ T3695] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 74.571159][ T3695] CPU: 0 PID: 3695 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 74.581593][ T3695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 74.591638][ T3695] Call Trace:
[ 74.594906][ T3695]
[ 74.597830][ T3695] dump_stack_lvl+0x1b1/0x28e
[ 74.602509][ T3695] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 74.607973][ T3695] ? panic+0x710/0x710
[ 74.612028][ T3695] ? do_anonymous_page+0xd4a/0x1150
[ 74.617217][ T3695] ? mark_lock+0x9a/0x350
[ 74.621537][ T3695] should_fail_ex+0x395/0x4c0
[ 74.626207][ T3695] prepare_alloc_pages+0x1d7/0x5a0
[ 74.631339][ T3695] __alloc_pages+0x161/0x560
[ 74.635931][ T3695] ? zone_statistics+0x160/0x160
[ 74.640875][ T3695] ? rcu_lock_release+0x5/0x20
[ 74.645654][ T3695] ? alloc_pages+0x520/0x7b0
[ 74.650229][ T3695] ? xas_descend+0x1f3/0x400
[ 74.654822][ T3695] folio_alloc+0x1a/0x50
[ 74.659076][ T3695] filemap_alloc_folio+0x7e/0x1c0
[ 74.664106][ T3695] __filemap_get_folio+0x898/0x1260
[ 74.669316][ T3695] ? page_cache_prev_miss+0x4e0/0x4e0
[ 74.674676][ T3695] ? lockdep_hardirqs_on_prepare+0x428/0x790
[ 74.680641][ T3695] ? print_irqtrace_events+0x220/0x220
[ 74.686093][ T3695] pagecache_get_page+0x28/0x260
[ 74.691020][ T3695] ? hfs_free_extents+0x420/0x420
[ 74.696125][ T3695] block_write_begin+0x2e/0x1e0
[ 74.700982][ T3695] ? cont_write_begin+0x5e5/0x860
[ 74.705992][ T3695] ? hfs_free_extents+0x420/0x420
[ 74.711002][ T3695] cont_write_begin+0x606/0x860
[ 74.715845][ T3695] ? fault_in_readable+0x1d5/0x310
[ 74.720955][ T3695] ? generic_cont_expand_simple+0x250/0x250
[ 74.726859][ T3695] ? fault_in_readable+0x219/0x310
[ 74.731975][ T3695] ? fault_in_safe_writeable+0x240/0x240
[ 74.737623][ T3695] hfs_write_begin+0x86/0xd0
[ 74.742200][ T3695] ? hfs_free_extents+0x420/0x420
[ 74.747217][ T3695] generic_perform_write+0x2e4/0x5e0
[ 74.752515][ T3695] ? __block_commit_write+0x420/0x420
[ 74.757989][ T3695] ? generic_file_direct_write+0x610/0x610
[ 74.763803][ T3695] ? __file_remove_privs+0x6c0/0x6c0
[ 74.769086][ T3695] ? generic_write_checks+0x15c/0x1c0
[ 74.774481][ T3695] __generic_file_write_iter+0x176/0x400
[ 74.780385][ T3695] generic_file_write_iter+0xab/0x310
[ 74.785752][ T3695] vfs_write+0x7dc/0xc50
[ 74.789989][ T3695] ? file_end_write+0x230/0x230
[ 74.794826][ T3695] ? ptrace_stop+0x74d/0x970
[ 74.799427][ T3695] ? _raw_spin_unlock_irq+0x2a/0x40
[ 74.804634][ T3695] ? __fdget_pos+0x252/0x2e0
[ 74.809240][ T3695] ksys_write+0x177/0x2a0
[ 74.813561][ T3695] ? __ia32_sys_read+0x80/0x80
[ 74.818322][ T3695] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 74.824307][ T3695] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 74.830275][ T3695] do_syscall_64+0x3d/0xb0
[ 74.834678][ T3695] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 74.840571][ T3695] RIP: 0033:0x7f0fa5191c89
[ 74.844988][ T3695] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 74.864580][ T3695] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 3695] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3695] exit_group(0) = ?
[pid 3695] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3695, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./54/binderfs") = 0
umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./54/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./54") = 0
mkdir("./55", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 74.872982][ T3695] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 74.880953][ T3695] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 74.888914][ T3695] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 74.896881][ T3695] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 74.904862][ T3695] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000036
[ 74.912839][ T3695]
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3696
./strace-static-x86_64: Process 3696 attached
[pid 3696] chdir("./55") = 0
[pid 3696] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3696] setpgid(0, 0) = 0
[pid 3696] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3696] write(3, "1000", 4) = 4
[pid 3696] close(3) = 0
[pid 3696] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3696] memfd_create("syzkaller", 0) = 3
[pid 3696] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3696] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3696] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3696] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3696] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3696] close(3) = 0
[pid 3696] mkdir("./file0", 0777) = 0
[pid 3696] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3696] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3696] chdir("./file0") = 0
[pid 3696] ioctl(4, LOOP_CLR_FD) = 0
[pid 3696] close(4) = 0
[pid 3696] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3696] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3696] write(5, "13", 2) = 2
[pid 3696] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 3696] exit_group(0) = ?
[pid 3696] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3696, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./55/binderfs") = 0
umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./55/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./55") = 0
mkdir("./56", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3697 attached
, child_tidptr=0x555555b7f5d0) = 3697
[ 74.965195][ T3696] loop0: detected capacity change from 0 to 64
[pid 3697] chdir("./56") = 0
[pid 3697] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3697] setpgid(0, 0) = 0
[pid 3697] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3697] write(3, "1000", 4) = 4
[pid 3697] close(3) = 0
[pid 3697] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3697] memfd_create("syzkaller", 0) = 3
[pid 3697] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3697] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3697] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3697] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3697] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3697] close(3) = 0
[pid 3697] mkdir("./file0", 0777) = 0
[pid 3697] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3697] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3697] chdir("./file0") = 0
[pid 3697] ioctl(4, LOOP_CLR_FD) = 0
[pid 3697] close(4) = 0
[pid 3697] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3697] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3697] write(5, "13", 2) = 2
[ 75.043143][ T3697] loop0: detected capacity change from 0 to 64
[ 75.068049][ T3697] FAULT_INJECTION: forcing a failure.
[ 75.068049][ T3697] name failslab, interval 1, probability 0, space 0, times 0
[ 75.081719][ T3697] CPU: 1 PID: 3697 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 75.092167][ T3697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 75.102226][ T3697] Call Trace:
[ 75.105493][ T3697]
[ 75.108411][ T3697] dump_stack_lvl+0x1b1/0x28e
[ 75.113080][ T3697] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 75.118530][ T3697] ? panic+0x710/0x710
[ 75.122593][ T3697] ? __might_sleep+0xc0/0xc0
[ 75.127178][ T3697] ? __mutex_lock_common+0x45f/0x26e0
[ 75.132574][ T3697] should_fail_ex+0x395/0x4c0
[ 75.137302][ T3697] ? hfs_find_init+0x8b/0x1e0
[ 75.141972][ T3697] should_failslab+0x5/0x20
[ 75.146473][ T3697] __kmem_cache_alloc_node+0x69/0x310
[ 75.152041][ T3697] ? rcu_lock_release+0x5/0x20
[ 75.156809][ T3697] ? hfs_find_init+0x8b/0x1e0
[ 75.161482][ T3697] __kmalloc+0x9e/0x1a0
[ 75.165657][ T3697] hfs_find_init+0x8b/0x1e0
[ 75.170179][ T3697] hfs_extend_file+0x2f8/0x1420
[ 75.175017][ T3697] ? xas_find+0x937/0xa60
[ 75.179366][ T3697] ? hfs_get_block+0xbb0/0xbb0
[ 75.184175][ T3697] ? filemap_get_folios+0x557/0x830
[ 75.189392][ T3697] ? find_lock_entries+0xf60/0xf60
[ 75.194521][ T3697] ? trace_writeback_dirty_inode+0xdf/0x2b0
[ 75.200425][ T3697] hfs_get_block+0x3fc/0xbb0
[ 75.205034][ T3697] ? hfs_free_extents+0x420/0x420
[ 75.210057][ T3697] ? do_raw_spin_unlock+0x134/0x8a0
[ 75.215269][ T3697] ? create_page_buffers+0x244/0x4b0
[ 75.220552][ T3697] __block_write_begin_int+0x54c/0x1a80
[ 75.226104][ T3697] ? hfs_free_extents+0x420/0x420
[ 75.231118][ T3697] ? page_zero_new_buffers+0x940/0x940
[ 75.236574][ T3697] ? PageHeadHuge+0x8a/0x1d0
[ 75.241156][ T3697] ? hfs_free_extents+0x420/0x420
[ 75.246174][ T3697] block_write_begin+0x93/0x1e0
[ 75.251020][ T3697] ? cont_write_begin+0x5e5/0x860
[ 75.256031][ T3697] ? hfs_free_extents+0x420/0x420
[ 75.261057][ T3697] cont_write_begin+0x606/0x860
[ 75.265922][ T3697] ? fault_in_readable+0x1d5/0x310
[ 75.271036][ T3697] ? generic_cont_expand_simple+0x250/0x250
[ 75.276934][ T3697] ? fault_in_readable+0x219/0x310
[ 75.282046][ T3697] ? fault_in_safe_writeable+0x240/0x240
[ 75.287696][ T3697] hfs_write_begin+0x86/0xd0
[ 75.292277][ T3697] ? hfs_free_extents+0x420/0x420
[ 75.297293][ T3697] generic_perform_write+0x2e4/0x5e0
[ 75.302680][ T3697] ? __block_commit_write+0x420/0x420
[ 75.308067][ T3697] ? generic_file_direct_write+0x610/0x610
[ 75.313886][ T3697] ? __file_remove_privs+0x6c0/0x6c0
[ 75.319175][ T3697] ? generic_write_checks+0x15c/0x1c0
[ 75.324591][ T3697] __generic_file_write_iter+0x176/0x400
[ 75.330255][ T3697] generic_file_write_iter+0xab/0x310
[ 75.335640][ T3697] vfs_write+0x7dc/0xc50
[ 75.339899][ T3697] ? file_end_write+0x230/0x230
[ 75.344737][ T3697] ? ptrace_stop+0x74d/0x970
[ 75.349355][ T3697] ? _raw_spin_unlock_irq+0x2a/0x40
[ 75.354564][ T3697] ? __fdget_pos+0x252/0x2e0
[ 75.359158][ T3697] ksys_write+0x177/0x2a0
[ 75.363513][ T3697] ? __ia32_sys_read+0x80/0x80
[ 75.368272][ T3697] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 75.374256][ T3697] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 75.380260][ T3697] do_syscall_64+0x3d/0xb0
[ 75.384675][ T3697] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 75.390560][ T3697] RIP: 0033:0x7f0fa5191c89
[ 75.394976][ T3697] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 75.414588][ T3697] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 75.422991][ T3697] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 75.430964][ T3697] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid 3697] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3697] exit_group(0) = ?
[pid 3697] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3697, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./56/binderfs") = 0
umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./56/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./56") = 0
mkdir("./57", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 75.439033][ T3697] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 75.447010][ T3697] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 75.454971][ T3697] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000038
[ 75.462951][ T3697]
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3698 attached
[pid 3698] chdir("./57") = 0
[pid 3698] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3698] setpgid(0, 0) = 0
[pid 3698] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC
[pid 3638] <... clone resumed>, child_tidptr=0x555555b7f5d0) = 3698
[pid 3698] <... openat resumed>) = 3
[pid 3698] write(3, "1000", 4) = 4
[pid 3698] close(3) = 0
[pid 3698] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3698] memfd_create("syzkaller", 0) = 3
[pid 3698] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3698] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3698] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3698] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3698] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3698] close(3) = 0
[pid 3698] mkdir("./file0", 0777) = 0
[pid 3698] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3698] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3698] chdir("./file0") = 0
[pid 3698] ioctl(4, LOOP_CLR_FD) = 0
[pid 3698] close(4) = 0
[pid 3698] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3698] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3698] write(5, "13", 2) = 2
[ 75.525713][ T3698] loop0: detected capacity change from 0 to 64
[ 75.559924][ T3698] FAULT_INJECTION: forcing a failure.
[ 75.559924][ T3698] name failslab, interval 1, probability 0, space 0, times 0
[ 75.572882][ T3698] CPU: 0 PID: 3698 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 75.583310][ T3698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 75.593356][ T3698] Call Trace:
[ 75.596722][ T3698]
[ 75.599691][ T3698] dump_stack_lvl+0x1b1/0x28e
[ 75.604365][ T3698] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 75.609813][ T3698] ? panic+0x710/0x710
[ 75.613876][ T3698] ? __might_sleep+0xc0/0xc0
[ 75.618456][ T3698] ? __mutex_lock_common+0x45f/0x26e0
[ 75.623839][ T3698] should_fail_ex+0x395/0x4c0
[ 75.628510][ T3698] ? hfs_find_init+0x8b/0x1e0
[ 75.633185][ T3698] should_failslab+0x5/0x20
[ 75.637680][ T3698] __kmem_cache_alloc_node+0x69/0x310
[ 75.643045][ T3698] ? hfs_find_init+0x8b/0x1e0
[ 75.647812][ T3698] __kmalloc+0x9e/0x1a0
[ 75.651985][ T3698] hfs_find_init+0x8b/0x1e0
[ 75.656482][ T3698] hfs_extend_file+0x2f8/0x1420
[ 75.661343][ T3698] ? hfs_get_block+0xbb0/0xbb0
[ 75.666116][ T3698] ? lru_cache_disable+0x30/0x30
[ 75.671049][ T3698] ? __might_sleep+0xc0/0xc0
[ 75.675662][ T3698] hfs_get_block+0x3fc/0xbb0
[ 75.680251][ T3698] ? hfs_free_extents+0x420/0x420
[ 75.685267][ T3698] ? do_raw_spin_unlock+0x134/0x8a0
[ 75.690460][ T3698] ? create_page_buffers+0x244/0x4b0
[ 75.695749][ T3698] __block_write_begin_int+0x54c/0x1a80
[ 75.701348][ T3698] ? hfs_free_extents+0x420/0x420
[ 75.706376][ T3698] ? page_zero_new_buffers+0x940/0x940
[ 75.711826][ T3698] ? PageHeadHuge+0x8a/0x1d0
[ 75.716422][ T3698] ? hfs_free_extents+0x420/0x420
[ 75.721450][ T3698] block_write_begin+0x93/0x1e0
[ 75.726288][ T3698] ? cont_write_begin+0x5e5/0x860
[ 75.731299][ T3698] ? hfs_free_extents+0x420/0x420
[ 75.736310][ T3698] cont_write_begin+0x606/0x860
[ 75.741168][ T3698] ? fault_in_readable+0x1d5/0x310
[ 75.746287][ T3698] ? generic_cont_expand_simple+0x250/0x250
[ 75.752180][ T3698] ? fault_in_readable+0x219/0x310
[ 75.757299][ T3698] ? fault_in_safe_writeable+0x240/0x240
[ 75.762929][ T3698] hfs_write_begin+0x86/0xd0
[ 75.767521][ T3698] ? hfs_free_extents+0x420/0x420
[ 75.772535][ T3698] generic_perform_write+0x2e4/0x5e0
[ 75.777817][ T3698] ? __block_commit_write+0x420/0x420
[ 75.783178][ T3698] ? generic_file_direct_write+0x610/0x610
[ 75.788972][ T3698] ? __file_remove_privs+0x6c0/0x6c0
[ 75.794245][ T3698] ? generic_write_checks+0x15c/0x1c0
[ 75.799612][ T3698] __generic_file_write_iter+0x176/0x400
[ 75.805240][ T3698] generic_file_write_iter+0xab/0x310
[ 75.810687][ T3698] vfs_write+0x7dc/0xc50
[ 75.814925][ T3698] ? file_end_write+0x230/0x230
[ 75.819763][ T3698] ? ptrace_stop+0x74d/0x970
[ 75.824435][ T3698] ? _raw_spin_unlock_irq+0x2a/0x40
[ 75.829645][ T3698] ? __fdget_pos+0x252/0x2e0
[ 75.834236][ T3698] ksys_write+0x177/0x2a0
[ 75.838558][ T3698] ? __ia32_sys_read+0x80/0x80
[ 75.843311][ T3698] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 75.849278][ T3698] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 75.855430][ T3698] do_syscall_64+0x3d/0xb0
[ 75.859849][ T3698] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 75.865728][ T3698] RIP: 0033:0x7f0fa5191c89
[ 75.870131][ T3698] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 75.889742][ T3698] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 75.898167][ T3698] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 75.906138][ T3698] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 75.914113][ T3698] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid 3698] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3698] exit_group(0) = ?
[pid 3698] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3698, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./57/binderfs") = 0
umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./57/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./57/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./57") = 0
mkdir("./58", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3699
./strace-static-x86_64: Process 3699 attached
[pid 3699] chdir("./58") = 0
[pid 3699] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3699] setpgid(0, 0) = 0
[pid 3699] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3699] write(3, "1000", 4) = 4
[pid 3699] close(3) = 0
[pid 3699] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3699] memfd_create("syzkaller", 0) = 3
[pid 3699] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[ 75.922074][ T3698] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 75.930033][ T3698] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000039
[ 75.938024][ T3698]
[pid 3699] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3699] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3699] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3699] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3699] close(3) = 0
[pid 3699] mkdir("./file0", 0777) = 0
[pid 3699] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3699] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3699] chdir("./file0") = 0
[pid 3699] ioctl(4, LOOP_CLR_FD) = 0
[pid 3699] close(4) = 0
[pid 3699] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3699] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3699] write(5, "13", 2) = 2
[ 75.991452][ T3699] loop0: detected capacity change from 0 to 64
[ 76.017344][ T3699] FAULT_INJECTION: forcing a failure.
[ 76.017344][ T3699] name failslab, interval 1, probability 0, space 0, times 0
[ 76.030053][ T3699] CPU: 1 PID: 3699 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 76.040454][ T3699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 76.050515][ T3699] Call Trace:
[ 76.053797][ T3699]
[ 76.056721][ T3699] dump_stack_lvl+0x1b1/0x28e
[ 76.061401][ T3699] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 76.066871][ T3699] ? panic+0x710/0x710
[ 76.070941][ T3699] ? __might_sleep+0xc0/0xc0
[ 76.075519][ T3699] ? __mutex_lock_common+0x45f/0x26e0
[ 76.080908][ T3699] should_fail_ex+0x395/0x4c0
[ 76.085595][ T3699] ? hfs_find_init+0x8b/0x1e0
[ 76.090264][ T3699] should_failslab+0x5/0x20
[ 76.094770][ T3699] __kmem_cache_alloc_node+0x69/0x310
[ 76.100163][ T3699] ? hfs_find_init+0x8b/0x1e0
[ 76.104877][ T3699] __kmalloc+0x9e/0x1a0
[ 76.109026][ T3699] hfs_find_init+0x8b/0x1e0
[ 76.113553][ T3699] hfs_extend_file+0x2f8/0x1420
[ 76.118407][ T3699] ? hfs_get_block+0xbb0/0xbb0
[ 76.123249][ T3699] ? lru_cache_disable+0x30/0x30
[ 76.128177][ T3699] ? __might_sleep+0xc0/0xc0
[ 76.132773][ T3699] hfs_get_block+0x3fc/0xbb0
[ 76.137390][ T3699] ? hfs_free_extents+0x420/0x420
[ 76.142420][ T3699] ? do_raw_spin_unlock+0x134/0x8a0
[ 76.147621][ T3699] ? create_page_buffers+0x244/0x4b0
[ 76.152925][ T3699] __block_write_begin_int+0x54c/0x1a80
[ 76.158498][ T3699] ? hfs_free_extents+0x420/0x420
[ 76.163519][ T3699] ? page_zero_new_buffers+0x940/0x940
[ 76.168979][ T3699] ? PageHeadHuge+0x8a/0x1d0
[ 76.173572][ T3699] ? hfs_free_extents+0x420/0x420
[ 76.178590][ T3699] block_write_begin+0x93/0x1e0
[ 76.183442][ T3699] ? cont_write_begin+0x5e5/0x860
[ 76.188458][ T3699] ? hfs_free_extents+0x420/0x420
[ 76.193484][ T3699] cont_write_begin+0x606/0x860
[ 76.198354][ T3699] ? fault_in_readable+0x1d5/0x310
[ 76.203461][ T3699] ? generic_cont_expand_simple+0x250/0x250
[ 76.209356][ T3699] ? fault_in_readable+0x219/0x310
[ 76.214472][ T3699] ? fault_in_safe_writeable+0x240/0x240
[ 76.220111][ T3699] hfs_write_begin+0x86/0xd0
[ 76.224692][ T3699] ? hfs_free_extents+0x420/0x420
[ 76.229719][ T3699] generic_perform_write+0x2e4/0x5e0
[ 76.232826][ T14] cfg80211: failed to load regulatory.db
[ 76.234997][ T3699] ? __block_commit_write+0x420/0x420
[ 76.246007][ T3699] ? generic_file_direct_write+0x610/0x610
[ 76.251835][ T3699] ? __file_remove_privs+0x6c0/0x6c0
[ 76.257119][ T3699] ? generic_write_checks+0x15c/0x1c0
[ 76.262491][ T3699] __generic_file_write_iter+0x176/0x400
[ 76.268135][ T3699] generic_file_write_iter+0xab/0x310
[ 76.273525][ T3699] vfs_write+0x7dc/0xc50
[ 76.277801][ T3699] ? file_end_write+0x230/0x230
[ 76.282653][ T3699] ? ptrace_stop+0x74d/0x970
[ 76.287259][ T3699] ? _raw_spin_unlock_irq+0x2a/0x40
[ 76.292469][ T3699] ? __fdget_pos+0x252/0x2e0
[ 76.297062][ T3699] ksys_write+0x177/0x2a0
[ 76.301404][ T3699] ? __ia32_sys_read+0x80/0x80
[ 76.306160][ T3699] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 76.312143][ T3699] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 76.318137][ T3699] do_syscall_64+0x3d/0xb0
[ 76.322544][ T3699] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 76.328425][ T3699] RIP: 0033:0x7f0fa5191c89
[ 76.332838][ T3699] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 76.352469][ T3699] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 76.360908][ T3699] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 76.368891][ T3699] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 76.376869][ T3699] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 76.384830][ T3699] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid 3699] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3699] exit_group(0) = ?
[pid 3699] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3699, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./58/binderfs") = 0
umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./58/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./58") = 0
mkdir("./59", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3700
./strace-static-x86_64: Process 3700 attached
[pid 3700] chdir("./59") = 0
[pid 3700] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3700] setpgid(0, 0) = 0
[pid 3700] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3700] write(3, "1000", 4) = 4
[pid 3700] close(3) = 0
[ 76.392794][ T3699] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000003a
[ 76.400795][ T3699]
[pid 3700] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3700] memfd_create("syzkaller", 0) = 3
[pid 3700] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3700] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3700] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3700] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3700] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3700] close(3) = 0
[pid 3700] mkdir("./file0", 0777) = 0
[pid 3700] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3700] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3700] chdir("./file0") = 0
[pid 3700] ioctl(4, LOOP_CLR_FD) = 0
[pid 3700] close(4) = 0
[pid 3700] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3700] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3700] write(5, "13", 2) = 2
[ 76.460346][ T3700] loop0: detected capacity change from 0 to 64
[ 76.485647][ T3700] FAULT_INJECTION: forcing a failure.
[ 76.485647][ T3700] name failslab, interval 1, probability 0, space 0, times 0
[ 76.498366][ T3700] CPU: 1 PID: 3700 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 76.508786][ T3700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 76.518835][ T3700] Call Trace:
[ 76.522120][ T3700]
[ 76.525046][ T3700] dump_stack_lvl+0x1b1/0x28e
[ 76.529724][ T3700] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 76.535179][ T3700] ? panic+0x710/0x710
[ 76.539333][ T3700] ? __might_sleep+0xc0/0xc0
[ 76.543917][ T3700] ? __mutex_lock_common+0x45f/0x26e0
[ 76.549292][ T3700] should_fail_ex+0x395/0x4c0
[ 76.553969][ T3700] ? hfs_find_init+0x8b/0x1e0
[ 76.558648][ T3700] should_failslab+0x5/0x20
[ 76.563183][ T3700] __kmem_cache_alloc_node+0x69/0x310
[ 76.568548][ T3700] ? rcu_lock_release+0x5/0x20
[ 76.573311][ T3700] ? hfs_find_init+0x8b/0x1e0
[ 76.577987][ T3700] __kmalloc+0x9e/0x1a0
[ 76.582156][ T3700] hfs_find_init+0x8b/0x1e0
[ 76.586661][ T3700] hfs_extend_file+0x2f8/0x1420
[ 76.591507][ T3700] ? xas_find+0x937/0xa60
[ 76.595842][ T3700] ? hfs_get_block+0xbb0/0xbb0
[ 76.600615][ T3700] ? filemap_get_folios+0x557/0x830
[ 76.605830][ T3700] ? find_lock_entries+0xf60/0xf60
[ 76.610946][ T3700] ? trace_writeback_dirty_inode+0xdf/0x2b0
[ 76.616934][ T3700] hfs_get_block+0x3fc/0xbb0
[ 76.621531][ T3700] ? hfs_free_extents+0x420/0x420
[ 76.626547][ T3700] ? do_raw_spin_unlock+0x134/0x8a0
[ 76.631750][ T3700] ? create_page_buffers+0x244/0x4b0
[ 76.637038][ T3700] __block_write_begin_int+0x54c/0x1a80
[ 76.642601][ T3700] ? hfs_free_extents+0x420/0x420
[ 76.647618][ T3700] ? page_zero_new_buffers+0x940/0x940
[ 76.653074][ T3700] ? PageHeadHuge+0x8a/0x1d0
[ 76.657681][ T3700] ? hfs_free_extents+0x420/0x420
[ 76.662718][ T3700] block_write_begin+0x93/0x1e0
[ 76.667589][ T3700] ? cont_write_begin+0x5e5/0x860
[ 76.672625][ T3700] ? hfs_free_extents+0x420/0x420
[ 76.677657][ T3700] cont_write_begin+0x606/0x860
[ 76.682526][ T3700] ? fault_in_readable+0x1d5/0x310
[ 76.687639][ T3700] ? generic_cont_expand_simple+0x250/0x250
[ 76.693529][ T3700] ? fault_in_readable+0x219/0x310
[ 76.698641][ T3700] ? fault_in_safe_writeable+0x240/0x240
[ 76.704278][ T3700] hfs_write_begin+0x86/0xd0
[ 76.708861][ T3700] ? hfs_free_extents+0x420/0x420
[ 76.713974][ T3700] generic_perform_write+0x2e4/0x5e0
[ 76.719353][ T3700] ? __block_commit_write+0x420/0x420
[ 76.724732][ T3700] ? generic_file_direct_write+0x610/0x610
[ 76.730536][ T3700] ? __file_remove_privs+0x6c0/0x6c0
[ 76.735818][ T3700] ? generic_write_checks+0x15c/0x1c0
[ 76.741197][ T3700] __generic_file_write_iter+0x176/0x400
[ 76.746831][ T3700] generic_file_write_iter+0xab/0x310
[ 76.752201][ T3700] vfs_write+0x7dc/0xc50
[ 76.756453][ T3700] ? file_end_write+0x230/0x230
[ 76.761300][ T3700] ? ptrace_stop+0x74d/0x970
[ 76.765894][ T3700] ? _raw_spin_unlock_irq+0x2a/0x40
[ 76.771098][ T3700] ? __fdget_pos+0x252/0x2e0
[ 76.775688][ T3700] ksys_write+0x177/0x2a0
[ 76.780019][ T3700] ? __ia32_sys_read+0x80/0x80
[ 76.784785][ T3700] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 76.790762][ T3700] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 76.796740][ T3700] do_syscall_64+0x3d/0xb0
[ 76.801161][ T3700] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 76.807486][ T3700] RIP: 0033:0x7f0fa5191c89
[ 76.811897][ T3700] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 76.831499][ T3700] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 76.839993][ T3700] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 76.847958][ T3700] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid 3700] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3700] exit_group(0) = ?
[pid 3700] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3700, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./59/binderfs") = 0
umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./59/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./59") = 0
mkdir("./60", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 76.856007][ T3700] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 76.863979][ T3700] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 76.871942][ T3700] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000003b
[ 76.879922][ T3700]
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3701
./strace-static-x86_64: Process 3701 attached
[pid 3701] chdir("./60") = 0
[pid 3701] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3701] setpgid(0, 0) = 0
[pid 3701] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3701] write(3, "1000", 4) = 4
[pid 3701] close(3) = 0
[pid 3701] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3701] memfd_create("syzkaller", 0) = 3
[pid 3701] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3701] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3701] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3701] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3701] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3701] close(3) = 0
[pid 3701] mkdir("./file0", 0777) = 0
[pid 3701] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3701] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3701] chdir("./file0") = 0
[pid 3701] ioctl(4, LOOP_CLR_FD) = 0
[pid 3701] close(4) = 0
[pid 3701] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3701] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3701] write(5, "13", 2) = 2
[ 76.943873][ T3701] loop0: detected capacity change from 0 to 64
[ 76.965037][ T3701] FAULT_INJECTION: forcing a failure.
[ 76.965037][ T3701] name failslab, interval 1, probability 0, space 0, times 0
[ 76.977787][ T3701] CPU: 1 PID: 3701 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 76.988211][ T3701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 76.998346][ T3701] Call Trace:
[ 77.001627][ T3701]
[ 77.004556][ T3701] dump_stack_lvl+0x1b1/0x28e
[ 77.009230][ T3701] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 77.014765][ T3701] ? panic+0x710/0x710
[ 77.018822][ T3701] ? __might_sleep+0xc0/0xc0
[ 77.023401][ T3701] ? __mutex_lock_common+0x45f/0x26e0
[ 77.028773][ T3701] should_fail_ex+0x395/0x4c0
[ 77.033456][ T3701] ? hfs_find_init+0x8b/0x1e0
[ 77.038126][ T3701] should_failslab+0x5/0x20
[ 77.042617][ T3701] __kmem_cache_alloc_node+0x69/0x310
[ 77.047980][ T3701] ? rcu_lock_release+0x5/0x20
[ 77.052735][ T3701] ? hfs_find_init+0x8b/0x1e0
[ 77.057400][ T3701] __kmalloc+0x9e/0x1a0
[ 77.061549][ T3701] hfs_find_init+0x8b/0x1e0
[ 77.066047][ T3701] hfs_extend_file+0x2f8/0x1420
[ 77.070903][ T3701] ? xas_find+0x937/0xa60
[ 77.075230][ T3701] ? hfs_get_block+0xbb0/0xbb0
[ 77.079987][ T3701] ? filemap_get_folios+0x557/0x830
[ 77.085287][ T3701] ? find_lock_entries+0xf60/0xf60
[ 77.090389][ T3701] ? trace_writeback_dirty_inode+0xdf/0x2b0
[ 77.096281][ T3701] hfs_get_block+0x3fc/0xbb0
[ 77.100884][ T3701] ? hfs_free_extents+0x420/0x420
[ 77.105911][ T3701] ? do_raw_spin_unlock+0x134/0x8a0
[ 77.111108][ T3701] ? create_page_buffers+0x244/0x4b0
[ 77.116385][ T3701] __block_write_begin_int+0x54c/0x1a80
[ 77.121935][ T3701] ? hfs_free_extents+0x420/0x420
[ 77.126955][ T3701] ? page_zero_new_buffers+0x940/0x940
[ 77.132445][ T3701] ? PageHeadHuge+0x8a/0x1d0
[ 77.137042][ T3701] ? hfs_free_extents+0x420/0x420
[ 77.142082][ T3701] block_write_begin+0x93/0x1e0
[ 77.146940][ T3701] ? cont_write_begin+0x5e5/0x860
[ 77.152216][ T3701] ? hfs_free_extents+0x420/0x420
[ 77.157241][ T3701] cont_write_begin+0x606/0x860
[ 77.162106][ T3701] ? fault_in_readable+0x1d5/0x310
[ 77.167225][ T3701] ? generic_cont_expand_simple+0x250/0x250
[ 77.173124][ T3701] ? fault_in_readable+0x219/0x310
[ 77.178243][ T3701] ? fault_in_safe_writeable+0x240/0x240
[ 77.183900][ T3701] hfs_write_begin+0x86/0xd0
[ 77.188489][ T3701] ? hfs_free_extents+0x420/0x420
[ 77.193593][ T3701] generic_perform_write+0x2e4/0x5e0
[ 77.198891][ T3701] ? __block_commit_write+0x420/0x420
[ 77.204287][ T3701] ? generic_file_direct_write+0x610/0x610
[ 77.210103][ T3701] ? __file_remove_privs+0x6c0/0x6c0
[ 77.215387][ T3701] ? generic_write_checks+0x15c/0x1c0
[ 77.220785][ T3701] __generic_file_write_iter+0x176/0x400
[ 77.226444][ T3701] generic_file_write_iter+0xab/0x310
[ 77.231851][ T3701] vfs_write+0x7dc/0xc50
[ 77.236124][ T3701] ? file_end_write+0x230/0x230
[ 77.240989][ T3701] ? ptrace_stop+0x74d/0x970
[ 77.245589][ T3701] ? _raw_spin_unlock_irq+0x2a/0x40
[ 77.250795][ T3701] ? __fdget_pos+0x252/0x2e0
[ 77.255401][ T3701] ksys_write+0x177/0x2a0
[ 77.259737][ T3701] ? __ia32_sys_read+0x80/0x80
[ 77.264493][ T3701] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 77.270476][ T3701] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 77.276465][ T3701] do_syscall_64+0x3d/0xb0
[ 77.280882][ T3701] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 77.286768][ T3701] RIP: 0033:0x7f0fa5191c89
[ 77.291181][ T3701] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 77.310794][ T3701] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 77.319213][ T3701] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 77.327182][ T3701] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 77.335169][ T3701] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid 3701] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3701] exit_group(0) = ?
[pid 3701] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3701, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./60/binderfs") = 0
umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./60/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./60") = 0
mkdir("./61", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3702
[ 77.343321][ T3701] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 77.351284][ T3701] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000003c
[ 77.359277][ T3701]
./strace-static-x86_64: Process 3702 attached
[pid 3702] chdir("./61") = 0
[pid 3702] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3702] setpgid(0, 0) = 0
[pid 3702] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3702] write(3, "1000", 4) = 4
[pid 3702] close(3) = 0
[pid 3702] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3702] memfd_create("syzkaller", 0) = 3
[pid 3702] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3702] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3702] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3702] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3702] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3702] close(3) = 0
[pid 3702] mkdir("./file0", 0777) = 0
[pid 3702] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3702] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3702] chdir("./file0") = 0
[pid 3702] ioctl(4, LOOP_CLR_FD) = 0
[pid 3702] close(4) = 0
[pid 3702] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3702] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3702] write(5, "13", 2) = 2
[ 77.420474][ T3702] loop0: detected capacity change from 0 to 64
[ 77.445106][ T3702] FAULT_INJECTION: forcing a failure.
[ 77.445106][ T3702] name failslab, interval 1, probability 0, space 0, times 0
[ 77.458028][ T3702] CPU: 1 PID: 3702 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 77.468458][ T3702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 77.478516][ T3702] Call Trace:
[ 77.481793][ T3702]
[ 77.484721][ T3702] dump_stack_lvl+0x1b1/0x28e
[ 77.489399][ T3702] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 77.494853][ T3702] ? panic+0x710/0x710
[ 77.498920][ T3702] ? __might_sleep+0xc0/0xc0
[ 77.503509][ T3702] ? __mutex_lock_common+0x45f/0x26e0
[ 77.508884][ T3702] should_fail_ex+0x395/0x4c0
[ 77.513566][ T3702] ? hfs_find_init+0x8b/0x1e0
[ 77.518244][ T3702] should_failslab+0x5/0x20
[ 77.522744][ T3702] __kmem_cache_alloc_node+0x69/0x310
[ 77.528111][ T3702] ? rcu_lock_release+0x5/0x20
[ 77.532874][ T3702] ? hfs_find_init+0x8b/0x1e0
[ 77.537638][ T3702] __kmalloc+0x9e/0x1a0
[ 77.541798][ T3702] hfs_find_init+0x8b/0x1e0
[ 77.546302][ T3702] hfs_extend_file+0x2f8/0x1420
[ 77.551147][ T3702] ? xas_find+0x937/0xa60
[ 77.555484][ T3702] ? hfs_get_block+0xbb0/0xbb0
[ 77.560239][ T3702] ? filemap_get_folios+0x557/0x830
[ 77.565437][ T3702] ? find_lock_entries+0xf60/0xf60
[ 77.570550][ T3702] ? trace_writeback_dirty_inode+0xdf/0x2b0
[ 77.576452][ T3702] hfs_get_block+0x3fc/0xbb0
[ 77.581051][ T3702] ? hfs_free_extents+0x420/0x420
[ 77.586071][ T3702] ? do_raw_spin_unlock+0x134/0x8a0
[ 77.591275][ T3702] ? create_page_buffers+0x244/0x4b0
[ 77.596564][ T3702] __block_write_begin_int+0x54c/0x1a80
[ 77.602131][ T3702] ? hfs_free_extents+0x420/0x420
[ 77.607148][ T3702] ? page_zero_new_buffers+0x940/0x940
[ 77.612605][ T3702] ? PageHeadHuge+0x8a/0x1d0
[ 77.617194][ T3702] ? hfs_free_extents+0x420/0x420
[ 77.622212][ T3702] block_write_begin+0x93/0x1e0
[ 77.627062][ T3702] ? cont_write_begin+0x5e5/0x860
[ 77.632081][ T3702] ? hfs_free_extents+0x420/0x420
[ 77.637100][ T3702] cont_write_begin+0x606/0x860
[ 77.641956][ T3702] ? fault_in_readable+0x1d5/0x310
[ 77.647066][ T3702] ? generic_cont_expand_simple+0x250/0x250
[ 77.652955][ T3702] ? fault_in_readable+0x219/0x310
[ 77.658067][ T3702] ? fault_in_safe_writeable+0x240/0x240
[ 77.663703][ T3702] hfs_write_begin+0x86/0xd0
[ 77.668288][ T3702] ? hfs_free_extents+0x420/0x420
[ 77.673311][ T3702] generic_perform_write+0x2e4/0x5e0
[ 77.678601][ T3702] ? __block_commit_write+0x420/0x420
[ 77.683971][ T3702] ? generic_file_direct_write+0x610/0x610
[ 77.689774][ T3702] ? __file_remove_privs+0x6c0/0x6c0
[ 77.695087][ T3702] ? generic_write_checks+0x15c/0x1c0
[ 77.700464][ T3702] __generic_file_write_iter+0x176/0x400
[ 77.706183][ T3702] generic_file_write_iter+0xab/0x310
[ 77.711557][ T3702] vfs_write+0x7dc/0xc50
[ 77.715808][ T3702] ? file_end_write+0x230/0x230
[ 77.720654][ T3702] ? ptrace_stop+0x74d/0x970
[ 77.725248][ T3702] ? _raw_spin_unlock_irq+0x2a/0x40
[ 77.730448][ T3702] ? __fdget_pos+0x252/0x2e0
[ 77.735046][ T3702] ksys_write+0x177/0x2a0
[ 77.739373][ T3702] ? __ia32_sys_read+0x80/0x80
[ 77.744143][ T3702] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 77.750120][ T3702] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 77.756103][ T3702] do_syscall_64+0x3d/0xb0
[ 77.760602][ T3702] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 77.766489][ T3702] RIP: 0033:0x7f0fa5191c89
[ 77.770902][ T3702] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 77.790500][ T3702] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 77.798909][ T3702] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 77.806885][ T3702] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid 3702] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3702] exit_group(0) = ?
[pid 3702] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3702, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./61/binderfs") = 0
umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./61/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./61/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./61") = 0
mkdir("./62", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
[ 77.814934][ T3702] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 77.822900][ T3702] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 77.830949][ T3702] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000003d
[ 77.838930][ T3702]
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3703
./strace-static-x86_64: Process 3703 attached
[pid 3703] chdir("./62") = 0
[pid 3703] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3703] setpgid(0, 0) = 0
[pid 3703] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3703] write(3, "1000", 4) = 4
[pid 3703] close(3) = 0
[pid 3703] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3703] memfd_create("syzkaller", 0) = 3
[pid 3703] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3703] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3703] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3703] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3703] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3703] close(3) = 0
[pid 3703] mkdir("./file0", 0777) = 0
[pid 3703] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3703] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3703] chdir("./file0") = 0
[pid 3703] ioctl(4, LOOP_CLR_FD) = 0
[pid 3703] close(4) = 0
[pid 3703] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3703] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3703] write(5, "13", 2) = 2
[ 77.890969][ T3703] loop0: detected capacity change from 0 to 64
[ 77.912271][ T3703] FAULT_INJECTION: forcing a failure.
[ 77.912271][ T3703] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 77.926191][ T3703] CPU: 1 PID: 3703 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 77.936622][ T3703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 77.946668][ T3703] Call Trace:
[ 77.949933][ T3703]
[ 77.952849][ T3703] dump_stack_lvl+0x1b1/0x28e
[ 77.957521][ T3703] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 77.962987][ T3703] ? panic+0x710/0x710
[ 77.967072][ T3703] ? do_anonymous_page+0xd4a/0x1150
[ 77.972264][ T3703] ? mark_lock+0x9a/0x350
[ 77.976581][ T3703] should_fail_ex+0x395/0x4c0
[ 77.981246][ T3703] prepare_alloc_pages+0x1d7/0x5a0
[ 77.986351][ T3703] __alloc_pages+0x161/0x560
[ 77.990931][ T3703] ? zone_statistics+0x160/0x160
[ 77.995879][ T3703] ? rcu_lock_release+0x5/0x20
[ 78.001064][ T3703] ? alloc_pages+0x520/0x7b0
[ 78.005637][ T3703] ? xas_descend+0x1f3/0x400
[ 78.010214][ T3703] folio_alloc+0x1a/0x50
[ 78.014438][ T3703] filemap_alloc_folio+0x7e/0x1c0
[ 78.019447][ T3703] __filemap_get_folio+0x898/0x1260
[ 78.024631][ T3703] ? page_cache_prev_miss+0x4e0/0x4e0
[ 78.029990][ T3703] ? lockdep_hardirqs_on_prepare+0x428/0x790
[ 78.035964][ T3703] ? print_irqtrace_events+0x220/0x220
[ 78.041408][ T3703] pagecache_get_page+0x28/0x260
[ 78.046328][ T3703] ? hfs_free_extents+0x420/0x420
[ 78.051335][ T3703] block_write_begin+0x2e/0x1e0
[ 78.056169][ T3703] ? cont_write_begin+0x5e5/0x860
[ 78.061176][ T3703] ? hfs_free_extents+0x420/0x420
[ 78.066275][ T3703] cont_write_begin+0x606/0x860
[ 78.071119][ T3703] ? fault_in_readable+0x1d5/0x310
[ 78.076221][ T3703] ? generic_cont_expand_simple+0x250/0x250
[ 78.082099][ T3703] ? fault_in_readable+0x219/0x310
[ 78.087283][ T3703] ? fault_in_safe_writeable+0x240/0x240
[ 78.092907][ T3703] hfs_write_begin+0x86/0xd0
[ 78.097479][ T3703] ? hfs_free_extents+0x420/0x420
[ 78.102492][ T3703] generic_perform_write+0x2e4/0x5e0
[ 78.107777][ T3703] ? __block_commit_write+0x420/0x420
[ 78.113137][ T3703] ? generic_file_direct_write+0x610/0x610
[ 78.118938][ T3703] ? __file_remove_privs+0x6c0/0x6c0
[ 78.124207][ T3703] ? generic_write_checks+0x15c/0x1c0
[ 78.129575][ T3703] __generic_file_write_iter+0x176/0x400
[ 78.135239][ T3703] generic_file_write_iter+0xab/0x310
[ 78.140600][ T3703] vfs_write+0x7dc/0xc50
[ 78.144855][ T3703] ? file_end_write+0x230/0x230
[ 78.149688][ T3703] ? ptrace_stop+0x74d/0x970
[ 78.154270][ T3703] ? _raw_spin_unlock_irq+0x2a/0x40
[ 78.159455][ T3703] ? __fdget_pos+0x252/0x2e0
[ 78.164035][ T3703] ksys_write+0x177/0x2a0
[ 78.168349][ T3703] ? __ia32_sys_read+0x80/0x80
[ 78.173095][ T3703] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 78.179061][ T3703] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 78.185030][ T3703] do_syscall_64+0x3d/0xb0
[ 78.189431][ T3703] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 78.195308][ T3703] RIP: 0033:0x7f0fa5191c89
[ 78.199721][ T3703] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 78.219323][ T3703] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 78.227730][ T3703] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[pid 3703] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3703] exit_group(0) = ?
[pid 3703] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3703, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./62/binderfs") = 0
umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./62/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./62/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./62") = 0
mkdir("./63", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3704
./strace-static-x86_64: Process 3704 attached
[pid 3704] chdir("./63") = 0
[pid 3704] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3704] setpgid(0, 0) = 0
[pid 3704] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3704] write(3, "1000", 4) = 4
[pid 3704] close(3) = 0
[ 78.235694][ T3703] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 78.243653][ T3703] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 78.251608][ T3703] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 78.259562][ T3703] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000003e
[ 78.267537][ T3703]
[pid 3704] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3704] memfd_create("syzkaller", 0) = 3
[pid 3704] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3704] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3704] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3704] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3704] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3704] close(3) = 0
[pid 3704] mkdir("./file0", 0777) = 0
[pid 3704] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3704] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3704] chdir("./file0") = 0
[pid 3704] ioctl(4, LOOP_CLR_FD) = 0
[pid 3704] close(4) = 0
[pid 3704] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3704] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3704] write(5, "13", 2) = 2
[ 78.329375][ T3704] loop0: detected capacity change from 0 to 64
[ 78.355161][ T3704] FAULT_INJECTION: forcing a failure.
[ 78.355161][ T3704] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 78.368743][ T3704] CPU: 1 PID: 3704 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 78.379157][ T3704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 78.389214][ T3704] Call Trace:
[ 78.392491][ T3704]
[ 78.395421][ T3704] dump_stack_lvl+0x1b1/0x28e
[ 78.400111][ T3704] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 78.405576][ T3704] ? panic+0x710/0x710
[ 78.409650][ T3704] ? do_anonymous_page+0xd4a/0x1150
[ 78.414846][ T3704] ? mark_lock+0x9a/0x350
[ 78.419174][ T3704] should_fail_ex+0x395/0x4c0
[ 78.423856][ T3704] prepare_alloc_pages+0x1d7/0x5a0
[ 78.428969][ T3704] __alloc_pages+0x161/0x560
[ 78.433555][ T3704] ? zone_statistics+0x160/0x160
[ 78.438498][ T3704] ? rcu_lock_release+0x5/0x20
[ 78.443257][ T3704] ? alloc_pages+0x520/0x7b0
[ 78.447837][ T3704] ? xas_descend+0x1f3/0x400
[ 78.452435][ T3704] folio_alloc+0x1a/0x50
[ 78.456691][ T3704] filemap_alloc_folio+0x7e/0x1c0
[ 78.461725][ T3704] __filemap_get_folio+0x898/0x1260
[ 78.466931][ T3704] ? page_cache_prev_miss+0x4e0/0x4e0
[ 78.472326][ T3704] ? lockdep_hardirqs_on_prepare+0x428/0x790
[ 78.478339][ T3704] ? print_irqtrace_events+0x220/0x220
[ 78.483896][ T3704] pagecache_get_page+0x28/0x260
[ 78.488846][ T3704] ? hfs_free_extents+0x420/0x420
[ 78.493871][ T3704] block_write_begin+0x2e/0x1e0
[ 78.498734][ T3704] ? cont_write_begin+0x5e5/0x860
[ 78.503749][ T3704] ? hfs_free_extents+0x420/0x420
[ 78.508774][ T3704] cont_write_begin+0x606/0x860
[ 78.513640][ T3704] ? fault_in_readable+0x1d5/0x310
[ 78.518745][ T3704] ? generic_cont_expand_simple+0x250/0x250
[ 78.524626][ T3704] ? fault_in_readable+0x219/0x310
[ 78.529733][ T3704] ? fault_in_safe_writeable+0x240/0x240
[ 78.535362][ T3704] hfs_write_begin+0x86/0xd0
[ 78.539961][ T3704] ? hfs_free_extents+0x420/0x420
[ 78.544977][ T3704] generic_perform_write+0x2e4/0x5e0
[ 78.550278][ T3704] ? __block_commit_write+0x420/0x420
[ 78.555671][ T3704] ? generic_file_direct_write+0x610/0x610
[ 78.561489][ T3704] ? __file_remove_privs+0x6c0/0x6c0
[ 78.566776][ T3704] ? generic_write_checks+0x15c/0x1c0
[ 78.572178][ T3704] __generic_file_write_iter+0x176/0x400
[ 78.577839][ T3704] generic_file_write_iter+0xab/0x310
[ 78.583235][ T3704] vfs_write+0x7dc/0xc50
[ 78.587505][ T3704] ? file_end_write+0x230/0x230
[ 78.592363][ T3704] ? ptrace_stop+0x74d/0x970
[ 78.596965][ T3704] ? _raw_spin_unlock_irq+0x2a/0x40
[ 78.602174][ T3704] ? __fdget_pos+0x252/0x2e0
[ 78.606767][ T3704] ksys_write+0x177/0x2a0
[ 78.611106][ T3704] ? __ia32_sys_read+0x80/0x80
[ 78.615858][ T3704] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 78.621847][ T3704] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 78.627835][ T3704] do_syscall_64+0x3d/0xb0
[ 78.632241][ T3704] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 78.638121][ T3704] RIP: 0033:0x7f0fa5191c89
[ 78.642536][ T3704] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 78.662148][ T3704] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 78.670548][ T3704] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[pid 3704] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3704] exit_group(0) = ?
[pid 3704] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3704, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./63/binderfs") = 0
umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./63/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./63/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./63") = 0
mkdir("./64", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3705 attached
[ 78.678526][ T3704] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 78.686512][ T3704] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 78.694476][ T3704] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 78.702437][ T3704] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000003f
[ 78.710429][ T3704]
, child_tidptr=0x555555b7f5d0) = 3705
[pid 3705] chdir("./64") = 0
[pid 3705] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3705] setpgid(0, 0) = 0
[pid 3705] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3705] write(3, "1000", 4) = 4
[pid 3705] close(3) = 0
[pid 3705] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3705] memfd_create("syzkaller", 0) = 3
[pid 3705] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3705] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3705] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3705] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3705] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3705] close(3) = 0
[pid 3705] mkdir("./file0", 0777) = 0
[pid 3705] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3705] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3705] chdir("./file0") = 0
[pid 3705] ioctl(4, LOOP_CLR_FD) = 0
[pid 3705] close(4) = 0
[pid 3705] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3705] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3705] write(5, "13", 2) = 2
[ 78.772705][ T3705] loop0: detected capacity change from 0 to 64
[ 78.794268][ T3705] FAULT_INJECTION: forcing a failure.
[ 78.794268][ T3705] name failslab, interval 1, probability 0, space 0, times 0
[ 78.807163][ T3705] CPU: 1 PID: 3705 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 78.817591][ T3705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 78.827659][ T3705] Call Trace:
[ 78.830944][ T3705]
[ 78.833873][ T3705] dump_stack_lvl+0x1b1/0x28e
[ 78.838562][ T3705] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 78.844024][ T3705] ? panic+0x710/0x710
[ 78.848096][ T3705] ? __might_sleep+0xc0/0xc0
[ 78.852681][ T3705] ? __mutex_lock_common+0x45f/0x26e0
[ 78.858056][ T3705] should_fail_ex+0x395/0x4c0
[ 78.862818][ T3705] ? hfs_find_init+0x8b/0x1e0
[ 78.867503][ T3705] should_failslab+0x5/0x20
[ 78.872023][ T3705] __kmem_cache_alloc_node+0x69/0x310
[ 78.877420][ T3705] ? rcu_lock_release+0x5/0x20
[ 78.882207][ T3705] ? hfs_find_init+0x8b/0x1e0
[ 78.886887][ T3705] __kmalloc+0x9e/0x1a0
[ 78.891064][ T3705] hfs_find_init+0x8b/0x1e0
[ 78.895618][ T3705] hfs_extend_file+0x2f8/0x1420
[ 78.900475][ T3705] ? xas_find+0x937/0xa60
[ 78.904829][ T3705] ? hfs_get_block+0xbb0/0xbb0
[ 78.909592][ T3705] ? filemap_get_folios+0x557/0x830
[ 78.914792][ T3705] ? find_lock_entries+0xf60/0xf60
[ 78.919927][ T3705] ? trace_writeback_dirty_inode+0xdf/0x2b0
[ 78.925830][ T3705] hfs_get_block+0x3fc/0xbb0
[ 78.930432][ T3705] ? hfs_free_extents+0x420/0x420
[ 78.935449][ T3705] ? do_raw_spin_unlock+0x134/0x8a0
[ 78.940653][ T3705] ? create_page_buffers+0x244/0x4b0
[ 78.945945][ T3705] __block_write_begin_int+0x54c/0x1a80
[ 78.951510][ T3705] ? hfs_free_extents+0x420/0x420
[ 78.956530][ T3705] ? page_zero_new_buffers+0x940/0x940
[ 78.961987][ T3705] ? PageHeadHuge+0x8a/0x1d0
[ 78.966576][ T3705] ? hfs_free_extents+0x420/0x420
[ 78.971594][ T3705] block_write_begin+0x93/0x1e0
[ 78.976441][ T3705] ? cont_write_begin+0x5e5/0x860
[ 78.981463][ T3705] ? hfs_free_extents+0x420/0x420
[ 78.986481][ T3705] cont_write_begin+0x606/0x860
[ 78.991334][ T3705] ? fault_in_readable+0x1d5/0x310
[ 78.996453][ T3705] ? generic_cont_expand_simple+0x250/0x250
[ 79.002344][ T3705] ? fault_in_readable+0x219/0x310
[ 79.007453][ T3705] ? fault_in_safe_writeable+0x240/0x240
[ 79.013090][ T3705] hfs_write_begin+0x86/0xd0
[ 79.017773][ T3705] ? hfs_free_extents+0x420/0x420
[ 79.022799][ T3705] generic_perform_write+0x2e4/0x5e0
[ 79.028089][ T3705] ? __block_commit_write+0x420/0x420
[ 79.033459][ T3705] ? generic_file_direct_write+0x610/0x610
[ 79.039262][ T3705] ? __file_remove_privs+0x6c0/0x6c0
[ 79.044543][ T3705] ? generic_write_checks+0x15c/0x1c0
[ 79.049923][ T3705] __generic_file_write_iter+0x176/0x400
[ 79.055560][ T3705] generic_file_write_iter+0xab/0x310
[ 79.060952][ T3705] vfs_write+0x7dc/0xc50
[ 79.065202][ T3705] ? file_end_write+0x230/0x230
[ 79.070052][ T3705] ? ptrace_stop+0x74d/0x970
[ 79.074648][ T3705] ? _raw_spin_unlock_irq+0x2a/0x40
[ 79.079851][ T3705] ? __fdget_pos+0x252/0x2e0
[ 79.084473][ T3705] ksys_write+0x177/0x2a0
[ 79.088811][ T3705] ? __ia32_sys_read+0x80/0x80
[ 79.093577][ T3705] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 79.099558][ T3705] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 79.105868][ T3705] do_syscall_64+0x3d/0xb0
[ 79.110328][ T3705] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 79.116236][ T3705] RIP: 0033:0x7f0fa5191c89
[ 79.120649][ T3705] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 79.140253][ T3705] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 79.148664][ T3705] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 79.156656][ T3705] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 79.164652][ T3705] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid 3705] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3705] exit_group(0) = ?
[pid 3705] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3705, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./64/binderfs") = 0
umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./64/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./64/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./64") = 0
mkdir("./65", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3706
./strace-static-x86_64: Process 3706 attached
[pid 3706] chdir("./65") = 0
[pid 3706] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3706] setpgid(0, 0) = 0
[ 79.172622][ T3705] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 79.180587][ T3705] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000040
[ 79.188572][ T3705]
[pid 3706] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3706] write(3, "1000", 4) = 4
[pid 3706] close(3) = 0
[pid 3706] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3706] memfd_create("syzkaller", 0) = 3
[pid 3706] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3706] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3706] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3706] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3706] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3706] close(3) = 0
[pid 3706] mkdir("./file0", 0777) = 0
[pid 3706] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3706] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3706] chdir("./file0") = 0
[pid 3706] ioctl(4, LOOP_CLR_FD) = 0
[pid 3706] close(4) = 0
[pid 3706] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3706] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3706] write(5, "13", 2) = 2
[ 79.245523][ T3706] loop0: detected capacity change from 0 to 64
[ 79.273616][ T3706] FAULT_INJECTION: forcing a failure.
[ 79.273616][ T3706] name failslab, interval 1, probability 0, space 0, times 0
[ 79.286706][ T3706] CPU: 1 PID: 3706 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 79.297115][ T3706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 79.307157][ T3706] Call Trace:
[ 79.310555][ T3706]
[ 79.313471][ T3706] dump_stack_lvl+0x1b1/0x28e
[ 79.318138][ T3706] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 79.323580][ T3706] ? panic+0x710/0x710
[ 79.327634][ T3706] ? __might_sleep+0xc0/0xc0
[ 79.332206][ T3706] ? __mutex_lock_common+0x45f/0x26e0
[ 79.337567][ T3706] should_fail_ex+0x395/0x4c0
[ 79.342233][ T3706] ? hfs_find_init+0x8b/0x1e0
[ 79.346899][ T3706] should_failslab+0x5/0x20
[ 79.351390][ T3706] __kmem_cache_alloc_node+0x69/0x310
[ 79.356751][ T3706] ? hfs_find_init+0x8b/0x1e0
[ 79.361503][ T3706] __kmalloc+0x9e/0x1a0
[ 79.365657][ T3706] hfs_find_init+0x8b/0x1e0
[ 79.370233][ T3706] hfs_extend_file+0x2f8/0x1420
[ 79.375083][ T3706] ? hfs_get_block+0xbb0/0xbb0
[ 79.379832][ T3706] ? lru_cache_disable+0x30/0x30
[ 79.384761][ T3706] ? __might_sleep+0xc0/0xc0
[ 79.389436][ T3706] hfs_get_block+0x3fc/0xbb0
[ 79.394021][ T3706] ? hfs_free_extents+0x420/0x420
[ 79.399027][ T3706] ? do_raw_spin_unlock+0x134/0x8a0
[ 79.404216][ T3706] ? create_page_buffers+0x244/0x4b0
[ 79.409514][ T3706] __block_write_begin_int+0x54c/0x1a80
[ 79.415078][ T3706] ? hfs_free_extents+0x420/0x420
[ 79.420099][ T3706] ? page_zero_new_buffers+0x940/0x940
[ 79.425556][ T3706] ? PageHeadHuge+0x8a/0x1d0
[ 79.430399][ T3706] ? hfs_free_extents+0x420/0x420
[ 79.435415][ T3706] block_write_begin+0x93/0x1e0
[ 79.440258][ T3706] ? cont_write_begin+0x5e5/0x860
[ 79.445270][ T3706] ? hfs_free_extents+0x420/0x420
[ 79.450281][ T3706] cont_write_begin+0x606/0x860
[ 79.455124][ T3706] ? fault_in_readable+0x1d5/0x310
[ 79.460228][ T3706] ? generic_cont_expand_simple+0x250/0x250
[ 79.466110][ T3706] ? fault_in_readable+0x219/0x310
[ 79.471211][ T3706] ? fault_in_safe_writeable+0x240/0x240
[ 79.476839][ T3706] hfs_write_begin+0x86/0xd0
[ 79.481411][ T3706] ? hfs_free_extents+0x420/0x420
[ 79.486422][ T3706] generic_perform_write+0x2e4/0x5e0
[ 79.491701][ T3706] ? __block_commit_write+0x420/0x420
[ 79.497062][ T3706] ? generic_file_direct_write+0x610/0x610
[ 79.502857][ T3706] ? __file_remove_privs+0x6c0/0x6c0
[ 79.508126][ T3706] ? generic_write_checks+0x15c/0x1c0
[ 79.513491][ T3706] __generic_file_write_iter+0x176/0x400
[ 79.519113][ T3706] generic_file_write_iter+0xab/0x310
[ 79.524472][ T3706] vfs_write+0x7dc/0xc50
[ 79.528738][ T3706] ? file_end_write+0x230/0x230
[ 79.533573][ T3706] ? ptrace_stop+0x74d/0x970
[ 79.538173][ T3706] ? _raw_spin_unlock_irq+0x2a/0x40
[ 79.543361][ T3706] ? __fdget_pos+0x252/0x2e0
[ 79.547939][ T3706] ksys_write+0x177/0x2a0
[ 79.552257][ T3706] ? __ia32_sys_read+0x80/0x80
[ 79.557007][ T3706] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 79.562990][ T3706] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 79.568958][ T3706] do_syscall_64+0x3d/0xb0
[ 79.573356][ T3706] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 79.579236][ T3706] RIP: 0033:0x7f0fa5191c89
[ 79.583635][ T3706] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 79.603230][ T3706] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 79.611629][ T3706] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 79.619582][ T3706] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 79.627538][ T3706] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 79.635496][ T3706] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid 3706] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3706] exit_group(0) = ?
[pid 3706] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3706, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./65/binderfs") = 0
umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./65/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./65/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./65") = 0
mkdir("./66", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3707
./strace-static-x86_64: Process 3707 attached
[pid 3707] chdir("./66") = 0
[pid 3707] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3707] setpgid(0, 0) = 0
[pid 3707] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3707] write(3, "1000", 4) = 4
[pid 3707] close(3) = 0
[pid 3707] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3707] memfd_create("syzkaller", 0) = 3
[pid 3707] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3707] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3707] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3707] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 79.643447][ T3706] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000041
[ 79.651422][ T3706]
[pid 3707] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3707] close(3) = 0
[pid 3707] mkdir("./file0", 0777) = 0
[pid 3707] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3707] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3707] chdir("./file0") = 0
[pid 3707] ioctl(4, LOOP_CLR_FD) = 0
[pid 3707] close(4) = 0
[pid 3707] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3707] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3707] write(5, "13", 2) = 2
[ 79.703973][ T3707] loop0: detected capacity change from 0 to 64
[ 79.726960][ T3707] FAULT_INJECTION: forcing a failure.
[ 79.726960][ T3707] name failslab, interval 1, probability 0, space 0, times 0
[ 79.745818][ T3707] CPU: 0 PID: 3707 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 79.756269][ T3707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 79.766317][ T3707] Call Trace:
[ 79.769597][ T3707]
[ 79.772538][ T3707] dump_stack_lvl+0x1b1/0x28e
[ 79.777241][ T3707] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 79.782687][ T3707] ? panic+0x710/0x710
[ 79.786745][ T3707] ? __might_sleep+0xc0/0xc0
[ 79.791321][ T3707] ? __mutex_lock_common+0x45f/0x26e0
[ 79.796688][ T3707] should_fail_ex+0x395/0x4c0
[ 79.801369][ T3707] ? hfs_find_init+0x8b/0x1e0
[ 79.806056][ T3707] should_failslab+0x5/0x20
[ 79.810547][ T3707] __kmem_cache_alloc_node+0x69/0x310
[ 79.815910][ T3707] ? rcu_lock_release+0x5/0x20
[ 79.820759][ T3707] ? hfs_find_init+0x8b/0x1e0
[ 79.825429][ T3707] __kmalloc+0x9e/0x1a0
[ 79.829576][ T3707] hfs_find_init+0x8b/0x1e0
[ 79.834084][ T3707] hfs_extend_file+0x2f8/0x1420
[ 79.838940][ T3707] ? xas_find+0x937/0xa60
[ 79.843265][ T3707] ? hfs_get_block+0xbb0/0xbb0
[ 79.848021][ T3707] ? filemap_get_folios+0x557/0x830
[ 79.853229][ T3707] ? find_lock_entries+0xf60/0xf60
[ 79.858406][ T3707] ? trace_writeback_dirty_inode+0xdf/0x2b0
[ 79.864315][ T3707] hfs_get_block+0x3fc/0xbb0
[ 79.868970][ T3707] ? hfs_free_extents+0x420/0x420
[ 79.873992][ T3707] ? do_raw_spin_unlock+0x134/0x8a0
[ 79.879202][ T3707] ? create_page_buffers+0x244/0x4b0
[ 79.884483][ T3707] __block_write_begin_int+0x54c/0x1a80
[ 79.890037][ T3707] ? hfs_free_extents+0x420/0x420
[ 79.895061][ T3707] ? page_zero_new_buffers+0x940/0x940
[ 79.900535][ T3707] ? PageHeadHuge+0x8a/0x1d0
[ 79.905147][ T3707] ? hfs_free_extents+0x420/0x420
[ 79.910176][ T3707] block_write_begin+0x93/0x1e0
[ 79.915037][ T3707] ? cont_write_begin+0x5e5/0x860
[ 79.920053][ T3707] ? hfs_free_extents+0x420/0x420
[ 79.925075][ T3707] cont_write_begin+0x606/0x860
[ 79.929937][ T3707] ? fault_in_readable+0x1d5/0x310
[ 79.935046][ T3707] ? generic_cont_expand_simple+0x250/0x250
[ 79.941104][ T3707] ? fault_in_readable+0x219/0x310
[ 79.946237][ T3707] ? fault_in_safe_writeable+0x240/0x240
[ 79.951888][ T3707] hfs_write_begin+0x86/0xd0
[ 79.956473][ T3707] ? hfs_free_extents+0x420/0x420
[ 79.961498][ T3707] generic_perform_write+0x2e4/0x5e0
[ 79.966805][ T3707] ? __block_commit_write+0x420/0x420
[ 79.972198][ T3707] ? generic_file_direct_write+0x610/0x610
[ 79.978100][ T3707] ? __file_remove_privs+0x6c0/0x6c0
[ 79.983385][ T3707] ? generic_write_checks+0x15c/0x1c0
[ 79.988785][ T3707] __generic_file_write_iter+0x176/0x400
[ 79.994603][ T3707] generic_file_write_iter+0xab/0x310
[ 79.999967][ T3707] vfs_write+0x7dc/0xc50
[ 80.004210][ T3707] ? file_end_write+0x230/0x230
[ 80.009055][ T3707] ? ptrace_stop+0x74d/0x970
[ 80.013661][ T3707] ? _raw_spin_unlock_irq+0x2a/0x40
[ 80.018868][ T3707] ? __fdget_pos+0x252/0x2e0
[ 80.023455][ T3707] ksys_write+0x177/0x2a0
[ 80.027867][ T3707] ? __ia32_sys_read+0x80/0x80
[ 80.032620][ T3707] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 80.038608][ T3707] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 80.044580][ T3707] do_syscall_64+0x3d/0xb0
[ 80.049006][ T3707] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 80.054897][ T3707] RIP: 0033:0x7f0fa5191c89
[ 80.059335][ T3707] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 80.078937][ T3707] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 80.087452][ T3707] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 80.095426][ T3707] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid 3707] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3707] exit_group(0) = ?
[pid 3707] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3707, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./66/binderfs") = 0
umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./66/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./66/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./66") = 0
mkdir("./67", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 80.103408][ T3707] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 80.111473][ T3707] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 80.119446][ T3707] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000042
[ 80.127443][ T3707]
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3708
./strace-static-x86_64: Process 3708 attached
[pid 3708] chdir("./67") = 0
[pid 3708] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3708] setpgid(0, 0) = 0
[pid 3708] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3708] write(3, "1000", 4) = 4
[pid 3708] close(3) = 0
[pid 3708] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3708] memfd_create("syzkaller", 0) = 3
[pid 3708] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3708] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3708] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3708] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3708] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3708] close(3) = 0
[pid 3708] mkdir("./file0", 0777) = 0
[pid 3708] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3708] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3708] chdir("./file0") = 0
[pid 3708] ioctl(4, LOOP_CLR_FD) = 0
[pid 3708] close(4) = 0
[pid 3708] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3708] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3708] write(5, "13", 2) = 2
[ 80.186621][ T3708] loop0: detected capacity change from 0 to 64
[ 80.217547][ T3708] FAULT_INJECTION: forcing a failure.
[ 80.217547][ T3708] name failslab, interval 1, probability 0, space 0, times 0
[ 80.231107][ T3708] CPU: 0 PID: 3708 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 80.241542][ T3708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 80.251597][ T3708] Call Trace:
[ 80.254882][ T3708]
[ 80.257824][ T3708] dump_stack_lvl+0x1b1/0x28e
[ 80.262591][ T3708] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 80.268052][ T3708] ? panic+0x710/0x710
[ 80.272118][ T3708] ? __might_sleep+0xc0/0xc0
[ 80.276702][ T3708] ? __mutex_lock_common+0x45f/0x26e0
[ 80.282079][ T3708] should_fail_ex+0x395/0x4c0
[ 80.286765][ T3708] ? hfs_find_init+0x8b/0x1e0
[ 80.291457][ T3708] should_failslab+0x5/0x20
[ 80.295952][ T3708] __kmem_cache_alloc_node+0x69/0x310
[ 80.301367][ T3708] ? hfs_find_init+0x8b/0x1e0
[ 80.306059][ T3708] __kmalloc+0x9e/0x1a0
[ 80.310249][ T3708] hfs_find_init+0x8b/0x1e0
[ 80.314775][ T3708] hfs_extend_file+0x2f8/0x1420
[ 80.319623][ T3708] ? hfs_get_block+0xbb0/0xbb0
[ 80.324381][ T3708] ? lru_cache_disable+0x30/0x30
[ 80.329309][ T3708] ? __might_sleep+0xc0/0xc0
[ 80.333930][ T3708] hfs_get_block+0x3fc/0xbb0
[ 80.338542][ T3708] ? hfs_free_extents+0x420/0x420
[ 80.343568][ T3708] ? do_raw_spin_unlock+0x134/0x8a0
[ 80.348783][ T3708] ? create_page_buffers+0x244/0x4b0
[ 80.354063][ T3708] __block_write_begin_int+0x54c/0x1a80
[ 80.359623][ T3708] ? hfs_free_extents+0x420/0x420
[ 80.364638][ T3708] ? page_zero_new_buffers+0x940/0x940
[ 80.370108][ T3708] ? PageHeadHuge+0x8a/0x1d0
[ 80.374715][ T3708] ? hfs_free_extents+0x420/0x420
[ 80.379745][ T3708] block_write_begin+0x93/0x1e0
[ 80.384615][ T3708] ? cont_write_begin+0x5e5/0x860
[ 80.389631][ T3708] ? hfs_free_extents+0x420/0x420
[ 80.394645][ T3708] cont_write_begin+0x606/0x860
[ 80.399769][ T3708] ? fault_in_readable+0x1d5/0x310
[ 80.404876][ T3708] ? generic_cont_expand_simple+0x250/0x250
[ 80.410767][ T3708] ? fault_in_readable+0x219/0x310
[ 80.415877][ T3708] ? fault_in_safe_writeable+0x240/0x240
[ 80.421503][ T3708] hfs_write_begin+0x86/0xd0
[ 80.426087][ T3708] ? hfs_free_extents+0x420/0x420
[ 80.431103][ T3708] generic_perform_write+0x2e4/0x5e0
[ 80.436386][ T3708] ? __block_commit_write+0x420/0x420
[ 80.441782][ T3708] ? generic_file_direct_write+0x610/0x610
[ 80.447590][ T3708] ? __file_remove_privs+0x6c0/0x6c0
[ 80.452866][ T3708] ? generic_write_checks+0x15c/0x1c0
[ 80.458258][ T3708] __generic_file_write_iter+0x176/0x400
[ 80.463929][ T3708] generic_file_write_iter+0xab/0x310
[ 80.469332][ T3708] vfs_write+0x7dc/0xc50
[ 80.473856][ T3708] ? file_end_write+0x230/0x230
[ 80.478798][ T3708] ? ptrace_stop+0x74d/0x970
[ 80.483422][ T3708] ? _raw_spin_unlock_irq+0x2a/0x40
[ 80.488649][ T3708] ? __fdget_pos+0x252/0x2e0
[ 80.493269][ T3708] ksys_write+0x177/0x2a0
[ 80.497629][ T3708] ? __ia32_sys_read+0x80/0x80
[ 80.502412][ T3708] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 80.508507][ T3708] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 80.514507][ T3708] do_syscall_64+0x3d/0xb0
[ 80.518922][ T3708] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 80.524812][ T3708] RIP: 0033:0x7f0fa5191c89
[ 80.529221][ T3708] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 80.548828][ T3708] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 80.557233][ T3708] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 80.565216][ T3708] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 80.573185][ T3708] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid 3708] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3708] exit_group(0) = ?
[pid 3708] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3708, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./67/binderfs") = 0
umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./67/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./67/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./67") = 0
mkdir("./68", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3709
./strace-static-x86_64: Process 3709 attached
[pid 3709] chdir("./68") = 0
[pid 3709] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3709] setpgid(0, 0) = 0
[ 80.581151][ T3708] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 80.589121][ T3708] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000043
[ 80.597120][ T3708]
[pid 3709] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3709] write(3, "1000", 4) = 4
[pid 3709] close(3) = 0
[pid 3709] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3709] memfd_create("syzkaller", 0) = 3
[pid 3709] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3709] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3709] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3709] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3709] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3709] close(3) = 0
[pid 3709] mkdir("./file0", 0777) = 0
[pid 3709] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3709] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3709] chdir("./file0") = 0
[pid 3709] ioctl(4, LOOP_CLR_FD) = 0
[pid 3709] close(4) = 0
[pid 3709] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3709] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3709] write(5, "13", 2) = 2
[ 80.659077][ T3709] loop0: detected capacity change from 0 to 64
[ 80.685744][ T3709] FAULT_INJECTION: forcing a failure.
[ 80.685744][ T3709] name failslab, interval 1, probability 0, space 0, times 0
[ 80.698891][ T3709] CPU: 1 PID: 3709 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 80.709305][ T3709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 80.719377][ T3709] Call Trace:
[ 80.722646][ T3709]
[ 80.725572][ T3709] dump_stack_lvl+0x1b1/0x28e
[ 80.730239][ T3709] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 80.735723][ T3709] ? panic+0x710/0x710
[ 80.739866][ T3709] ? __might_sleep+0xc0/0xc0
[ 80.744440][ T3709] ? __mutex_lock_common+0x45f/0x26e0
[ 80.749804][ T3709] should_fail_ex+0x395/0x4c0
[ 80.754471][ T3709] ? hfs_find_init+0x8b/0x1e0
[ 80.759138][ T3709] should_failslab+0x5/0x20
[ 80.763630][ T3709] __kmem_cache_alloc_node+0x69/0x310
[ 80.768996][ T3709] ? rcu_lock_release+0x5/0x20
[ 80.773755][ T3709] ? hfs_find_init+0x8b/0x1e0
[ 80.778417][ T3709] __kmalloc+0x9e/0x1a0
[ 80.782563][ T3709] hfs_find_init+0x8b/0x1e0
[ 80.787055][ T3709] hfs_extend_file+0x2f8/0x1420
[ 80.791899][ T3709] ? xas_find+0x937/0xa60
[ 80.796220][ T3709] ? hfs_get_block+0xbb0/0xbb0
[ 80.800966][ T3709] ? filemap_get_folios+0x557/0x830
[ 80.806170][ T3709] ? find_lock_entries+0xf60/0xf60
[ 80.811285][ T3709] ? trace_writeback_dirty_inode+0xdf/0x2b0
[ 80.817195][ T3709] hfs_get_block+0x3fc/0xbb0
[ 80.821789][ T3709] ? hfs_free_extents+0x420/0x420
[ 80.826889][ T3709] ? do_raw_spin_unlock+0x134/0x8a0
[ 80.832083][ T3709] ? create_page_buffers+0x244/0x4b0
[ 80.837360][ T3709] __block_write_begin_int+0x54c/0x1a80
[ 80.842909][ T3709] ? hfs_free_extents+0x420/0x420
[ 80.848109][ T3709] ? page_zero_new_buffers+0x940/0x940
[ 80.853572][ T3709] ? PageHeadHuge+0x8a/0x1d0
[ 80.858165][ T3709] ? hfs_free_extents+0x420/0x420
[ 80.863180][ T3709] block_write_begin+0x93/0x1e0
[ 80.868019][ T3709] ? cont_write_begin+0x5e5/0x860
[ 80.873035][ T3709] ? hfs_free_extents+0x420/0x420
[ 80.878049][ T3709] cont_write_begin+0x606/0x860
[ 80.882893][ T3709] ? fault_in_readable+0x1d5/0x310
[ 80.887993][ T3709] ? generic_cont_expand_simple+0x250/0x250
[ 80.893870][ T3709] ? fault_in_readable+0x219/0x310
[ 80.899029][ T3709] ? fault_in_safe_writeable+0x240/0x240
[ 80.904654][ T3709] hfs_write_begin+0x86/0xd0
[ 80.909228][ T3709] ? hfs_free_extents+0x420/0x420
[ 80.914241][ T3709] generic_perform_write+0x2e4/0x5e0
[ 80.919520][ T3709] ? __block_commit_write+0x420/0x420
[ 80.924883][ T3709] ? generic_file_direct_write+0x610/0x610
[ 80.930674][ T3709] ? __file_remove_privs+0x6c0/0x6c0
[ 80.935944][ T3709] ? generic_write_checks+0x15c/0x1c0
[ 80.941657][ T3709] __generic_file_write_iter+0x176/0x400
[ 80.947283][ T3709] generic_file_write_iter+0xab/0x310
[ 80.952644][ T3709] vfs_write+0x7dc/0xc50
[ 80.956881][ T3709] ? file_end_write+0x230/0x230
[ 80.961723][ T3709] ? ptrace_stop+0x74d/0x970
[ 80.966309][ T3709] ? _raw_spin_unlock_irq+0x2a/0x40
[ 80.971497][ T3709] ? __fdget_pos+0x252/0x2e0
[ 80.976164][ T3709] ksys_write+0x177/0x2a0
[ 80.980483][ T3709] ? __ia32_sys_read+0x80/0x80
[ 80.985233][ T3709] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 80.991201][ T3709] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 80.997168][ T3709] do_syscall_64+0x3d/0xb0
[ 81.001569][ T3709] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 81.007449][ T3709] RIP: 0033:0x7f0fa5191c89
[ 81.011856][ T3709] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 81.031450][ T3709] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 81.039847][ T3709] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 81.047900][ T3709] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid 3709] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3709] exit_group(0) = ?
[pid 3709] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3709, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./68/binderfs") = 0
umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./68/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./68/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./68") = 0
mkdir("./69", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
[ 81.055872][ T3709] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 81.063830][ T3709] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 81.071785][ T3709] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000044
[ 81.079927][ T3709]
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3710 attached
, child_tidptr=0x555555b7f5d0) = 3710
[pid 3710] chdir("./69") = 0
[pid 3710] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3710] setpgid(0, 0) = 0
[pid 3710] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3710] write(3, "1000", 4) = 4
[pid 3710] close(3) = 0
[pid 3710] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3710] memfd_create("syzkaller", 0) = 3
[pid 3710] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3710] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3710] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3710] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3710] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3710] close(3) = 0
[pid 3710] mkdir("./file0", 0777) = 0
[pid 3710] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3710] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3710] chdir("./file0") = 0
[pid 3710] ioctl(4, LOOP_CLR_FD) = 0
[pid 3710] close(4) = 0
[pid 3710] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3710] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3710] write(5, "13", 2) = 2
[ 81.143041][ T3710] loop0: detected capacity change from 0 to 64
[ 81.167351][ T3710] FAULT_INJECTION: forcing a failure.
[ 81.167351][ T3710] name failslab, interval 1, probability 0, space 0, times 0
[ 81.180627][ T3710] CPU: 0 PID: 3710 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 81.191087][ T3710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 81.201165][ T3710] Call Trace:
[ 81.204456][ T3710]
[ 81.207469][ T3710] dump_stack_lvl+0x1b1/0x28e
[ 81.212142][ T3710] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 81.217589][ T3710] ? panic+0x710/0x710
[ 81.221655][ T3710] ? __might_sleep+0xc0/0xc0
[ 81.226234][ T3710] ? __mutex_lock_common+0x45f/0x26e0
[ 81.231623][ T3710] should_fail_ex+0x395/0x4c0
[ 81.236296][ T3710] ? hfs_find_init+0x8b/0x1e0
[ 81.240965][ T3710] should_failslab+0x5/0x20
[ 81.245468][ T3710] __kmem_cache_alloc_node+0x69/0x310
[ 81.250849][ T3710] ? rcu_lock_release+0x5/0x20
[ 81.255629][ T3710] ? hfs_find_init+0x8b/0x1e0
[ 81.260320][ T3710] __kmalloc+0x9e/0x1a0
[ 81.264474][ T3710] hfs_find_init+0x8b/0x1e0
[ 81.268991][ T3710] hfs_extend_file+0x2f8/0x1420
[ 81.273856][ T3710] ? xas_find+0x937/0xa60
[ 81.278211][ T3710] ? hfs_get_block+0xbb0/0xbb0
[ 81.282969][ T3710] ? filemap_get_folios+0x557/0x830
[ 81.288169][ T3710] ? find_lock_entries+0xf60/0xf60
[ 81.293294][ T3710] ? trace_writeback_dirty_inode+0xdf/0x2b0
[ 81.299209][ T3710] hfs_get_block+0x3fc/0xbb0
[ 81.303804][ T3710] ? hfs_free_extents+0x420/0x420
[ 81.308819][ T3710] ? do_raw_spin_unlock+0x134/0x8a0
[ 81.314029][ T3710] ? create_page_buffers+0x244/0x4b0
[ 81.319328][ T3710] __block_write_begin_int+0x54c/0x1a80
[ 81.324879][ T3710] ? hfs_free_extents+0x420/0x420
[ 81.329892][ T3710] ? page_zero_new_buffers+0x940/0x940
[ 81.335348][ T3710] ? PageHeadHuge+0x8a/0x1d0
[ 81.339942][ T3710] ? hfs_free_extents+0x420/0x420
[ 81.345112][ T3710] block_write_begin+0x93/0x1e0
[ 81.349980][ T3710] ? cont_write_begin+0x5e5/0x860
[ 81.355021][ T3710] ? hfs_free_extents+0x420/0x420
[ 81.360125][ T3710] cont_write_begin+0x606/0x860
[ 81.364987][ T3710] ? fault_in_readable+0x1d5/0x310
[ 81.370106][ T3710] ? generic_cont_expand_simple+0x250/0x250
[ 81.375994][ T3710] ? fault_in_readable+0x219/0x310
[ 81.381101][ T3710] ? fault_in_safe_writeable+0x240/0x240
[ 81.386820][ T3710] hfs_write_begin+0x86/0xd0
[ 81.391401][ T3710] ? hfs_free_extents+0x420/0x420
[ 81.396423][ T3710] generic_perform_write+0x2e4/0x5e0
[ 81.401709][ T3710] ? __block_commit_write+0x420/0x420
[ 81.407075][ T3710] ? generic_file_direct_write+0x610/0x610
[ 81.412870][ T3710] ? __file_remove_privs+0x6c0/0x6c0
[ 81.418147][ T3710] ? generic_write_checks+0x15c/0x1c0
[ 81.423523][ T3710] __generic_file_write_iter+0x176/0x400
[ 81.429157][ T3710] generic_file_write_iter+0xab/0x310
[ 81.434522][ T3710] vfs_write+0x7dc/0xc50
[ 81.438762][ T3710] ? file_end_write+0x230/0x230
[ 81.443603][ T3710] ? ptrace_stop+0x74d/0x970
[ 81.448213][ T3710] ? _raw_spin_unlock_irq+0x2a/0x40
[ 81.453423][ T3710] ? __fdget_pos+0x252/0x2e0
[ 81.458024][ T3710] ksys_write+0x177/0x2a0
[ 81.462348][ T3710] ? __ia32_sys_read+0x80/0x80
[ 81.467100][ T3710] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 81.473087][ T3710] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 81.479228][ T3710] do_syscall_64+0x3d/0xb0
[ 81.483657][ T3710] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 81.489553][ T3710] RIP: 0033:0x7f0fa5191c89
[ 81.493957][ T3710] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 81.513552][ T3710] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 81.521953][ T3710] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 81.530004][ T3710] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid 3710] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3710] exit_group(0) = ?
[pid 3710] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3710, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./69/binderfs") = 0
umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./69/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./69/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./69") = 0
mkdir("./70", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[ 81.537963][ T3710] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 81.546009][ T3710] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 81.554065][ T3710] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000045
[ 81.562056][ T3710]
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3711
./strace-static-x86_64: Process 3711 attached
[pid 3711] chdir("./70") = 0
[pid 3711] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3711] setpgid(0, 0) = 0
[pid 3711] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3711] write(3, "1000", 4) = 4
[pid 3711] close(3) = 0
[pid 3711] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3711] memfd_create("syzkaller", 0) = 3
[pid 3711] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3711] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3711] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3711] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3711] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3711] close(3) = 0
[pid 3711] mkdir("./file0", 0777) = 0
[pid 3711] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3711] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3711] chdir("./file0") = 0
[pid 3711] ioctl(4, LOOP_CLR_FD) = 0
[pid 3711] close(4) = 0
[pid 3711] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3711] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3711] write(5, "13", 2) = 2
[ 81.624746][ T3711] loop0: detected capacity change from 0 to 64
[ 81.645249][ T3711] FAULT_INJECTION: forcing a failure.
[ 81.645249][ T3711] name failslab, interval 1, probability 0, space 0, times 0
[ 81.658336][ T3711] CPU: 0 PID: 3711 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 81.668771][ T3711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 81.678820][ T3711] Call Trace:
[ 81.682091][ T3711]
[ 81.685012][ T3711] dump_stack_lvl+0x1b1/0x28e
[ 81.689707][ T3711] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 81.695183][ T3711] ? panic+0x710/0x710
[ 81.699263][ T3711] ? __might_sleep+0xc0/0xc0
[ 81.703882][ T3711] ? __mutex_lock_common+0x45f/0x26e0
[ 81.709270][ T3711] should_fail_ex+0x395/0x4c0
[ 81.713950][ T3711] ? hfs_find_init+0x8b/0x1e0
[ 81.718630][ T3711] should_failslab+0x5/0x20
[ 81.723136][ T3711] __kmem_cache_alloc_node+0x69/0x310
[ 81.728504][ T3711] ? rcu_lock_release+0x5/0x20
[ 81.733266][ T3711] ? hfs_find_init+0x8b/0x1e0
[ 81.737941][ T3711] __kmalloc+0x9e/0x1a0
[ 81.742101][ T3711] hfs_find_init+0x8b/0x1e0
[ 81.746628][ T3711] hfs_extend_file+0x2f8/0x1420
[ 81.751482][ T3711] ? xas_find+0x937/0xa60
[ 81.755820][ T3711] ? hfs_get_block+0xbb0/0xbb0
[ 81.760586][ T3711] ? filemap_get_folios+0x557/0x830
[ 81.765789][ T3711] ? find_lock_entries+0xf60/0xf60
[ 81.770902][ T3711] ? trace_writeback_dirty_inode+0xdf/0x2b0
[ 81.776803][ T3711] hfs_get_block+0x3fc/0xbb0
[ 81.781401][ T3711] ? hfs_free_extents+0x420/0x420
[ 81.786418][ T3711] ? do_raw_spin_unlock+0x134/0x8a0
[ 81.791636][ T3711] ? create_page_buffers+0x244/0x4b0
[ 81.796929][ T3711] __block_write_begin_int+0x54c/0x1a80
[ 81.802494][ T3711] ? hfs_free_extents+0x420/0x420
[ 81.807515][ T3711] ? page_zero_new_buffers+0x940/0x940
[ 81.812976][ T3711] ? PageHeadHuge+0x8a/0x1d0
[ 81.817570][ T3711] ? hfs_free_extents+0x420/0x420
[ 81.822602][ T3711] block_write_begin+0x93/0x1e0
[ 81.827450][ T3711] ? cont_write_begin+0x5e5/0x860
[ 81.832474][ T3711] ? hfs_free_extents+0x420/0x420
[ 81.837501][ T3711] cont_write_begin+0x606/0x860
[ 81.842354][ T3711] ? fault_in_readable+0x1d5/0x310
[ 81.847473][ T3711] ? generic_cont_expand_simple+0x250/0x250
[ 81.853365][ T3711] ? fault_in_readable+0x219/0x310
[ 81.858477][ T3711] ? fault_in_safe_writeable+0x240/0x240
[ 81.864119][ T3711] hfs_write_begin+0x86/0xd0
[ 81.868705][ T3711] ? hfs_free_extents+0x420/0x420
[ 81.873730][ T3711] generic_perform_write+0x2e4/0x5e0
[ 81.879021][ T3711] ? __block_commit_write+0x420/0x420
[ 81.884393][ T3711] ? generic_file_direct_write+0x610/0x610
[ 81.890193][ T3711] ? __file_remove_privs+0x6c0/0x6c0
[ 81.895474][ T3711] ? generic_write_checks+0x15c/0x1c0
[ 81.900856][ T3711] __generic_file_write_iter+0x176/0x400
[ 81.906496][ T3711] generic_file_write_iter+0xab/0x310
[ 81.911869][ T3711] vfs_write+0x7dc/0xc50
[ 81.916129][ T3711] ? file_end_write+0x230/0x230
[ 81.920976][ T3711] ? ptrace_stop+0x74d/0x970
[ 81.925575][ T3711] ? _raw_spin_unlock_irq+0x2a/0x40
[ 81.930775][ T3711] ? __fdget_pos+0x252/0x2e0
[ 81.935369][ T3711] ksys_write+0x177/0x2a0
[ 81.939700][ T3711] ? __ia32_sys_read+0x80/0x80
[ 81.944469][ T3711] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 81.950447][ T3711] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 81.956430][ T3711] do_syscall_64+0x3d/0xb0
[ 81.960848][ T3711] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 81.966735][ T3711] RIP: 0033:0x7f0fa5191c89
[ 81.971147][ T3711] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 81.990765][ T3711] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 81.999185][ T3711] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 82.007152][ T3711] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 82.015114][ T3711] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid 3711] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3711] exit_group(0) = ?
[pid 3711] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3711, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./70/binderfs") = 0
umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./70/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./70/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./70") = 0
mkdir("./71", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
[ 82.023085][ T3711] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 82.031057][ T3711] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000046
[ 82.039044][ T3711]
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3712
./strace-static-x86_64: Process 3712 attached
[pid 3712] chdir("./71") = 0
[pid 3712] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3712] setpgid(0, 0) = 0
[pid 3712] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3712] write(3, "1000", 4) = 4
[pid 3712] close(3) = 0
[pid 3712] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3712] memfd_create("syzkaller", 0) = 3
[pid 3712] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3712] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3712] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3712] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3712] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3712] close(3) = 0
[pid 3712] mkdir("./file0", 0777) = 0
[pid 3712] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3712] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3712] chdir("./file0") = 0
[pid 3712] ioctl(4, LOOP_CLR_FD) = 0
[pid 3712] close(4) = 0
[pid 3712] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3712] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3712] write(5, "13", 2) = 2
[ 82.093239][ T3712] loop0: detected capacity change from 0 to 64
[ 82.132555][ T3712] FAULT_INJECTION: forcing a failure.
[ 82.132555][ T3712] name failslab, interval 1, probability 0, space 0, times 0
[ 82.145382][ T3712] CPU: 0 PID: 3712 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 82.155805][ T3712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 82.165855][ T3712] Call Trace:
[ 82.169127][ T3712]
[ 82.172120][ T3712] dump_stack_lvl+0x1b1/0x28e
[ 82.176802][ T3712] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 82.182356][ T3712] ? panic+0x710/0x710
[ 82.186420][ T3712] ? __might_sleep+0xc0/0xc0
[ 82.191015][ T3712] ? __mutex_lock_common+0x45f/0x26e0
[ 82.196399][ T3712] should_fail_ex+0x395/0x4c0
[ 82.201082][ T3712] ? hfs_find_init+0x8b/0x1e0
[ 82.205771][ T3712] should_failslab+0x5/0x20
[ 82.210265][ T3712] __kmem_cache_alloc_node+0x69/0x310
[ 82.215632][ T3712] ? hfs_find_init+0x8b/0x1e0
[ 82.220303][ T3712] __kmalloc+0x9e/0x1a0
[ 82.224457][ T3712] hfs_find_init+0x8b/0x1e0
[ 82.228960][ T3712] hfs_extend_file+0x2f8/0x1420
[ 82.233809][ T3712] ? hfs_get_block+0xbb0/0xbb0
[ 82.238584][ T3712] ? lru_cache_disable+0x30/0x30
[ 82.243529][ T3712] ? __might_sleep+0xc0/0xc0
[ 82.248139][ T3712] hfs_get_block+0x3fc/0xbb0
[ 82.252744][ T3712] ? hfs_free_extents+0x420/0x420
[ 82.257763][ T3712] ? do_raw_spin_unlock+0x134/0x8a0
[ 82.262983][ T3712] ? create_page_buffers+0x244/0x4b0
[ 82.268277][ T3712] __block_write_begin_int+0x54c/0x1a80
[ 82.273844][ T3712] ? hfs_free_extents+0x420/0x420
[ 82.278864][ T3712] ? page_zero_new_buffers+0x940/0x940
[ 82.284328][ T3712] ? PageHeadHuge+0x8a/0x1d0
[ 82.288919][ T3712] ? hfs_free_extents+0x420/0x420
[ 82.293937][ T3712] block_write_begin+0x93/0x1e0
[ 82.298785][ T3712] ? cont_write_begin+0x5e5/0x860
[ 82.303823][ T3712] ? hfs_free_extents+0x420/0x420
[ 82.308875][ T3712] cont_write_begin+0x606/0x860
[ 82.313748][ T3712] ? fault_in_readable+0x1d5/0x310
[ 82.318869][ T3712] ? generic_cont_expand_simple+0x250/0x250
[ 82.324775][ T3712] ? fault_in_readable+0x219/0x310
[ 82.329891][ T3712] ? fault_in_safe_writeable+0x240/0x240
[ 82.335553][ T3712] hfs_write_begin+0x86/0xd0
[ 82.340149][ T3712] ? hfs_free_extents+0x420/0x420
[ 82.345189][ T3712] generic_perform_write+0x2e4/0x5e0
[ 82.350510][ T3712] ? __block_commit_write+0x420/0x420
[ 82.355912][ T3712] ? generic_file_direct_write+0x610/0x610
[ 82.361728][ T3712] ? __file_remove_privs+0x6c0/0x6c0
[ 82.367026][ T3712] ? generic_write_checks+0x15c/0x1c0
[ 82.372420][ T3712] __generic_file_write_iter+0x176/0x400
[ 82.378058][ T3712] generic_file_write_iter+0xab/0x310
[ 82.383432][ T3712] vfs_write+0x7dc/0xc50
[ 82.387768][ T3712] ? file_end_write+0x230/0x230
[ 82.392617][ T3712] ? ptrace_stop+0x74d/0x970
[ 82.397212][ T3712] ? _raw_spin_unlock_irq+0x2a/0x40
[ 82.402412][ T3712] ? __fdget_pos+0x252/0x2e0
[ 82.407004][ T3712] ksys_write+0x177/0x2a0
[ 82.411356][ T3712] ? __ia32_sys_read+0x80/0x80
[ 82.416119][ T3712] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 82.422103][ T3712] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 82.428084][ T3712] do_syscall_64+0x3d/0xb0
[ 82.432496][ T3712] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 82.438383][ T3712] RIP: 0033:0x7f0fa5191c89
[ 82.442796][ T3712] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 82.462396][ T3712] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 82.470808][ T3712] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 82.478780][ T3712] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 82.486767][ T3712] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid 3712] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3712] exit_group(0) = ?
[pid 3712] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3712, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./71/binderfs") = 0
umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./71/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./71/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./71") = 0
mkdir("./72", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3713
./strace-static-x86_64: Process 3713 attached
[pid 3713] chdir("./72") = 0
[pid 3713] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3713] setpgid(0, 0) = 0
[pid 3713] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3713] write(3, "1000", 4) = 4
[ 82.494749][ T3712] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 82.502725][ T3712] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000047
[ 82.510709][ T3712]
[pid 3713] close(3) = 0
[pid 3713] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3713] memfd_create("syzkaller", 0) = 3
[pid 3713] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3713] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3713] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3713] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3713] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3713] close(3) = 0
[pid 3713] mkdir("./file0", 0777) = 0
[pid 3713] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3713] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3713] chdir("./file0") = 0
[pid 3713] ioctl(4, LOOP_CLR_FD) = 0
[pid 3713] close(4) = 0
[pid 3713] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3713] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3713] write(5, "13", 2) = 2
[ 82.568114][ T3713] loop0: detected capacity change from 0 to 64
[ 82.590488][ T3713] FAULT_INJECTION: forcing a failure.
[ 82.590488][ T3713] name failslab, interval 1, probability 0, space 0, times 0
[ 82.603305][ T3713] CPU: 0 PID: 3713 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 82.613996][ T3713] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 82.624051][ T3713] Call Trace:
[ 82.627324][ T3713]
[ 82.630249][ T3713] dump_stack_lvl+0x1b1/0x28e
[ 82.634928][ T3713] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 82.640376][ T3713] ? panic+0x710/0x710
[ 82.644433][ T3713] ? __might_sleep+0xc0/0xc0
[ 82.649009][ T3713] ? __mutex_lock_common+0x45f/0x26e0
[ 82.654378][ T3713] should_fail_ex+0x395/0x4c0
[ 82.659051][ T3713] ? hfs_find_init+0x8b/0x1e0
[ 82.663735][ T3713] should_failslab+0x5/0x20
[ 82.668257][ T3713] __kmem_cache_alloc_node+0x69/0x310
[ 82.673645][ T3713] ? rcu_lock_release+0x5/0x20
[ 82.678419][ T3713] ? hfs_find_init+0x8b/0x1e0
[ 82.683209][ T3713] __kmalloc+0x9e/0x1a0
[ 82.687360][ T3713] hfs_find_init+0x8b/0x1e0
[ 82.691872][ T3713] hfs_extend_file+0x2f8/0x1420
[ 82.696740][ T3713] ? xas_find+0x937/0xa60
[ 82.701071][ T3713] ? hfs_get_block+0xbb0/0xbb0
[ 82.705830][ T3713] ? filemap_get_folios+0x557/0x830
[ 82.711038][ T3713] ? find_lock_entries+0xf60/0xf60
[ 82.716160][ T3713] ? trace_writeback_dirty_inode+0xdf/0x2b0
[ 82.722051][ T3713] hfs_get_block+0x3fc/0xbb0
[ 82.726656][ T3713] ? hfs_free_extents+0x420/0x420
[ 82.731666][ T3713] ? do_raw_spin_unlock+0x134/0x8a0
[ 82.736870][ T3713] ? create_page_buffers+0x244/0x4b0
[ 82.742156][ T3713] __block_write_begin_int+0x54c/0x1a80
[ 82.747716][ T3713] ? hfs_free_extents+0x420/0x420
[ 82.752729][ T3713] ? page_zero_new_buffers+0x940/0x940
[ 82.758190][ T3713] ? PageHeadHuge+0x8a/0x1d0
[ 82.762776][ T3713] ? hfs_free_extents+0x420/0x420
[ 82.767808][ T3713] block_write_begin+0x93/0x1e0
[ 82.772670][ T3713] ? cont_write_begin+0x5e5/0x860
[ 82.777683][ T3713] ? hfs_free_extents+0x420/0x420
[ 82.782707][ T3713] cont_write_begin+0x606/0x860
[ 82.787572][ T3713] ? fault_in_readable+0x1d5/0x310
[ 82.792696][ T3713] ? generic_cont_expand_simple+0x250/0x250
[ 82.798579][ T3713] ? fault_in_readable+0x219/0x310
[ 82.803690][ T3713] ? fault_in_safe_writeable+0x240/0x240
[ 82.809321][ T3713] hfs_write_begin+0x86/0xd0
[ 82.813900][ T3713] ? hfs_free_extents+0x420/0x420
[ 82.818926][ T3713] generic_perform_write+0x2e4/0x5e0
[ 82.824209][ T3713] ? __block_commit_write+0x420/0x420
[ 82.829589][ T3713] ? generic_file_direct_write+0x610/0x610
[ 82.835408][ T3713] ? __file_remove_privs+0x6c0/0x6c0
[ 82.840709][ T3713] ? generic_write_checks+0x15c/0x1c0
[ 82.846093][ T3713] __generic_file_write_iter+0x176/0x400
[ 82.851748][ T3713] generic_file_write_iter+0xab/0x310
[ 82.857126][ T3713] vfs_write+0x7dc/0xc50
[ 82.861383][ T3713] ? file_end_write+0x230/0x230
[ 82.866224][ T3713] ? ptrace_stop+0x74d/0x970
[ 82.870829][ T3713] ? _raw_spin_unlock_irq+0x2a/0x40
[ 82.876043][ T3713] ? __fdget_pos+0x252/0x2e0
[ 82.880625][ T3713] ksys_write+0x177/0x2a0
[ 82.884949][ T3713] ? __ia32_sys_read+0x80/0x80
[ 82.889703][ T3713] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 82.895679][ T3713] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 82.901653][ T3713] do_syscall_64+0x3d/0xb0
[ 82.906062][ T3713] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 82.911953][ T3713] RIP: 0033:0x7f0fa5191c89
[ 82.916371][ T3713] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 82.935972][ T3713] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 82.944383][ T3713] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 82.952348][ T3713] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 82.960312][ T3713] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid 3713] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3713] exit_group(0) = ?
[pid 3713] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3713, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./72/binderfs") = 0
umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./72/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./72/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./72/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./72") = 0
mkdir("./73", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3714
./strace-static-x86_64: Process 3714 attached
[pid 3714] chdir("./73") = 0
[pid 3714] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3714] setpgid(0, 0) = 0
[pid 3714] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3714] write(3, "1000", 4) = 4
[pid 3714] close(3) = 0
[pid 3714] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3714] memfd_create("syzkaller", 0) = 3
[pid 3714] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3714] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3714] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3714] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 82.968276][ T3713] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 82.976243][ T3713] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000048
[ 82.984227][ T3713]
[pid 3714] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3714] close(3) = 0
[pid 3714] mkdir("./file0", 0777) = 0
[pid 3714] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3714] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3714] chdir("./file0") = 0
[pid 3714] ioctl(4, LOOP_CLR_FD) = 0
[pid 3714] close(4) = 0
[pid 3714] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3714] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3714] write(5, "13", 2) = 2
[ 83.023268][ T3714] loop0: detected capacity change from 0 to 64
[ 83.045334][ T3714] FAULT_INJECTION: forcing a failure.
[ 83.045334][ T3714] name failslab, interval 1, probability 0, space 0, times 0
[ 83.058325][ T3714] CPU: 0 PID: 3714 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 83.068756][ T3714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 83.078804][ T3714] Call Trace:
[ 83.082085][ T3714]
[ 83.085029][ T3714] dump_stack_lvl+0x1b1/0x28e
[ 83.089730][ T3714] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 83.095180][ T3714] ? panic+0x710/0x710
[ 83.099254][ T3714] ? __might_sleep+0xc0/0xc0
[ 83.103853][ T3714] ? __mutex_lock_common+0x45f/0x26e0
[ 83.109242][ T3714] should_fail_ex+0x395/0x4c0
[ 83.113922][ T3714] ? hfs_find_init+0x8b/0x1e0
[ 83.118602][ T3714] should_failslab+0x5/0x20
[ 83.123191][ T3714] __kmem_cache_alloc_node+0x69/0x310
[ 83.128561][ T3714] ? rcu_lock_release+0x5/0x20
[ 83.133331][ T3714] ? hfs_find_init+0x8b/0x1e0
[ 83.138006][ T3714] __kmalloc+0x9e/0x1a0
[ 83.142164][ T3714] hfs_find_init+0x8b/0x1e0
[ 83.146670][ T3714] hfs_extend_file+0x2f8/0x1420
[ 83.151520][ T3714] ? xas_find+0x937/0xa60
[ 83.155859][ T3714] ? hfs_get_block+0xbb0/0xbb0
[ 83.160615][ T3714] ? filemap_get_folios+0x557/0x830
[ 83.165821][ T3714] ? find_lock_entries+0xf60/0xf60
[ 83.170940][ T3714] ? trace_writeback_dirty_inode+0xdf/0x2b0
[ 83.176927][ T3714] hfs_get_block+0x3fc/0xbb0
[ 83.181533][ T3714] ? hfs_free_extents+0x420/0x420
[ 83.186618][ T3714] ? do_raw_spin_unlock+0x134/0x8a0
[ 83.191846][ T3714] ? create_page_buffers+0x244/0x4b0
[ 83.197150][ T3714] __block_write_begin_int+0x54c/0x1a80
[ 83.202727][ T3714] ? hfs_free_extents+0x420/0x420
[ 83.207747][ T3714] ? page_zero_new_buffers+0x940/0x940
[ 83.213294][ T3714] ? PageHeadHuge+0x8a/0x1d0
[ 83.217887][ T3714] ? hfs_free_extents+0x420/0x420
[ 83.223079][ T3714] block_write_begin+0x93/0x1e0
[ 83.227930][ T3714] ? cont_write_begin+0x5e5/0x860
[ 83.232955][ T3714] ? hfs_free_extents+0x420/0x420
[ 83.237977][ T3714] cont_write_begin+0x606/0x860
[ 83.242842][ T3714] ? fault_in_readable+0x1d5/0x310
[ 83.247956][ T3714] ? generic_cont_expand_simple+0x250/0x250
[ 83.253850][ T3714] ? fault_in_readable+0x219/0x310
[ 83.258981][ T3714] ? fault_in_safe_writeable+0x240/0x240
[ 83.264621][ T3714] hfs_write_begin+0x86/0xd0
[ 83.269209][ T3714] ? hfs_free_extents+0x420/0x420
[ 83.274234][ T3714] generic_perform_write+0x2e4/0x5e0
[ 83.279527][ T3714] ? __block_commit_write+0x420/0x420
[ 83.284897][ T3714] ? generic_file_direct_write+0x610/0x610
[ 83.290699][ T3714] ? __file_remove_privs+0x6c0/0x6c0
[ 83.296007][ T3714] ? generic_write_checks+0x15c/0x1c0
[ 83.301388][ T3714] __generic_file_write_iter+0x176/0x400
[ 83.307038][ T3714] generic_file_write_iter+0xab/0x310
[ 83.312413][ T3714] vfs_write+0x7dc/0xc50
[ 83.316662][ T3714] ? file_end_write+0x230/0x230
[ 83.321508][ T3714] ? ptrace_stop+0x74d/0x970
[ 83.326106][ T3714] ? _raw_spin_unlock_irq+0x2a/0x40
[ 83.331310][ T3714] ? __fdget_pos+0x252/0x2e0
[ 83.335906][ T3714] ksys_write+0x177/0x2a0
[ 83.340236][ T3714] ? __ia32_sys_read+0x80/0x80
[ 83.345000][ T3714] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 83.350986][ T3714] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 83.356969][ T3714] do_syscall_64+0x3d/0xb0
[ 83.361388][ T3714] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 83.367280][ T3714] RIP: 0033:0x7f0fa5191c89
[ 83.371689][ T3714] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 83.391482][ T3714] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 83.399902][ T3714] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 83.407959][ T3714] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 83.415926][ T3714] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid 3714] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3714] exit_group(0) = ?
[pid 3714] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3714, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./73/binderfs") = 0
umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./73/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./73/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./73/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
[ 83.423892][ T3714] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 83.431862][ T3714] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000049
[ 83.439846][ T3714]
rmdir("./73") = 0
mkdir("./74", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3715
./strace-static-x86_64: Process 3715 attached
[pid 3715] chdir("./74") = 0
[pid 3715] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3715] setpgid(0, 0) = 0
[pid 3715] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3715] write(3, "1000", 4) = 4
[pid 3715] close(3) = 0
[pid 3715] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3715] memfd_create("syzkaller", 0) = 3
[pid 3715] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3715] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3715] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3715] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3715] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3715] close(3) = 0
[pid 3715] mkdir("./file0", 0777) = 0
[pid 3715] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3715] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3715] chdir("./file0") = 0
[pid 3715] ioctl(4, LOOP_CLR_FD) = 0
[pid 3715] close(4) = 0
[pid 3715] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3715] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3715] write(5, "13", 2) = 2
[ 83.488551][ T3715] loop0: detected capacity change from 0 to 64
[ 83.507879][ T3715] FAULT_INJECTION: forcing a failure.
[ 83.507879][ T3715] name failslab, interval 1, probability 0, space 0, times 0
[ 83.521175][ T3715] CPU: 1 PID: 3715 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 83.531613][ T3715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 83.541659][ T3715] Call Trace:
[ 83.544926][ T3715]
[ 83.547852][ T3715] dump_stack_lvl+0x1b1/0x28e
[ 83.552523][ T3715] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 83.557967][ T3715] ? panic+0x710/0x710
[ 83.562031][ T3715] ? __might_sleep+0xc0/0xc0
[ 83.566635][ T3715] ? __mutex_lock_common+0x45f/0x26e0
[ 83.572025][ T3715] should_fail_ex+0x395/0x4c0
[ 83.576709][ T3715] ? hfs_find_init+0x8b/0x1e0
[ 83.581389][ T3715] should_failslab+0x5/0x20
[ 83.585895][ T3715] __kmem_cache_alloc_node+0x69/0x310
[ 83.591264][ T3715] ? rcu_lock_release+0x5/0x20
[ 83.596032][ T3715] ? hfs_find_init+0x8b/0x1e0
[ 83.600717][ T3715] __kmalloc+0x9e/0x1a0
[ 83.604877][ T3715] hfs_find_init+0x8b/0x1e0
[ 83.609388][ T3715] hfs_extend_file+0x2f8/0x1420
[ 83.614235][ T3715] ? xas_find+0x937/0xa60
[ 83.618573][ T3715] ? hfs_get_block+0xbb0/0xbb0
[ 83.623331][ T3715] ? filemap_get_folios+0x557/0x830
[ 83.628546][ T3715] ? find_lock_entries+0xf60/0xf60
[ 83.633665][ T3715] ? trace_writeback_dirty_inode+0xdf/0x2b0
[ 83.639569][ T3715] hfs_get_block+0x3fc/0xbb0
[ 83.644171][ T3715] ? hfs_free_extents+0x420/0x420
[ 83.649193][ T3715] ? do_raw_spin_unlock+0x134/0x8a0
[ 83.654403][ T3715] ? create_page_buffers+0x244/0x4b0
[ 83.659696][ T3715] __block_write_begin_int+0x54c/0x1a80
[ 83.665264][ T3715] ? hfs_free_extents+0x420/0x420
[ 83.670284][ T3715] ? page_zero_new_buffers+0x940/0x940
[ 83.675744][ T3715] ? PageHeadHuge+0x8a/0x1d0
[ 83.680339][ T3715] ? hfs_free_extents+0x420/0x420
[ 83.685359][ T3715] block_write_begin+0x93/0x1e0
[ 83.690212][ T3715] ? cont_write_begin+0x5e5/0x860
[ 83.695235][ T3715] ? hfs_free_extents+0x420/0x420
[ 83.700259][ T3715] cont_write_begin+0x606/0x860
[ 83.705115][ T3715] ? fault_in_readable+0x1d5/0x310
[ 83.710232][ T3715] ? generic_cont_expand_simple+0x250/0x250
[ 83.716128][ T3715] ? fault_in_readable+0x219/0x310
[ 83.721239][ T3715] ? fault_in_safe_writeable+0x240/0x240
[ 83.726880][ T3715] hfs_write_begin+0x86/0xd0
[ 83.731469][ T3715] ? hfs_free_extents+0x420/0x420
[ 83.736495][ T3715] generic_perform_write+0x2e4/0x5e0
[ 83.741786][ T3715] ? __block_commit_write+0x420/0x420
[ 83.747160][ T3715] ? generic_file_direct_write+0x610/0x610
[ 83.752968][ T3715] ? __file_remove_privs+0x6c0/0x6c0
[ 83.758254][ T3715] ? generic_write_checks+0x15c/0x1c0
[ 83.763633][ T3715] __generic_file_write_iter+0x176/0x400
[ 83.769272][ T3715] generic_file_write_iter+0xab/0x310
[ 83.774656][ T3715] vfs_write+0x7dc/0xc50
[ 83.778908][ T3715] ? file_end_write+0x230/0x230
[ 83.783760][ T3715] ? ptrace_stop+0x74d/0x970
[ 83.788364][ T3715] ? _raw_spin_unlock_irq+0x2a/0x40
[ 83.793571][ T3715] ? __fdget_pos+0x252/0x2e0
[ 83.798161][ T3715] ksys_write+0x177/0x2a0
[ 83.802496][ T3715] ? __ia32_sys_read+0x80/0x80
[ 83.807258][ T3715] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 83.813241][ T3715] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 83.819222][ T3715] do_syscall_64+0x3d/0xb0
[ 83.823636][ T3715] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 83.829525][ T3715] RIP: 0033:0x7f0fa5191c89
[ 83.833937][ T3715] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 83.853547][ T3715] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 83.861964][ T3715] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 83.869931][ T3715] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 83.877903][ T3715] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid 3715] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3715] exit_group(0) = ?
[pid 3715] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3715, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./74/binderfs") = 0
umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./74/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./74/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./74/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./74") = 0
mkdir("./75", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
[ 83.885881][ T3715] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 83.893850][ T3715] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000004a
[ 83.901835][ T3715]
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3716
./strace-static-x86_64: Process 3716 attached
[pid 3716] chdir("./75") = 0
[pid 3716] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3716] setpgid(0, 0) = 0
[pid 3716] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3716] write(3, "1000", 4) = 4
[pid 3716] close(3) = 0
[pid 3716] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3716] memfd_create("syzkaller", 0) = 3
[pid 3716] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3716] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3716] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3716] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3716] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3716] close(3) = 0
[pid 3716] mkdir("./file0", 0777) = 0
[pid 3716] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3716] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3716] chdir("./file0") = 0
[pid 3716] ioctl(4, LOOP_CLR_FD) = 0
[pid 3716] close(4) = 0
[pid 3716] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3716] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3716] write(5, "13", 2) = 2
[ 83.975911][ T3716] loop0: detected capacity change from 0 to 64
[ 84.008904][ T3716] FAULT_INJECTION: forcing a failure.
[ 84.008904][ T3716] name failslab, interval 1, probability 0, space 0, times 0
[ 84.021858][ T3716] CPU: 0 PID: 3716 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 84.032299][ T3716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 84.042362][ T3716] Call Trace:
[ 84.045644][ T3716]
[ 84.048577][ T3716] dump_stack_lvl+0x1b1/0x28e
[ 84.053261][ T3716] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 84.058717][ T3716] ? panic+0x710/0x710
[ 84.062792][ T3716] ? __might_sleep+0xc0/0xc0
[ 84.067381][ T3716] ? __mutex_lock_common+0x45f/0x26e0
[ 84.072758][ T3716] should_fail_ex+0x395/0x4c0
[ 84.077441][ T3716] ? hfs_find_init+0x8b/0x1e0
[ 84.082122][ T3716] should_failslab+0x5/0x20
[ 84.086713][ T3716] __kmem_cache_alloc_node+0x69/0x310
[ 84.092175][ T3716] ? hfs_find_init+0x8b/0x1e0
[ 84.096857][ T3716] __kmalloc+0x9e/0x1a0
[ 84.101016][ T3716] hfs_find_init+0x8b/0x1e0
[ 84.105527][ T3716] hfs_extend_file+0x2f8/0x1420
[ 84.110385][ T3716] ? hfs_get_block+0xbb0/0xbb0
[ 84.115156][ T3716] ? lru_cache_disable+0x30/0x30
[ 84.120094][ T3716] ? __might_sleep+0xc0/0xc0
[ 84.124736][ T3716] hfs_get_block+0x3fc/0xbb0
[ 84.129336][ T3716] ? hfs_free_extents+0x420/0x420
[ 84.134358][ T3716] ? do_raw_spin_unlock+0x134/0x8a0
[ 84.139565][ T3716] ? create_page_buffers+0x244/0x4b0
[ 84.144881][ T3716] __block_write_begin_int+0x54c/0x1a80
[ 84.150463][ T3716] ? hfs_free_extents+0x420/0x420
[ 84.155495][ T3716] ? page_zero_new_buffers+0x940/0x940
[ 84.160966][ T3716] ? PageHeadHuge+0x8a/0x1d0
[ 84.165564][ T3716] ? hfs_free_extents+0x420/0x420
[ 84.170586][ T3716] block_write_begin+0x93/0x1e0
[ 84.175530][ T3716] ? cont_write_begin+0x5e5/0x860
[ 84.180572][ T3716] ? hfs_free_extents+0x420/0x420
[ 84.185609][ T3716] cont_write_begin+0x606/0x860
[ 84.190479][ T3716] ? fault_in_readable+0x1d5/0x310
[ 84.195621][ T3716] ? generic_cont_expand_simple+0x250/0x250
[ 84.201525][ T3716] ? fault_in_readable+0x219/0x310
[ 84.206662][ T3716] ? fault_in_safe_writeable+0x240/0x240
[ 84.212332][ T3716] hfs_write_begin+0x86/0xd0
[ 84.216945][ T3716] ? hfs_free_extents+0x420/0x420
[ 84.221980][ T3716] generic_perform_write+0x2e4/0x5e0
[ 84.227280][ T3716] ? __block_commit_write+0x420/0x420
[ 84.232660][ T3716] ? generic_file_direct_write+0x610/0x610
[ 84.238468][ T3716] ? __file_remove_privs+0x6c0/0x6c0
[ 84.243756][ T3716] ? generic_write_checks+0x15c/0x1c0
[ 84.249135][ T3716] __generic_file_write_iter+0x176/0x400
[ 84.254772][ T3716] generic_file_write_iter+0xab/0x310
[ 84.260146][ T3716] vfs_write+0x7dc/0xc50
[ 84.264401][ T3716] ? file_end_write+0x230/0x230
[ 84.269249][ T3716] ? ptrace_stop+0x74d/0x970
[ 84.273847][ T3716] ? _raw_spin_unlock_irq+0x2a/0x40
[ 84.279049][ T3716] ? __fdget_pos+0x252/0x2e0
[ 84.283646][ T3716] ksys_write+0x177/0x2a0
[ 84.288009][ T3716] ? __ia32_sys_read+0x80/0x80
[ 84.292803][ T3716] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 84.298814][ T3716] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 84.304811][ T3716] do_syscall_64+0x3d/0xb0
[ 84.309240][ T3716] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 84.315139][ T3716] RIP: 0033:0x7f0fa5191c89
[ 84.319554][ T3716] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 84.339182][ T3716] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 84.347617][ T3716] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 84.355597][ T3716] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 84.363568][ T3716] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid 3716] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3716] exit_group(0) = ?
[pid 3716] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3716, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./75", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./75/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./75/binderfs") = 0
umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./75/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./75/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./75/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./75") = 0
mkdir("./76", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3717 attached
, child_tidptr=0x555555b7f5d0) = 3717
[pid 3717] chdir("./76") = 0
[pid 3717] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3717] setpgid(0, 0) = 0
[pid 3717] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3717] write(3, "1000", 4) = 4
[pid 3717] close(3) = 0
[ 84.371538][ T3716] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 84.379505][ T3716] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000004b
[ 84.387488][ T3716]
[pid 3717] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3717] memfd_create("syzkaller", 0) = 3
[pid 3717] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3717] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3717] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3717] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3717] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3717] close(3) = 0
[pid 3717] mkdir("./file0", 0777) = 0
[pid 3717] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3717] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3717] chdir("./file0") = 0
[pid 3717] ioctl(4, LOOP_CLR_FD) = 0
[pid 3717] close(4) = 0
[pid 3717] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3717] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3717] write(5, "13", 2) = 2
[ 84.444566][ T3717] loop0: detected capacity change from 0 to 64
[ 84.472532][ T3717] FAULT_INJECTION: forcing a failure.
[ 84.472532][ T3717] name failslab, interval 1, probability 0, space 0, times 0
[ 84.485427][ T3717] CPU: 1 PID: 3717 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 84.495851][ T3717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 84.505921][ T3717] Call Trace:
[ 84.509192][ T3717]
[ 84.512123][ T3717] dump_stack_lvl+0x1b1/0x28e
[ 84.516814][ T3717] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 84.522264][ T3717] ? panic+0x710/0x710
[ 84.526337][ T3717] ? __might_sleep+0xc0/0xc0
[ 84.530916][ T3717] ? __mutex_lock_common+0x45f/0x26e0
[ 84.536290][ T3717] should_fail_ex+0x395/0x4c0
[ 84.540971][ T3717] ? hfs_find_init+0x8b/0x1e0
[ 84.545660][ T3717] should_failslab+0x5/0x20
[ 84.550163][ T3717] __kmem_cache_alloc_node+0x69/0x310
[ 84.555534][ T3717] ? hfs_find_init+0x8b/0x1e0
[ 84.560205][ T3717] __kmalloc+0x9e/0x1a0
[ 84.564360][ T3717] hfs_find_init+0x8b/0x1e0
[ 84.568870][ T3717] hfs_extend_file+0x2f8/0x1420
[ 84.573734][ T3717] ? hfs_get_block+0xbb0/0xbb0
[ 84.578497][ T3717] ? lru_cache_disable+0x30/0x30
[ 84.583450][ T3717] ? __might_sleep+0xc0/0xc0
[ 84.588064][ T3717] hfs_get_block+0x3fc/0xbb0
[ 84.592676][ T3717] ? hfs_free_extents+0x420/0x420
[ 84.597708][ T3717] ? do_raw_spin_unlock+0x134/0x8a0
[ 84.602927][ T3717] ? create_page_buffers+0x244/0x4b0
[ 84.608214][ T3717] __block_write_begin_int+0x54c/0x1a80
[ 84.613767][ T3717] ? hfs_free_extents+0x420/0x420
[ 84.618791][ T3717] ? page_zero_new_buffers+0x940/0x940
[ 84.624423][ T3717] ? PageHeadHuge+0x8a/0x1d0
[ 84.629010][ T3717] ? hfs_free_extents+0x420/0x420
[ 84.634025][ T3717] block_write_begin+0x93/0x1e0
[ 84.638868][ T3717] ? cont_write_begin+0x5e5/0x860
[ 84.643886][ T3717] ? hfs_free_extents+0x420/0x420
[ 84.648909][ T3717] cont_write_begin+0x606/0x860
[ 84.653789][ T3717] ? fault_in_readable+0x1d5/0x310
[ 84.658907][ T3717] ? generic_cont_expand_simple+0x250/0x250
[ 84.664795][ T3717] ? fault_in_readable+0x219/0x310
[ 84.669899][ T3717] ? fault_in_safe_writeable+0x240/0x240
[ 84.675529][ T3717] hfs_write_begin+0x86/0xd0
[ 84.680109][ T3717] ? hfs_free_extents+0x420/0x420
[ 84.685127][ T3717] generic_perform_write+0x2e4/0x5e0
[ 84.690412][ T3717] ? __block_commit_write+0x420/0x420
[ 84.695792][ T3717] ? generic_file_direct_write+0x610/0x610
[ 84.701595][ T3717] ? __file_remove_privs+0x6c0/0x6c0
[ 84.706874][ T3717] ? generic_write_checks+0x15c/0x1c0
[ 84.712260][ T3717] __generic_file_write_iter+0x176/0x400
[ 84.717908][ T3717] generic_file_write_iter+0xab/0x310
[ 84.723301][ T3717] vfs_write+0x7dc/0xc50
[ 84.727559][ T3717] ? file_end_write+0x230/0x230
[ 84.732425][ T3717] ? ptrace_stop+0x74d/0x970
[ 84.737028][ T3717] ? _raw_spin_unlock_irq+0x2a/0x40
[ 84.742240][ T3717] ? __fdget_pos+0x252/0x2e0
[ 84.746840][ T3717] ksys_write+0x177/0x2a0
[ 84.751166][ T3717] ? __ia32_sys_read+0x80/0x80
[ 84.755925][ T3717] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 84.761914][ T3717] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 84.767903][ T3717] do_syscall_64+0x3d/0xb0
[ 84.772315][ T3717] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 84.778211][ T3717] RIP: 0033:0x7f0fa5191c89
[ 84.782647][ T3717] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 84.802244][ T3717] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 84.810649][ T3717] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 84.818615][ T3717] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 84.826587][ T3717] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 84.834576][ T3717] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid 3717] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3717] exit_group(0) = ?
[pid 3717] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3717, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./76", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./76/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./76/binderfs") = 0
umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./76/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./76/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./76/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./76") = 0
mkdir("./77", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3718
./strace-static-x86_64: Process 3718 attached
[pid 3718] chdir("./77") = 0
[pid 3718] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3718] setpgid(0, 0) = 0
[pid 3718] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3718] write(3, "1000", 4) = 4
[pid 3718] close(3) = 0
[pid 3718] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3718] memfd_create("syzkaller", 0) = 3
[pid 3718] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3718] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3718] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3718] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 84.842554][ T3717] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000004c
[ 84.850531][ T3717]
[pid 3718] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3718] close(3) = 0
[pid 3718] mkdir("./file0", 0777) = 0
[pid 3718] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3718] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3718] chdir("./file0") = 0
[pid 3718] ioctl(4, LOOP_CLR_FD) = 0
[pid 3718] close(4) = 0
[pid 3718] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3718] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3718] write(5, "13", 2) = 2
[ 84.905361][ T3718] loop0: detected capacity change from 0 to 64
[ 84.933066][ T3718] FAULT_INJECTION: forcing a failure.
[ 84.933066][ T3718] name failslab, interval 1, probability 0, space 0, times 0
[ 84.945922][ T3718] CPU: 0 PID: 3718 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 84.956333][ T3718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 84.966403][ T3718] Call Trace:
[ 84.969692][ T3718]
[ 84.972613][ T3718] dump_stack_lvl+0x1b1/0x28e
[ 84.977298][ T3718] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 84.982775][ T3718] ? panic+0x710/0x710
[ 84.986861][ T3718] ? __might_sleep+0xc0/0xc0
[ 84.991456][ T3718] ? __mutex_lock_common+0x45f/0x26e0
[ 84.996830][ T3718] should_fail_ex+0x395/0x4c0
[ 85.001507][ T3718] ? hfs_find_init+0x8b/0x1e0
[ 85.006177][ T3718] should_failslab+0x5/0x20
[ 85.010678][ T3718] __kmem_cache_alloc_node+0x69/0x310
[ 85.016067][ T3718] ? hfs_find_init+0x8b/0x1e0
[ 85.020756][ T3718] __kmalloc+0x9e/0x1a0
[ 85.024910][ T3718] hfs_find_init+0x8b/0x1e0
[ 85.029412][ T3718] hfs_extend_file+0x2f8/0x1420
[ 85.034263][ T3718] ? hfs_get_block+0xbb0/0xbb0
[ 85.039032][ T3718] ? lru_cache_disable+0x30/0x30
[ 85.043960][ T3718] ? __might_sleep+0xc0/0xc0
[ 85.048554][ T3718] hfs_get_block+0x3fc/0xbb0
[ 85.053162][ T3718] ? hfs_free_extents+0x420/0x420
[ 85.058192][ T3718] ? do_raw_spin_unlock+0x134/0x8a0
[ 85.063406][ T3718] ? create_page_buffers+0x244/0x4b0
[ 85.068688][ T3718] __block_write_begin_int+0x54c/0x1a80
[ 85.074240][ T3718] ? hfs_free_extents+0x420/0x420
[ 85.079267][ T3718] ? page_zero_new_buffers+0x940/0x940
[ 85.084747][ T3718] ? PageHeadHuge+0x8a/0x1d0
[ 85.089360][ T3718] ? hfs_free_extents+0x420/0x420
[ 85.094381][ T3718] block_write_begin+0x93/0x1e0
[ 85.099247][ T3718] ? cont_write_begin+0x5e5/0x860
[ 85.104265][ T3718] ? hfs_free_extents+0x420/0x420
[ 85.109286][ T3718] cont_write_begin+0x606/0x860
[ 85.114153][ T3718] ? fault_in_readable+0x1d5/0x310
[ 85.119270][ T3718] ? generic_cont_expand_simple+0x250/0x250
[ 85.125159][ T3718] ? fault_in_readable+0x219/0x310
[ 85.130271][ T3718] ? fault_in_safe_writeable+0x240/0x240
[ 85.135900][ T3718] hfs_write_begin+0x86/0xd0
[ 85.140920][ T3718] ? hfs_free_extents+0x420/0x420
[ 85.145959][ T3718] generic_perform_write+0x2e4/0x5e0
[ 85.151248][ T3718] ? __block_commit_write+0x420/0x420
[ 85.156617][ T3718] ? generic_file_direct_write+0x610/0x610
[ 85.162418][ T3718] ? __file_remove_privs+0x6c0/0x6c0
[ 85.167704][ T3718] ? generic_write_checks+0x15c/0x1c0
[ 85.173107][ T3718] __generic_file_write_iter+0x176/0x400
[ 85.178782][ T3718] generic_file_write_iter+0xab/0x310
[ 85.184182][ T3718] vfs_write+0x7dc/0xc50
[ 85.188462][ T3718] ? file_end_write+0x230/0x230
[ 85.193325][ T3718] ? ptrace_stop+0x74d/0x970
[ 85.197919][ T3718] ? _raw_spin_unlock_irq+0x2a/0x40
[ 85.203133][ T3718] ? __fdget_pos+0x252/0x2e0
[ 85.207726][ T3718] ksys_write+0x177/0x2a0
[ 85.212078][ T3718] ? __ia32_sys_read+0x80/0x80
[ 85.216850][ T3718] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 85.222836][ T3718] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 85.228825][ T3718] do_syscall_64+0x3d/0xb0
[ 85.233232][ T3718] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 85.239120][ T3718] RIP: 0033:0x7f0fa5191c89
[ 85.243535][ T3718] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 85.263252][ T3718] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 85.271763][ T3718] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 85.279754][ T3718] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 85.287739][ T3718] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 85.295708][ T3718] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid 3718] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3718] exit_group(0) = ?
[pid 3718] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3718, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./77", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./77/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./77/binderfs") = 0
umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./77/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./77/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./77/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./77") = 0
mkdir("./78", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3719
./strace-static-x86_64: Process 3719 attached
[pid 3719] chdir("./78") = 0
[pid 3719] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3719] setpgid(0, 0) = 0
[pid 3719] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3719] write(3, "1000", 4) = 4
[pid 3719] close(3) = 0
[pid 3719] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3719] memfd_create("syzkaller", 0) = 3
[pid 3719] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3719] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3719] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3719] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 85.303677][ T3718] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000004d
[ 85.311673][ T3718]
[pid 3719] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3719] close(3) = 0
[pid 3719] mkdir("./file0", 0777) = 0
[pid 3719] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3719] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3719] chdir("./file0") = 0
[pid 3719] ioctl(4, LOOP_CLR_FD) = 0
[pid 3719] close(4) = 0
[pid 3719] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3719] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3719] write(5, "13", 2) = 2
[ 85.365207][ T3719] loop0: detected capacity change from 0 to 64
[ 85.386951][ T3719] FAULT_INJECTION: forcing a failure.
[ 85.386951][ T3719] name failslab, interval 1, probability 0, space 0, times 0
[ 85.399862][ T3719] CPU: 0 PID: 3719 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 85.410302][ T3719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 85.420367][ T3719] Call Trace:
[ 85.423651][ T3719]
[ 85.426573][ T3719] dump_stack_lvl+0x1b1/0x28e
[ 85.431258][ T3719] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 85.436744][ T3719] ? panic+0x710/0x710
[ 85.440832][ T3719] ? __might_sleep+0xc0/0xc0
[ 85.445430][ T3719] ? __mutex_lock_common+0x45f/0x26e0
[ 85.450811][ T3719] should_fail_ex+0x395/0x4c0
[ 85.455503][ T3719] ? hfs_find_init+0x8b/0x1e0
[ 85.460175][ T3719] should_failslab+0x5/0x20
[ 85.464689][ T3719] __kmem_cache_alloc_node+0x69/0x310
[ 85.470064][ T3719] ? rcu_lock_release+0x5/0x20
[ 85.474840][ T3719] ? hfs_find_init+0x8b/0x1e0
[ 85.479529][ T3719] __kmalloc+0x9e/0x1a0
[ 85.483713][ T3719] hfs_find_init+0x8b/0x1e0
[ 85.488236][ T3719] hfs_extend_file+0x2f8/0x1420
[ 85.493080][ T3719] ? xas_find+0x937/0xa60
[ 85.497423][ T3719] ? hfs_get_block+0xbb0/0xbb0
[ 85.502193][ T3719] ? filemap_get_folios+0x557/0x830
[ 85.507388][ T3719] ? find_lock_entries+0xf60/0xf60
[ 85.512508][ T3719] ? trace_writeback_dirty_inode+0xdf/0x2b0
[ 85.518422][ T3719] hfs_get_block+0x3fc/0xbb0
[ 85.523580][ T3719] ? hfs_free_extents+0x420/0x420
[ 85.528640][ T3719] ? do_raw_spin_unlock+0x134/0x8a0
[ 85.533840][ T3719] ? create_page_buffers+0x244/0x4b0
[ 85.539131][ T3719] __block_write_begin_int+0x54c/0x1a80
[ 85.544688][ T3719] ? hfs_free_extents+0x420/0x420
[ 85.549715][ T3719] ? page_zero_new_buffers+0x940/0x940
[ 85.555206][ T3719] ? PageHeadHuge+0x8a/0x1d0
[ 85.559810][ T3719] ? hfs_free_extents+0x420/0x420
[ 85.564830][ T3719] block_write_begin+0x93/0x1e0
[ 85.569700][ T3719] ? cont_write_begin+0x5e5/0x860
[ 85.574738][ T3719] ? hfs_free_extents+0x420/0x420
[ 85.579771][ T3719] cont_write_begin+0x606/0x860
[ 85.584621][ T3719] ? fault_in_readable+0x1d5/0x310
[ 85.589825][ T3719] ? generic_cont_expand_simple+0x250/0x250
[ 85.595907][ T3719] ? fault_in_readable+0x219/0x310
[ 85.601021][ T3719] ? fault_in_safe_writeable+0x240/0x240
[ 85.606656][ T3719] hfs_write_begin+0x86/0xd0
[ 85.611240][ T3719] ? hfs_free_extents+0x420/0x420
[ 85.616257][ T3719] generic_perform_write+0x2e4/0x5e0
[ 85.621556][ T3719] ? __block_commit_write+0x420/0x420
[ 85.626969][ T3719] ? generic_file_direct_write+0x610/0x610
[ 85.632788][ T3719] ? __file_remove_privs+0x6c0/0x6c0
[ 85.638076][ T3719] ? generic_write_checks+0x15c/0x1c0
[ 85.643481][ T3719] __generic_file_write_iter+0x176/0x400
[ 85.649146][ T3719] generic_file_write_iter+0xab/0x310
[ 85.654546][ T3719] vfs_write+0x7dc/0xc50
[ 85.658820][ T3719] ? file_end_write+0x230/0x230
[ 85.663676][ T3719] ? ptrace_stop+0x74d/0x970
[ 85.668284][ T3719] ? _raw_spin_unlock_irq+0x2a/0x40
[ 85.673493][ T3719] ? __fdget_pos+0x252/0x2e0
[ 85.678077][ T3719] ksys_write+0x177/0x2a0
[ 85.682401][ T3719] ? __ia32_sys_read+0x80/0x80
[ 85.687162][ T3719] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 85.693148][ T3719] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 85.699144][ T3719] do_syscall_64+0x3d/0xb0
[ 85.703551][ T3719] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 85.709445][ T3719] RIP: 0033:0x7f0fa5191c89
[ 85.713866][ T3719] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 85.733465][ T3719] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 85.741871][ T3719] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 85.749866][ T3719] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 85.757839][ T3719] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid 3719] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3719] exit_group(0) = ?
[pid 3719] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3719, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./78", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./78/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./78/binderfs") = 0
umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./78/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./78/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./78/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./78") = 0
mkdir("./79", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 85.765822][ T3719] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 85.773795][ T3719] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000004e
[ 85.781768][ T3719]
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3720
./strace-static-x86_64: Process 3720 attached
[pid 3720] chdir("./79") = 0
[pid 3720] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3720] setpgid(0, 0) = 0
[pid 3720] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3720] write(3, "1000", 4) = 4
[pid 3720] close(3) = 0
[pid 3720] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3720] memfd_create("syzkaller", 0) = 3
[pid 3720] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3720] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3720] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3720] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3720] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3720] close(3) = 0
[pid 3720] mkdir("./file0", 0777) = 0
[pid 3720] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3720] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3720] chdir("./file0") = 0
[pid 3720] ioctl(4, LOOP_CLR_FD) = 0
[pid 3720] close(4) = 0
[pid 3720] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3720] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3720] write(5, "13", 2) = 2
[ 85.843191][ T3720] loop0: detected capacity change from 0 to 64
[ 85.865156][ T3720] FAULT_INJECTION: forcing a failure.
[ 85.865156][ T3720] name failslab, interval 1, probability 0, space 0, times 0
[ 85.877942][ T3720] CPU: 0 PID: 3720 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 85.888366][ T3720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 85.898411][ T3720] Call Trace:
[ 85.901681][ T3720]
[ 85.904607][ T3720] dump_stack_lvl+0x1b1/0x28e
[ 85.909294][ T3720] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 85.914760][ T3720] ? panic+0x710/0x710
[ 85.918826][ T3720] ? __might_sleep+0xc0/0xc0
[ 85.923409][ T3720] ? __mutex_lock_common+0x45f/0x26e0
[ 85.928782][ T3720] should_fail_ex+0x395/0x4c0
[ 85.933454][ T3720] ? hfs_find_init+0x8b/0x1e0
[ 85.938149][ T3720] should_failslab+0x5/0x20
[ 85.942661][ T3720] __kmem_cache_alloc_node+0x69/0x310
[ 85.948036][ T3720] ? rcu_lock_release+0x5/0x20
[ 85.952810][ T3720] ? hfs_find_init+0x8b/0x1e0
[ 85.957478][ T3720] __kmalloc+0x9e/0x1a0
[ 85.961627][ T3720] hfs_find_init+0x8b/0x1e0
[ 85.966141][ T3720] hfs_extend_file+0x2f8/0x1420
[ 85.971000][ T3720] ? xas_find+0x937/0xa60
[ 85.975328][ T3720] ? hfs_get_block+0xbb0/0xbb0
[ 85.980077][ T3720] ? filemap_get_folios+0x557/0x830
[ 85.985294][ T3720] ? find_lock_entries+0xf60/0xf60
[ 85.990418][ T3720] ? trace_writeback_dirty_inode+0xdf/0x2b0
[ 85.996326][ T3720] hfs_get_block+0x3fc/0xbb0
[ 86.000932][ T3720] ? hfs_free_extents+0x420/0x420
[ 86.005952][ T3720] ? do_raw_spin_unlock+0x134/0x8a0
[ 86.011164][ T3720] ? create_page_buffers+0x244/0x4b0
[ 86.016445][ T3720] __block_write_begin_int+0x54c/0x1a80
[ 86.022000][ T3720] ? hfs_free_extents+0x420/0x420
[ 86.027014][ T3720] ? page_zero_new_buffers+0x940/0x940
[ 86.032482][ T3720] ? PageHeadHuge+0x8a/0x1d0
[ 86.037072][ T3720] ? hfs_free_extents+0x420/0x420
[ 86.042086][ T3720] block_write_begin+0x93/0x1e0
[ 86.046933][ T3720] ? cont_write_begin+0x5e5/0x860
[ 86.051949][ T3720] ? hfs_free_extents+0x420/0x420
[ 86.056972][ T3720] cont_write_begin+0x606/0x860
[ 86.061840][ T3720] ? fault_in_readable+0x1d5/0x310
[ 86.067284][ T3720] ? generic_cont_expand_simple+0x250/0x250
[ 86.073191][ T3720] ? fault_in_readable+0x219/0x310
[ 86.078421][ T3720] ? fault_in_safe_writeable+0x240/0x240
[ 86.084071][ T3720] hfs_write_begin+0x86/0xd0
[ 86.088654][ T3720] ? hfs_free_extents+0x420/0x420
[ 86.093691][ T3720] generic_perform_write+0x2e4/0x5e0
[ 86.099010][ T3720] ? __block_commit_write+0x420/0x420
[ 86.104412][ T3720] ? generic_file_direct_write+0x610/0x610
[ 86.110241][ T3720] ? __file_remove_privs+0x6c0/0x6c0
[ 86.115532][ T3720] ? generic_write_checks+0x15c/0x1c0
[ 86.120910][ T3720] __generic_file_write_iter+0x176/0x400
[ 86.126558][ T3720] generic_file_write_iter+0xab/0x310
[ 86.131931][ T3720] vfs_write+0x7dc/0xc50
[ 86.136176][ T3720] ? file_end_write+0x230/0x230
[ 86.141542][ T3720] ? ptrace_stop+0x74d/0x970
[ 86.146146][ T3720] ? _raw_spin_unlock_irq+0x2a/0x40
[ 86.151372][ T3720] ? __fdget_pos+0x252/0x2e0
[ 86.155968][ T3720] ksys_write+0x177/0x2a0
[ 86.160309][ T3720] ? __ia32_sys_read+0x80/0x80
[ 86.165155][ T3720] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 86.171141][ T3720] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 86.177135][ T3720] do_syscall_64+0x3d/0xb0
[ 86.181542][ T3720] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 86.187422][ T3720] RIP: 0033:0x7f0fa5191c89
[ 86.191835][ T3720] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 86.211455][ T3720] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 86.219898][ T3720] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 86.227884][ T3720] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 86.235854][ T3720] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid 3720] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3720] exit_group(0) = ?
[pid 3720] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3720, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./79", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./79/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./79/binderfs") = 0
umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./79/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./79/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./79/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./79") = 0
mkdir("./80", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[ 86.243824][ T3720] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 86.251795][ T3720] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000004f
[ 86.259796][ T3720]
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3721
./strace-static-x86_64: Process 3721 attached
[pid 3721] chdir("./80") = 0
[pid 3721] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3721] setpgid(0, 0) = 0
[pid 3721] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3721] write(3, "1000", 4) = 4
[pid 3721] close(3) = 0
[pid 3721] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3721] memfd_create("syzkaller", 0) = 3
[pid 3721] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3721] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3721] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3721] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3721] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3721] close(3) = 0
[pid 3721] mkdir("./file0", 0777) = 0
[pid 3721] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3721] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3721] chdir("./file0") = 0
[pid 3721] ioctl(4, LOOP_CLR_FD) = 0
[pid 3721] close(4) = 0
[pid 3721] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3721] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3721] write(5, "13", 2) = 2
[ 86.322138][ T3721] loop0: detected capacity change from 0 to 64
[ 86.348068][ T3721] FAULT_INJECTION: forcing a failure.
[ 86.348068][ T3721] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 86.361733][ T3721] CPU: 0 PID: 3721 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 86.372147][ T3721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 86.382238][ T3721] Call Trace:
[ 86.385532][ T3721]
[ 86.388459][ T3721] dump_stack_lvl+0x1b1/0x28e
[ 86.393134][ T3721] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 86.398584][ T3721] ? panic+0x710/0x710
[ 86.402643][ T3721] ? do_anonymous_page+0xd4a/0x1150
[ 86.407832][ T3721] ? mark_lock+0x9a/0x350
[ 86.412151][ T3721] should_fail_ex+0x395/0x4c0
[ 86.416842][ T3721] prepare_alloc_pages+0x1d7/0x5a0
[ 86.421971][ T3721] __alloc_pages+0x161/0x560
[ 86.426583][ T3721] ? zone_statistics+0x160/0x160
[ 86.431542][ T3721] ? rcu_lock_release+0x5/0x20
[ 86.436313][ T3721] ? alloc_pages+0x520/0x7b0
[ 86.440910][ T3721] ? xas_descend+0x1f3/0x400
[ 86.445505][ T3721] folio_alloc+0x1a/0x50
[ 86.449742][ T3721] filemap_alloc_folio+0x7e/0x1c0
[ 86.454769][ T3721] __filemap_get_folio+0x898/0x1260
[ 86.460061][ T3721] ? page_cache_prev_miss+0x4e0/0x4e0
[ 86.465449][ T3721] ? lockdep_hardirqs_on_prepare+0x428/0x790
[ 86.471456][ T3721] ? print_irqtrace_events+0x220/0x220
[ 86.476922][ T3721] pagecache_get_page+0x28/0x260
[ 86.481857][ T3721] ? hfs_free_extents+0x420/0x420
[ 86.486883][ T3721] block_write_begin+0x2e/0x1e0
[ 86.491737][ T3721] ? cont_write_begin+0x5e5/0x860
[ 86.496767][ T3721] ? hfs_free_extents+0x420/0x420
[ 86.501819][ T3721] cont_write_begin+0x606/0x860
[ 86.506678][ T3721] ? fault_in_readable+0x1d5/0x310
[ 86.511795][ T3721] ? generic_cont_expand_simple+0x250/0x250
[ 86.517686][ T3721] ? fault_in_readable+0x219/0x310
[ 86.522826][ T3721] ? fault_in_safe_writeable+0x240/0x240
[ 86.528479][ T3721] hfs_write_begin+0x86/0xd0
[ 86.533065][ T3721] ? hfs_free_extents+0x420/0x420
[ 86.538103][ T3721] generic_perform_write+0x2e4/0x5e0
[ 86.543399][ T3721] ? __block_commit_write+0x420/0x420
[ 86.548779][ T3721] ? generic_file_direct_write+0x610/0x610
[ 86.554683][ T3721] ? __file_remove_privs+0x6c0/0x6c0
[ 86.559971][ T3721] ? generic_write_checks+0x15c/0x1c0
[ 86.565356][ T3721] __generic_file_write_iter+0x176/0x400
[ 86.571017][ T3721] generic_file_write_iter+0xab/0x310
[ 86.576391][ T3721] vfs_write+0x7dc/0xc50
[ 86.580641][ T3721] ? file_end_write+0x230/0x230
[ 86.585490][ T3721] ? ptrace_stop+0x74d/0x970
[ 86.590109][ T3721] ? _raw_spin_unlock_irq+0x2a/0x40
[ 86.595310][ T3721] ? __fdget_pos+0x252/0x2e0
[ 86.599903][ T3721] ksys_write+0x177/0x2a0
[ 86.604234][ T3721] ? __ia32_sys_read+0x80/0x80
[ 86.609005][ T3721] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 86.614986][ T3721] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 86.620966][ T3721] do_syscall_64+0x3d/0xb0
[ 86.625554][ T3721] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 86.631443][ T3721] RIP: 0033:0x7f0fa5191c89
[ 86.635852][ T3721] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 86.655453][ T3721] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 86.663861][ T3721] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[pid 3721] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3721] exit_group(0) = ?
[pid 3721] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3721, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./80", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./80/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./80/binderfs") = 0
umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./80/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./80/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./80/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./80") = 0
mkdir("./81", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3722
./strace-static-x86_64: Process 3722 attached
[pid 3722] chdir("./81") = 0
[pid 3722] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3722] setpgid(0, 0) = 0
[pid 3722] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3722] write(3, "1000", 4) = 4
[pid 3722] close(3) = 0
[ 86.671827][ T3721] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 86.679792][ T3721] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 86.687757][ T3721] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 86.695732][ T3721] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000050
[ 86.703715][ T3721]
[pid 3722] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3722] memfd_create("syzkaller", 0) = 3
[pid 3722] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3722] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3722] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3722] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3722] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3722] close(3) = 0
[pid 3722] mkdir("./file0", 0777) = 0
[pid 3722] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3722] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3722] chdir("./file0") = 0
[pid 3722] ioctl(4, LOOP_CLR_FD) = 0
[pid 3722] close(4) = 0
[pid 3722] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3722] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3722] write(5, "13", 2) = 2
[ 86.760613][ T3722] loop0: detected capacity change from 0 to 64
[ 86.791954][ T3722] FAULT_INJECTION: forcing a failure.
[ 86.791954][ T3722] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 86.805657][ T3722] CPU: 0 PID: 3722 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 86.816060][ T3722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 86.826100][ T3722] Call Trace:
[ 86.829363][ T3722]
[ 86.832281][ T3722] dump_stack_lvl+0x1b1/0x28e
[ 86.836948][ T3722] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 86.842389][ T3722] ? panic+0x710/0x710
[ 86.846444][ T3722] ? do_anonymous_page+0xd4a/0x1150
[ 86.851632][ T3722] ? mark_lock+0x9a/0x350
[ 86.855970][ T3722] should_fail_ex+0x395/0x4c0
[ 86.860638][ T3722] prepare_alloc_pages+0x1d7/0x5a0
[ 86.865765][ T3722] __alloc_pages+0x161/0x560
[ 86.870346][ T3722] ? zone_statistics+0x160/0x160
[ 86.875275][ T3722] ? rcu_lock_release+0x5/0x20
[ 86.880112][ T3722] ? alloc_pages+0x520/0x7b0
[ 86.884704][ T3722] ? xas_descend+0x1f3/0x400
[ 86.889277][ T3722] folio_alloc+0x1a/0x50
[ 86.893504][ T3722] filemap_alloc_folio+0x7e/0x1c0
[ 86.898513][ T3722] __filemap_get_folio+0x898/0x1260
[ 86.903697][ T3722] ? page_cache_prev_miss+0x4e0/0x4e0
[ 86.909058][ T3722] ? lockdep_hardirqs_on_prepare+0x428/0x790
[ 86.915033][ T3722] ? print_irqtrace_events+0x220/0x220
[ 86.920486][ T3722] pagecache_get_page+0x28/0x260
[ 86.925410][ T3722] ? hfs_free_extents+0x420/0x420
[ 86.930416][ T3722] block_write_begin+0x2e/0x1e0
[ 86.935252][ T3722] ? cont_write_begin+0x5e5/0x860
[ 86.940259][ T3722] ? hfs_free_extents+0x420/0x420
[ 86.945270][ T3722] cont_write_begin+0x606/0x860
[ 86.950107][ T3722] ? fault_in_readable+0x1d5/0x310
[ 86.955205][ T3722] ? generic_cont_expand_simple+0x250/0x250
[ 86.961082][ T3722] ? fault_in_readable+0x219/0x310
[ 86.966178][ T3722] ? fault_in_safe_writeable+0x240/0x240
[ 86.971801][ T3722] hfs_write_begin+0x86/0xd0
[ 86.976373][ T3722] ? hfs_free_extents+0x420/0x420
[ 86.981382][ T3722] generic_perform_write+0x2e4/0x5e0
[ 86.986655][ T3722] ? __block_commit_write+0x420/0x420
[ 86.992013][ T3722] ? generic_file_direct_write+0x610/0x610
[ 86.997800][ T3722] ? __file_remove_privs+0x6c0/0x6c0
[ 87.003069][ T3722] ? generic_write_checks+0x15c/0x1c0
[ 87.008430][ T3722] __generic_file_write_iter+0x176/0x400
[ 87.014049][ T3722] generic_file_write_iter+0xab/0x310
[ 87.019405][ T3722] vfs_write+0x7dc/0xc50
[ 87.023634][ T3722] ? file_end_write+0x230/0x230
[ 87.028467][ T3722] ? ptrace_stop+0x74d/0x970
[ 87.033047][ T3722] ? _raw_spin_unlock_irq+0x2a/0x40
[ 87.038251][ T3722] ? __fdget_pos+0x252/0x2e0
[ 87.042826][ T3722] ksys_write+0x177/0x2a0
[ 87.047150][ T3722] ? __ia32_sys_read+0x80/0x80
[ 87.051899][ T3722] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 87.057865][ T3722] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 87.063833][ T3722] do_syscall_64+0x3d/0xb0
[ 87.068231][ T3722] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 87.074107][ T3722] RIP: 0033:0x7f0fa5191c89
[ 87.078506][ T3722] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 87.098120][ T3722] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 3722] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3722] exit_group(0) = ?
[pid 3722] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3722, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./81", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./81/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./81/binderfs") = 0
umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./81/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./81/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./81/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./81") = 0
mkdir("./82", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3723
./strace-static-x86_64: Process 3723 attached
[pid 3723] chdir("./82") = 0
[pid 3723] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3723] setpgid(0, 0) = 0
[pid 3723] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3723] write(3, "1000", 4) = 4
[pid 3723] close(3) = 0
[pid 3723] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3723] memfd_create("syzkaller", 0) = 3
[pid 3723] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3723] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3723] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3723] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 87.106687][ T3722] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 87.114639][ T3722] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 87.122590][ T3722] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 87.130543][ T3722] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 87.138841][ T3722] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000051
[ 87.146806][ T3722]
[pid 3723] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3723] close(3) = 0
[pid 3723] mkdir("./file0", 0777) = 0
[pid 3723] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3723] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3723] chdir("./file0") = 0
[pid 3723] ioctl(4, LOOP_CLR_FD) = 0
[pid 3723] close(4) = 0
[pid 3723] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3723] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3723] write(5, "13", 2) = 2
[ 87.191057][ T3723] loop0: detected capacity change from 0 to 64
[ 87.220115][ T3723] FAULT_INJECTION: forcing a failure.
[ 87.220115][ T3723] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 87.234232][ T3723] CPU: 0 PID: 3723 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 87.244662][ T3723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 87.254713][ T3723] Call Trace:
[ 87.257978][ T3723]
[ 87.260911][ T3723] dump_stack_lvl+0x1b1/0x28e
[ 87.265576][ T3723] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 87.271023][ T3723] ? panic+0x710/0x710
[ 87.275076][ T3723] ? do_anonymous_page+0xd4a/0x1150
[ 87.280265][ T3723] ? mark_lock+0x9a/0x350
[ 87.284579][ T3723] should_fail_ex+0x395/0x4c0
[ 87.289255][ T3723] prepare_alloc_pages+0x1d7/0x5a0
[ 87.294382][ T3723] __alloc_pages+0x161/0x560
[ 87.298995][ T3723] ? zone_statistics+0x160/0x160
[ 87.303947][ T3723] ? rcu_lock_release+0x5/0x20
[ 87.308709][ T3723] ? alloc_pages+0x520/0x7b0
[ 87.313306][ T3723] ? xas_descend+0x1f3/0x400
[ 87.317906][ T3723] folio_alloc+0x1a/0x50
[ 87.322142][ T3723] filemap_alloc_folio+0x7e/0x1c0
[ 87.327164][ T3723] __filemap_get_folio+0x898/0x1260
[ 87.332362][ T3723] ? page_cache_prev_miss+0x4e0/0x4e0
[ 87.337731][ T3723] ? lockdep_hardirqs_on_prepare+0x428/0x790
[ 87.343731][ T3723] ? print_irqtrace_events+0x220/0x220
[ 87.349207][ T3723] pagecache_get_page+0x28/0x260
[ 87.354158][ T3723] ? hfs_free_extents+0x420/0x420
[ 87.359189][ T3723] block_write_begin+0x2e/0x1e0
[ 87.364049][ T3723] ? cont_write_begin+0x5e5/0x860
[ 87.369077][ T3723] ? hfs_free_extents+0x420/0x420
[ 87.374115][ T3723] cont_write_begin+0x606/0x860
[ 87.378969][ T3723] ? fault_in_readable+0x1d5/0x310
[ 87.384100][ T3723] ? generic_cont_expand_simple+0x250/0x250
[ 87.389995][ T3723] ? fault_in_readable+0x219/0x310
[ 87.395114][ T3723] ? fault_in_safe_writeable+0x240/0x240
[ 87.400752][ T3723] hfs_write_begin+0x86/0xd0
[ 87.405336][ T3723] ? hfs_free_extents+0x420/0x420
[ 87.410364][ T3723] generic_perform_write+0x2e4/0x5e0
[ 87.415657][ T3723] ? __block_commit_write+0x420/0x420
[ 87.421027][ T3723] ? generic_file_direct_write+0x610/0x610
[ 87.426829][ T3723] ? __file_remove_privs+0x6c0/0x6c0
[ 87.432114][ T3723] ? generic_write_checks+0x15c/0x1c0
[ 87.437490][ T3723] __generic_file_write_iter+0x176/0x400
[ 87.443385][ T3723] generic_file_write_iter+0xab/0x310
[ 87.448756][ T3723] vfs_write+0x7dc/0xc50
[ 87.453003][ T3723] ? file_end_write+0x230/0x230
[ 87.457852][ T3723] ? ptrace_stop+0x74d/0x970
[ 87.462535][ T3723] ? _raw_spin_unlock_irq+0x2a/0x40
[ 87.467734][ T3723] ? __fdget_pos+0x252/0x2e0
[ 87.472326][ T3723] ksys_write+0x177/0x2a0
[ 87.476666][ T3723] ? __ia32_sys_read+0x80/0x80
[ 87.481426][ T3723] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 87.487404][ T3723] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 87.493383][ T3723] do_syscall_64+0x3d/0xb0
[ 87.497797][ T3723] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 87.503684][ T3723] RIP: 0033:0x7f0fa5191c89
[ 87.508128][ T3723] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 87.527726][ T3723] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 3723] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3723] exit_group(0) = ?
[pid 3723] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3723, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./82", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./82/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./82/binderfs") = 0
umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./82/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./82/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./82/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./82") = 0
mkdir("./83", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3724
./strace-static-x86_64: Process 3724 attached
[pid 3724] chdir("./83") = 0
[pid 3724] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3724] setpgid(0, 0) = 0
[ 87.536135][ T3723] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 87.544099][ T3723] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 87.552236][ T3723] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 87.560203][ T3723] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 87.568167][ T3723] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000052
[ 87.576150][ T3723]
[pid 3724] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3724] write(3, "1000", 4) = 4
[pid 3724] close(3) = 0
[pid 3724] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3724] memfd_create("syzkaller", 0) = 3
[pid 3724] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3724] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3724] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3724] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3724] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3724] close(3) = 0
[pid 3724] mkdir("./file0", 0777) = 0
[pid 3724] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3724] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3724] chdir("./file0") = 0
[pid 3724] ioctl(4, LOOP_CLR_FD) = 0
[pid 3724] close(4) = 0
[pid 3724] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3724] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3724] write(5, "13", 2) = 2
[ 87.631827][ T3724] loop0: detected capacity change from 0 to 64
[ 87.648258][ T3724] FAULT_INJECTION: forcing a failure.
[ 87.648258][ T3724] name failslab, interval 1, probability 0, space 0, times 0
[ 87.661601][ T3724] CPU: 0 PID: 3724 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 87.672070][ T3724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 87.682144][ T3724] Call Trace:
[ 87.685425][ T3724]
[ 87.688431][ T3724] dump_stack_lvl+0x1b1/0x28e
[ 87.693100][ T3724] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 87.698548][ T3724] ? panic+0x710/0x710
[ 87.702613][ T3724] ? __might_sleep+0xc0/0xc0
[ 87.707362][ T3724] ? __mutex_lock_common+0x45f/0x26e0
[ 87.712729][ T3724] should_fail_ex+0x395/0x4c0
[ 87.717400][ T3724] ? hfs_find_init+0x8b/0x1e0
[ 87.722074][ T3724] should_failslab+0x5/0x20
[ 87.726586][ T3724] __kmem_cache_alloc_node+0x69/0x310
[ 87.731963][ T3724] ? rcu_lock_release+0x5/0x20
[ 87.736733][ T3724] ? hfs_find_init+0x8b/0x1e0
[ 87.741403][ T3724] __kmalloc+0x9e/0x1a0
[ 87.745551][ T3724] hfs_find_init+0x8b/0x1e0
[ 87.750047][ T3724] hfs_extend_file+0x2f8/0x1420
[ 87.754905][ T3724] ? xas_find+0x937/0xa60
[ 87.759285][ T3724] ? hfs_get_block+0xbb0/0xbb0
[ 87.764057][ T3724] ? filemap_get_folios+0x557/0x830
[ 87.769263][ T3724] ? find_lock_entries+0xf60/0xf60
[ 87.774450][ T3724] ? trace_writeback_dirty_inode+0xdf/0x2b0
[ 87.780343][ T3724] hfs_get_block+0x3fc/0xbb0
[ 87.784930][ T3724] ? hfs_free_extents+0x420/0x420
[ 87.789940][ T3724] ? do_raw_spin_unlock+0x134/0x8a0
[ 87.795135][ T3724] ? create_page_buffers+0x244/0x4b0
[ 87.800422][ T3724] __block_write_begin_int+0x54c/0x1a80
[ 87.806017][ T3724] ? hfs_free_extents+0x420/0x420
[ 87.811055][ T3724] ? page_zero_new_buffers+0x940/0x940
[ 87.816506][ T3724] ? PageHeadHuge+0x8a/0x1d0
[ 87.821102][ T3724] ? hfs_free_extents+0x420/0x420
[ 87.826128][ T3724] block_write_begin+0x93/0x1e0
[ 87.830972][ T3724] ? cont_write_begin+0x5e5/0x860
[ 87.835986][ T3724] ? hfs_free_extents+0x420/0x420
[ 87.840998][ T3724] cont_write_begin+0x606/0x860
[ 87.845857][ T3724] ? fault_in_readable+0x1d5/0x310
[ 87.850985][ T3724] ? generic_cont_expand_simple+0x250/0x250
[ 87.856878][ T3724] ? fault_in_readable+0x219/0x310
[ 87.861998][ T3724] ? fault_in_safe_writeable+0x240/0x240
[ 87.867626][ T3724] hfs_write_begin+0x86/0xd0
[ 87.872219][ T3724] ? hfs_free_extents+0x420/0x420
[ 87.877254][ T3724] generic_perform_write+0x2e4/0x5e0
[ 87.882534][ T3724] ? __block_commit_write+0x420/0x420
[ 87.887897][ T3724] ? generic_file_direct_write+0x610/0x610
[ 87.893703][ T3724] ? __file_remove_privs+0x6c0/0x6c0
[ 87.898988][ T3724] ? generic_write_checks+0x15c/0x1c0
[ 87.904365][ T3724] __generic_file_write_iter+0x176/0x400
[ 87.909997][ T3724] generic_file_write_iter+0xab/0x310
[ 87.915370][ T3724] vfs_write+0x7dc/0xc50
[ 87.919614][ T3724] ? file_end_write+0x230/0x230
[ 87.924454][ T3724] ? ptrace_stop+0x74d/0x970
[ 87.929115][ T3724] ? _raw_spin_unlock_irq+0x2a/0x40
[ 87.934324][ T3724] ? __fdget_pos+0x252/0x2e0
[ 87.938935][ T3724] ksys_write+0x177/0x2a0
[ 87.943278][ T3724] ? __ia32_sys_read+0x80/0x80
[ 87.948052][ T3724] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 87.954049][ T3724] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 87.960030][ T3724] do_syscall_64+0x3d/0xb0
[ 87.964463][ T3724] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 87.970341][ T3724] RIP: 0033:0x7f0fa5191c89
[ 87.974743][ T3724] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 87.994356][ T3724] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 88.002798][ T3724] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 88.010781][ T3724] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 88.018762][ T3724] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid 3724] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3724] exit_group(0) = ?
[pid 3724] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3724, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./83", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./83/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./83/binderfs") = 0
umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./83/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./83/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./83/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./83") = 0
mkdir("./84", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3725
./strace-static-x86_64: Process 3725 attached
[pid 3725] chdir("./84") = 0
[pid 3725] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3725] setpgid(0, 0) = 0
[pid 3725] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3725] write(3, "1000", 4) = 4
[pid 3725] close(3) = 0
[pid 3725] symlink("/dev/binderfs", "./binderfs") = 0
[ 88.026726][ T3724] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 88.034711][ T3724] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000053
[ 88.042950][ T3724]
[pid 3725] memfd_create("syzkaller", 0) = 3
[pid 3725] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3725] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3725] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3725] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3725] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3725] close(3) = 0
[pid 3725] mkdir("./file0", 0777) = 0
[pid 3725] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3725] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3725] chdir("./file0") = 0
[pid 3725] ioctl(4, LOOP_CLR_FD) = 0
[pid 3725] close(4) = 0
[pid 3725] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3725] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3725] write(5, "13", 2) = 2
[ 88.097633][ T3725] loop0: detected capacity change from 0 to 64
[ 88.125175][ T3725] FAULT_INJECTION: forcing a failure.
[ 88.125175][ T3725] name failslab, interval 1, probability 0, space 0, times 0
[ 88.137942][ T3725] CPU: 0 PID: 3725 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 88.148377][ T3725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 88.158424][ T3725] Call Trace:
[ 88.161693][ T3725]
[ 88.164612][ T3725] dump_stack_lvl+0x1b1/0x28e
[ 88.169294][ T3725] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 88.174761][ T3725] ? panic+0x710/0x710
[ 88.178823][ T3725] ? __might_sleep+0xc0/0xc0
[ 88.183405][ T3725] ? __mutex_lock_common+0x45f/0x26e0
[ 88.188871][ T3725] should_fail_ex+0x395/0x4c0
[ 88.193637][ T3725] ? hfs_find_init+0x8b/0x1e0
[ 88.198314][ T3725] should_failslab+0x5/0x20
[ 88.202821][ T3725] __kmem_cache_alloc_node+0x69/0x310
[ 88.208196][ T3725] ? hfs_find_init+0x8b/0x1e0
[ 88.212869][ T3725] __kmalloc+0x9e/0x1a0
[ 88.217028][ T3725] hfs_find_init+0x8b/0x1e0
[ 88.221621][ T3725] hfs_extend_file+0x2f8/0x1420
[ 88.226476][ T3725] ? hfs_get_block+0xbb0/0xbb0
[ 88.231235][ T3725] ? lru_cache_disable+0x30/0x30
[ 88.236170][ T3725] ? __might_sleep+0xc0/0xc0
[ 88.240775][ T3725] hfs_get_block+0x3fc/0xbb0
[ 88.245375][ T3725] ? hfs_free_extents+0x420/0x420
[ 88.250396][ T3725] ? do_raw_spin_unlock+0x134/0x8a0
[ 88.255600][ T3725] ? create_page_buffers+0x244/0x4b0
[ 88.260887][ T3725] __block_write_begin_int+0x54c/0x1a80
[ 88.266449][ T3725] ? hfs_free_extents+0x420/0x420
[ 88.271466][ T3725] ? page_zero_new_buffers+0x940/0x940
[ 88.276922][ T3725] ? PageHeadHuge+0x8a/0x1d0
[ 88.281540][ T3725] ? hfs_free_extents+0x420/0x420
[ 88.286563][ T3725] block_write_begin+0x93/0x1e0
[ 88.291415][ T3725] ? cont_write_begin+0x5e5/0x860
[ 88.296445][ T3725] ? hfs_free_extents+0x420/0x420
[ 88.301464][ T3725] cont_write_begin+0x606/0x860
[ 88.306339][ T3725] ? fault_in_readable+0x1d5/0x310
[ 88.311476][ T3725] ? generic_cont_expand_simple+0x250/0x250
[ 88.317387][ T3725] ? fault_in_readable+0x219/0x310
[ 88.322507][ T3725] ? fault_in_safe_writeable+0x240/0x240
[ 88.328143][ T3725] hfs_write_begin+0x86/0xd0
[ 88.332726][ T3725] ? hfs_free_extents+0x420/0x420
[ 88.337749][ T3725] generic_perform_write+0x2e4/0x5e0
[ 88.343136][ T3725] ? __block_commit_write+0x420/0x420
[ 88.348506][ T3725] ? generic_file_direct_write+0x610/0x610
[ 88.354309][ T3725] ? __file_remove_privs+0x6c0/0x6c0
[ 88.359591][ T3725] ? generic_write_checks+0x15c/0x1c0
[ 88.365059][ T3725] __generic_file_write_iter+0x176/0x400
[ 88.370713][ T3725] generic_file_write_iter+0xab/0x310
[ 88.376105][ T3725] vfs_write+0x7dc/0xc50
[ 88.380365][ T3725] ? file_end_write+0x230/0x230
[ 88.385308][ T3725] ? ptrace_stop+0x74d/0x970
[ 88.389922][ T3725] ? _raw_spin_unlock_irq+0x2a/0x40
[ 88.395129][ T3725] ? __fdget_pos+0x252/0x2e0
[ 88.399720][ T3725] ksys_write+0x177/0x2a0
[ 88.404055][ T3725] ? __ia32_sys_read+0x80/0x80
[ 88.408816][ T3725] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 88.414795][ T3725] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 88.420773][ T3725] do_syscall_64+0x3d/0xb0
[ 88.425272][ T3725] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 88.431157][ T3725] RIP: 0033:0x7f0fa5191c89
[ 88.435568][ T3725] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 88.455163][ T3725] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 88.463570][ T3725] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 88.471539][ T3725] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 88.479500][ T3725] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 88.487466][ T3725] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid 3725] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3725] exit_group(0) = ?
[pid 3725] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3725, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./84", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./84/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./84/binderfs") = 0
umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./84/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./84/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./84/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./84") = 0
mkdir("./85", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3726 attached
, child_tidptr=0x555555b7f5d0) = 3726
[pid 3726] chdir("./85") = 0
[pid 3726] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3726] setpgid(0, 0) = 0
[pid 3726] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3726] write(3, "1000", 4) = 4
[pid 3726] close(3) = 0
[pid 3726] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3726] memfd_create("syzkaller", 0) = 3
[ 88.495434][ T3725] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000054
[ 88.503413][ T3725]
[pid 3726] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3726] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3726] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3726] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3726] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3726] close(3) = 0
[pid 3726] mkdir("./file0", 0777) = 0
[pid 3726] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3726] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3726] chdir("./file0") = 0
[pid 3726] ioctl(4, LOOP_CLR_FD) = 0
[pid 3726] close(4) = 0
[pid 3726] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3726] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3726] write(5, "13", 2) = 2
[ 88.563046][ T3726] loop0: detected capacity change from 0 to 64
[ 88.579442][ T3726] FAULT_INJECTION: forcing a failure.
[ 88.579442][ T3726] name failslab, interval 1, probability 0, space 0, times 0
[ 88.592860][ T3726] CPU: 0 PID: 3726 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 88.603329][ T3726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 88.613394][ T3726] Call Trace:
[ 88.616661][ T3726]
[ 88.619578][ T3726] dump_stack_lvl+0x1b1/0x28e
[ 88.624244][ T3726] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 88.629691][ T3726] ? panic+0x710/0x710
[ 88.633766][ T3726] ? __might_sleep+0xc0/0xc0
[ 88.638360][ T3726] ? __mutex_lock_common+0x45f/0x26e0
[ 88.643736][ T3726] should_fail_ex+0x395/0x4c0
[ 88.648412][ T3726] ? hfs_find_init+0x8b/0x1e0
[ 88.653087][ T3726] should_failslab+0x5/0x20
[ 88.657582][ T3726] __kmem_cache_alloc_node+0x69/0x310
[ 88.662946][ T3726] ? rcu_lock_release+0x5/0x20
[ 88.667701][ T3726] ? hfs_find_init+0x8b/0x1e0
[ 88.672386][ T3726] __kmalloc+0x9e/0x1a0
[ 88.676564][ T3726] hfs_find_init+0x8b/0x1e0
[ 88.681090][ T3726] hfs_extend_file+0x2f8/0x1420
[ 88.685941][ T3726] ? xas_find+0x937/0xa60
[ 88.690266][ T3726] ? hfs_get_block+0xbb0/0xbb0
[ 88.695026][ T3726] ? filemap_get_folios+0x557/0x830
[ 88.700231][ T3726] ? find_lock_entries+0xf60/0xf60
[ 88.705337][ T3726] ? trace_writeback_dirty_inode+0xdf/0x2b0
[ 88.711228][ T3726] hfs_get_block+0x3fc/0xbb0
[ 88.715818][ T3726] ? hfs_free_extents+0x420/0x420
[ 88.720835][ T3726] ? do_raw_spin_unlock+0x134/0x8a0
[ 88.726049][ T3726] ? create_page_buffers+0x244/0x4b0
[ 88.731327][ T3726] __block_write_begin_int+0x54c/0x1a80
[ 88.736963][ T3726] ? hfs_free_extents+0x420/0x420
[ 88.741982][ T3726] ? page_zero_new_buffers+0x940/0x940
[ 88.747462][ T3726] ? PageHeadHuge+0x8a/0x1d0
[ 88.752066][ T3726] ? hfs_free_extents+0x420/0x420
[ 88.757077][ T3726] block_write_begin+0x93/0x1e0
[ 88.761928][ T3726] ? cont_write_begin+0x5e5/0x860
[ 88.766954][ T3726] ? hfs_free_extents+0x420/0x420
[ 88.771966][ T3726] cont_write_begin+0x606/0x860
[ 88.776812][ T3726] ? fault_in_readable+0x1d5/0x310
[ 88.781920][ T3726] ? generic_cont_expand_simple+0x250/0x250
[ 88.787801][ T3726] ? fault_in_readable+0x219/0x310
[ 88.792915][ T3726] ? fault_in_safe_writeable+0x240/0x240
[ 88.798573][ T3726] hfs_write_begin+0x86/0xd0
[ 88.803168][ T3726] ? hfs_free_extents+0x420/0x420
[ 88.808197][ T3726] generic_perform_write+0x2e4/0x5e0
[ 88.813495][ T3726] ? __block_commit_write+0x420/0x420
[ 88.818866][ T3726] ? generic_file_direct_write+0x610/0x610
[ 88.824672][ T3726] ? __file_remove_privs+0x6c0/0x6c0
[ 88.829974][ T3726] ? generic_write_checks+0x15c/0x1c0
[ 88.835344][ T3726] __generic_file_write_iter+0x176/0x400
[ 88.840971][ T3726] generic_file_write_iter+0xab/0x310
[ 88.846342][ T3726] vfs_write+0x7dc/0xc50
[ 88.850585][ T3726] ? file_end_write+0x230/0x230
[ 88.855434][ T3726] ? ptrace_stop+0x74d/0x970
[ 88.860025][ T3726] ? _raw_spin_unlock_irq+0x2a/0x40
[ 88.865219][ T3726] ? __fdget_pos+0x252/0x2e0
[ 88.869798][ T3726] ksys_write+0x177/0x2a0
[ 88.874132][ T3726] ? __ia32_sys_read+0x80/0x80
[ 88.878907][ T3726] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 88.884881][ T3726] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 88.890861][ T3726] do_syscall_64+0x3d/0xb0
[ 88.895276][ T3726] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 88.901161][ T3726] RIP: 0033:0x7f0fa5191c89
[ 88.905561][ T3726] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 88.925329][ T3726] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 88.933758][ T3726] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 88.941726][ T3726] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 88.949698][ T3726] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid 3726] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3726] exit_group(0) = ?
[pid 3726] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3726, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./85", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./85/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./85/binderfs") = 0
umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./85/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./85/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./85/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./85") = 0
mkdir("./86", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3727
./strace-static-x86_64: Process 3727 attached
[pid 3727] chdir("./86") = 0
[pid 3727] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3727] setpgid(0, 0) = 0
[pid 3727] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3727] write(3, "1000", 4) = 4
[pid 3727] close(3) = 0
[ 88.957678][ T3726] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 88.965636][ T3726] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000055
[ 88.973705][ T3726]
[pid 3727] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3727] memfd_create("syzkaller", 0) = 3
[pid 3727] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3727] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3727] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3727] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3727] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3727] close(3) = 0
[pid 3727] mkdir("./file0", 0777) = 0
[pid 3727] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3727] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3727] chdir("./file0") = 0
[pid 3727] ioctl(4, LOOP_CLR_FD) = 0
[pid 3727] close(4) = 0
[pid 3727] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3727] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3727] write(5, "13", 2) = 2
[ 89.032236][ T3727] loop0: detected capacity change from 0 to 64
[ 89.064554][ T3727] FAULT_INJECTION: forcing a failure.
[ 89.064554][ T3727] name failslab, interval 1, probability 0, space 0, times 0
[ 89.077252][ T3727] CPU: 1 PID: 3727 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 89.087657][ T3727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 89.097705][ T3727] Call Trace:
[ 89.100992][ T3727]
[ 89.103935][ T3727] dump_stack_lvl+0x1b1/0x28e
[ 89.108622][ T3727] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 89.114081][ T3727] ? panic+0x710/0x710
[ 89.118169][ T3727] ? __might_sleep+0xc0/0xc0
[ 89.122764][ T3727] ? __mutex_lock_common+0x45f/0x26e0
[ 89.128149][ T3727] should_fail_ex+0x395/0x4c0
[ 89.133272][ T3727] ? hfs_find_init+0x8b/0x1e0
[ 89.137964][ T3727] should_failslab+0x5/0x20
[ 89.142471][ T3727] __kmem_cache_alloc_node+0x69/0x310
[ 89.147850][ T3727] ? hfs_find_init+0x8b/0x1e0
[ 89.152530][ T3727] __kmalloc+0x9e/0x1a0
[ 89.156690][ T3727] hfs_find_init+0x8b/0x1e0
[ 89.161192][ T3727] hfs_extend_file+0x2f8/0x1420
[ 89.166058][ T3727] ? hfs_get_block+0xbb0/0xbb0
[ 89.170821][ T3727] ? lru_cache_disable+0x30/0x30
[ 89.175854][ T3727] ? __might_sleep+0xc0/0xc0
[ 89.180453][ T3727] hfs_get_block+0x3fc/0xbb0
[ 89.185052][ T3727] ? hfs_free_extents+0x420/0x420
[ 89.190090][ T3727] ? do_raw_spin_unlock+0x134/0x8a0
[ 89.195284][ T3727] ? create_page_buffers+0x244/0x4b0
[ 89.200580][ T3727] __block_write_begin_int+0x54c/0x1a80
[ 89.206228][ T3727] ? hfs_free_extents+0x420/0x420
[ 89.211331][ T3727] ? page_zero_new_buffers+0x940/0x940
[ 89.216789][ T3727] ? PageHeadHuge+0x8a/0x1d0
[ 89.221394][ T3727] ? hfs_free_extents+0x420/0x420
[ 89.226431][ T3727] block_write_begin+0x93/0x1e0
[ 89.231310][ T3727] ? cont_write_begin+0x5e5/0x860
[ 89.236339][ T3727] ? hfs_free_extents+0x420/0x420
[ 89.241362][ T3727] cont_write_begin+0x606/0x860
[ 89.246211][ T3727] ? fault_in_readable+0x1d5/0x310
[ 89.251317][ T3727] ? generic_cont_expand_simple+0x250/0x250
[ 89.257203][ T3727] ? fault_in_readable+0x219/0x310
[ 89.262312][ T3727] ? fault_in_safe_writeable+0x240/0x240
[ 89.267952][ T3727] hfs_write_begin+0x86/0xd0
[ 89.272539][ T3727] ? hfs_free_extents+0x420/0x420
[ 89.277833][ T3727] generic_perform_write+0x2e4/0x5e0
[ 89.283119][ T3727] ? __block_commit_write+0x420/0x420
[ 89.288496][ T3727] ? generic_file_direct_write+0x610/0x610
[ 89.294307][ T3727] ? __file_remove_privs+0x6c0/0x6c0
[ 89.299612][ T3727] ? generic_write_checks+0x15c/0x1c0
[ 89.305028][ T3727] __generic_file_write_iter+0x176/0x400
[ 89.310683][ T3727] generic_file_write_iter+0xab/0x310
[ 89.316074][ T3727] vfs_write+0x7dc/0xc50
[ 89.320328][ T3727] ? file_end_write+0x230/0x230
[ 89.325188][ T3727] ? ptrace_stop+0x74d/0x970
[ 89.329779][ T3727] ? _raw_spin_unlock_irq+0x2a/0x40
[ 89.334980][ T3727] ? __fdget_pos+0x252/0x2e0
[ 89.339663][ T3727] ksys_write+0x177/0x2a0
[ 89.344020][ T3727] ? __ia32_sys_read+0x80/0x80
[ 89.348792][ T3727] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 89.354763][ T3727] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 89.360747][ T3727] do_syscall_64+0x3d/0xb0
[ 89.365155][ T3727] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 89.371039][ T3727] RIP: 0033:0x7f0fa5191c89
[ 89.375479][ T3727] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 89.395178][ T3727] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 89.403586][ T3727] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 89.411549][ T3727] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 89.419509][ T3727] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid 3727] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3727] exit_group(0) = ?
[pid 3727] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3727, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./86", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./86/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./86/binderfs") = 0
umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./86/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./86/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./86/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./86") = 0
mkdir("./87", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3728
./strace-static-x86_64: Process 3728 attached
[pid 3728] chdir("./87") = 0
[pid 3728] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3728] setpgid(0, 0) = 0
[pid 3728] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3728] write(3, "1000", 4) = 4
[pid 3728] close(3) = 0
[pid 3728] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3728] memfd_create("syzkaller", 0) = 3
[pid 3728] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[ 89.427485][ T3727] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 89.435475][ T3727] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000056
[ 89.443468][ T3727]
[pid 3728] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3728] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3728] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3728] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3728] close(3) = 0
[pid 3728] mkdir("./file0", 0777) = 0
[pid 3728] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3728] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3728] chdir("./file0") = 0
[pid 3728] ioctl(4, LOOP_CLR_FD) = 0
[pid 3728] close(4) = 0
[pid 3728] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3728] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3728] write(5, "13", 2) = 2
[ 89.494523][ T3728] loop0: detected capacity change from 0 to 64
[ 89.496245][ T3640] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 89.523143][ T3728] FAULT_INJECTION: forcing a failure.
[ 89.523143][ T3728] name failslab, interval 1, probability 0, space 0, times 0
[ 89.536118][ T3728] CPU: 1 PID: 3728 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 89.546519][ T3728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 89.556735][ T3728] Call Trace:
[ 89.560007][ T3728]
[ 89.562938][ T3728] dump_stack_lvl+0x1b1/0x28e
[ 89.567614][ T3728] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 89.573065][ T3728] ? panic+0x710/0x710
[ 89.577134][ T3728] ? __might_sleep+0xc0/0xc0
[ 89.581717][ T3728] ? __mutex_lock_common+0x45f/0x26e0
[ 89.587091][ T3728] should_fail_ex+0x395/0x4c0
[ 89.591765][ T3728] ? hfs_find_init+0x8b/0x1e0
[ 89.596465][ T3728] should_failslab+0x5/0x20
[ 89.600963][ T3728] __kmem_cache_alloc_node+0x69/0x310
[ 89.606338][ T3728] ? hfs_find_init+0x8b/0x1e0
[ 89.611015][ T3728] __kmalloc+0x9e/0x1a0
[ 89.615174][ T3728] hfs_find_init+0x8b/0x1e0
[ 89.619686][ T3728] hfs_extend_file+0x2f8/0x1420
[ 89.624543][ T3728] ? hfs_get_block+0xbb0/0xbb0
[ 89.629304][ T3728] ? lru_cache_disable+0x30/0x30
[ 89.634238][ T3728] ? __might_sleep+0xc0/0xc0
[ 89.638846][ T3728] hfs_get_block+0x3fc/0xbb0
[ 89.643443][ T3728] ? hfs_free_extents+0x420/0x420
[ 89.648459][ T3728] ? do_raw_spin_unlock+0x134/0x8a0
[ 89.653668][ T3728] ? create_page_buffers+0x244/0x4b0
[ 89.658975][ T3728] __block_write_begin_int+0x54c/0x1a80
[ 89.664543][ T3728] ? hfs_free_extents+0x420/0x420
[ 89.669561][ T3728] ? page_zero_new_buffers+0x940/0x940
[ 89.675029][ T3728] ? PageHeadHuge+0x8a/0x1d0
[ 89.679617][ T3728] ? hfs_free_extents+0x420/0x420
[ 89.684635][ T3728] block_write_begin+0x93/0x1e0
[ 89.689482][ T3728] ? cont_write_begin+0x5e5/0x860
[ 89.694505][ T3728] ? hfs_free_extents+0x420/0x420
[ 89.699527][ T3728] cont_write_begin+0x606/0x860
[ 89.704382][ T3728] ? fault_in_readable+0x1d5/0x310
[ 89.709493][ T3728] ? generic_cont_expand_simple+0x250/0x250
[ 89.715476][ T3728] ? fault_in_readable+0x219/0x310
[ 89.720590][ T3728] ? fault_in_safe_writeable+0x240/0x240
[ 89.726313][ T3728] hfs_write_begin+0x86/0xd0
[ 89.730895][ T3728] ? hfs_free_extents+0x420/0x420
[ 89.735926][ T3728] generic_perform_write+0x2e4/0x5e0
[ 89.741218][ T3728] ? __block_commit_write+0x420/0x420
[ 89.746591][ T3728] ? generic_file_direct_write+0x610/0x610
[ 89.752391][ T3728] ? __file_remove_privs+0x6c0/0x6c0
[ 89.757677][ T3728] ? generic_write_checks+0x15c/0x1c0
[ 89.763052][ T3728] __generic_file_write_iter+0x176/0x400
[ 89.768690][ T3728] generic_file_write_iter+0xab/0x310
[ 89.774063][ T3728] vfs_write+0x7dc/0xc50
[ 89.778309][ T3728] ? file_end_write+0x230/0x230
[ 89.783194][ T3728] ? ptrace_stop+0x74d/0x970
[ 89.787791][ T3728] ? _raw_spin_unlock_irq+0x2a/0x40
[ 89.792989][ T3728] ? __fdget_pos+0x252/0x2e0
[ 89.797583][ T3728] ksys_write+0x177/0x2a0
[ 89.801920][ T3728] ? __ia32_sys_read+0x80/0x80
[ 89.806688][ T3728] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 89.812667][ T3728] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 89.818738][ T3728] do_syscall_64+0x3d/0xb0
[ 89.823155][ T3728] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 89.829040][ T3728] RIP: 0033:0x7f0fa5191c89
[ 89.833451][ T3728] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 89.853138][ T3728] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 89.861548][ T3728] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 89.869510][ T3728] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 89.877473][ T3728] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 89.885437][ T3728] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid 3728] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3728] exit_group(0) = ?
[pid 3728] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3728, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./87", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./87/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./87/binderfs") = 0
umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./87/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./87/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./87/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./87") = 0
mkdir("./88", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3729
./strace-static-x86_64: Process 3729 attached
[pid 3729] chdir("./88") = 0
[pid 3729] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3729] setpgid(0, 0) = 0
[pid 3729] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3729] write(3, "1000", 4) = 4
[pid 3729] close(3) = 0
[pid 3729] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3729] memfd_create("syzkaller", 0) = 3
[pid 3729] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3729] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3729] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3729] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 89.893400][ T3728] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000057
[ 89.901379][ T3728]
[pid 3729] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3729] close(3) = 0
[pid 3729] mkdir("./file0", 0777) = 0
[pid 3729] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3729] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3729] chdir("./file0") = 0
[pid 3729] ioctl(4, LOOP_CLR_FD) = 0
[pid 3729] close(4) = 0
[pid 3729] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3729] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3729] write(5, "13", 2) = 2
[ 89.939533][ T3729] loop0: detected capacity change from 0 to 64
[ 89.941518][ T3640] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 89.968949][ T3729] FAULT_INJECTION: forcing a failure.
[ 89.968949][ T3729] name failslab, interval 1, probability 0, space 0, times 0
[ 89.982541][ T3729] CPU: 1 PID: 3729 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 89.992978][ T3729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 90.003018][ T3729] Call Trace:
[ 90.006286][ T3729]
[ 90.009206][ T3729] dump_stack_lvl+0x1b1/0x28e
[ 90.013883][ T3729] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 90.019359][ T3729] ? panic+0x710/0x710
[ 90.023428][ T3729] ? __might_sleep+0xc0/0xc0
[ 90.028022][ T3729] ? __mutex_lock_common+0x45f/0x26e0
[ 90.033399][ T3729] should_fail_ex+0x395/0x4c0
[ 90.038084][ T3729] ? hfs_find_init+0x8b/0x1e0
[ 90.042848][ T3729] should_failslab+0x5/0x20
[ 90.047360][ T3729] __kmem_cache_alloc_node+0x69/0x310
[ 90.052738][ T3729] ? hfs_find_init+0x8b/0x1e0
[ 90.057413][ T3729] __kmalloc+0x9e/0x1a0
[ 90.061574][ T3729] hfs_find_init+0x8b/0x1e0
[ 90.066081][ T3729] hfs_extend_file+0x2f8/0x1420
[ 90.070937][ T3729] ? hfs_get_block+0xbb0/0xbb0
[ 90.075699][ T3729] ? lru_cache_disable+0x30/0x30
[ 90.080634][ T3729] ? __might_sleep+0xc0/0xc0
[ 90.085238][ T3729] hfs_get_block+0x3fc/0xbb0
[ 90.089854][ T3729] ? hfs_free_extents+0x420/0x420
[ 90.094884][ T3729] ? do_raw_spin_unlock+0x134/0x8a0
[ 90.100089][ T3729] ? create_page_buffers+0x244/0x4b0
[ 90.105377][ T3729] __block_write_begin_int+0x54c/0x1a80
[ 90.110941][ T3729] ? hfs_free_extents+0x420/0x420
[ 90.115961][ T3729] ? page_zero_new_buffers+0x940/0x940
[ 90.121423][ T3729] ? PageHeadHuge+0x8a/0x1d0
[ 90.126014][ T3729] ? hfs_free_extents+0x420/0x420
[ 90.131033][ T3729] block_write_begin+0x93/0x1e0
[ 90.135884][ T3729] ? cont_write_begin+0x5e5/0x860
[ 90.140909][ T3729] ? hfs_free_extents+0x420/0x420
[ 90.145928][ T3729] cont_write_begin+0x606/0x860
[ 90.150794][ T3729] ? fault_in_readable+0x1d5/0x310
[ 90.155917][ T3729] ? generic_cont_expand_simple+0x250/0x250
[ 90.161806][ T3729] ? fault_in_readable+0x219/0x310
[ 90.166917][ T3729] ? fault_in_safe_writeable+0x240/0x240
[ 90.172569][ T3729] hfs_write_begin+0x86/0xd0
[ 90.177155][ T3729] ? hfs_free_extents+0x420/0x420
[ 90.182178][ T3729] generic_perform_write+0x2e4/0x5e0
[ 90.187471][ T3729] ? __block_commit_write+0x420/0x420
[ 90.192842][ T3729] ? generic_file_direct_write+0x610/0x610
[ 90.198658][ T3729] ? __file_remove_privs+0x6c0/0x6c0
[ 90.203941][ T3729] ? generic_write_checks+0x15c/0x1c0
[ 90.209319][ T3729] __generic_file_write_iter+0x176/0x400
[ 90.214953][ T3729] generic_file_write_iter+0xab/0x310
[ 90.220323][ T3729] vfs_write+0x7dc/0xc50
[ 90.224574][ T3729] ? file_end_write+0x230/0x230
[ 90.229422][ T3729] ? ptrace_stop+0x74d/0x970
[ 90.234024][ T3729] ? _raw_spin_unlock_irq+0x2a/0x40
[ 90.239226][ T3729] ? __fdget_pos+0x252/0x2e0
[ 90.243819][ T3729] ksys_write+0x177/0x2a0
[ 90.248150][ T3729] ? __ia32_sys_read+0x80/0x80
[ 90.252912][ T3729] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 90.258896][ T3729] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 90.264875][ T3729] do_syscall_64+0x3d/0xb0
[ 90.269284][ T3729] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 90.275257][ T3729] RIP: 0033:0x7f0fa5191c89
[ 90.279667][ T3729] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 90.299357][ T3729] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 90.307766][ T3729] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 90.315731][ T3729] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 90.323781][ T3729] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 90.331744][ T3729] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid 3729] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3729] exit_group(0) = ?
[pid 3729] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3729, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./88", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./88/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./88/binderfs") = 0
umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./88/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./88/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./88/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./88") = 0
mkdir("./89", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3730
./strace-static-x86_64: Process 3730 attached
[pid 3730] chdir("./89") = 0
[pid 3730] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3730] setpgid(0, 0) = 0
[pid 3730] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3730] write(3, "1000", 4) = 4
[pid 3730] close(3) = 0
[pid 3730] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3730] memfd_create("syzkaller", 0) = 3
[pid 3730] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3730] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3730] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3730] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 90.339793][ T3729] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000058
[ 90.347785][ T3729]
[pid 3730] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3730] close(3) = 0
[pid 3730] mkdir("./file0", 0777) = 0
[pid 3730] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3730] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3730] chdir("./file0") = 0
[pid 3730] ioctl(4, LOOP_CLR_FD) = 0
[pid 3730] close(4) = 0
[pid 3730] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3730] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3730] write(5, "13", 2) = 2
[ 90.388522][ T3730] loop0: detected capacity change from 0 to 64
[ 90.410200][ T3730] FAULT_INJECTION: forcing a failure.
[ 90.410200][ T3730] name failslab, interval 1, probability 0, space 0, times 0
[ 90.423140][ T3730] CPU: 1 PID: 3730 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 90.433561][ T3730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 90.443601][ T3730] Call Trace:
[ 90.446884][ T3730]
[ 90.449919][ T3730] dump_stack_lvl+0x1b1/0x28e
[ 90.454684][ T3730] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 90.460139][ T3730] ? panic+0x710/0x710
[ 90.464207][ T3730] ? __might_sleep+0xc0/0xc0
[ 90.468800][ T3730] ? __mutex_lock_common+0x45f/0x26e0
[ 90.474182][ T3730] should_fail_ex+0x395/0x4c0
[ 90.478864][ T3730] ? hfs_find_init+0x8b/0x1e0
[ 90.483544][ T3730] should_failslab+0x5/0x20
[ 90.488053][ T3730] __kmem_cache_alloc_node+0x69/0x310
[ 90.493422][ T3730] ? rcu_lock_release+0x5/0x20
[ 90.498184][ T3730] ? hfs_find_init+0x8b/0x1e0
[ 90.502867][ T3730] __kmalloc+0x9e/0x1a0
[ 90.507033][ T3730] hfs_find_init+0x8b/0x1e0
[ 90.511538][ T3730] hfs_extend_file+0x2f8/0x1420
[ 90.516384][ T3730] ? xas_find+0x937/0xa60
[ 90.520720][ T3730] ? hfs_get_block+0xbb0/0xbb0
[ 90.525480][ T3730] ? filemap_get_folios+0x557/0x830
[ 90.530677][ T3730] ? find_lock_entries+0xf60/0xf60
[ 90.535800][ T3730] ? trace_writeback_dirty_inode+0xdf/0x2b0
[ 90.541708][ T3730] hfs_get_block+0x3fc/0xbb0
[ 90.546307][ T3730] ? hfs_free_extents+0x420/0x420
[ 90.551333][ T3730] ? do_raw_spin_unlock+0x134/0x8a0
[ 90.556536][ T3730] ? create_page_buffers+0x244/0x4b0
[ 90.561823][ T3730] __block_write_begin_int+0x54c/0x1a80
[ 90.567394][ T3730] ? hfs_free_extents+0x420/0x420
[ 90.572414][ T3730] ? page_zero_new_buffers+0x940/0x940
[ 90.577873][ T3730] ? PageHeadHuge+0x8a/0x1d0
[ 90.582462][ T3730] ? hfs_free_extents+0x420/0x420
[ 90.587485][ T3730] block_write_begin+0x93/0x1e0
[ 90.592335][ T3730] ? cont_write_begin+0x5e5/0x860
[ 90.597361][ T3730] ? hfs_free_extents+0x420/0x420
[ 90.602383][ T3730] cont_write_begin+0x606/0x860
[ 90.607236][ T3730] ? fault_in_readable+0x1d5/0x310
[ 90.612356][ T3730] ? generic_cont_expand_simple+0x250/0x250
[ 90.618247][ T3730] ? fault_in_readable+0x219/0x310
[ 90.623356][ T3730] ? fault_in_safe_writeable+0x240/0x240
[ 90.628995][ T3730] hfs_write_begin+0x86/0xd0
[ 90.633582][ T3730] ? hfs_free_extents+0x420/0x420
[ 90.638606][ T3730] generic_perform_write+0x2e4/0x5e0
[ 90.643904][ T3730] ? __block_commit_write+0x420/0x420
[ 90.649279][ T3730] ? generic_file_direct_write+0x610/0x610
[ 90.655080][ T3730] ? __file_remove_privs+0x6c0/0x6c0
[ 90.660360][ T3730] ? generic_write_checks+0x15c/0x1c0
[ 90.665764][ T3730] __generic_file_write_iter+0x176/0x400
[ 90.671402][ T3730] generic_file_write_iter+0xab/0x310
[ 90.676773][ T3730] vfs_write+0x7dc/0xc50
[ 90.681021][ T3730] ? file_end_write+0x230/0x230
[ 90.685866][ T3730] ? ptrace_stop+0x74d/0x970
[ 90.690461][ T3730] ? _raw_spin_unlock_irq+0x2a/0x40
[ 90.695660][ T3730] ? __fdget_pos+0x252/0x2e0
[ 90.700250][ T3730] ksys_write+0x177/0x2a0
[ 90.704580][ T3730] ? __ia32_sys_read+0x80/0x80
[ 90.709342][ T3730] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 90.715322][ T3730] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 90.721302][ T3730] do_syscall_64+0x3d/0xb0
[ 90.725716][ T3730] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 90.731605][ T3730] RIP: 0033:0x7f0fa5191c89
[ 90.736016][ T3730] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 90.755617][ T3730] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 90.764027][ T3730] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 90.771991][ T3730] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 90.779957][ T3730] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid 3730] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3730] exit_group(0) = ?
[pid 3730] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3730, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./89", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./89/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./89/binderfs") = 0
umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./89/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./89/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./89/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./89") = 0
mkdir("./90", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3731
./strace-static-x86_64: Process 3731 attached
[pid 3731] chdir("./90") = 0
[pid 3731] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3731] setpgid(0, 0) = 0
[pid 3731] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3731] write(3, "1000", 4) = 4
[pid 3731] close(3) = 0
[pid 3731] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3731] memfd_create("syzkaller", 0) = 3
[pid 3731] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[ 90.787923][ T3730] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 90.795884][ T3730] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000059
[ 90.803862][ T3730]
[pid 3731] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3731] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3731] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3731] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3731] close(3) = 0
[pid 3731] mkdir("./file0", 0777) = 0
[pid 3731] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3731] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3731] chdir("./file0") = 0
[pid 3731] ioctl(4, LOOP_CLR_FD) = 0
[pid 3731] close(4) = 0
[pid 3731] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3731] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3731] write(5, "13", 2) = 2
[ 90.854460][ T3731] loop0: detected capacity change from 0 to 64
[ 90.889205][ T3731] FAULT_INJECTION: forcing a failure.
[ 90.889205][ T3731] name failslab, interval 1, probability 0, space 0, times 0
[ 90.902141][ T3731] CPU: 1 PID: 3731 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 90.912543][ T3731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 90.922579][ T3731] Call Trace:
[ 90.925840][ T3731]
[ 90.928756][ T3731] dump_stack_lvl+0x1b1/0x28e
[ 90.933423][ T3731] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 90.938864][ T3731] ? panic+0x710/0x710
[ 90.942924][ T3731] ? __might_sleep+0xc0/0xc0
[ 90.947582][ T3731] ? __mutex_lock_common+0x45f/0x26e0
[ 90.952942][ T3731] should_fail_ex+0x395/0x4c0
[ 90.957608][ T3731] ? hfs_find_init+0x8b/0x1e0
[ 90.962283][ T3731] should_failslab+0x5/0x20
[ 90.966771][ T3731] __kmem_cache_alloc_node+0x69/0x310
[ 90.972137][ T3731] ? hfs_find_init+0x8b/0x1e0
[ 90.976803][ T3731] __kmalloc+0x9e/0x1a0
[ 90.980952][ T3731] hfs_find_init+0x8b/0x1e0
[ 90.985442][ T3731] hfs_extend_file+0x2f8/0x1420
[ 90.990286][ T3731] ? hfs_get_block+0xbb0/0xbb0
[ 90.995035][ T3731] ? lru_cache_disable+0x30/0x30
[ 90.999958][ T3731] ? __might_sleep+0xc0/0xc0
[ 91.004545][ T3731] hfs_get_block+0x3fc/0xbb0
[ 91.009126][ T3731] ? hfs_free_extents+0x420/0x420
[ 91.014132][ T3731] ? do_raw_spin_unlock+0x134/0x8a0
[ 91.019325][ T3731] ? create_page_buffers+0x244/0x4b0
[ 91.024600][ T3731] __block_write_begin_int+0x54c/0x1a80
[ 91.030151][ T3731] ? hfs_free_extents+0x420/0x420
[ 91.035157][ T3731] ? page_zero_new_buffers+0x940/0x940
[ 91.040604][ T3731] ? PageHeadHuge+0x8a/0x1d0
[ 91.045181][ T3731] ? hfs_free_extents+0x420/0x420
[ 91.050196][ T3731] block_write_begin+0x93/0x1e0
[ 91.055030][ T3731] ? cont_write_begin+0x5e5/0x860
[ 91.060124][ T3731] ? hfs_free_extents+0x420/0x420
[ 91.065136][ T3731] cont_write_begin+0x606/0x860
[ 91.069975][ T3731] ? fault_in_readable+0x1d5/0x310
[ 91.075074][ T3731] ? generic_cont_expand_simple+0x250/0x250
[ 91.080952][ T3731] ? fault_in_readable+0x219/0x310
[ 91.086048][ T3731] ? fault_in_safe_writeable+0x240/0x240
[ 91.091670][ T3731] hfs_write_begin+0x86/0xd0
[ 91.096243][ T3731] ? hfs_free_extents+0x420/0x420
[ 91.101252][ T3731] generic_perform_write+0x2e4/0x5e0
[ 91.106532][ T3731] ? __block_commit_write+0x420/0x420
[ 91.111890][ T3731] ? generic_file_direct_write+0x610/0x610
[ 91.117681][ T3731] ? __file_remove_privs+0x6c0/0x6c0
[ 91.122950][ T3731] ? generic_write_checks+0x15c/0x1c0
[ 91.128313][ T3731] __generic_file_write_iter+0x176/0x400
[ 91.133935][ T3731] generic_file_write_iter+0xab/0x310
[ 91.139294][ T3731] vfs_write+0x7dc/0xc50
[ 91.143526][ T3731] ? file_end_write+0x230/0x230
[ 91.148361][ T3731] ? ptrace_stop+0x74d/0x970
[ 91.152942][ T3731] ? _raw_spin_unlock_irq+0x2a/0x40
[ 91.158131][ T3731] ? __fdget_pos+0x252/0x2e0
[ 91.162711][ T3731] ksys_write+0x177/0x2a0
[ 91.167025][ T3731] ? __ia32_sys_read+0x80/0x80
[ 91.171780][ T3731] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 91.177755][ T3731] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 91.183729][ T3731] do_syscall_64+0x3d/0xb0
[ 91.188134][ T3731] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 91.194011][ T3731] RIP: 0033:0x7f0fa5191c89
[ 91.198412][ T3731] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 91.218000][ T3731] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 91.226397][ T3731] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 91.234352][ T3731] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 91.242309][ T3731] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid 3731] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3731] exit_group(0) = ?
[pid 3731] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3731, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./90", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./90/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./90/binderfs") = 0
umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./90/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./90/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./90/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./90") = 0
mkdir("./91", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3732
./strace-static-x86_64: Process 3732 attached
[pid 3732] chdir("./91") = 0
[pid 3732] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3732] setpgid(0, 0) = 0
[pid 3732] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3732] write(3, "1000", 4) = 4
[pid 3732] close(3) = 0
[ 91.250264][ T3731] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 91.258221][ T3731] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000005a
[ 91.266186][ T3731]
[pid 3732] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3732] memfd_create("syzkaller", 0) = 3
[pid 3732] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3732] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3732] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3732] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3732] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3732] close(3) = 0
[pid 3732] mkdir("./file0", 0777) = 0
[pid 3732] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3732] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3732] chdir("./file0") = 0
[pid 3732] ioctl(4, LOOP_CLR_FD) = 0
[pid 3732] close(4) = 0
[pid 3732] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3732] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3732] write(5, "13", 2) = 2
[ 91.322664][ T3732] loop0: detected capacity change from 0 to 64
[ 91.349827][ T3732] FAULT_INJECTION: forcing a failure.
[ 91.349827][ T3732] name failslab, interval 1, probability 0, space 0, times 0
[ 91.363034][ T3732] CPU: 0 PID: 3732 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 91.373733][ T3732] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 91.383805][ T3732] Call Trace:
[ 91.387088][ T3732]
[ 91.390021][ T3732] dump_stack_lvl+0x1b1/0x28e
[ 91.394705][ T3732] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 91.400156][ T3732] ? panic+0x710/0x710
[ 91.404229][ T3732] ? __might_sleep+0xc0/0xc0
[ 91.408826][ T3732] ? __mutex_lock_common+0x45f/0x26e0
[ 91.414207][ T3732] should_fail_ex+0x395/0x4c0
[ 91.418889][ T3732] ? hfs_find_init+0x8b/0x1e0
[ 91.423560][ T3732] should_failslab+0x5/0x20
[ 91.428071][ T3732] __kmem_cache_alloc_node+0x69/0x310
[ 91.433453][ T3732] ? hfs_find_init+0x8b/0x1e0
[ 91.438502][ T3732] __kmalloc+0x9e/0x1a0
[ 91.442654][ T3732] hfs_find_init+0x8b/0x1e0
[ 91.447152][ T3732] hfs_extend_file+0x2f8/0x1420
[ 91.452000][ T3732] ? hfs_get_block+0xbb0/0xbb0
[ 91.456768][ T3732] ? lru_cache_disable+0x30/0x30
[ 91.461706][ T3732] ? __might_sleep+0xc0/0xc0
[ 91.466316][ T3732] hfs_get_block+0x3fc/0xbb0
[ 91.470923][ T3732] ? hfs_free_extents+0x420/0x420
[ 91.475944][ T3732] ? do_raw_spin_unlock+0x134/0x8a0
[ 91.481157][ T3732] ? create_page_buffers+0x244/0x4b0
[ 91.486435][ T3732] __block_write_begin_int+0x54c/0x1a80
[ 91.491987][ T3732] ? hfs_free_extents+0x420/0x420
[ 91.496998][ T3732] ? page_zero_new_buffers+0x940/0x940
[ 91.502454][ T3732] ? PageHeadHuge+0x8a/0x1d0
[ 91.507038][ T3732] ? hfs_free_extents+0x420/0x420
[ 91.512049][ T3732] block_write_begin+0x93/0x1e0
[ 91.516892][ T3732] ? cont_write_begin+0x5e5/0x860
[ 91.521909][ T3732] ? hfs_free_extents+0x420/0x420
[ 91.526936][ T3732] cont_write_begin+0x606/0x860
[ 91.531798][ T3732] ? fault_in_readable+0x1d5/0x310
[ 91.536902][ T3732] ? generic_cont_expand_simple+0x250/0x250
[ 91.543082][ T3732] ? fault_in_readable+0x219/0x310
[ 91.548204][ T3732] ? fault_in_safe_writeable+0x240/0x240
[ 91.553834][ T3732] hfs_write_begin+0x86/0xd0
[ 91.558426][ T3732] ? hfs_free_extents+0x420/0x420
[ 91.563456][ T3732] generic_perform_write+0x2e4/0x5e0
[ 91.568738][ T3732] ? __block_commit_write+0x420/0x420
[ 91.574101][ T3732] ? generic_file_direct_write+0x610/0x610
[ 91.579897][ T3732] ? __file_remove_privs+0x6c0/0x6c0
[ 91.585173][ T3732] ? generic_write_checks+0x15c/0x1c0
[ 91.590541][ T3732] __generic_file_write_iter+0x176/0x400
[ 91.596176][ T3732] generic_file_write_iter+0xab/0x310
[ 91.601553][ T3732] vfs_write+0x7dc/0xc50
[ 91.605809][ T3732] ? file_end_write+0x230/0x230
[ 91.610661][ T3732] ? ptrace_stop+0x74d/0x970
[ 91.615274][ T3732] ? _raw_spin_unlock_irq+0x2a/0x40
[ 91.620490][ T3732] ? __fdget_pos+0x252/0x2e0
[ 91.625086][ T3732] ksys_write+0x177/0x2a0
[ 91.629453][ T3732] ? __ia32_sys_read+0x80/0x80
[ 91.634232][ T3732] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 91.640211][ T3732] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 91.646205][ T3732] do_syscall_64+0x3d/0xb0
[ 91.650634][ T3732] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 91.656517][ T3732] RIP: 0033:0x7f0fa5191c89
[ 91.660925][ T3732] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 91.680530][ T3732] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 91.688954][ T3732] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 91.696924][ T3732] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 91.704912][ T3732] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 91.712882][ T3732] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid 3732] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3732] exit_group(0) = ?
[pid 3732] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3732, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./91", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./91/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./91/binderfs") = 0
umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./91/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./91/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./91/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./91") = 0
mkdir("./92", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3733
./strace-static-x86_64: Process 3733 attached
[pid 3733] chdir("./92") = 0
[pid 3733] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3733] setpgid(0, 0) = 0
[pid 3733] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3733] write(3, "1000", 4) = 4
[pid 3733] close(3) = 0
[pid 3733] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3733] memfd_create("syzkaller", 0) = 3
[pid 3733] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[ 91.720859][ T3732] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000005b
[ 91.728851][ T3732]
[pid 3733] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3733] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3733] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3733] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3733] close(3) = 0
[pid 3733] mkdir("./file0", 0777) = 0
[pid 3733] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3733] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3733] chdir("./file0") = 0
[pid 3733] ioctl(4, LOOP_CLR_FD) = 0
[pid 3733] close(4) = 0
[pid 3733] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3733] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3733] write(5, "13", 2) = 2
[ 91.788686][ T3733] loop0: detected capacity change from 0 to 64
[ 91.821588][ T3733] FAULT_INJECTION: forcing a failure.
[ 91.821588][ T3733] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 91.834739][ T3733] CPU: 0 PID: 3733 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 91.845324][ T3733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 91.855393][ T3733] Call Trace:
[ 91.858679][ T3733]
[ 91.861601][ T3733] dump_stack_lvl+0x1b1/0x28e
[ 91.866285][ T3733] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 91.871758][ T3733] ? panic+0x710/0x710
[ 91.875839][ T3733] ? hfs_free_extents+0x420/0x420
[ 91.880870][ T3733] ? PageHeadHuge+0x8a/0x1d0
[ 91.885470][ T3733] should_fail_ex+0x395/0x4c0
[ 91.890163][ T3733] copy_page_from_iter_atomic+0x217/0x1140
[ 91.895975][ T3733] ? generic_cont_expand_simple+0x250/0x250
[ 91.901882][ T3733] ? pipe_zero+0x200/0x200
[ 91.906306][ T3733] ? hfs_write_begin+0x86/0xd0
[ 91.911066][ T3733] ? hfs_free_extents+0x420/0x420
[ 91.916089][ T3733] ? hfs_write_begin+0x9e/0xd0
[ 91.920850][ T3733] generic_perform_write+0x35a/0x5e0
[ 91.926141][ T3733] ? __block_commit_write+0x420/0x420
[ 91.931527][ T3733] ? generic_file_direct_write+0x610/0x610
[ 91.937338][ T3733] ? __file_remove_privs+0x6c0/0x6c0
[ 91.942625][ T3733] ? generic_write_checks+0x15c/0x1c0
[ 91.948006][ T3733] __generic_file_write_iter+0x176/0x400
[ 91.953642][ T3733] generic_file_write_iter+0xab/0x310
[ 91.959018][ T3733] vfs_write+0x7dc/0xc50
[ 91.963285][ T3733] ? file_end_write+0x230/0x230
[ 91.968137][ T3733] ? ptrace_stop+0x74d/0x970
[ 91.972738][ T3733] ? _raw_spin_unlock_irq+0x2a/0x40
[ 91.977939][ T3733] ? __fdget_pos+0x252/0x2e0
[ 91.982533][ T3733] ksys_write+0x177/0x2a0
[ 91.986866][ T3733] ? __ia32_sys_read+0x80/0x80
[ 91.991631][ T3733] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 91.997614][ T3733] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 92.003595][ T3733] do_syscall_64+0x3d/0xb0
[ 92.008005][ T3733] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 92.013905][ T3733] RIP: 0033:0x7f0fa5191c89
[ 92.018317][ T3733] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid 3733] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 3733] exit_group(0) = ?
[pid 3733] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3733, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./92", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./92/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./92/binderfs") = 0
umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./92/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 92.037940][ T3733] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 92.046354][ T3733] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 92.054320][ T3733] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 92.062286][ T3733] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 92.070253][ T3733] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 92.078217][ T3733] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000005c
[ 92.086198][ T3733]
openat(AT_FDCWD, "./92/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./92/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./92") = 0
mkdir("./93", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3734
./strace-static-x86_64: Process 3734 attached
[pid 3734] chdir("./93") = 0
[pid 3734] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3734] setpgid(0, 0) = 0
[pid 3734] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3734] write(3, "1000", 4) = 4
[pid 3734] close(3) = 0
[pid 3734] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3734] memfd_create("syzkaller", 0) = 3
[pid 3734] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3734] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3734] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3734] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3734] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3734] close(3) = 0
[pid 3734] mkdir("./file0", 0777) = 0
[pid 3734] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3734] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3734] chdir("./file0") = 0
[pid 3734] ioctl(4, LOOP_CLR_FD) = 0
[pid 3734] close(4) = 0
[pid 3734] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3734] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3734] write(5, "13", 2) = 2
[ 92.153500][ T3734] loop0: detected capacity change from 0 to 64
[ 92.173575][ T3734] FAULT_INJECTION: forcing a failure.
[ 92.173575][ T3734] name failslab, interval 1, probability 0, space 0, times 0
[ 92.191343][ T3734] CPU: 0 PID: 3734 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 92.201788][ T3734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 92.211833][ T3734] Call Trace:
[ 92.215098][ T3734]
[ 92.218019][ T3734] dump_stack_lvl+0x1b1/0x28e
[ 92.222691][ T3734] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 92.228137][ T3734] ? panic+0x710/0x710
[ 92.232192][ T3734] ? __might_sleep+0xc0/0xc0
[ 92.236765][ T3734] ? __mutex_lock_common+0x45f/0x26e0
[ 92.242132][ T3734] should_fail_ex+0x395/0x4c0
[ 92.246799][ T3734] ? hfs_find_init+0x8b/0x1e0
[ 92.251466][ T3734] should_failslab+0x5/0x20
[ 92.255958][ T3734] __kmem_cache_alloc_node+0x69/0x310
[ 92.261318][ T3734] ? rcu_lock_release+0x5/0x20
[ 92.266070][ T3734] ? hfs_find_init+0x8b/0x1e0
[ 92.270735][ T3734] __kmalloc+0x9e/0x1a0
[ 92.274879][ T3734] hfs_find_init+0x8b/0x1e0
[ 92.279370][ T3734] hfs_extend_file+0x2f8/0x1420
[ 92.284208][ T3734] ? xas_find+0x937/0xa60
[ 92.288531][ T3734] ? hfs_get_block+0xbb0/0xbb0
[ 92.293354][ T3734] ? filemap_get_folios+0x557/0x830
[ 92.298549][ T3734] ? find_lock_entries+0xf60/0xf60
[ 92.303650][ T3734] ? trace_writeback_dirty_inode+0xdf/0x2b0
[ 92.309539][ T3734] hfs_get_block+0x3fc/0xbb0
[ 92.314220][ T3734] ? hfs_free_extents+0x420/0x420
[ 92.319229][ T3734] ? do_raw_spin_unlock+0x134/0x8a0
[ 92.324418][ T3734] ? create_page_buffers+0x244/0x4b0
[ 92.329706][ T3734] __block_write_begin_int+0x54c/0x1a80
[ 92.335281][ T3734] ? hfs_free_extents+0x420/0x420
[ 92.340290][ T3734] ? page_zero_new_buffers+0x940/0x940
[ 92.345737][ T3734] ? PageHeadHuge+0x8a/0x1d0
[ 92.350317][ T3734] ? hfs_free_extents+0x420/0x420
[ 92.355324][ T3734] block_write_begin+0x93/0x1e0
[ 92.360162][ T3734] ? cont_write_begin+0x5e5/0x860
[ 92.365171][ T3734] ? hfs_free_extents+0x420/0x420
[ 92.370268][ T3734] cont_write_begin+0x606/0x860
[ 92.375115][ T3734] ? fault_in_readable+0x1d5/0x310
[ 92.380301][ T3734] ? generic_cont_expand_simple+0x250/0x250
[ 92.386182][ T3734] ? fault_in_readable+0x219/0x310
[ 92.391368][ T3734] ? fault_in_safe_writeable+0x240/0x240
[ 92.397062][ T3734] hfs_write_begin+0x86/0xd0
[ 92.401659][ T3734] ? hfs_free_extents+0x420/0x420
[ 92.406699][ T3734] generic_perform_write+0x2e4/0x5e0
[ 92.411987][ T3734] ? __block_commit_write+0x420/0x420
[ 92.417705][ T3734] ? generic_file_direct_write+0x610/0x610
[ 92.423502][ T3734] ? __file_remove_privs+0x6c0/0x6c0
[ 92.428797][ T3734] ? generic_write_checks+0x15c/0x1c0
[ 92.434181][ T3734] __generic_file_write_iter+0x176/0x400
[ 92.439834][ T3734] generic_file_write_iter+0xab/0x310
[ 92.445208][ T3734] vfs_write+0x7dc/0xc50
[ 92.449448][ T3734] ? file_end_write+0x230/0x230
[ 92.454286][ T3734] ? ptrace_stop+0x74d/0x970
[ 92.458873][ T3734] ? _raw_spin_unlock_irq+0x2a/0x40
[ 92.464064][ T3734] ? __fdget_pos+0x252/0x2e0
[ 92.468643][ T3734] ksys_write+0x177/0x2a0
[ 92.472964][ T3734] ? __ia32_sys_read+0x80/0x80
[ 92.477714][ T3734] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 92.483685][ T3734] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 92.489652][ T3734] do_syscall_64+0x3d/0xb0
[ 92.494055][ T3734] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 92.500021][ T3734] RIP: 0033:0x7f0fa5191c89
[ 92.504425][ T3734] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 92.524025][ T3734] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 92.532428][ T3734] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 92.540386][ T3734] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid 3734] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3734] exit_group(0) = ?
[pid 3734] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3734, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./93", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./93/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./93/binderfs") = 0
umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./93/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./93/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./93/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./93") = 0
mkdir("./94", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3735
./strace-static-x86_64: Process 3735 attached
[pid 3735] chdir("./94") = 0
[pid 3735] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3735] setpgid(0, 0) = 0
[pid 3735] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3735] write(3, "1000", 4) = 4
[pid 3735] close(3) = 0
[pid 3735] symlink("/dev/binderfs", "./binderfs") = 0
[ 92.548340][ T3734] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 92.556295][ T3734] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 92.564252][ T3734] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000005d
[ 92.572223][ T3734]
[pid 3735] memfd_create("syzkaller", 0) = 3
[pid 3735] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3735] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3735] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3735] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3735] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3735] close(3) = 0
[pid 3735] mkdir("./file0", 0777) = 0
[pid 3735] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3735] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3735] chdir("./file0") = 0
[pid 3735] ioctl(4, LOOP_CLR_FD) = 0
[pid 3735] close(4) = 0
[pid 3735] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3735] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3735] write(5, "13", 2) = 2
[ 92.621269][ T3735] loop0: detected capacity change from 0 to 64
[ 92.639974][ T3735] FAULT_INJECTION: forcing a failure.
[ 92.639974][ T3735] name failslab, interval 1, probability 0, space 0, times 0
[ 92.653306][ T3735] CPU: 0 PID: 3735 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 92.663740][ T3735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 92.673781][ T3735] Call Trace:
[ 92.677046][ T3735]
[ 92.679965][ T3735] dump_stack_lvl+0x1b1/0x28e
[ 92.684637][ T3735] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 92.690081][ T3735] ? panic+0x710/0x710
[ 92.694137][ T3735] ? __might_sleep+0xc0/0xc0
[ 92.698709][ T3735] ? __mutex_lock_common+0x45f/0x26e0
[ 92.704073][ T3735] should_fail_ex+0x395/0x4c0
[ 92.708740][ T3735] ? hfs_find_init+0x8b/0x1e0
[ 92.713407][ T3735] should_failslab+0x5/0x20
[ 92.717898][ T3735] __kmem_cache_alloc_node+0x69/0x310
[ 92.723256][ T3735] ? rcu_lock_release+0x5/0x20
[ 92.728011][ T3735] ? hfs_find_init+0x8b/0x1e0
[ 92.732677][ T3735] __kmalloc+0x9e/0x1a0
[ 92.736822][ T3735] hfs_find_init+0x8b/0x1e0
[ 92.741317][ T3735] hfs_extend_file+0x2f8/0x1420
[ 92.746156][ T3735] ? xas_find+0x937/0xa60
[ 92.750480][ T3735] ? hfs_get_block+0xbb0/0xbb0
[ 92.755247][ T3735] ? filemap_get_folios+0x557/0x830
[ 92.760435][ T3735] ? find_lock_entries+0xf60/0xf60
[ 92.765536][ T3735] ? trace_writeback_dirty_inode+0xdf/0x2b0
[ 92.771424][ T3735] hfs_get_block+0x3fc/0xbb0
[ 92.776012][ T3735] ? hfs_free_extents+0x420/0x420
[ 92.781019][ T3735] ? do_raw_spin_unlock+0x134/0x8a0
[ 92.786209][ T3735] ? create_page_buffers+0x244/0x4b0
[ 92.791488][ T3735] __block_write_begin_int+0x54c/0x1a80
[ 92.797036][ T3735] ? hfs_free_extents+0x420/0x420
[ 92.802047][ T3735] ? page_zero_new_buffers+0x940/0x940
[ 92.807494][ T3735] ? PageHeadHuge+0x8a/0x1d0
[ 92.812074][ T3735] ? hfs_free_extents+0x420/0x420
[ 92.817081][ T3735] block_write_begin+0x93/0x1e0
[ 92.821918][ T3735] ? cont_write_begin+0x5e5/0x860
[ 92.826937][ T3735] ? hfs_free_extents+0x420/0x420
[ 92.831945][ T3735] cont_write_begin+0x606/0x860
[ 92.836785][ T3735] ? fault_in_readable+0x1d5/0x310
[ 92.841885][ T3735] ? generic_cont_expand_simple+0x250/0x250
[ 92.847763][ T3735] ? fault_in_readable+0x219/0x310
[ 92.852862][ T3735] ? fault_in_safe_writeable+0x240/0x240
[ 92.858487][ T3735] hfs_write_begin+0x86/0xd0
[ 92.863061][ T3735] ? hfs_free_extents+0x420/0x420
[ 92.868076][ T3735] generic_perform_write+0x2e4/0x5e0
[ 92.873356][ T3735] ? __block_commit_write+0x420/0x420
[ 92.878718][ T3735] ? generic_file_direct_write+0x610/0x610
[ 92.884513][ T3735] ? __file_remove_privs+0x6c0/0x6c0
[ 92.889785][ T3735] ? generic_write_checks+0x15c/0x1c0
[ 92.895147][ T3735] __generic_file_write_iter+0x176/0x400
[ 92.900779][ T3735] generic_file_write_iter+0xab/0x310
[ 92.906143][ T3735] vfs_write+0x7dc/0xc50
[ 92.910383][ T3735] ? file_end_write+0x230/0x230
[ 92.915219][ T3735] ? ptrace_stop+0x74d/0x970
[ 92.919805][ T3735] ? _raw_spin_unlock_irq+0x2a/0x40
[ 92.924993][ T3735] ? __fdget_pos+0x252/0x2e0
[ 92.929579][ T3735] ksys_write+0x177/0x2a0
[ 92.933905][ T3735] ? __ia32_sys_read+0x80/0x80
[ 92.938658][ T3735] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 92.944634][ T3735] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 92.950603][ T3735] do_syscall_64+0x3d/0xb0
[ 92.955003][ T3735] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 92.960886][ T3735] RIP: 0033:0x7f0fa5191c89
[ 92.965384][ T3735] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 92.984971][ T3735] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 92.993383][ T3735] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 93.001361][ T3735] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 93.009320][ T3735] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid 3735] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3735] exit_group(0) = ?
[pid 3735] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3735, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./94", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./94/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./94/binderfs") = 0
umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./94/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./94/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./94/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./94") = 0
mkdir("./95", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3737
./strace-static-x86_64: Process 3737 attached
[pid 3737] chdir("./95") = 0
[pid 3737] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3737] setpgid(0, 0) = 0
[pid 3737] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3737] write(3, "1000", 4) = 4
[pid 3737] close(3) = 0
[pid 3737] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3737] memfd_create("syzkaller", 0) = 3
[pid 3737] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3737] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3737] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3737] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 93.017279][ T3735] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 93.025235][ T3735] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000005e
[ 93.033204][ T3735]
[pid 3737] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3737] close(3) = 0
[pid 3737] mkdir("./file0", 0777) = 0
[pid 3737] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3737] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3737] chdir("./file0") = 0
[pid 3737] ioctl(4, LOOP_CLR_FD) = 0
[pid 3737] close(4) = 0
[pid 3737] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3737] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3737] write(5, "13", 2) = 2
[ 93.069596][ T3737] loop0: detected capacity change from 0 to 64
[ 93.073017][ T3640] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 93.095636][ T3737] FAULT_INJECTION: forcing a failure.
[ 93.095636][ T3737] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 93.109000][ T3737] CPU: 0 PID: 3737 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 93.119425][ T3737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 93.129562][ T3737] Call Trace:
[ 93.132855][ T3737]
[ 93.135779][ T3737] dump_stack_lvl+0x1b1/0x28e
[ 93.140459][ T3737] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 93.145917][ T3737] ? panic+0x710/0x710
[ 93.150000][ T3737] ? do_anonymous_page+0xd4a/0x1150
[ 93.155208][ T3737] ? mark_lock+0x9a/0x350
[ 93.159529][ T3737] should_fail_ex+0x395/0x4c0
[ 93.164213][ T3737] prepare_alloc_pages+0x1d7/0x5a0
[ 93.169357][ T3737] __alloc_pages+0x161/0x560
[ 93.173975][ T3737] ? zone_statistics+0x160/0x160
[ 93.179032][ T3737] ? rcu_lock_release+0x5/0x20
[ 93.183819][ T3737] ? alloc_pages+0x520/0x7b0
[ 93.188429][ T3737] ? xas_descend+0x1f3/0x400
[ 93.193035][ T3737] folio_alloc+0x1a/0x50
[ 93.197284][ T3737] filemap_alloc_folio+0x7e/0x1c0
[ 93.202313][ T3737] __filemap_get_folio+0x898/0x1260
[ 93.207521][ T3737] ? page_cache_prev_miss+0x4e0/0x4e0
[ 93.212896][ T3737] ? lockdep_hardirqs_on_prepare+0x428/0x790
[ 93.218874][ T3737] ? print_irqtrace_events+0x220/0x220
[ 93.224332][ T3737] pagecache_get_page+0x28/0x260
[ 93.229305][ T3737] ? hfs_free_extents+0x420/0x420
[ 93.234501][ T3737] block_write_begin+0x2e/0x1e0
[ 93.239353][ T3737] ? cont_write_begin+0x5e5/0x860
[ 93.244387][ T3737] ? hfs_free_extents+0x420/0x420
[ 93.249413][ T3737] cont_write_begin+0x606/0x860
[ 93.254269][ T3737] ? fault_in_readable+0x1d5/0x310
[ 93.259470][ T3737] ? generic_cont_expand_simple+0x250/0x250
[ 93.265450][ T3737] ? fault_in_readable+0x219/0x310
[ 93.270567][ T3737] ? fault_in_safe_writeable+0x240/0x240
[ 93.276216][ T3737] hfs_write_begin+0x86/0xd0
[ 93.280804][ T3737] ? hfs_free_extents+0x420/0x420
[ 93.285848][ T3737] generic_perform_write+0x2e4/0x5e0
[ 93.291141][ T3737] ? __block_commit_write+0x420/0x420
[ 93.296538][ T3737] ? generic_file_direct_write+0x610/0x610
[ 93.302366][ T3737] ? __file_remove_privs+0x6c0/0x6c0
[ 93.307661][ T3737] ? generic_write_checks+0x15c/0x1c0
[ 93.313046][ T3737] __generic_file_write_iter+0x176/0x400
[ 93.318688][ T3737] generic_file_write_iter+0xab/0x310
[ 93.324063][ T3737] vfs_write+0x7dc/0xc50
[ 93.328315][ T3737] ? file_end_write+0x230/0x230
[ 93.333163][ T3737] ? ptrace_stop+0x74d/0x970
[ 93.338109][ T3737] ? _raw_spin_unlock_irq+0x2a/0x40
[ 93.343312][ T3737] ? __fdget_pos+0x252/0x2e0
[ 93.347906][ T3737] ksys_write+0x177/0x2a0
[ 93.352243][ T3737] ? __ia32_sys_read+0x80/0x80
[ 93.357080][ T3737] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 93.363087][ T3737] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 93.369081][ T3737] do_syscall_64+0x3d/0xb0
[ 93.373501][ T3737] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 93.379394][ T3737] RIP: 0033:0x7f0fa5191c89
[ 93.383901][ T3737] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 93.403600][ T3737] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 93.412011][ T3737] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[pid 3737] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3737] exit_group(0) = ?
[pid 3737] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3737, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./95", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./95/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./95/binderfs") = 0
umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./95/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./95/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./95/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./95") = 0
mkdir("./96", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3738
./strace-static-x86_64: Process 3738 attached
[pid 3738] chdir("./96") = 0
[pid 3738] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3738] setpgid(0, 0) = 0
[pid 3738] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3738] write(3, "1000", 4) = 4
[pid 3738] close(3) = 0
[pid 3738] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3738] memfd_create("syzkaller", 0) = 3
[pid 3738] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3738] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3738] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3738] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 93.419977][ T3737] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 93.427946][ T3737] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 93.435914][ T3737] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 93.443881][ T3737] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000005f
[ 93.451861][ T3737]
[pid 3738] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3738] close(3) = 0
[pid 3738] mkdir("./file0", 0777) = 0
[pid 3738] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3738] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3738] chdir("./file0") = 0
[pid 3738] ioctl(4, LOOP_CLR_FD) = 0
[pid 3738] close(4) = 0
[pid 3738] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3738] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3738] write(5, "13", 2) = 2
[ 93.500233][ T3738] loop0: detected capacity change from 0 to 64
[ 93.526697][ T3738] FAULT_INJECTION: forcing a failure.
[ 93.526697][ T3738] name failslab, interval 1, probability 0, space 0, times 0
[ 93.540431][ T3738] CPU: 0 PID: 3738 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 93.550957][ T3738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 93.561106][ T3738] Call Trace:
[ 93.564381][ T3738]
[ 93.567303][ T3738] dump_stack_lvl+0x1b1/0x28e
[ 93.571983][ T3738] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 93.577433][ T3738] ? panic+0x710/0x710
[ 93.581505][ T3738] ? __might_sleep+0xc0/0xc0
[ 93.586084][ T3738] ? __mutex_lock_common+0x45f/0x26e0
[ 93.591454][ T3738] should_fail_ex+0x395/0x4c0
[ 93.596140][ T3738] ? hfs_find_init+0x8b/0x1e0
[ 93.600839][ T3738] should_failslab+0x5/0x20
[ 93.605343][ T3738] __kmem_cache_alloc_node+0x69/0x310
[ 93.610706][ T3738] ? rcu_lock_release+0x5/0x20
[ 93.615471][ T3738] ? hfs_find_init+0x8b/0x1e0
[ 93.620161][ T3738] __kmalloc+0x9e/0x1a0
[ 93.624343][ T3738] hfs_find_init+0x8b/0x1e0
[ 93.628864][ T3738] hfs_extend_file+0x2f8/0x1420
[ 93.633702][ T3738] ? xas_find+0x937/0xa60
[ 93.638051][ T3738] ? hfs_get_block+0xbb0/0xbb0
[ 93.642821][ T3738] ? filemap_get_folios+0x557/0x830
[ 93.648013][ T3738] ? find_lock_entries+0xf60/0xf60
[ 93.653125][ T3738] ? trace_writeback_dirty_inode+0xdf/0x2b0
[ 93.659039][ T3738] hfs_get_block+0x3fc/0xbb0
[ 93.663629][ T3738] ? hfs_free_extents+0x420/0x420
[ 93.668639][ T3738] ? do_raw_spin_unlock+0x134/0x8a0
[ 93.673851][ T3738] ? create_page_buffers+0x244/0x4b0
[ 93.679149][ T3738] __block_write_begin_int+0x54c/0x1a80
[ 93.684701][ T3738] ? hfs_free_extents+0x420/0x420
[ 93.689717][ T3738] ? page_zero_new_buffers+0x940/0x940
[ 93.695168][ T3738] ? PageHeadHuge+0x8a/0x1d0
[ 93.699753][ T3738] ? hfs_free_extents+0x420/0x420
[ 93.704773][ T3738] block_write_begin+0x93/0x1e0
[ 93.709627][ T3738] ? cont_write_begin+0x5e5/0x860
[ 93.714662][ T3738] ? hfs_free_extents+0x420/0x420
[ 93.719672][ T3738] cont_write_begin+0x606/0x860
[ 93.724523][ T3738] ? fault_in_readable+0x1d5/0x310
[ 93.729645][ T3738] ? generic_cont_expand_simple+0x250/0x250
[ 93.735539][ T3738] ? fault_in_readable+0x219/0x310
[ 93.740660][ T3738] ? fault_in_safe_writeable+0x240/0x240
[ 93.746378][ T3738] hfs_write_begin+0x86/0xd0
[ 93.750966][ T3738] ? hfs_free_extents+0x420/0x420
[ 93.755998][ T3738] generic_perform_write+0x2e4/0x5e0
[ 93.761282][ T3738] ? __block_commit_write+0x420/0x420
[ 93.766649][ T3738] ? generic_file_direct_write+0x610/0x610
[ 93.772459][ T3738] ? __file_remove_privs+0x6c0/0x6c0
[ 93.777760][ T3738] ? generic_write_checks+0x15c/0x1c0
[ 93.783135][ T3738] __generic_file_write_iter+0x176/0x400
[ 93.788865][ T3738] generic_file_write_iter+0xab/0x310
[ 93.794237][ T3738] vfs_write+0x7dc/0xc50
[ 93.798488][ T3738] ? file_end_write+0x230/0x230
[ 93.803356][ T3738] ? ptrace_stop+0x74d/0x970
[ 93.807956][ T3738] ? _raw_spin_unlock_irq+0x2a/0x40
[ 93.813156][ T3738] ? __fdget_pos+0x252/0x2e0
[ 93.817770][ T3738] ksys_write+0x177/0x2a0
[ 93.822099][ T3738] ? __ia32_sys_read+0x80/0x80
[ 93.826856][ T3738] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 93.832836][ T3738] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 93.838819][ T3738] do_syscall_64+0x3d/0xb0
[ 93.843246][ T3738] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 93.849128][ T3738] RIP: 0033:0x7f0fa5191c89
[ 93.853533][ T3738] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 93.873144][ T3738] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 93.881587][ T3738] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 93.889566][ T3738] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid 3738] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3738] exit_group(0) = ?
[pid 3738] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3738, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./96", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./96/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./96/binderfs") = 0
umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./96/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./96/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./96/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./96") = 0
mkdir("./97", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3739
./strace-static-x86_64: Process 3739 attached
[ 93.897535][ T3738] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 93.905496][ T3738] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 93.913457][ T3738] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000060
[ 93.921452][ T3738]
[pid 3739] chdir("./97") = 0
[pid 3739] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3739] setpgid(0, 0) = 0
[pid 3739] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3739] write(3, "1000", 4) = 4
[pid 3739] close(3) = 0
[pid 3739] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3739] memfd_create("syzkaller", 0) = 3
[pid 3739] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3739] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3739] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3739] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3739] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3739] close(3) = 0
[pid 3739] mkdir("./file0", 0777) = 0
[pid 3739] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3739] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3739] chdir("./file0") = 0
[pid 3739] ioctl(4, LOOP_CLR_FD) = 0
[pid 3739] close(4) = 0
[pid 3739] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3739] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3739] write(5, "13", 2) = 2
[pid 3739] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 3739] exit_group(0) = ?
[pid 3739] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3739, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./97", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./97/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./97/binderfs") = 0
umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./97/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./97/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
[ 93.985818][ T3739] loop0: detected capacity change from 0 to 64
rmdir("./97/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./97") = 0
mkdir("./98", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3740 attached
[pid 3740] chdir("./98") = 0
[pid 3740] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3740] setpgid(0, 0) = 0
[pid 3740] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3740] write(3, "1000", 4) = 4
[pid 3740] close(3
[pid 3638] <... clone resumed>, child_tidptr=0x555555b7f5d0) = 3740
[pid 3740] <... close resumed>) = 0
[pid 3740] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3740] memfd_create("syzkaller", 0) = 3
[pid 3740] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3740] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3740] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3740] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3740] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3740] close(3) = 0
[pid 3740] mkdir("./file0", 0777) = 0
[pid 3740] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3740] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3740] chdir("./file0") = 0
[pid 3740] ioctl(4, LOOP_CLR_FD) = 0
[pid 3740] close(4) = 0
[pid 3740] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3740] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3740] write(5, "13", 2) = 2
[ 94.067582][ T3740] loop0: detected capacity change from 0 to 64
[ 94.091822][ T3740] FAULT_INJECTION: forcing a failure.
[ 94.091822][ T3740] name failslab, interval 1, probability 0, space 0, times 0
[ 94.104562][ T3740] CPU: 1 PID: 3740 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 94.114998][ T3740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 94.125048][ T3740] Call Trace:
[ 94.128321][ T3740]
[ 94.131242][ T3740] dump_stack_lvl+0x1b1/0x28e
[ 94.135928][ T3740] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 94.141406][ T3740] ? panic+0x710/0x710
[ 94.145487][ T3740] ? __might_sleep+0xc0/0xc0
[ 94.150076][ T3740] ? __mutex_lock_common+0x45f/0x26e0
[ 94.155480][ T3740] should_fail_ex+0x395/0x4c0
[ 94.160164][ T3740] ? hfs_find_init+0x8b/0x1e0
[ 94.164841][ T3740] should_failslab+0x5/0x20
[ 94.169337][ T3740] __kmem_cache_alloc_node+0x69/0x310
[ 94.174702][ T3740] ? rcu_lock_release+0x5/0x20
[ 94.179460][ T3740] ? hfs_find_init+0x8b/0x1e0
[ 94.184129][ T3740] __kmalloc+0x9e/0x1a0
[ 94.188279][ T3740] hfs_find_init+0x8b/0x1e0
[ 94.192776][ T3740] hfs_extend_file+0x2f8/0x1420
[ 94.197624][ T3740] ? xas_find+0x937/0xa60
[ 94.201990][ T3740] ? hfs_get_block+0xbb0/0xbb0
[ 94.206748][ T3740] ? filemap_get_folios+0x557/0x830
[ 94.211943][ T3740] ? find_lock_entries+0xf60/0xf60
[ 94.217062][ T3740] ? trace_writeback_dirty_inode+0xdf/0x2b0
[ 94.222972][ T3740] hfs_get_block+0x3fc/0xbb0
[ 94.227573][ T3740] ? hfs_free_extents+0x420/0x420
[ 94.232590][ T3740] ? do_raw_spin_unlock+0x134/0x8a0
[ 94.237801][ T3740] ? create_page_buffers+0x244/0x4b0
[ 94.243115][ T3740] __block_write_begin_int+0x54c/0x1a80
[ 94.248719][ T3740] ? hfs_free_extents+0x420/0x420
[ 94.253757][ T3740] ? page_zero_new_buffers+0x940/0x940
[ 94.259211][ T3740] ? PageHeadHuge+0x8a/0x1d0
[ 94.263811][ T3740] ? hfs_free_extents+0x420/0x420
[ 94.268841][ T3740] block_write_begin+0x93/0x1e0
[ 94.273683][ T3740] ? cont_write_begin+0x5e5/0x860
[ 94.278701][ T3740] ? hfs_free_extents+0x420/0x420
[ 94.283717][ T3740] cont_write_begin+0x606/0x860
[ 94.288576][ T3740] ? fault_in_readable+0x1d5/0x310
[ 94.293703][ T3740] ? generic_cont_expand_simple+0x250/0x250
[ 94.299597][ T3740] ? fault_in_readable+0x219/0x310
[ 94.304723][ T3740] ? fault_in_safe_writeable+0x240/0x240
[ 94.310352][ T3740] hfs_write_begin+0x86/0xd0
[ 94.314946][ T3740] ? hfs_free_extents+0x420/0x420
[ 94.319972][ T3740] generic_perform_write+0x2e4/0x5e0
[ 94.325255][ T3740] ? __block_commit_write+0x420/0x420
[ 94.330623][ T3740] ? generic_file_direct_write+0x610/0x610
[ 94.336424][ T3740] ? __file_remove_privs+0x6c0/0x6c0
[ 94.341787][ T3740] ? generic_write_checks+0x15c/0x1c0
[ 94.347157][ T3740] __generic_file_write_iter+0x176/0x400
[ 94.352788][ T3740] generic_file_write_iter+0xab/0x310
[ 94.358156][ T3740] vfs_write+0x7dc/0xc50
[ 94.362395][ T3740] ? file_end_write+0x230/0x230
[ 94.367239][ T3740] ? ptrace_stop+0x74d/0x970
[ 94.371825][ T3740] ? _raw_spin_unlock_irq+0x2a/0x40
[ 94.377014][ T3740] ? __fdget_pos+0x252/0x2e0
[ 94.381599][ T3740] ksys_write+0x177/0x2a0
[ 94.385931][ T3740] ? __ia32_sys_read+0x80/0x80
[ 94.390702][ T3740] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 94.396700][ T3740] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 94.402678][ T3740] do_syscall_64+0x3d/0xb0
[ 94.407094][ T3740] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 94.412989][ T3740] RIP: 0033:0x7f0fa5191c89
[ 94.417429][ T3740] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 94.437130][ T3740] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 94.445548][ T3740] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 94.453527][ T3740] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 94.461523][ T3740] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid 3740] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3740] exit_group(0) = ?
[pid 3740] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3740, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./98", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./98/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./98/binderfs") = 0
umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./98/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./98/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./98/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./98") = 0
mkdir("./99", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 94.469488][ T3740] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 94.477455][ T3740] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000062
[ 94.485455][ T3740]
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3742
./strace-static-x86_64: Process 3742 attached
[pid 3742] chdir("./99") = 0
[pid 3742] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3742] setpgid(0, 0) = 0
[pid 3742] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3742] write(3, "1000", 4) = 4
[pid 3742] close(3) = 0
[pid 3742] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3742] memfd_create("syzkaller", 0) = 3
[pid 3742] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3742] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3742] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3742] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3742] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3742] close(3) = 0
[pid 3742] mkdir("./file0", 0777) = 0
[pid 3742] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3742] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3742] chdir("./file0") = 0
[pid 3742] ioctl(4, LOOP_CLR_FD) = 0
[pid 3742] close(4) = 0
[pid 3742] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3742] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3742] write(5, "13", 2) = 2
[ 94.547029][ T3742] loop0: detected capacity change from 0 to 64
[ 94.578691][ T3742] FAULT_INJECTION: forcing a failure.
[ 94.578691][ T3742] name failslab, interval 1, probability 0, space 0, times 0
[ 94.591776][ T3742] CPU: 0 PID: 3742 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 94.602227][ T3742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 94.612297][ T3742] Call Trace:
[ 94.615582][ T3742]
[ 94.618504][ T3742] dump_stack_lvl+0x1b1/0x28e
[ 94.623179][ T3742] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 94.628635][ T3742] ? panic+0x710/0x710
[ 94.632712][ T3742] ? __might_sleep+0xc0/0xc0
[ 94.637303][ T3742] ? __mutex_lock_common+0x45f/0x26e0
[ 94.642670][ T3742] should_fail_ex+0x395/0x4c0
[ 94.647351][ T3742] ? hfs_find_init+0x8b/0x1e0
[ 94.652022][ T3742] should_failslab+0x5/0x20
[ 94.656616][ T3742] __kmem_cache_alloc_node+0x69/0x310
[ 94.662002][ T3742] ? hfs_find_init+0x8b/0x1e0
[ 94.666679][ T3742] __kmalloc+0x9e/0x1a0
[ 94.670859][ T3742] hfs_find_init+0x8b/0x1e0
[ 94.675375][ T3742] hfs_extend_file+0x2f8/0x1420
[ 94.680220][ T3742] ? hfs_get_block+0xbb0/0xbb0
[ 94.684990][ T3742] ? lru_cache_disable+0x30/0x30
[ 94.690022][ T3742] ? __might_sleep+0xc0/0xc0
[ 94.694611][ T3742] hfs_get_block+0x3fc/0xbb0
[ 94.699214][ T3742] ? hfs_free_extents+0x420/0x420
[ 94.704245][ T3742] ? do_raw_spin_unlock+0x134/0x8a0
[ 94.709456][ T3742] ? create_page_buffers+0x244/0x4b0
[ 94.714847][ T3742] __block_write_begin_int+0x54c/0x1a80
[ 94.720402][ T3742] ? hfs_free_extents+0x420/0x420
[ 94.729669][ T3742] ? page_zero_new_buffers+0x940/0x940
[ 94.735133][ T3742] ? PageHeadHuge+0x8a/0x1d0
[ 94.739733][ T3742] ? hfs_free_extents+0x420/0x420
[ 94.744748][ T3742] block_write_begin+0x93/0x1e0
[ 94.749607][ T3742] ? cont_write_begin+0x5e5/0x860
[ 94.754622][ T3742] ? hfs_free_extents+0x420/0x420
[ 94.759640][ T3742] cont_write_begin+0x606/0x860
[ 94.764494][ T3742] ? fault_in_readable+0x1d5/0x310
[ 94.769630][ T3742] ? generic_cont_expand_simple+0x250/0x250
[ 94.775550][ T3742] ? fault_in_readable+0x219/0x310
[ 94.780675][ T3742] ? fault_in_safe_writeable+0x240/0x240
[ 94.786304][ T3742] hfs_write_begin+0x86/0xd0
[ 94.790890][ T3742] ? hfs_free_extents+0x420/0x420
[ 94.795929][ T3742] generic_perform_write+0x2e4/0x5e0
[ 94.801221][ T3742] ? __block_commit_write+0x420/0x420
[ 94.806595][ T3742] ? generic_file_direct_write+0x610/0x610
[ 94.812417][ T3742] ? __file_remove_privs+0x6c0/0x6c0
[ 94.817716][ T3742] ? generic_write_checks+0x15c/0x1c0
[ 94.823083][ T3742] __generic_file_write_iter+0x176/0x400
[ 94.828720][ T3742] generic_file_write_iter+0xab/0x310
[ 94.834258][ T3742] vfs_write+0x7dc/0xc50
[ 94.838498][ T3742] ? file_end_write+0x230/0x230
[ 94.843340][ T3742] ? ptrace_stop+0x74d/0x970
[ 94.847939][ T3742] ? _raw_spin_unlock_irq+0x2a/0x40
[ 94.853158][ T3742] ? __fdget_pos+0x252/0x2e0
[ 94.857751][ T3742] ksys_write+0x177/0x2a0
[ 94.862082][ T3742] ? __ia32_sys_read+0x80/0x80
[ 94.866930][ T3742] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 94.872917][ T3742] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 94.878897][ T3742] do_syscall_64+0x3d/0xb0
[ 94.883311][ T3742] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 94.889198][ T3742] RIP: 0033:0x7f0fa5191c89
[ 94.893868][ T3742] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 94.913552][ T3742] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 94.921962][ T3742] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 94.929933][ T3742] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 94.937992][ T3742] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid 3742] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3742] exit_group(0) = ?
[pid 3742] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3742, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./99", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./99/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./99/binderfs") = 0
umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./99/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./99/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./99/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./99") = 0
mkdir("./100", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 94.945965][ T3742] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 94.953932][ T3742] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000063
[ 94.961916][ T3742]
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3745
./strace-static-x86_64: Process 3745 attached
[pid 3745] chdir("./100") = 0
[pid 3745] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3745] setpgid(0, 0) = 0
[pid 3745] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3745] write(3, "1000", 4) = 4
[pid 3745] close(3) = 0
[pid 3745] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3745] memfd_create("syzkaller", 0) = 3
[pid 3745] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3745] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3745] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3745] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3745] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3745] close(3) = 0
[pid 3745] mkdir("./file0", 0777) = 0
[pid 3745] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3745] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3745] chdir("./file0") = 0
[pid 3745] ioctl(4, LOOP_CLR_FD) = 0
[pid 3745] close(4) = 0
[pid 3745] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3745] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3745] write(5, "13", 2) = 2
[ 95.031206][ T3745] loop0: detected capacity change from 0 to 64
[ 95.048098][ T3745] FAULT_INJECTION: forcing a failure.
[ 95.048098][ T3745] name failslab, interval 1, probability 0, space 0, times 0
[ 95.067141][ T3745] CPU: 0 PID: 3745 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 95.077753][ T3745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 95.087793][ T3745] Call Trace:
[ 95.091060][ T3745]
[ 95.093979][ T3745] dump_stack_lvl+0x1b1/0x28e
[ 95.098649][ T3745] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 95.104094][ T3745] ? panic+0x710/0x710
[ 95.108164][ T3745] ? __might_sleep+0xc0/0xc0
[ 95.112743][ T3745] ? __mutex_lock_common+0x45f/0x26e0
[ 95.118108][ T3745] should_fail_ex+0x395/0x4c0
[ 95.122771][ T3745] ? hfs_find_init+0x8b/0x1e0
[ 95.127432][ T3745] should_failslab+0x5/0x20
[ 95.131924][ T3745] __kmem_cache_alloc_node+0x69/0x310
[ 95.137301][ T3745] ? rcu_lock_release+0x5/0x20
[ 95.142140][ T3745] ? hfs_find_init+0x8b/0x1e0
[ 95.146802][ T3745] __kmalloc+0x9e/0x1a0
[ 95.150953][ T3745] hfs_find_init+0x8b/0x1e0
[ 95.155535][ T3745] hfs_extend_file+0x2f8/0x1420
[ 95.160371][ T3745] ? xas_find+0x937/0xa60
[ 95.164960][ T3745] ? hfs_get_block+0xbb0/0xbb0
[ 95.169720][ T3745] ? filemap_get_folios+0x557/0x830
[ 95.174910][ T3745] ? find_lock_entries+0xf60/0xf60
[ 95.180021][ T3745] ? trace_writeback_dirty_inode+0xdf/0x2b0
[ 95.185911][ T3745] hfs_get_block+0x3fc/0xbb0
[ 95.190503][ T3745] ? hfs_free_extents+0x420/0x420
[ 95.195511][ T3745] ? do_raw_spin_unlock+0x134/0x8a0
[ 95.200720][ T3745] ? create_page_buffers+0x244/0x4b0
[ 95.206021][ T3745] __block_write_begin_int+0x54c/0x1a80
[ 95.211573][ T3745] ? hfs_free_extents+0x420/0x420
[ 95.216577][ T3745] ? page_zero_new_buffers+0x940/0x940
[ 95.222020][ T3745] ? PageHeadHuge+0x8a/0x1d0
[ 95.226596][ T3745] ? hfs_free_extents+0x420/0x420
[ 95.231602][ T3745] block_write_begin+0x93/0x1e0
[ 95.236437][ T3745] ? cont_write_begin+0x5e5/0x860
[ 95.241454][ T3745] ? hfs_free_extents+0x420/0x420
[ 95.246462][ T3745] cont_write_begin+0x606/0x860
[ 95.251390][ T3745] ? fault_in_readable+0x1d5/0x310
[ 95.256491][ T3745] ? generic_cont_expand_simple+0x250/0x250
[ 95.262368][ T3745] ? fault_in_readable+0x219/0x310
[ 95.267483][ T3745] ? fault_in_safe_writeable+0x240/0x240
[ 95.273122][ T3745] hfs_write_begin+0x86/0xd0
[ 95.277704][ T3745] ? hfs_free_extents+0x420/0x420
[ 95.282716][ T3745] generic_perform_write+0x2e4/0x5e0
[ 95.287989][ T3745] ? __block_commit_write+0x420/0x420
[ 95.293347][ T3745] ? generic_file_direct_write+0x610/0x610
[ 95.299137][ T3745] ? __file_remove_privs+0x6c0/0x6c0
[ 95.304404][ T3745] ? generic_write_checks+0x15c/0x1c0
[ 95.309769][ T3745] __generic_file_write_iter+0x176/0x400
[ 95.315391][ T3745] generic_file_write_iter+0xab/0x310
[ 95.320748][ T3745] vfs_write+0x7dc/0xc50
[ 95.324981][ T3745] ? file_end_write+0x230/0x230
[ 95.329923][ T3745] ? ptrace_stop+0x74d/0x970
[ 95.334508][ T3745] ? _raw_spin_unlock_irq+0x2a/0x40
[ 95.339693][ T3745] ? __fdget_pos+0x252/0x2e0
[ 95.344269][ T3745] ksys_write+0x177/0x2a0
[ 95.348587][ T3745] ? __ia32_sys_read+0x80/0x80
[ 95.353335][ T3745] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 95.359300][ T3745] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 95.365266][ T3745] do_syscall_64+0x3d/0xb0
[ 95.369671][ T3745] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 95.375548][ T3745] RIP: 0033:0x7f0fa5191c89
[ 95.379947][ T3745] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 95.399706][ T3745] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 95.408104][ T3745] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 95.416059][ T3745] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 95.424013][ T3745] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid 3745] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3745] exit_group(0) = ?
[pid 3745] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3745, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./100", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./100/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./100/binderfs") = 0
umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./100/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./100/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./100/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./100") = 0
mkdir("./101", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3747
[ 95.431968][ T3745] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 95.439918][ T3745] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000064
[ 95.447881][ T3745]
./strace-static-x86_64: Process 3747 attached
[pid 3747] chdir("./101") = 0
[pid 3747] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3747] setpgid(0, 0) = 0
[pid 3747] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3747] write(3, "1000", 4) = 4
[pid 3747] close(3) = 0
[pid 3747] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3747] memfd_create("syzkaller", 0) = 3
[pid 3747] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3747] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3747] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3747] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3747] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3747] close(3) = 0
[pid 3747] mkdir("./file0", 0777) = 0
[pid 3747] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3747] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3747] chdir("./file0") = 0
[pid 3747] ioctl(4, LOOP_CLR_FD) = 0
[pid 3747] close(4) = 0
[pid 3747] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3747] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3747] write(5, "13", 2) = 2
[ 95.506483][ T3747] loop0: detected capacity change from 0 to 64
[ 95.532843][ T3747] FAULT_INJECTION: forcing a failure.
[ 95.532843][ T3747] name failslab, interval 1, probability 0, space 0, times 0
[ 95.546035][ T3747] CPU: 0 PID: 3747 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 95.556446][ T3747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 95.566491][ T3747] Call Trace:
[ 95.569757][ T3747]
[ 95.572675][ T3747] dump_stack_lvl+0x1b1/0x28e
[ 95.577429][ T3747] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 95.582965][ T3747] ? panic+0x710/0x710
[ 95.587107][ T3747] ? __might_sleep+0xc0/0xc0
[ 95.591678][ T3747] ? __mutex_lock_common+0x45f/0x26e0
[ 95.597127][ T3747] should_fail_ex+0x395/0x4c0
[ 95.601797][ T3747] ? hfs_find_init+0x8b/0x1e0
[ 95.606463][ T3747] should_failslab+0x5/0x20
[ 95.610953][ T3747] __kmem_cache_alloc_node+0x69/0x310
[ 95.616312][ T3747] ? hfs_find_init+0x8b/0x1e0
[ 95.620973][ T3747] __kmalloc+0x9e/0x1a0
[ 95.625117][ T3747] hfs_find_init+0x8b/0x1e0
[ 95.629608][ T3747] hfs_extend_file+0x2f8/0x1420
[ 95.634449][ T3747] ? hfs_get_block+0xbb0/0xbb0
[ 95.639199][ T3747] ? lru_cache_disable+0x30/0x30
[ 95.644208][ T3747] ? __might_sleep+0xc0/0xc0
[ 95.648795][ T3747] hfs_get_block+0x3fc/0xbb0
[ 95.653378][ T3747] ? hfs_free_extents+0x420/0x420
[ 95.658397][ T3747] ? do_raw_spin_unlock+0x134/0x8a0
[ 95.663594][ T3747] ? create_page_buffers+0x244/0x4b0
[ 95.668956][ T3747] __block_write_begin_int+0x54c/0x1a80
[ 95.674503][ T3747] ? hfs_free_extents+0x420/0x420
[ 95.679598][ T3747] ? page_zero_new_buffers+0x940/0x940
[ 95.685042][ T3747] ? PageHeadHuge+0x8a/0x1d0
[ 95.689619][ T3747] ? hfs_free_extents+0x420/0x420
[ 95.694623][ T3747] block_write_begin+0x93/0x1e0
[ 95.699457][ T3747] ? cont_write_begin+0x5e5/0x860
[ 95.704468][ T3747] ? hfs_free_extents+0x420/0x420
[ 95.709476][ T3747] cont_write_begin+0x606/0x860
[ 95.714318][ T3747] ? fault_in_readable+0x1d5/0x310
[ 95.719417][ T3747] ? generic_cont_expand_simple+0x250/0x250
[ 95.725297][ T3747] ? fault_in_readable+0x219/0x310
[ 95.730391][ T3747] ? fault_in_safe_writeable+0x240/0x240
[ 95.736014][ T3747] hfs_write_begin+0x86/0xd0
[ 95.740587][ T3747] ? hfs_free_extents+0x420/0x420
[ 95.745599][ T3747] generic_perform_write+0x2e4/0x5e0
[ 95.750883][ T3747] ? __block_commit_write+0x420/0x420
[ 95.756257][ T3747] ? generic_file_direct_write+0x610/0x610
[ 95.762048][ T3747] ? __file_remove_privs+0x6c0/0x6c0
[ 95.767316][ T3747] ? generic_write_checks+0x15c/0x1c0
[ 95.772676][ T3747] __generic_file_write_iter+0x176/0x400
[ 95.778301][ T3747] generic_file_write_iter+0xab/0x310
[ 95.783658][ T3747] vfs_write+0x7dc/0xc50
[ 95.787893][ T3747] ? file_end_write+0x230/0x230
[ 95.792726][ T3747] ? ptrace_stop+0x74d/0x970
[ 95.797307][ T3747] ? _raw_spin_unlock_irq+0x2a/0x40
[ 95.802495][ T3747] ? __fdget_pos+0x252/0x2e0
[ 95.807071][ T3747] ksys_write+0x177/0x2a0
[ 95.811391][ T3747] ? __ia32_sys_read+0x80/0x80
[ 95.816139][ T3747] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 95.822104][ T3747] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 95.828070][ T3747] do_syscall_64+0x3d/0xb0
[ 95.832468][ T3747] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 95.838351][ T3747] RIP: 0033:0x7f0fa5191c89
[ 95.842750][ T3747] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 95.862347][ T3747] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 95.870773][ T3747] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 95.878728][ T3747] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 95.886683][ T3747] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 95.894635][ T3747] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid 3747] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3747] exit_group(0) = ?
[pid 3747] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3747, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./101", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./101/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./101/binderfs") = 0
umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./101/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./101/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./101/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./101") = 0
mkdir("./102", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3748
./strace-static-x86_64: Process 3748 attached
[pid 3748] chdir("./102") = 0
[pid 3748] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3748] setpgid(0, 0) = 0
[pid 3748] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3748] write(3, "1000", 4) = 4
[pid 3748] close(3) = 0
[pid 3748] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3748] memfd_create("syzkaller", 0) = 3
[pid 3748] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3748] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3748] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3748] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 95.902598][ T3747] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000065
[ 95.910592][ T3747]
[pid 3748] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3748] close(3) = 0
[pid 3748] mkdir("./file0", 0777) = 0
[pid 3748] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3748] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3748] chdir("./file0") = 0
[pid 3748] ioctl(4, LOOP_CLR_FD) = 0
[pid 3748] close(4) = 0
[pid 3748] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3748] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3748] write(5, "13", 2) = 2
[ 95.956000][ T3748] loop0: detected capacity change from 0 to 64
[ 95.983697][ T3748] FAULT_INJECTION: forcing a failure.
[ 95.983697][ T3748] name failslab, interval 1, probability 0, space 0, times 0
[ 95.997773][ T3748] CPU: 0 PID: 3748 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 96.008207][ T3748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 96.018245][ T3748] Call Trace:
[ 96.021512][ T3748]
[ 96.024432][ T3748] dump_stack_lvl+0x1b1/0x28e
[ 96.029100][ T3748] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 96.034542][ T3748] ? panic+0x710/0x710
[ 96.038603][ T3748] ? __might_sleep+0xc0/0xc0
[ 96.043184][ T3748] ? __mutex_lock_common+0x45f/0x26e0
[ 96.049241][ T3748] should_fail_ex+0x395/0x4c0
[ 96.053922][ T3748] ? hfs_find_init+0x8b/0x1e0
[ 96.058599][ T3748] should_failslab+0x5/0x20
[ 96.063102][ T3748] __kmem_cache_alloc_node+0x69/0x310
[ 96.068469][ T3748] ? rcu_lock_release+0x5/0x20
[ 96.073234][ T3748] ? hfs_find_init+0x8b/0x1e0
[ 96.077912][ T3748] __kmalloc+0x9e/0x1a0
[ 96.082072][ T3748] hfs_find_init+0x8b/0x1e0
[ 96.086576][ T3748] hfs_extend_file+0x2f8/0x1420
[ 96.091421][ T3748] ? xas_find+0x937/0xa60
[ 96.095755][ T3748] ? hfs_get_block+0xbb0/0xbb0
[ 96.100517][ T3748] ? filemap_get_folios+0x557/0x830
[ 96.105715][ T3748] ? find_lock_entries+0xf60/0xf60
[ 96.110833][ T3748] ? trace_writeback_dirty_inode+0xdf/0x2b0
[ 96.116734][ T3748] hfs_get_block+0x3fc/0xbb0
[ 96.121335][ T3748] ? hfs_free_extents+0x420/0x420
[ 96.126379][ T3748] ? do_raw_spin_unlock+0x134/0x8a0
[ 96.131579][ T3748] ? create_page_buffers+0x244/0x4b0
[ 96.136865][ T3748] __block_write_begin_int+0x54c/0x1a80
[ 96.142425][ T3748] ? hfs_free_extents+0x420/0x420
[ 96.147443][ T3748] ? page_zero_new_buffers+0x940/0x940
[ 96.152903][ T3748] ? PageHeadHuge+0x8a/0x1d0
[ 96.157495][ T3748] ? hfs_free_extents+0x420/0x420
[ 96.162515][ T3748] block_write_begin+0x93/0x1e0
[ 96.167361][ T3748] ? cont_write_begin+0x5e5/0x860
[ 96.172383][ T3748] ? hfs_free_extents+0x420/0x420
[ 96.177403][ T3748] cont_write_begin+0x606/0x860
[ 96.182258][ T3748] ? fault_in_readable+0x1d5/0x310
[ 96.187373][ T3748] ? generic_cont_expand_simple+0x250/0x250
[ 96.193261][ T3748] ? fault_in_readable+0x219/0x310
[ 96.198371][ T3748] ? fault_in_safe_writeable+0x240/0x240
[ 96.204010][ T3748] hfs_write_begin+0x86/0xd0
[ 96.208590][ T3748] ? hfs_free_extents+0x420/0x420
[ 96.213610][ T3748] generic_perform_write+0x2e4/0x5e0
[ 96.218899][ T3748] ? __block_commit_write+0x420/0x420
[ 96.224358][ T3748] ? generic_file_direct_write+0x610/0x610
[ 96.230162][ T3748] ? __file_remove_privs+0x6c0/0x6c0
[ 96.235444][ T3748] ? generic_write_checks+0x15c/0x1c0
[ 96.240825][ T3748] __generic_file_write_iter+0x176/0x400
[ 96.246461][ T3748] generic_file_write_iter+0xab/0x310
[ 96.251830][ T3748] vfs_write+0x7dc/0xc50
[ 96.256599][ T3748] ? file_end_write+0x230/0x230
[ 96.261442][ T3748] ? ptrace_stop+0x74d/0x970
[ 96.266038][ T3748] ? _raw_spin_unlock_irq+0x2a/0x40
[ 96.271236][ T3748] ? __fdget_pos+0x252/0x2e0
[ 96.275830][ T3748] ksys_write+0x177/0x2a0
[ 96.280177][ T3748] ? __ia32_sys_read+0x80/0x80
[ 96.284942][ T3748] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 96.291009][ T3748] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 96.296985][ T3748] do_syscall_64+0x3d/0xb0
[ 96.301398][ T3748] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 96.307373][ T3748] RIP: 0033:0x7f0fa5191c89
[ 96.311782][ T3748] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 96.331646][ T3748] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 96.340055][ T3748] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 96.348022][ T3748] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid 3748] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3748] exit_group(0) = ?
[pid 3748] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3748, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./102", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./102/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./102/binderfs") = 0
umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./102/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./102/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./102/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./102") = 0
mkdir("./103", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3750
./strace-static-x86_64: Process 3750 attached
[ 96.356071][ T3748] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 96.364040][ T3748] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 96.372009][ T3748] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000066
[ 96.380004][ T3748]
[pid 3750] chdir("./103") = 0
[pid 3750] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3750] setpgid(0, 0) = 0
[pid 3750] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3750] write(3, "1000", 4) = 4
[pid 3750] close(3) = 0
[pid 3750] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3750] memfd_create("syzkaller", 0) = 3
[pid 3750] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3750] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3750] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3750] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3750] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3750] close(3) = 0
[pid 3750] mkdir("./file0", 0777) = 0
[pid 3750] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3750] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3750] chdir("./file0") = 0
[pid 3750] ioctl(4, LOOP_CLR_FD) = 0
[pid 3750] close(4) = 0
[pid 3750] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3750] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3750] write(5, "13", 2) = 2
[ 96.428514][ T3750] loop0: detected capacity change from 0 to 64
[ 96.429520][ T3640] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 96.471743][ T3750] FAULT_INJECTION: forcing a failure.
[ 96.471743][ T3750] name failslab, interval 1, probability 0, space 0, times 0
[ 96.484474][ T3750] CPU: 1 PID: 3750 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 96.494903][ T3750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 96.504981][ T3750] Call Trace:
[ 96.508260][ T3750]
[ 96.511185][ T3750] dump_stack_lvl+0x1b1/0x28e
[ 96.515870][ T3750] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 96.521321][ T3750] ? panic+0x710/0x710
[ 96.525389][ T3750] ? __might_sleep+0xc0/0xc0
[ 96.529972][ T3750] ? __mutex_lock_common+0x45f/0x26e0
[ 96.535349][ T3750] should_fail_ex+0x395/0x4c0
[ 96.540025][ T3750] ? hfs_find_init+0x8b/0x1e0
[ 96.544703][ T3750] should_failslab+0x5/0x20
[ 96.549202][ T3750] __kmem_cache_alloc_node+0x69/0x310
[ 96.554581][ T3750] ? hfs_find_init+0x8b/0x1e0
[ 96.559257][ T3750] __kmalloc+0x9e/0x1a0
[ 96.563417][ T3750] hfs_find_init+0x8b/0x1e0
[ 96.567921][ T3750] hfs_extend_file+0x2f8/0x1420
[ 96.572777][ T3750] ? hfs_get_block+0xbb0/0xbb0
[ 96.577539][ T3750] ? lru_cache_disable+0x30/0x30
[ 96.582472][ T3750] ? __might_sleep+0xc0/0xc0
[ 96.587074][ T3750] hfs_get_block+0x3fc/0xbb0
[ 96.591674][ T3750] ? hfs_free_extents+0x420/0x420
[ 96.596690][ T3750] ? do_raw_spin_unlock+0x134/0x8a0
[ 96.601892][ T3750] ? create_page_buffers+0x244/0x4b0
[ 96.607180][ T3750] __block_write_begin_int+0x54c/0x1a80
[ 96.612750][ T3750] ? hfs_free_extents+0x420/0x420
[ 96.617770][ T3750] ? page_zero_new_buffers+0x940/0x940
[ 96.623233][ T3750] ? PageHeadHuge+0x8a/0x1d0
[ 96.627824][ T3750] ? hfs_free_extents+0x420/0x420
[ 96.633015][ T3750] block_write_begin+0x93/0x1e0
[ 96.637864][ T3750] ? cont_write_begin+0x5e5/0x860
[ 96.642893][ T3750] ? hfs_free_extents+0x420/0x420
[ 96.647915][ T3750] cont_write_begin+0x606/0x860
[ 96.652767][ T3750] ? fault_in_readable+0x1d5/0x310
[ 96.657883][ T3750] ? generic_cont_expand_simple+0x250/0x250
[ 96.663773][ T3750] ? fault_in_readable+0x219/0x310
[ 96.668883][ T3750] ? fault_in_safe_writeable+0x240/0x240
[ 96.674526][ T3750] hfs_write_begin+0x86/0xd0
[ 96.679108][ T3750] ? hfs_free_extents+0x420/0x420
[ 96.684141][ T3750] generic_perform_write+0x2e4/0x5e0
[ 96.689430][ T3750] ? __block_commit_write+0x420/0x420
[ 96.694800][ T3750] ? generic_file_direct_write+0x610/0x610
[ 96.700602][ T3750] ? __file_remove_privs+0x6c0/0x6c0
[ 96.705885][ T3750] ? generic_write_checks+0x15c/0x1c0
[ 96.711287][ T3750] __generic_file_write_iter+0x176/0x400
[ 96.716921][ T3750] generic_file_write_iter+0xab/0x310
[ 96.722292][ T3750] vfs_write+0x7dc/0xc50
[ 96.726539][ T3750] ? file_end_write+0x230/0x230
[ 96.731393][ T3750] ? ptrace_stop+0x74d/0x970
[ 96.735987][ T3750] ? _raw_spin_unlock_irq+0x2a/0x40
[ 96.741188][ T3750] ? __fdget_pos+0x252/0x2e0
[ 96.745782][ T3750] ksys_write+0x177/0x2a0
[ 96.750114][ T3750] ? __ia32_sys_read+0x80/0x80
[ 96.754875][ T3750] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 96.760854][ T3750] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 96.766831][ T3750] do_syscall_64+0x3d/0xb0
[ 96.771243][ T3750] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 96.777131][ T3750] RIP: 0033:0x7f0fa5191c89
[ 96.781544][ T3750] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 96.801140][ T3750] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 96.809569][ T3750] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[pid 3750] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3750] exit_group(0) = ?
[pid 3750] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3750, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./103", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./103/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./103/binderfs") = 0
umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./103/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./103/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./103/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./103") = 0
mkdir("./104", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3751
./strace-static-x86_64: Process 3751 attached
[pid 3751] chdir("./104") = 0
[pid 3751] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3751] setpgid(0, 0) = 0
[pid 3751] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3751] write(3, "1000", 4) = 4
[pid 3751] close(3) = 0
[pid 3751] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3751] memfd_create("syzkaller", 0) = 3
[pid 3751] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3751] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3751] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3751] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 96.817532][ T3750] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 96.825497][ T3750] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 96.833461][ T3750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 96.841423][ T3750] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000067
[ 96.849402][ T3750]
[pid 3751] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3751] close(3) = 0
[pid 3751] mkdir("./file0", 0777) = 0
[pid 3751] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3751] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3751] chdir("./file0") = 0
[pid 3751] ioctl(4, LOOP_CLR_FD) = 0
[pid 3751] close(4) = 0
[pid 3751] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3751] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3751] write(5, "13", 2) = 2
[ 96.900349][ T3751] loop0: detected capacity change from 0 to 64
[ 96.926691][ T3751] FAULT_INJECTION: forcing a failure.
[ 96.926691][ T3751] name failslab, interval 1, probability 0, space 0, times 0
[ 96.939325][ T3751] CPU: 1 PID: 3751 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 96.949730][ T3751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 96.959778][ T3751] Call Trace:
[ 96.963062][ T3751]
[ 96.965987][ T3751] dump_stack_lvl+0x1b1/0x28e
[ 96.970673][ T3751] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 96.976129][ T3751] ? panic+0x710/0x710
[ 96.980199][ T3751] ? __might_sleep+0xc0/0xc0
[ 96.984782][ T3751] ? __mutex_lock_common+0x45f/0x26e0
[ 96.990157][ T3751] should_fail_ex+0x395/0x4c0
[ 96.994838][ T3751] ? hfs_find_init+0x8b/0x1e0
[ 96.999513][ T3751] should_failslab+0x5/0x20
[ 97.004013][ T3751] __kmem_cache_alloc_node+0x69/0x310
[ 97.009380][ T3751] ? rcu_lock_release+0x5/0x20
[ 97.014142][ T3751] ? hfs_find_init+0x8b/0x1e0
[ 97.018821][ T3751] __kmalloc+0x9e/0x1a0
[ 97.022985][ T3751] hfs_find_init+0x8b/0x1e0
[ 97.027490][ T3751] hfs_extend_file+0x2f8/0x1420
[ 97.032341][ T3751] ? xas_find+0x937/0xa60
[ 97.036681][ T3751] ? hfs_get_block+0xbb0/0xbb0
[ 97.041439][ T3751] ? filemap_get_folios+0x557/0x830
[ 97.046636][ T3751] ? find_lock_entries+0xf60/0xf60
[ 97.051758][ T3751] ? trace_writeback_dirty_inode+0xdf/0x2b0
[ 97.057656][ T3751] hfs_get_block+0x3fc/0xbb0
[ 97.062255][ T3751] ? hfs_free_extents+0x420/0x420
[ 97.067272][ T3751] ? do_raw_spin_unlock+0x134/0x8a0
[ 97.072475][ T3751] ? create_page_buffers+0x244/0x4b0
[ 97.077765][ T3751] __block_write_begin_int+0x54c/0x1a80
[ 97.083345][ T3751] ? hfs_free_extents+0x420/0x420
[ 97.088359][ T3751] ? page_zero_new_buffers+0x940/0x940
[ 97.093819][ T3751] ? PageHeadHuge+0x8a/0x1d0
[ 97.098410][ T3751] ? hfs_free_extents+0x420/0x420
[ 97.103426][ T3751] block_write_begin+0x93/0x1e0
[ 97.108794][ T3751] ? cont_write_begin+0x5e5/0x860
[ 97.113815][ T3751] ? hfs_free_extents+0x420/0x420
[ 97.118833][ T3751] cont_write_begin+0x606/0x860
[ 97.123687][ T3751] ? fault_in_readable+0x1d5/0x310
[ 97.128803][ T3751] ? generic_cont_expand_simple+0x250/0x250
[ 97.134708][ T3751] ? fault_in_readable+0x219/0x310
[ 97.139845][ T3751] ? fault_in_safe_writeable+0x240/0x240
[ 97.145522][ T3751] hfs_write_begin+0x86/0xd0
[ 97.150207][ T3751] ? hfs_free_extents+0x420/0x420
[ 97.155259][ T3751] generic_perform_write+0x2e4/0x5e0
[ 97.160561][ T3751] ? __block_commit_write+0x420/0x420
[ 97.165948][ T3751] ? generic_file_direct_write+0x610/0x610
[ 97.171771][ T3751] ? __file_remove_privs+0x6c0/0x6c0
[ 97.177064][ T3751] ? generic_write_checks+0x15c/0x1c0
[ 97.182450][ T3751] __generic_file_write_iter+0x176/0x400
[ 97.188098][ T3751] generic_file_write_iter+0xab/0x310
[ 97.193481][ T3751] vfs_write+0x7dc/0xc50
[ 97.197752][ T3751] ? file_end_write+0x230/0x230
[ 97.202619][ T3751] ? ptrace_stop+0x74d/0x970
[ 97.207231][ T3751] ? _raw_spin_unlock_irq+0x2a/0x40
[ 97.212434][ T3751] ? __fdget_pos+0x252/0x2e0
[ 97.217046][ T3751] ksys_write+0x177/0x2a0
[ 97.221384][ T3751] ? __ia32_sys_read+0x80/0x80
[ 97.226152][ T3751] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 97.232222][ T3751] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 97.238203][ T3751] do_syscall_64+0x3d/0xb0
[ 97.242614][ T3751] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 97.248508][ T3751] RIP: 0033:0x7f0fa5191c89
[ 97.252917][ T3751] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 97.272516][ T3751] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 97.280925][ T3751] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 97.291492][ T3751] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid 3751] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3751] exit_group(0) = ?
[pid 3751] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3751, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./104", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./104/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./104/binderfs") = 0
umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./104/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./104/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[ 97.299458][ T3751] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 97.307423][ T3751] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 97.315387][ T3751] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000068
[ 97.323369][ T3751]
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./104/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./104") = 0
mkdir("./105", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3752
./strace-static-x86_64: Process 3752 attached
[pid 3752] chdir("./105") = 0
[pid 3752] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3752] setpgid(0, 0) = 0
[pid 3752] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3752] write(3, "1000", 4) = 4
[pid 3752] close(3) = 0
[pid 3752] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3752] memfd_create("syzkaller", 0) = 3
[pid 3752] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3752] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3752] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3752] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3752] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3752] close(3) = 0
[pid 3752] mkdir("./file0", 0777) = 0
[pid 3752] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3752] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3752] chdir("./file0") = 0
[pid 3752] ioctl(4, LOOP_CLR_FD) = 0
[pid 3752] close(4) = 0
[pid 3752] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3752] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3752] write(5, "13", 2) = 2
[ 97.389030][ T3752] loop0: detected capacity change from 0 to 64
[ 97.409199][ T3752] FAULT_INJECTION: forcing a failure.
[ 97.409199][ T3752] name failslab, interval 1, probability 0, space 0, times 0
[ 97.422479][ T3752] CPU: 0 PID: 3752 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 97.432952][ T3752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 97.443001][ T3752] Call Trace:
[ 97.446270][ T3752]
[ 97.449196][ T3752] dump_stack_lvl+0x1b1/0x28e
[ 97.453882][ T3752] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 97.459354][ T3752] ? panic+0x710/0x710
[ 97.463416][ T3752] ? __might_sleep+0xc0/0xc0
[ 97.468001][ T3752] ? __mutex_lock_common+0x45f/0x26e0
[ 97.473389][ T3752] should_fail_ex+0x395/0x4c0
[ 97.478078][ T3752] ? hfs_find_init+0x8b/0x1e0
[ 97.482770][ T3752] should_failslab+0x5/0x20
[ 97.487276][ T3752] __kmem_cache_alloc_node+0x69/0x310
[ 97.492645][ T3752] ? rcu_lock_release+0x5/0x20
[ 97.497408][ T3752] ? hfs_find_init+0x8b/0x1e0
[ 97.502088][ T3752] __kmalloc+0x9e/0x1a0
[ 97.506252][ T3752] hfs_find_init+0x8b/0x1e0
[ 97.510756][ T3752] hfs_extend_file+0x2f8/0x1420
[ 97.515603][ T3752] ? xas_find+0x937/0xa60
[ 97.519940][ T3752] ? hfs_get_block+0xbb0/0xbb0
[ 97.524697][ T3752] ? filemap_get_folios+0x557/0x830
[ 97.529895][ T3752] ? find_lock_entries+0xf60/0xf60
[ 97.535007][ T3752] ? trace_writeback_dirty_inode+0xdf/0x2b0
[ 97.540912][ T3752] hfs_get_block+0x3fc/0xbb0
[ 97.545514][ T3752] ? hfs_free_extents+0x420/0x420
[ 97.550530][ T3752] ? do_raw_spin_unlock+0x134/0x8a0
[ 97.555732][ T3752] ? create_page_buffers+0x244/0x4b0
[ 97.561046][ T3752] __block_write_begin_int+0x54c/0x1a80
[ 97.566615][ T3752] ? hfs_free_extents+0x420/0x420
[ 97.571632][ T3752] ? page_zero_new_buffers+0x940/0x940
[ 97.577350][ T3752] ? PageHeadHuge+0x8a/0x1d0
[ 97.581941][ T3752] ? hfs_free_extents+0x420/0x420
[ 97.586967][ T3752] block_write_begin+0x93/0x1e0
[ 97.591812][ T3752] ? cont_write_begin+0x5e5/0x860
[ 97.596831][ T3752] ? hfs_free_extents+0x420/0x420
[ 97.601849][ T3752] cont_write_begin+0x606/0x860
[ 97.606701][ T3752] ? fault_in_readable+0x1d5/0x310
[ 97.611813][ T3752] ? generic_cont_expand_simple+0x250/0x250
[ 97.617700][ T3752] ? fault_in_readable+0x219/0x310
[ 97.622815][ T3752] ? fault_in_safe_writeable+0x240/0x240
[ 97.628456][ T3752] hfs_write_begin+0x86/0xd0
[ 97.633041][ T3752] ? hfs_free_extents+0x420/0x420
[ 97.638068][ T3752] generic_perform_write+0x2e4/0x5e0
[ 97.643357][ T3752] ? __block_commit_write+0x420/0x420
[ 97.648727][ T3752] ? generic_file_direct_write+0x610/0x610
[ 97.654532][ T3752] ? __file_remove_privs+0x6c0/0x6c0
[ 97.659814][ T3752] ? generic_write_checks+0x15c/0x1c0
[ 97.665190][ T3752] __generic_file_write_iter+0x176/0x400
[ 97.670831][ T3752] generic_file_write_iter+0xab/0x310
[ 97.676201][ T3752] vfs_write+0x7dc/0xc50
[ 97.680450][ T3752] ? file_end_write+0x230/0x230
[ 97.685293][ T3752] ? ptrace_stop+0x74d/0x970
[ 97.689889][ T3752] ? _raw_spin_unlock_irq+0x2a/0x40
[ 97.695086][ T3752] ? __fdget_pos+0x252/0x2e0
[ 97.699674][ T3752] ksys_write+0x177/0x2a0
[ 97.704004][ T3752] ? __ia32_sys_read+0x80/0x80
[ 97.708773][ T3752] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 97.714751][ T3752] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 97.720727][ T3752] do_syscall_64+0x3d/0xb0
[ 97.725138][ T3752] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 97.731026][ T3752] RIP: 0033:0x7f0fa5191c89
[ 97.735443][ T3752] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 97.755044][ T3752] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 97.763538][ T3752] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 97.771500][ T3752] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 97.779465][ T3752] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid 3752] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3752] exit_group(0) = ?
[pid 3752] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3752, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./105", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./105/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./105/binderfs") = 0
umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./105/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./105/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./105/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./105") = 0
mkdir("./106", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 97.787428][ T3752] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 97.795389][ T3752] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000069
[ 97.803368][ T3752]
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3753
./strace-static-x86_64: Process 3753 attached
[pid 3753] chdir("./106") = 0
[pid 3753] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3753] setpgid(0, 0) = 0
[pid 3753] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3753] write(3, "1000", 4) = 4
[pid 3753] close(3) = 0
[pid 3753] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3753] memfd_create("syzkaller", 0) = 3
[pid 3753] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3753] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3753] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3753] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3753] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3753] close(3) = 0
[pid 3753] mkdir("./file0", 0777) = 0
[pid 3753] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3753] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3753] chdir("./file0") = 0
[pid 3753] ioctl(4, LOOP_CLR_FD) = 0
[pid 3753] close(4) = 0
[pid 3753] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3753] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3753] write(5, "13", 2) = 2
[ 97.870491][ T3753] loop0: detected capacity change from 0 to 64
[ 97.895299][ T3753] FAULT_INJECTION: forcing a failure.
[ 97.895299][ T3753] name failslab, interval 1, probability 0, space 0, times 0
[ 97.908058][ T3753] CPU: 1 PID: 3753 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 97.918478][ T3753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 97.928526][ T3753] Call Trace:
[ 97.931805][ T3753]
[ 97.934738][ T3753] dump_stack_lvl+0x1b1/0x28e
[ 97.939496][ T3753] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 97.944945][ T3753] ? panic+0x710/0x710
[ 97.949010][ T3753] ? __might_sleep+0xc0/0xc0
[ 97.953594][ T3753] ? __mutex_lock_common+0x45f/0x26e0
[ 97.958980][ T3753] should_fail_ex+0x395/0x4c0
[ 97.963651][ T3753] ? hfs_find_init+0x8b/0x1e0
[ 97.968325][ T3753] should_failslab+0x5/0x20
[ 97.972817][ T3753] __kmem_cache_alloc_node+0x69/0x310
[ 97.978186][ T3753] ? hfs_find_init+0x8b/0x1e0
[ 97.982853][ T3753] __kmalloc+0x9e/0x1a0
[ 97.987006][ T3753] hfs_find_init+0x8b/0x1e0
[ 97.991502][ T3753] hfs_extend_file+0x2f8/0x1420
[ 97.996367][ T3753] ? hfs_get_block+0xbb0/0xbb0
[ 98.001139][ T3753] ? lru_cache_disable+0x30/0x30
[ 98.006073][ T3753] ? __might_sleep+0xc0/0xc0
[ 98.010684][ T3753] hfs_get_block+0x3fc/0xbb0
[ 98.015363][ T3753] ? hfs_free_extents+0x420/0x420
[ 98.020371][ T3753] ? do_raw_spin_unlock+0x134/0x8a0
[ 98.025562][ T3753] ? create_page_buffers+0x244/0x4b0
[ 98.030849][ T3753] __block_write_begin_int+0x54c/0x1a80
[ 98.036440][ T3753] ? hfs_free_extents+0x420/0x420
[ 98.041474][ T3753] ? page_zero_new_buffers+0x940/0x940
[ 98.046925][ T3753] ? PageHeadHuge+0x8a/0x1d0
[ 98.051522][ T3753] ? hfs_free_extents+0x420/0x420
[ 98.056548][ T3753] block_write_begin+0x93/0x1e0
[ 98.061395][ T3753] ? cont_write_begin+0x5e5/0x860
[ 98.066414][ T3753] ? hfs_free_extents+0x420/0x420
[ 98.071444][ T3753] cont_write_begin+0x606/0x860
[ 98.076308][ T3753] ? fault_in_readable+0x1d5/0x310
[ 98.081430][ T3753] ? generic_cont_expand_simple+0x250/0x250
[ 98.087329][ T3753] ? fault_in_readable+0x219/0x310
[ 98.092449][ T3753] ? fault_in_safe_writeable+0x240/0x240
[ 98.098075][ T3753] hfs_write_begin+0x86/0xd0
[ 98.102652][ T3753] ? hfs_free_extents+0x420/0x420
[ 98.107667][ T3753] generic_perform_write+0x2e4/0x5e0
[ 98.112947][ T3753] ? __block_commit_write+0x420/0x420
[ 98.118312][ T3753] ? generic_file_direct_write+0x610/0x610
[ 98.124111][ T3753] ? __file_remove_privs+0x6c0/0x6c0
[ 98.129382][ T3753] ? generic_write_checks+0x15c/0x1c0
[ 98.134750][ T3753] __generic_file_write_iter+0x176/0x400
[ 98.140377][ T3753] generic_file_write_iter+0xab/0x310
[ 98.145828][ T3753] vfs_write+0x7dc/0xc50
[ 98.150063][ T3753] ? file_end_write+0x230/0x230
[ 98.154908][ T3753] ? ptrace_stop+0x74d/0x970
[ 98.159503][ T3753] ? _raw_spin_unlock_irq+0x2a/0x40
[ 98.164713][ T3753] ? __fdget_pos+0x252/0x2e0
[ 98.169325][ T3753] ksys_write+0x177/0x2a0
[ 98.173660][ T3753] ? __ia32_sys_read+0x80/0x80
[ 98.178438][ T3753] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 98.184452][ T3753] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 98.190455][ T3753] do_syscall_64+0x3d/0xb0
[ 98.194865][ T3753] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 98.200751][ T3753] RIP: 0033:0x7f0fa5191c89
[ 98.205172][ T3753] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 98.224831][ T3753] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 98.233256][ T3753] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 98.241233][ T3753] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 98.249210][ T3753] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 98.257173][ T3753] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid 3753] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3753] exit_group(0) = ?
[pid 3753] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3753, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./106", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./106/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./106/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./106/binderfs") = 0
umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./106/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./106/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./106/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./106") = 0
mkdir("./107", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 98.265140][ T3753] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000006a
[ 98.273139][ T3753]
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3754 attached
, child_tidptr=0x555555b7f5d0) = 3754
[pid 3754] chdir("./107") = 0
[pid 3754] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3754] setpgid(0, 0) = 0
[pid 3754] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3754] write(3, "1000", 4) = 4
[pid 3754] close(3) = 0
[pid 3754] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3754] memfd_create("syzkaller", 0) = 3
[pid 3754] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3754] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3754] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3754] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3754] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3754] close(3) = 0
[pid 3754] mkdir("./file0", 0777) = 0
[pid 3754] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3754] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3754] chdir("./file0") = 0
[pid 3754] ioctl(4, LOOP_CLR_FD) = 0
[pid 3754] close(4) = 0
[pid 3754] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3754] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3754] write(5, "13", 2) = 2
[ 98.331755][ T3754] loop0: detected capacity change from 0 to 64
[ 98.363772][ T3754] FAULT_INJECTION: forcing a failure.
[ 98.363772][ T3754] name failslab, interval 1, probability 0, space 0, times 0
[ 98.376640][ T3754] CPU: 0 PID: 3754 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 98.388979][ T3754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 98.399038][ T3754] Call Trace:
[ 98.402311][ T3754]
[ 98.405295][ T3754] dump_stack_lvl+0x1b1/0x28e
[ 98.409965][ T3754] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 98.415425][ T3754] ? panic+0x710/0x710
[ 98.419522][ T3754] ? __might_sleep+0xc0/0xc0
[ 98.424118][ T3754] ? __mutex_lock_common+0x45f/0x26e0
[ 98.429490][ T3754] should_fail_ex+0x395/0x4c0
[ 98.434258][ T3754] ? hfs_find_init+0x8b/0x1e0
[ 98.438936][ T3754] should_failslab+0x5/0x20
[ 98.443446][ T3754] __kmem_cache_alloc_node+0x69/0x310
[ 98.448836][ T3754] ? hfs_find_init+0x8b/0x1e0
[ 98.453508][ T3754] __kmalloc+0x9e/0x1a0
[ 98.457797][ T3754] hfs_find_init+0x8b/0x1e0
[ 98.462372][ T3754] hfs_extend_file+0x2f8/0x1420
[ 98.467248][ T3754] ? hfs_get_block+0xbb0/0xbb0
[ 98.472025][ T3754] ? lru_cache_disable+0x30/0x30
[ 98.476964][ T3754] ? __might_sleep+0xc0/0xc0
[ 98.481580][ T3754] hfs_get_block+0x3fc/0xbb0
[ 98.486177][ T3754] ? hfs_free_extents+0x420/0x420
[ 98.491194][ T3754] ? do_raw_spin_unlock+0x134/0x8a0
[ 98.496467][ T3754] ? create_page_buffers+0x244/0x4b0
[ 98.501779][ T3754] __block_write_begin_int+0x54c/0x1a80
[ 98.507336][ T3754] ? hfs_free_extents+0x420/0x420
[ 98.512349][ T3754] ? page_zero_new_buffers+0x940/0x940
[ 98.517799][ T3754] ? PageHeadHuge+0x8a/0x1d0
[ 98.522404][ T3754] ? hfs_free_extents+0x420/0x420
[ 98.527435][ T3754] block_write_begin+0x93/0x1e0
[ 98.532281][ T3754] ? cont_write_begin+0x5e5/0x860
[ 98.537295][ T3754] ? hfs_free_extents+0x420/0x420
[ 98.542318][ T3754] cont_write_begin+0x606/0x860
[ 98.547185][ T3754] ? fault_in_readable+0x1d5/0x310
[ 98.552289][ T3754] ? generic_cont_expand_simple+0x250/0x250
[ 98.558172][ T3754] ? fault_in_readable+0x219/0x310
[ 98.563274][ T3754] ? fault_in_safe_writeable+0x240/0x240
[ 98.568900][ T3754] hfs_write_begin+0x86/0xd0
[ 98.573477][ T3754] ? hfs_free_extents+0x420/0x420
[ 98.578489][ T3754] generic_perform_write+0x2e4/0x5e0
[ 98.583774][ T3754] ? __block_commit_write+0x420/0x420
[ 98.589140][ T3754] ? generic_file_direct_write+0x610/0x610
[ 98.594960][ T3754] ? __file_remove_privs+0x6c0/0x6c0
[ 98.600235][ T3754] ? generic_write_checks+0x15c/0x1c0
[ 98.605608][ T3754] __generic_file_write_iter+0x176/0x400
[ 98.611240][ T3754] generic_file_write_iter+0xab/0x310
[ 98.616605][ T3754] vfs_write+0x7dc/0xc50
[ 98.620862][ T3754] ? file_end_write+0x230/0x230
[ 98.625713][ T3754] ? ptrace_stop+0x74d/0x970
[ 98.630322][ T3754] ? _raw_spin_unlock_irq+0x2a/0x40
[ 98.635541][ T3754] ? __fdget_pos+0x252/0x2e0
[ 98.640138][ T3754] ksys_write+0x177/0x2a0
[ 98.644479][ T3754] ? __ia32_sys_read+0x80/0x80
[ 98.649231][ T3754] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 98.655218][ T3754] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 98.661208][ T3754] do_syscall_64+0x3d/0xb0
[ 98.665627][ T3754] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 98.671514][ T3754] RIP: 0033:0x7f0fa5191c89
[ 98.675932][ T3754] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 98.695530][ T3754] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 98.703932][ T3754] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 98.711891][ T3754] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 98.719862][ T3754] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid 3754] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3754] exit_group(0) = ?
[pid 3754] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3754, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./107", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./107/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./107/binderfs") = 0
umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./107/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./107/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./107/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./107") = 0
mkdir("./108", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3755
./strace-static-x86_64: Process 3755 attached
[ 98.727836][ T3754] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 98.735810][ T3754] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000006b
[ 98.743783][ T3754]
[pid 3755] chdir("./108") = 0
[pid 3755] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3755] setpgid(0, 0) = 0
[pid 3755] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3755] write(3, "1000", 4) = 4
[pid 3755] close(3) = 0
[pid 3755] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3755] memfd_create("syzkaller", 0) = 3
[pid 3755] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3755] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3755] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3755] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3755] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3755] close(3) = 0
[pid 3755] mkdir("./file0", 0777) = 0
[pid 3755] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3755] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3755] chdir("./file0") = 0
[pid 3755] ioctl(4, LOOP_CLR_FD) = 0
[pid 3755] close(4) = 0
[pid 3755] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3755] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3755] write(5, "13", 2) = 2
[ 98.807475][ T3755] loop0: detected capacity change from 0 to 64
[ 98.837884][ T3755] FAULT_INJECTION: forcing a failure.
[ 98.837884][ T3755] name failslab, interval 1, probability 0, space 0, times 0
[ 98.850749][ T3755] CPU: 0 PID: 3755 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 98.861180][ T3755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 98.871224][ T3755] Call Trace:
[ 98.874503][ T3755]
[ 98.877427][ T3755] dump_stack_lvl+0x1b1/0x28e
[ 98.882102][ T3755] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 98.887728][ T3755] ? panic+0x710/0x710
[ 98.891804][ T3755] ? __might_sleep+0xc0/0xc0
[ 98.896386][ T3755] ? __mutex_lock_common+0x45f/0x26e0
[ 98.901853][ T3755] should_fail_ex+0x395/0x4c0
[ 98.906533][ T3755] ? hfs_find_init+0x8b/0x1e0
[ 98.911221][ T3755] should_failslab+0x5/0x20
[ 98.916242][ T3755] __kmem_cache_alloc_node+0x69/0x310
[ 98.921616][ T3755] ? hfs_find_init+0x8b/0x1e0
[ 98.926294][ T3755] __kmalloc+0x9e/0x1a0
[ 98.930450][ T3755] hfs_find_init+0x8b/0x1e0
[ 98.934954][ T3755] hfs_extend_file+0x2f8/0x1420
[ 98.939815][ T3755] ? hfs_get_block+0xbb0/0xbb0
[ 98.944580][ T3755] ? lru_cache_disable+0x30/0x30
[ 98.949517][ T3755] ? __might_sleep+0xc0/0xc0
[ 98.954122][ T3755] hfs_get_block+0x3fc/0xbb0
[ 98.958723][ T3755] ? hfs_free_extents+0x420/0x420
[ 98.963742][ T3755] ? do_raw_spin_unlock+0x134/0x8a0
[ 98.969036][ T3755] ? create_page_buffers+0x244/0x4b0
[ 98.974336][ T3755] __block_write_begin_int+0x54c/0x1a80
[ 98.979920][ T3755] ? hfs_free_extents+0x420/0x420
[ 98.984938][ T3755] ? page_zero_new_buffers+0x940/0x940
[ 98.990483][ T3755] ? PageHeadHuge+0x8a/0x1d0
[ 98.995071][ T3755] ? hfs_free_extents+0x420/0x420
[ 99.000091][ T3755] block_write_begin+0x93/0x1e0
[ 99.004940][ T3755] ? cont_write_begin+0x5e5/0x860
[ 99.009964][ T3755] ? hfs_free_extents+0x420/0x420
[ 99.014986][ T3755] cont_write_begin+0x606/0x860
[ 99.019872][ T3755] ? fault_in_readable+0x1d5/0x310
[ 99.025071][ T3755] ? generic_cont_expand_simple+0x250/0x250
[ 99.030965][ T3755] ? fault_in_readable+0x219/0x310
[ 99.036082][ T3755] ? fault_in_safe_writeable+0x240/0x240
[ 99.041722][ T3755] hfs_write_begin+0x86/0xd0
[ 99.046304][ T3755] ? hfs_free_extents+0x420/0x420
[ 99.051416][ T3755] generic_perform_write+0x2e4/0x5e0
[ 99.056911][ T3755] ? __block_commit_write+0x420/0x420
[ 99.062283][ T3755] ? generic_file_direct_write+0x610/0x610
[ 99.068090][ T3755] ? __file_remove_privs+0x6c0/0x6c0
[ 99.073376][ T3755] ? generic_write_checks+0x15c/0x1c0
[ 99.078758][ T3755] __generic_file_write_iter+0x176/0x400
[ 99.084397][ T3755] generic_file_write_iter+0xab/0x310
[ 99.089776][ T3755] vfs_write+0x7dc/0xc50
[ 99.094027][ T3755] ? file_end_write+0x230/0x230
[ 99.098871][ T3755] ? ptrace_stop+0x74d/0x970
[ 99.103469][ T3755] ? _raw_spin_unlock_irq+0x2a/0x40
[ 99.108669][ T3755] ? __fdget_pos+0x252/0x2e0
[ 99.113260][ T3755] ksys_write+0x177/0x2a0
[ 99.117593][ T3755] ? __ia32_sys_read+0x80/0x80
[ 99.122357][ T3755] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 99.128338][ T3755] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 99.134319][ T3755] do_syscall_64+0x3d/0xb0
[ 99.138731][ T3755] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 99.144619][ T3755] RIP: 0033:0x7f0fa5191c89
[ 99.149031][ T3755] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 99.168636][ T3755] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 99.177044][ T3755] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 99.185025][ T3755] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 99.193003][ T3755] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 99.200983][ T3755] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid 3755] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3755] exit_group(0) = ?
[pid 3755] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3755, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./108", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./108/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./108/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./108/binderfs") = 0
umount2("./108/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./108/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./108/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./108/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./108/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./108/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./108") = 0
mkdir("./109", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3756
./strace-static-x86_64: Process 3756 attached
[pid 3756] chdir("./109") = 0
[pid 3756] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3756] setpgid(0, 0) = 0
[pid 3756] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3756] write(3, "1000", 4) = 4
[pid 3756] close(3) = 0
[pid 3756] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3756] memfd_create("syzkaller", 0) = 3
[pid 3756] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[ 99.208957][ T3755] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000006c
[ 99.216957][ T3755]
[pid 3756] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3756] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3756] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3756] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3756] close(3) = 0
[pid 3756] mkdir("./file0", 0777) = 0
[pid 3756] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3756] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3756] chdir("./file0") = 0
[pid 3756] ioctl(4, LOOP_CLR_FD) = 0
[pid 3756] close(4) = 0
[pid 3756] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3756] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3756] write(5, "13", 2) = 2
[ 99.274033][ T3756] loop0: detected capacity change from 0 to 64
[ 99.306713][ T3756] FAULT_INJECTION: forcing a failure.
[ 99.306713][ T3756] name failslab, interval 1, probability 0, space 0, times 0
[ 99.320105][ T3756] CPU: 0 PID: 3756 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 99.330625][ T3756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 99.340693][ T3756] Call Trace:
[ 99.343963][ T3756]
[ 99.346887][ T3756] dump_stack_lvl+0x1b1/0x28e
[ 99.351556][ T3756] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 99.357006][ T3756] ? panic+0x710/0x710
[ 99.361076][ T3756] ? __might_sleep+0xc0/0xc0
[ 99.365670][ T3756] ? __mutex_lock_common+0x45f/0x26e0
[ 99.371037][ T3756] should_fail_ex+0x395/0x4c0
[ 99.375724][ T3756] ? hfs_find_init+0x8b/0x1e0
[ 99.380421][ T3756] should_failslab+0x5/0x20
[ 99.384938][ T3756] __kmem_cache_alloc_node+0x69/0x310
[ 99.390336][ T3756] ? hfs_find_init+0x8b/0x1e0
[ 99.395033][ T3756] __kmalloc+0x9e/0x1a0
[ 99.399185][ T3756] hfs_find_init+0x8b/0x1e0
[ 99.403685][ T3756] hfs_extend_file+0x2f8/0x1420
[ 99.408558][ T3756] ? hfs_get_block+0xbb0/0xbb0
[ 99.413419][ T3756] ? lru_cache_disable+0x30/0x30
[ 99.418360][ T3756] ? __might_sleep+0xc0/0xc0
[ 99.422958][ T3756] hfs_get_block+0x3fc/0xbb0
[ 99.427827][ T3756] ? hfs_free_extents+0x420/0x420
[ 99.432856][ T3756] ? do_raw_spin_unlock+0x134/0x8a0
[ 99.438058][ T3756] ? create_page_buffers+0x244/0x4b0
[ 99.443349][ T3756] __block_write_begin_int+0x54c/0x1a80
[ 99.448931][ T3756] ? hfs_free_extents+0x420/0x420
[ 99.454038][ T3756] ? page_zero_new_buffers+0x940/0x940
[ 99.459494][ T3756] ? PageHeadHuge+0x8a/0x1d0
[ 99.464093][ T3756] ? hfs_free_extents+0x420/0x420
[ 99.469124][ T3756] block_write_begin+0x93/0x1e0
[ 99.473982][ T3756] ? cont_write_begin+0x5e5/0x860
[ 99.479001][ T3756] ? hfs_free_extents+0x420/0x420
[ 99.484013][ T3756] cont_write_begin+0x606/0x860
[ 99.488873][ T3756] ? fault_in_readable+0x1d5/0x310
[ 99.494008][ T3756] ? generic_cont_expand_simple+0x250/0x250
[ 99.499903][ T3756] ? fault_in_readable+0x219/0x310
[ 99.505030][ T3756] ? fault_in_safe_writeable+0x240/0x240
[ 99.510743][ T3756] hfs_write_begin+0x86/0xd0
[ 99.515319][ T3756] ? hfs_free_extents+0x420/0x420
[ 99.520341][ T3756] generic_perform_write+0x2e4/0x5e0
[ 99.525629][ T3756] ? __block_commit_write+0x420/0x420
[ 99.530994][ T3756] ? generic_file_direct_write+0x610/0x610
[ 99.536802][ T3756] ? __file_remove_privs+0x6c0/0x6c0
[ 99.542167][ T3756] ? generic_write_checks+0x15c/0x1c0
[ 99.547533][ T3756] __generic_file_write_iter+0x176/0x400
[ 99.553160][ T3756] generic_file_write_iter+0xab/0x310
[ 99.558527][ T3756] vfs_write+0x7dc/0xc50
[ 99.562768][ T3756] ? file_end_write+0x230/0x230
[ 99.567604][ T3756] ? ptrace_stop+0x74d/0x970
[ 99.572186][ T3756] ? _raw_spin_unlock_irq+0x2a/0x40
[ 99.577379][ T3756] ? __fdget_pos+0x252/0x2e0
[ 99.581962][ T3756] ksys_write+0x177/0x2a0
[ 99.586283][ T3756] ? __ia32_sys_read+0x80/0x80
[ 99.591033][ T3756] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 99.597000][ T3756] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 99.602981][ T3756] do_syscall_64+0x3d/0xb0
[ 99.607405][ T3756] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 99.613285][ T3756] RIP: 0033:0x7f0fa5191c89
[ 99.617690][ T3756] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 99.637284][ T3756] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 99.645691][ T3756] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 99.653666][ T3756] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 99.661622][ T3756] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid 3756] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3756] exit_group(0) = ?
[pid 3756] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3756, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./109", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./109/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./109/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./109/binderfs") = 0
umount2("./109/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./109/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./109/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./109/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./109/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./109/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./109") = 0
mkdir("./110", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3757
./strace-static-x86_64: Process 3757 attached
[pid 3757] chdir("./110") = 0
[pid 3757] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3757] setpgid(0, 0) = 0
[pid 3757] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3757] write(3, "1000", 4) = 4
[pid 3757] close(3) = 0
[pid 3757] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3757] memfd_create("syzkaller", 0) = 3
[pid 3757] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3757] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3757] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3757] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 99.669582][ T3756] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 99.677545][ T3756] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000006d
[ 99.685546][ T3756]
[pid 3757] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3757] close(3) = 0
[pid 3757] mkdir("./file0", 0777) = 0
[pid 3757] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3757] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3757] chdir("./file0") = 0
[pid 3757] ioctl(4, LOOP_CLR_FD) = 0
[pid 3757] close(4) = 0
[pid 3757] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3757] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3757] write(5, "13", 2) = 2
[ 99.728685][ T3757] loop0: detected capacity change from 0 to 64
[ 99.732592][ T3640] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 99.756374][ T3757] FAULT_INJECTION: forcing a failure.
[ 99.756374][ T3757] name failslab, interval 1, probability 0, space 0, times 0
[ 99.769335][ T3757] CPU: 1 PID: 3757 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 99.779737][ T3757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 99.789778][ T3757] Call Trace:
[ 99.793045][ T3757]
[ 99.795960][ T3757] dump_stack_lvl+0x1b1/0x28e
[ 99.800644][ T3757] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 99.806102][ T3757] ? panic+0x710/0x710
[ 99.810182][ T3757] ? __might_sleep+0xc0/0xc0
[ 99.814762][ T3757] ? __mutex_lock_common+0x45f/0x26e0
[ 99.820136][ T3757] should_fail_ex+0x395/0x4c0
[ 99.824808][ T3757] ? hfs_find_init+0x8b/0x1e0
[ 99.829475][ T3757] should_failslab+0x5/0x20
[ 99.833967][ T3757] __kmem_cache_alloc_node+0x69/0x310
[ 99.839333][ T3757] ? hfs_find_init+0x8b/0x1e0
[ 99.843998][ T3757] __kmalloc+0x9e/0x1a0
[ 99.848146][ T3757] hfs_find_init+0x8b/0x1e0
[ 99.852638][ T3757] hfs_extend_file+0x2f8/0x1420
[ 99.857500][ T3757] ? hfs_get_block+0xbb0/0xbb0
[ 99.862261][ T3757] ? lru_cache_disable+0x30/0x30
[ 99.867201][ T3757] ? __might_sleep+0xc0/0xc0
[ 99.871796][ T3757] hfs_get_block+0x3fc/0xbb0
[ 99.876385][ T3757] ? hfs_free_extents+0x420/0x420
[ 99.881395][ T3757] ? do_raw_spin_unlock+0x134/0x8a0
[ 99.886586][ T3757] ? create_page_buffers+0x244/0x4b0
[ 99.891952][ T3757] __block_write_begin_int+0x54c/0x1a80
[ 99.897511][ T3757] ? hfs_free_extents+0x420/0x420
[ 99.902521][ T3757] ? page_zero_new_buffers+0x940/0x940
[ 99.907965][ T3757] ? PageHeadHuge+0x8a/0x1d0
[ 99.912543][ T3757] ? hfs_free_extents+0x420/0x420
[ 99.917553][ T3757] block_write_begin+0x93/0x1e0
[ 99.922387][ T3757] ? cont_write_begin+0x5e5/0x860
[ 99.927398][ T3757] ? hfs_free_extents+0x420/0x420
[ 99.932411][ T3757] cont_write_begin+0x606/0x860
[ 99.937254][ T3757] ? fault_in_readable+0x1d5/0x310
[ 99.942355][ T3757] ? generic_cont_expand_simple+0x250/0x250
[ 99.948238][ T3757] ? fault_in_readable+0x219/0x310
[ 99.953337][ T3757] ? fault_in_safe_writeable+0x240/0x240
[ 99.958961][ T3757] hfs_write_begin+0x86/0xd0
[ 99.963535][ T3757] ? hfs_free_extents+0x420/0x420
[ 99.968546][ T3757] generic_perform_write+0x2e4/0x5e0
[ 99.973828][ T3757] ? __block_commit_write+0x420/0x420
[ 99.979191][ T3757] ? generic_file_direct_write+0x610/0x610
[ 99.984980][ T3757] ? __file_remove_privs+0x6c0/0x6c0
[ 99.990252][ T3757] ? generic_write_checks+0x15c/0x1c0
[ 99.995613][ T3757] __generic_file_write_iter+0x176/0x400
[ 100.001234][ T3757] generic_file_write_iter+0xab/0x310
[ 100.006593][ T3757] vfs_write+0x7dc/0xc50
[ 100.010846][ T3757] ? file_end_write+0x230/0x230
[ 100.015697][ T3757] ? ptrace_stop+0x74d/0x970
[ 100.020279][ T3757] ? _raw_spin_unlock_irq+0x2a/0x40
[ 100.025467][ T3757] ? __fdget_pos+0x252/0x2e0
[ 100.030046][ T3757] ksys_write+0x177/0x2a0
[ 100.034366][ T3757] ? __ia32_sys_read+0x80/0x80
[ 100.039117][ T3757] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 100.045083][ T3757] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 100.051053][ T3757] do_syscall_64+0x3d/0xb0
[ 100.055459][ T3757] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 100.061348][ T3757] RIP: 0033:0x7f0fa5191c89
[ 100.065748][ T3757] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 100.085341][ T3757] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 100.093738][ T3757] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 100.101713][ T3757] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 100.109668][ T3757] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 100.117622][ T3757] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid 3757] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3757] exit_group(0) = ?
[pid 3757] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3757, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./110", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./110/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./110/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./110/binderfs") = 0
umount2("./110/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./110/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./110/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./110/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./110/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./110/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./110") = 0
mkdir("./111", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3758
./strace-static-x86_64: Process 3758 attached
[pid 3758] chdir("./111") = 0
[pid 3758] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3758] setpgid(0, 0) = 0
[pid 3758] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3758] write(3, "1000", 4) = 4
[pid 3758] close(3) = 0
[pid 3758] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3758] memfd_create("syzkaller", 0) = 3
[pid 3758] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3758] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3758] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3758] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 100.125574][ T3757] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000006e
[ 100.133540][ T3757]
[pid 3758] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3758] close(3) = 0
[pid 3758] mkdir("./file0", 0777) = 0
[pid 3758] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3758] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3758] chdir("./file0") = 0
[pid 3758] ioctl(4, LOOP_CLR_FD) = 0
[pid 3758] close(4) = 0
[pid 3758] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3758] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3758] write(5, "13", 2) = 2
[ 100.191078][ T3758] loop0: detected capacity change from 0 to 64
[ 100.214788][ T3758] FAULT_INJECTION: forcing a failure.
[ 100.214788][ T3758] name failslab, interval 1, probability 0, space 0, times 0
[ 100.227897][ T3758] CPU: 0 PID: 3758 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 100.238314][ T3758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 100.248459][ T3758] Call Trace:
[ 100.251739][ T3758]
[ 100.254659][ T3758] dump_stack_lvl+0x1b1/0x28e
[ 100.259341][ T3758] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 100.264817][ T3758] ? panic+0x710/0x710
[ 100.268906][ T3758] ? __might_sleep+0xc0/0xc0
[ 100.273500][ T3758] ? __mutex_lock_common+0x45f/0x26e0
[ 100.278866][ T3758] should_fail_ex+0x395/0x4c0
[ 100.283554][ T3758] ? hfs_find_init+0x8b/0x1e0
[ 100.288244][ T3758] should_failslab+0x5/0x20
[ 100.292753][ T3758] __kmem_cache_alloc_node+0x69/0x310
[ 100.298131][ T3758] ? hfs_find_init+0x8b/0x1e0
[ 100.302894][ T3758] __kmalloc+0x9e/0x1a0
[ 100.307055][ T3758] hfs_find_init+0x8b/0x1e0
[ 100.311561][ T3758] hfs_extend_file+0x2f8/0x1420
[ 100.316421][ T3758] ? hfs_get_block+0xbb0/0xbb0
[ 100.321181][ T3758] ? lru_cache_disable+0x30/0x30
[ 100.326117][ T3758] ? __might_sleep+0xc0/0xc0
[ 100.330721][ T3758] hfs_get_block+0x3fc/0xbb0
[ 100.335335][ T3758] ? hfs_free_extents+0x420/0x420
[ 100.340364][ T3758] ? do_raw_spin_unlock+0x134/0x8a0
[ 100.345592][ T3758] ? create_page_buffers+0x244/0x4b0
[ 100.350900][ T3758] __block_write_begin_int+0x54c/0x1a80
[ 100.356476][ T3758] ? hfs_free_extents+0x420/0x420
[ 100.361506][ T3758] ? page_zero_new_buffers+0x940/0x940
[ 100.366979][ T3758] ? PageHeadHuge+0x8a/0x1d0
[ 100.371582][ T3758] ? hfs_free_extents+0x420/0x420
[ 100.376615][ T3758] block_write_begin+0x93/0x1e0
[ 100.381469][ T3758] ? cont_write_begin+0x5e5/0x860
[ 100.386493][ T3758] ? hfs_free_extents+0x420/0x420
[ 100.391603][ T3758] cont_write_begin+0x606/0x860
[ 100.396547][ T3758] ? fault_in_readable+0x1d5/0x310
[ 100.401694][ T3758] ? generic_cont_expand_simple+0x250/0x250
[ 100.407593][ T3758] ? fault_in_readable+0x219/0x310
[ 100.412706][ T3758] ? fault_in_safe_writeable+0x240/0x240
[ 100.418380][ T3758] hfs_write_begin+0x86/0xd0
[ 100.423004][ T3758] ? hfs_free_extents+0x420/0x420
[ 100.428059][ T3758] generic_perform_write+0x2e4/0x5e0
[ 100.433370][ T3758] ? __block_commit_write+0x420/0x420
[ 100.438755][ T3758] ? generic_file_direct_write+0x610/0x610
[ 100.444565][ T3758] ? __file_remove_privs+0x6c0/0x6c0
[ 100.449848][ T3758] ? generic_write_checks+0x15c/0x1c0
[ 100.455227][ T3758] __generic_file_write_iter+0x176/0x400
[ 100.460861][ T3758] generic_file_write_iter+0xab/0x310
[ 100.466234][ T3758] vfs_write+0x7dc/0xc50
[ 100.470482][ T3758] ? file_end_write+0x230/0x230
[ 100.475347][ T3758] ? ptrace_stop+0x74d/0x970
[ 100.479946][ T3758] ? _raw_spin_unlock_irq+0x2a/0x40
[ 100.485160][ T3758] ? __fdget_pos+0x252/0x2e0
[ 100.489841][ T3758] ksys_write+0x177/0x2a0
[ 100.494169][ T3758] ? __ia32_sys_read+0x80/0x80
[ 100.499022][ T3758] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 100.505000][ T3758] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 100.510981][ T3758] do_syscall_64+0x3d/0xb0
[ 100.515393][ T3758] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 100.521278][ T3758] RIP: 0033:0x7f0fa5191c89
[ 100.525687][ T3758] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 100.545315][ T3758] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 100.553733][ T3758] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 100.561723][ T3758] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 100.569688][ T3758] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 100.577661][ T3758] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid 3758] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3758] exit_group(0) = ?
[pid 3758] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3758, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./111", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./111/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./111/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./111/binderfs") = 0
umount2("./111/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./111/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./111/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./111/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./111/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./111/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./111") = 0
mkdir("./112", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[ 100.585626][ T3758] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000006f
[ 100.593611][ T3758]
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3759 attached
, child_tidptr=0x555555b7f5d0) = 3759
[pid 3759] chdir("./112") = 0
[pid 3759] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3759] setpgid(0, 0) = 0
[pid 3759] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3759] write(3, "1000", 4) = 4
[pid 3759] close(3) = 0
[pid 3759] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3759] memfd_create("syzkaller", 0) = 3
[pid 3759] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3759] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3759] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3759] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3759] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3759] close(3) = 0
[pid 3759] mkdir("./file0", 0777) = 0
[pid 3759] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3759] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3759] chdir("./file0") = 0
[pid 3759] ioctl(4, LOOP_CLR_FD) = 0
[pid 3759] close(4) = 0
[pid 3759] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3759] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3759] write(5, "13", 2) = 2
[ 100.654044][ T3759] loop0: detected capacity change from 0 to 64
[ 100.675178][ T3759] FAULT_INJECTION: forcing a failure.
[ 100.675178][ T3759] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 100.688845][ T3759] CPU: 1 PID: 3759 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 100.699256][ T3759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 100.709298][ T3759] Call Trace:
[ 100.712567][ T3759]
[ 100.715494][ T3759] dump_stack_lvl+0x1b1/0x28e
[ 100.720174][ T3759] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 100.725630][ T3759] ? panic+0x710/0x710
[ 100.729727][ T3759] ? do_anonymous_page+0xd4a/0x1150
[ 100.734934][ T3759] ? mark_lock+0x9a/0x350
[ 100.739264][ T3759] should_fail_ex+0x395/0x4c0
[ 100.743947][ T3759] prepare_alloc_pages+0x1d7/0x5a0
[ 100.749067][ T3759] __alloc_pages+0x161/0x560
[ 100.753747][ T3759] ? zone_statistics+0x160/0x160
[ 100.758692][ T3759] ? rcu_lock_release+0x5/0x20
[ 100.763458][ T3759] ? alloc_pages+0x520/0x7b0
[ 100.768043][ T3759] ? xas_descend+0x1f3/0x400
[ 100.772633][ T3759] folio_alloc+0x1a/0x50
[ 100.776868][ T3759] filemap_alloc_folio+0x7e/0x1c0
[ 100.781890][ T3759] __filemap_get_folio+0x898/0x1260
[ 100.787174][ T3759] ? page_cache_prev_miss+0x4e0/0x4e0
[ 100.792549][ T3759] ? lockdep_hardirqs_on_prepare+0x428/0x790
[ 100.798541][ T3759] ? print_irqtrace_events+0x220/0x220
[ 100.804024][ T3759] pagecache_get_page+0x28/0x260
[ 100.808975][ T3759] ? hfs_free_extents+0x420/0x420
[ 100.814003][ T3759] block_write_begin+0x2e/0x1e0
[ 100.818865][ T3759] ? cont_write_begin+0x5e5/0x860
[ 100.823920][ T3759] ? hfs_free_extents+0x420/0x420
[ 100.828944][ T3759] cont_write_begin+0x606/0x860
[ 100.833803][ T3759] ? fault_in_readable+0x1d5/0x310
[ 100.838920][ T3759] ? generic_cont_expand_simple+0x250/0x250
[ 100.844813][ T3759] ? fault_in_readable+0x219/0x310
[ 100.849922][ T3759] ? fault_in_safe_writeable+0x240/0x240
[ 100.855559][ T3759] hfs_write_begin+0x86/0xd0
[ 100.860142][ T3759] ? hfs_free_extents+0x420/0x420
[ 100.865167][ T3759] generic_perform_write+0x2e4/0x5e0
[ 100.870458][ T3759] ? __block_commit_write+0x420/0x420
[ 100.875830][ T3759] ? generic_file_direct_write+0x610/0x610
[ 100.881632][ T3759] ? __file_remove_privs+0x6c0/0x6c0
[ 100.886915][ T3759] ? generic_write_checks+0x15c/0x1c0
[ 100.892293][ T3759] __generic_file_write_iter+0x176/0x400
[ 100.897929][ T3759] generic_file_write_iter+0xab/0x310
[ 100.903302][ T3759] vfs_write+0x7dc/0xc50
[ 100.907551][ T3759] ? file_end_write+0x230/0x230
[ 100.912394][ T3759] ? ptrace_stop+0x74d/0x970
[ 100.916987][ T3759] ? _raw_spin_unlock_irq+0x2a/0x40
[ 100.922187][ T3759] ? __fdget_pos+0x252/0x2e0
[ 100.926782][ T3759] ksys_write+0x177/0x2a0
[ 100.931115][ T3759] ? __ia32_sys_read+0x80/0x80
[ 100.935875][ T3759] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 100.941857][ T3759] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 100.947834][ T3759] do_syscall_64+0x3d/0xb0
[ 100.952247][ T3759] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 100.958133][ T3759] RIP: 0033:0x7f0fa5191c89
[ 100.962545][ T3759] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 100.982143][ T3759] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 100.990549][ T3759] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[pid 3759] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3759] exit_group(0) = ?
[pid 3759] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3759, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./112", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./112", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./112/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./112/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./112/binderfs") = 0
umount2("./112/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./112/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./112/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./112/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./112/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./112/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./112") = 0
mkdir("./113", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3760
./strace-static-x86_64: Process 3760 attached
[pid 3760] chdir("./113") = 0
[pid 3760] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3760] setpgid(0, 0) = 0
[pid 3760] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3760] write(3, "1000", 4) = 4
[pid 3760] close(3) = 0
[pid 3760] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3760] memfd_create("syzkaller", 0) = 3
[ 100.998513][ T3759] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 101.006477][ T3759] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 101.014441][ T3759] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 101.022403][ T3759] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000070
[ 101.030384][ T3759]
[pid 3760] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3760] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3760] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3760] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3760] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3760] close(3) = 0
[pid 3760] mkdir("./file0", 0777) = 0
[pid 3760] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3760] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3760] chdir("./file0") = 0
[pid 3760] ioctl(4, LOOP_CLR_FD) = 0
[pid 3760] close(4) = 0
[pid 3760] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3760] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3760] write(5, "13", 2) = 2
[ 101.095898][ T3760] loop0: detected capacity change from 0 to 64
[ 101.129573][ T3760] FAULT_INJECTION: forcing a failure.
[ 101.129573][ T3760] name failslab, interval 1, probability 0, space 0, times 0
[ 101.142348][ T3760] CPU: 0 PID: 3760 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 101.152770][ T3760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 101.162812][ T3760] Call Trace:
[ 101.166081][ T3760]
[ 101.168999][ T3760] dump_stack_lvl+0x1b1/0x28e
[ 101.173685][ T3760] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 101.179149][ T3760] ? panic+0x710/0x710
[ 101.183208][ T3760] ? __might_sleep+0xc0/0xc0
[ 101.187788][ T3760] ? __mutex_lock_common+0x45f/0x26e0
[ 101.193157][ T3760] should_fail_ex+0x395/0x4c0
[ 101.197830][ T3760] ? hfs_find_init+0x8b/0x1e0
[ 101.202530][ T3760] should_failslab+0x5/0x20
[ 101.207040][ T3760] __kmem_cache_alloc_node+0x69/0x310
[ 101.212416][ T3760] ? hfs_find_init+0x8b/0x1e0
[ 101.217102][ T3760] __kmalloc+0x9e/0x1a0
[ 101.221251][ T3760] hfs_find_init+0x8b/0x1e0
[ 101.225745][ T3760] hfs_extend_file+0x2f8/0x1420
[ 101.230592][ T3760] ? hfs_get_block+0xbb0/0xbb0
[ 101.235356][ T3760] ? lru_cache_disable+0x30/0x30
[ 101.240280][ T3760] ? __might_sleep+0xc0/0xc0
[ 101.244871][ T3760] hfs_get_block+0x3fc/0xbb0
[ 101.249456][ T3760] ? hfs_free_extents+0x420/0x420
[ 101.254474][ T3760] ? do_raw_spin_unlock+0x134/0x8a0
[ 101.259681][ T3760] ? create_page_buffers+0x244/0x4b0
[ 101.264970][ T3760] __block_write_begin_int+0x54c/0x1a80
[ 101.270536][ T3760] ? hfs_free_extents+0x420/0x420
[ 101.275553][ T3760] ? page_zero_new_buffers+0x940/0x940
[ 101.281008][ T3760] ? PageHeadHuge+0x8a/0x1d0
[ 101.285599][ T3760] ? hfs_free_extents+0x420/0x420
[ 101.290638][ T3760] block_write_begin+0x93/0x1e0
[ 101.295510][ T3760] ? cont_write_begin+0x5e5/0x860
[ 101.300562][ T3760] ? hfs_free_extents+0x420/0x420
[ 101.305599][ T3760] cont_write_begin+0x606/0x860
[ 101.310464][ T3760] ? fault_in_readable+0x1d5/0x310
[ 101.315583][ T3760] ? generic_cont_expand_simple+0x250/0x250
[ 101.321474][ T3760] ? fault_in_readable+0x219/0x310
[ 101.326582][ T3760] ? fault_in_safe_writeable+0x240/0x240
[ 101.332229][ T3760] hfs_write_begin+0x86/0xd0
[ 101.336821][ T3760] ? hfs_free_extents+0x420/0x420
[ 101.341845][ T3760] generic_perform_write+0x2e4/0x5e0
[ 101.347140][ T3760] ? __block_commit_write+0x420/0x420
[ 101.352512][ T3760] ? generic_file_direct_write+0x610/0x610
[ 101.358334][ T3760] ? __file_remove_privs+0x6c0/0x6c0
[ 101.363642][ T3760] ? generic_write_checks+0x15c/0x1c0
[ 101.369028][ T3760] __generic_file_write_iter+0x176/0x400
[ 101.374673][ T3760] generic_file_write_iter+0xab/0x310
[ 101.380053][ T3760] vfs_write+0x7dc/0xc50
[ 101.384312][ T3760] ? file_end_write+0x230/0x230
[ 101.389163][ T3760] ? ptrace_stop+0x74d/0x970
[ 101.393766][ T3760] ? _raw_spin_unlock_irq+0x2a/0x40
[ 101.398968][ T3760] ? __fdget_pos+0x252/0x2e0
[ 101.403569][ T3760] ksys_write+0x177/0x2a0
[ 101.407908][ T3760] ? __ia32_sys_read+0x80/0x80
[ 101.412676][ T3760] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 101.418654][ T3760] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 101.424637][ T3760] do_syscall_64+0x3d/0xb0
[ 101.429047][ T3760] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 101.434932][ T3760] RIP: 0033:0x7f0fa5191c89
[ 101.439340][ T3760] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 101.459198][ T3760] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 101.467609][ T3760] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 101.475599][ T3760] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 101.483572][ T3760] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid 3760] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3760] exit_group(0) = ?
[pid 3760] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3760, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./113", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./113", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./113/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./113/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./113/binderfs") = 0
umount2("./113/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./113/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./113/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./113/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./113/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./113/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./113") = 0
mkdir("./114", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3761
./strace-static-x86_64: Process 3761 attached
[pid 3761] chdir("./114") = 0
[pid 3761] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3761] setpgid(0, 0) = 0
[pid 3761] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3761] write(3, "1000", 4) = 4
[pid 3761] close(3) = 0
[pid 3761] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3761] memfd_create("syzkaller", 0) = 3
[pid 3761] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3761] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[ 101.491539][ T3760] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 101.499499][ T3760] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000071
[ 101.507477][ T3760]
[pid 3761] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3761] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3761] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3761] close(3) = 0
[pid 3761] mkdir("./file0", 0777) = 0
[pid 3761] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3761] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3761] chdir("./file0") = 0
[pid 3761] ioctl(4, LOOP_CLR_FD) = 0
[pid 3761] close(4) = 0
[pid 3761] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3761] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3761] write(5, "13", 2) = 2
[ 101.545332][ T3761] loop0: detected capacity change from 0 to 64
[ 101.546617][ T3640] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 101.582190][ T3761] FAULT_INJECTION: forcing a failure.
[ 101.582190][ T3761] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 101.595687][ T3761] CPU: 1 PID: 3761 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 101.606122][ T3761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 101.616201][ T3761] Call Trace:
[ 101.619486][ T3761]
[ 101.622407][ T3761] dump_stack_lvl+0x1b1/0x28e
[ 101.627082][ T3761] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 101.632531][ T3761] ? panic+0x710/0x710
[ 101.636604][ T3761] ? do_anonymous_page+0xd4a/0x1150
[ 101.641810][ T3761] ? mark_lock+0x9a/0x350
[ 101.646154][ T3761] should_fail_ex+0x395/0x4c0
[ 101.650840][ T3761] prepare_alloc_pages+0x1d7/0x5a0
[ 101.655973][ T3761] __alloc_pages+0x161/0x560
[ 101.660577][ T3761] ? zone_statistics+0x160/0x160
[ 101.665513][ T3761] ? rcu_lock_release+0x5/0x20
[ 101.670267][ T3761] ? alloc_pages+0x520/0x7b0
[ 101.674844][ T3761] ? xas_descend+0x1f3/0x400
[ 101.679424][ T3761] folio_alloc+0x1a/0x50
[ 101.683658][ T3761] filemap_alloc_folio+0x7e/0x1c0
[ 101.688696][ T3761] __filemap_get_folio+0x898/0x1260
[ 101.693907][ T3761] ? page_cache_prev_miss+0x4e0/0x4e0
[ 101.699290][ T3761] ? lockdep_hardirqs_on_prepare+0x428/0x790
[ 101.705280][ T3761] ? print_irqtrace_events+0x220/0x220
[ 101.710749][ T3761] pagecache_get_page+0x28/0x260
[ 101.715691][ T3761] ? hfs_free_extents+0x420/0x420
[ 101.720704][ T3761] block_write_begin+0x2e/0x1e0
[ 101.725550][ T3761] ? cont_write_begin+0x5e5/0x860
[ 101.730572][ T3761] ? hfs_free_extents+0x420/0x420
[ 101.735596][ T3761] cont_write_begin+0x606/0x860
[ 101.740458][ T3761] ? fault_in_readable+0x1d5/0x310
[ 101.745562][ T3761] ? generic_cont_expand_simple+0x250/0x250
[ 101.751445][ T3761] ? fault_in_readable+0x219/0x310
[ 101.756549][ T3761] ? fault_in_safe_writeable+0x240/0x240
[ 101.762189][ T3761] hfs_write_begin+0x86/0xd0
[ 101.766765][ T3761] ? hfs_free_extents+0x420/0x420
[ 101.771777][ T3761] generic_perform_write+0x2e4/0x5e0
[ 101.777058][ T3761] ? __block_commit_write+0x420/0x420
[ 101.782428][ T3761] ? generic_file_direct_write+0x610/0x610
[ 101.788237][ T3761] ? __file_remove_privs+0x6c0/0x6c0
[ 101.793510][ T3761] ? generic_write_checks+0x15c/0x1c0
[ 101.798889][ T3761] __generic_file_write_iter+0x176/0x400
[ 101.804538][ T3761] generic_file_write_iter+0xab/0x310
[ 101.809913][ T3761] vfs_write+0x7dc/0xc50
[ 101.814169][ T3761] ? file_end_write+0x230/0x230
[ 101.819006][ T3761] ? ptrace_stop+0x74d/0x970
[ 101.823606][ T3761] ? _raw_spin_unlock_irq+0x2a/0x40
[ 101.828822][ T3761] ? __fdget_pos+0x252/0x2e0
[ 101.833416][ T3761] ksys_write+0x177/0x2a0
[ 101.837827][ T3761] ? __ia32_sys_read+0x80/0x80
[ 101.842580][ T3761] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 101.848562][ T3761] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 101.854532][ T3761] do_syscall_64+0x3d/0xb0
[ 101.858942][ T3761] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 101.864841][ T3761] RIP: 0033:0x7f0fa5191c89
[ 101.869262][ T3761] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 101.888859][ T3761] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 3761] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3761] exit_group(0) = ?
[pid 3761] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3761, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./114", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./114", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./114/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./114/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./114/binderfs") = 0
umount2("./114/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./114/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./114/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./114/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./114/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./114/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./114") = 0
mkdir("./115", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 101.897268][ T3761] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 101.905232][ T3761] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 101.913197][ T3761] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 101.921165][ T3761] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 101.929141][ T3761] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000072
[ 101.937119][ T3761]
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3762
./strace-static-x86_64: Process 3762 attached
[pid 3762] chdir("./115") = 0
[pid 3762] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3762] setpgid(0, 0) = 0
[pid 3762] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3762] write(3, "1000", 4) = 4
[pid 3762] close(3) = 0
[pid 3762] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3762] memfd_create("syzkaller", 0) = 3
[pid 3762] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3762] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3762] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3762] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3762] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3762] close(3) = 0
[pid 3762] mkdir("./file0", 0777) = 0
[pid 3762] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3762] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3762] chdir("./file0") = 0
[pid 3762] ioctl(4, LOOP_CLR_FD) = 0
[pid 3762] close(4) = 0
[pid 3762] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3762] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3762] write(5, "13", 2) = 2
[ 101.993282][ T3762] loop0: detected capacity change from 0 to 64
[ 102.015695][ T3762] FAULT_INJECTION: forcing a failure.
[ 102.015695][ T3762] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 102.028793][ T3762] CPU: 1 PID: 3762 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 102.039195][ T3762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 102.049245][ T3762] Call Trace:
[ 102.052520][ T3762]
[ 102.055445][ T3762] dump_stack_lvl+0x1b1/0x28e
[ 102.060125][ T3762] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 102.065582][ T3762] ? panic+0x710/0x710
[ 102.069647][ T3762] ? hfs_free_extents+0x420/0x420
[ 102.074674][ T3762] ? PageHeadHuge+0x8a/0x1d0
[ 102.079273][ T3762] should_fail_ex+0x395/0x4c0
[ 102.083971][ T3762] copy_page_from_iter_atomic+0x217/0x1140
[ 102.089787][ T3762] ? generic_cont_expand_simple+0x250/0x250
[ 102.095691][ T3762] ? pipe_zero+0x200/0x200
[ 102.100118][ T3762] ? hfs_write_begin+0x86/0xd0
[ 102.104876][ T3762] ? hfs_free_extents+0x420/0x420
[ 102.109891][ T3762] ? hfs_write_begin+0x9e/0xd0
[ 102.114651][ T3762] generic_perform_write+0x35a/0x5e0
[ 102.119950][ T3762] ? __block_commit_write+0x420/0x420
[ 102.125321][ T3762] ? generic_file_direct_write+0x610/0x610
[ 102.131124][ T3762] ? __file_remove_privs+0x6c0/0x6c0
[ 102.136410][ T3762] ? generic_write_checks+0x15c/0x1c0
[ 102.141876][ T3762] __generic_file_write_iter+0x176/0x400
[ 102.147514][ T3762] generic_file_write_iter+0xab/0x310
[ 102.152888][ T3762] vfs_write+0x7dc/0xc50
[ 102.157138][ T3762] ? file_end_write+0x230/0x230
[ 102.161988][ T3762] ? ptrace_stop+0x74d/0x970
[ 102.166588][ T3762] ? _raw_spin_unlock_irq+0x2a/0x40
[ 102.171795][ T3762] ? __fdget_pos+0x252/0x2e0
[ 102.176391][ T3762] ksys_write+0x177/0x2a0
[ 102.180731][ T3762] ? __ia32_sys_read+0x80/0x80
[ 102.185496][ T3762] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 102.191582][ T3762] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 102.197580][ T3762] do_syscall_64+0x3d/0xb0
[ 102.202006][ T3762] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 102.207922][ T3762] RIP: 0033:0x7f0fa5191c89
[ 102.212357][ T3762] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 102.231986][ T3762] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 3762] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 3762] exit_group(0) = ?
[pid 3762] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3762, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./115", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./115", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./115/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./115/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./115/binderfs") = 0
umount2("./115/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./115/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./115/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./115/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./115/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./115/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./115") = 0
mkdir("./116", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3763 attached
, child_tidptr=0x555555b7f5d0) = 3763
[pid 3763] chdir("./116") = 0
[pid 3763] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3763] setpgid(0, 0) = 0
[ 102.240412][ T3762] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 102.248554][ T3762] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 102.256532][ T3762] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 102.264502][ T3762] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 102.272469][ T3762] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000073
[ 102.280448][ T3762]
[pid 3763] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3763] write(3, "1000", 4) = 4
[pid 3763] close(3) = 0
[pid 3763] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3763] memfd_create("syzkaller", 0) = 3
[pid 3763] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3763] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3763] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3763] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3763] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3763] close(3) = 0
[pid 3763] mkdir("./file0", 0777) = 0
[pid 3763] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3763] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3763] chdir("./file0") = 0
[pid 3763] ioctl(4, LOOP_CLR_FD) = 0
[pid 3763] close(4) = 0
[pid 3763] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3763] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3763] write(5, "13", 2) = 2
[ 102.337602][ T3763] loop0: detected capacity change from 0 to 64
[ 102.368695][ T3763] FAULT_INJECTION: forcing a failure.
[ 102.368695][ T3763] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 102.382082][ T3763] CPU: 1 PID: 3763 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 102.392515][ T3763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 102.402586][ T3763] Call Trace:
[ 102.405880][ T3763]
[ 102.408813][ T3763] dump_stack_lvl+0x1b1/0x28e
[ 102.413520][ T3763] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 102.418969][ T3763] ? panic+0x710/0x710
[ 102.423029][ T3763] ? do_anonymous_page+0xd4a/0x1150
[ 102.428238][ T3763] ? mark_lock+0x9a/0x350
[ 102.432591][ T3763] should_fail_ex+0x395/0x4c0
[ 102.437286][ T3763] prepare_alloc_pages+0x1d7/0x5a0
[ 102.442413][ T3763] __alloc_pages+0x161/0x560
[ 102.447021][ T3763] ? zone_statistics+0x160/0x160
[ 102.451957][ T3763] ? rcu_lock_release+0x5/0x20
[ 102.456724][ T3763] ? alloc_pages+0x520/0x7b0
[ 102.461325][ T3763] ? xas_descend+0x1f3/0x400
[ 102.465922][ T3763] folio_alloc+0x1a/0x50
[ 102.470160][ T3763] filemap_alloc_folio+0x7e/0x1c0
[ 102.475200][ T3763] __filemap_get_folio+0x898/0x1260
[ 102.480418][ T3763] ? page_cache_prev_miss+0x4e0/0x4e0
[ 102.485786][ T3763] ? lockdep_hardirqs_on_prepare+0x428/0x790
[ 102.491782][ T3763] ? print_irqtrace_events+0x220/0x220
[ 102.497275][ T3763] pagecache_get_page+0x28/0x260
[ 102.502228][ T3763] ? hfs_free_extents+0x420/0x420
[ 102.507245][ T3763] block_write_begin+0x2e/0x1e0
[ 102.512092][ T3763] ? cont_write_begin+0x5e5/0x860
[ 102.517111][ T3763] ? hfs_free_extents+0x420/0x420
[ 102.522137][ T3763] cont_write_begin+0x606/0x860
[ 102.527008][ T3763] ? fault_in_readable+0x1d5/0x310
[ 102.532132][ T3763] ? generic_cont_expand_simple+0x250/0x250
[ 102.538028][ T3763] ? fault_in_readable+0x219/0x310
[ 102.543149][ T3763] ? fault_in_safe_writeable+0x240/0x240
[ 102.548788][ T3763] hfs_write_begin+0x86/0xd0
[ 102.553374][ T3763] ? hfs_free_extents+0x420/0x420
[ 102.558395][ T3763] generic_perform_write+0x2e4/0x5e0
[ 102.563705][ T3763] ? __block_commit_write+0x420/0x420
[ 102.569105][ T3763] ? generic_file_direct_write+0x610/0x610
[ 102.574924][ T3763] ? __file_remove_privs+0x6c0/0x6c0
[ 102.580215][ T3763] ? generic_write_checks+0x15c/0x1c0
[ 102.585619][ T3763] __generic_file_write_iter+0x176/0x400
[ 102.591369][ T3763] generic_file_write_iter+0xab/0x310
[ 102.596759][ T3763] vfs_write+0x7dc/0xc50
[ 102.601036][ T3763] ? file_end_write+0x230/0x230
[ 102.605894][ T3763] ? ptrace_stop+0x74d/0x970
[ 102.610500][ T3763] ? _raw_spin_unlock_irq+0x2a/0x40
[ 102.615716][ T3763] ? __fdget_pos+0x252/0x2e0
[ 102.620312][ T3763] ksys_write+0x177/0x2a0
[ 102.624639][ T3763] ? __ia32_sys_read+0x80/0x80
[ 102.629399][ T3763] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 102.635390][ T3763] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 102.641383][ T3763] do_syscall_64+0x3d/0xb0
[ 102.645789][ T3763] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 102.651682][ T3763] RIP: 0033:0x7f0fa5191c89
[ 102.656127][ T3763] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 102.675741][ T3763] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 3763] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3763] exit_group(0) = ?
[pid 3763] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3763, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./116", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./116", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./116/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./116/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./116/binderfs") = 0
umount2("./116/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./116/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./116/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./116/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./116/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./116/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./116") = 0
mkdir("./117", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 102.684149][ T3763] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 102.692114][ T3763] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 102.700085][ T3763] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 102.708067][ T3763] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 102.716032][ T3763] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000074
[ 102.724010][ T3763]
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3764
./strace-static-x86_64: Process 3764 attached
[pid 3764] chdir("./117") = 0
[pid 3764] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3764] setpgid(0, 0) = 0
[pid 3764] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3764] write(3, "1000", 4) = 4
[pid 3764] close(3) = 0
[pid 3764] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3764] memfd_create("syzkaller", 0) = 3
[pid 3764] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3764] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3764] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3764] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3764] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3764] close(3) = 0
[pid 3764] mkdir("./file0", 0777) = 0
[pid 3764] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3764] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3764] chdir("./file0") = 0
[pid 3764] ioctl(4, LOOP_CLR_FD) = 0
[pid 3764] close(4) = 0
[pid 3764] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3764] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3764] write(5, "13", 2) = 2
[ 102.787302][ T3764] loop0: detected capacity change from 0 to 64
[ 102.818451][ T3764] FAULT_INJECTION: forcing a failure.
[ 102.818451][ T3764] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 102.831929][ T3764] CPU: 1 PID: 3764 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 102.842372][ T3764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 102.852435][ T3764] Call Trace:
[ 102.855714][ T3764]
[ 102.858639][ T3764] dump_stack_lvl+0x1b1/0x28e
[ 102.863318][ T3764] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 102.868801][ T3764] ? panic+0x710/0x710
[ 102.872898][ T3764] ? do_anonymous_page+0xd4a/0x1150
[ 102.878203][ T3764] ? mark_lock+0x9a/0x350
[ 102.882565][ T3764] should_fail_ex+0x395/0x4c0
[ 102.887370][ T3764] prepare_alloc_pages+0x1d7/0x5a0
[ 102.892514][ T3764] __alloc_pages+0x161/0x560
[ 102.897122][ T3764] ? zone_statistics+0x160/0x160
[ 102.902067][ T3764] ? rcu_lock_release+0x5/0x20
[ 102.906875][ T3764] ? alloc_pages+0x520/0x7b0
[ 102.911492][ T3764] ? xas_descend+0x1f3/0x400
[ 102.916109][ T3764] folio_alloc+0x1a/0x50
[ 102.920363][ T3764] filemap_alloc_folio+0x7e/0x1c0
[ 102.925394][ T3764] __filemap_get_folio+0x898/0x1260
[ 102.930604][ T3764] ? page_cache_prev_miss+0x4e0/0x4e0
[ 102.936006][ T3764] ? lockdep_hardirqs_on_prepare+0x428/0x790
[ 102.942094][ T3764] ? print_irqtrace_events+0x220/0x220
[ 102.947575][ T3764] pagecache_get_page+0x28/0x260
[ 102.952535][ T3764] ? hfs_free_extents+0x420/0x420
[ 102.957575][ T3764] block_write_begin+0x2e/0x1e0
[ 102.962449][ T3764] ? cont_write_begin+0x5e5/0x860
[ 102.967511][ T3764] ? hfs_free_extents+0x420/0x420
[ 102.972577][ T3764] cont_write_begin+0x606/0x860
[ 102.977473][ T3764] ? fault_in_readable+0x1d5/0x310
[ 102.982603][ T3764] ? generic_cont_expand_simple+0x250/0x250
[ 102.988518][ T3764] ? fault_in_readable+0x219/0x310
[ 102.993639][ T3764] ? fault_in_safe_writeable+0x240/0x240
[ 102.999282][ T3764] hfs_write_begin+0x86/0xd0
[ 103.003872][ T3764] ? hfs_free_extents+0x420/0x420
[ 103.008906][ T3764] generic_perform_write+0x2e4/0x5e0
[ 103.014200][ T3764] ? __block_commit_write+0x420/0x420
[ 103.019581][ T3764] ? generic_file_direct_write+0x610/0x610
[ 103.025391][ T3764] ? __file_remove_privs+0x6c0/0x6c0
[ 103.030680][ T3764] ? generic_write_checks+0x15c/0x1c0
[ 103.036063][ T3764] __generic_file_write_iter+0x176/0x400
[ 103.041708][ T3764] generic_file_write_iter+0xab/0x310
[ 103.047105][ T3764] vfs_write+0x7dc/0xc50
[ 103.051376][ T3764] ? file_end_write+0x230/0x230
[ 103.056254][ T3764] ? ptrace_stop+0x74d/0x970
[ 103.060873][ T3764] ? _raw_spin_unlock_irq+0x2a/0x40
[ 103.066092][ T3764] ? __fdget_pos+0x252/0x2e0
[ 103.070697][ T3764] ksys_write+0x177/0x2a0
[ 103.075035][ T3764] ? __ia32_sys_read+0x80/0x80
[ 103.079802][ T3764] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 103.085960][ T3764] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 103.091940][ T3764] do_syscall_64+0x3d/0xb0
[ 103.096378][ T3764] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 103.102305][ T3764] RIP: 0033:0x7f0fa5191c89
[ 103.106731][ T3764] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 103.126354][ T3764] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 3764] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3764] exit_group(0) = ?
[pid 3764] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3764, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./117", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./117", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./117/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./117/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./117/binderfs") = 0
umount2("./117/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./117/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./117/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./117/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./117/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./117/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
[ 103.134859][ T3764] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 103.142845][ T3764] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 103.150825][ T3764] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 103.158806][ T3764] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 103.166774][ T3764] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000075
[ 103.174758][ T3764]
rmdir("./117") = 0
mkdir("./118", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3765
./strace-static-x86_64: Process 3765 attached
[pid 3765] chdir("./118") = 0
[pid 3765] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3765] setpgid(0, 0) = 0
[pid 3765] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3765] write(3, "1000", 4) = 4
[pid 3765] close(3) = 0
[pid 3765] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3765] memfd_create("syzkaller", 0) = 3
[pid 3765] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3765] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3765] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3765] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3765] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3765] close(3) = 0
[pid 3765] mkdir("./file0", 0777) = 0
[pid 3765] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3765] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3765] chdir("./file0") = 0
[pid 3765] ioctl(4, LOOP_CLR_FD) = 0
[pid 3765] close(4) = 0
[pid 3765] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3765] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3765] write(5, "13", 2) = 2
[ 103.256527][ T3765] loop0: detected capacity change from 0 to 64
[ 103.297876][ T3765] FAULT_INJECTION: forcing a failure.
[ 103.297876][ T3765] name failslab, interval 1, probability 0, space 0, times 0
[ 103.311030][ T3765] CPU: 1 PID: 3765 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 103.321496][ T3765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 103.331574][ T3765] Call Trace:
[ 103.334852][ T3765]
[ 103.337784][ T3765] dump_stack_lvl+0x1b1/0x28e
[ 103.342501][ T3765] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 103.347992][ T3765] ? panic+0x710/0x710
[ 103.352088][ T3765] ? __might_sleep+0xc0/0xc0
[ 103.356692][ T3765] ? __mutex_lock_common+0x45f/0x26e0
[ 103.362067][ T3765] should_fail_ex+0x395/0x4c0
[ 103.366743][ T3765] ? hfs_find_init+0x8b/0x1e0
[ 103.371429][ T3765] should_failslab+0x5/0x20
[ 103.375946][ T3765] __kmem_cache_alloc_node+0x69/0x310
[ 103.381325][ T3765] ? hfs_find_init+0x8b/0x1e0
[ 103.385998][ T3765] __kmalloc+0x9e/0x1a0
[ 103.390152][ T3765] hfs_find_init+0x8b/0x1e0
[ 103.394652][ T3765] hfs_extend_file+0x2f8/0x1420
[ 103.399501][ T3765] ? hfs_get_block+0xbb0/0xbb0
[ 103.404262][ T3765] ? lru_cache_disable+0x30/0x30
[ 103.409191][ T3765] ? __might_sleep+0xc0/0xc0
[ 103.413789][ T3765] hfs_get_block+0x3fc/0xbb0
[ 103.418403][ T3765] ? hfs_free_extents+0x420/0x420
[ 103.423439][ T3765] ? do_raw_spin_unlock+0x134/0x8a0
[ 103.428633][ T3765] ? create_page_buffers+0x244/0x4b0
[ 103.433917][ T3765] __block_write_begin_int+0x54c/0x1a80
[ 103.439476][ T3765] ? hfs_free_extents+0x420/0x420
[ 103.444501][ T3765] ? page_zero_new_buffers+0x940/0x940
[ 103.449984][ T3765] ? PageHeadHuge+0x8a/0x1d0
[ 103.454609][ T3765] ? hfs_free_extents+0x420/0x420
[ 103.459631][ T3765] block_write_begin+0x93/0x1e0
[ 103.464494][ T3765] ? cont_write_begin+0x5e5/0x860
[ 103.469540][ T3765] ? hfs_free_extents+0x420/0x420
[ 103.474555][ T3765] cont_write_begin+0x606/0x860
[ 103.479413][ T3765] ? fault_in_readable+0x1d5/0x310
[ 103.484531][ T3765] ? generic_cont_expand_simple+0x250/0x250
[ 103.490423][ T3765] ? fault_in_readable+0x219/0x310
[ 103.495544][ T3765] ? fault_in_safe_writeable+0x240/0x240
[ 103.501182][ T3765] hfs_write_begin+0x86/0xd0
[ 103.505763][ T3765] ? hfs_free_extents+0x420/0x420
[ 103.510779][ T3765] generic_perform_write+0x2e4/0x5e0
[ 103.516088][ T3765] ? __block_commit_write+0x420/0x420
[ 103.521488][ T3765] ? generic_file_direct_write+0x610/0x610
[ 103.527308][ T3765] ? __file_remove_privs+0x6c0/0x6c0
[ 103.532600][ T3765] ? generic_write_checks+0x15c/0x1c0
[ 103.537999][ T3765] __generic_file_write_iter+0x176/0x400
[ 103.543663][ T3765] generic_file_write_iter+0xab/0x310
[ 103.549059][ T3765] vfs_write+0x7dc/0xc50
[ 103.553321][ T3765] ? file_end_write+0x230/0x230
[ 103.558163][ T3765] ? ptrace_stop+0x74d/0x970
[ 103.562768][ T3765] ? _raw_spin_unlock_irq+0x2a/0x40
[ 103.567977][ T3765] ? __fdget_pos+0x252/0x2e0
[ 103.572566][ T3765] ksys_write+0x177/0x2a0
[ 103.576915][ T3765] ? __ia32_sys_read+0x80/0x80
[ 103.581756][ T3765] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 103.587728][ T3765] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 103.593701][ T3765] do_syscall_64+0x3d/0xb0
[ 103.598111][ T3765] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 103.604004][ T3765] RIP: 0033:0x7f0fa5191c89
[ 103.608425][ T3765] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 103.628200][ T3765] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 103.636610][ T3765] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[pid 3765] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3765] exit_group(0) = ?
[pid 3765] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3765, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./118", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./118", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./118/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./118/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./118/binderfs") = 0
umount2("./118/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./118/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./118/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./118/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./118/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./118/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./118") = 0
mkdir("./119", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3766
./strace-static-x86_64: Process 3766 attached
[pid 3766] chdir("./119") = 0
[pid 3766] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3766] setpgid(0, 0) = 0
[pid 3766] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3766] write(3, "1000", 4) = 4
[pid 3766] close(3) = 0
[pid 3766] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3766] memfd_create("syzkaller", 0) = 3
[pid 3766] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[ 103.644576][ T3765] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 103.652535][ T3765] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 103.660506][ T3765] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 103.668491][ T3765] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000076
[ 103.676479][ T3765]
[pid 3766] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3766] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3766] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3766] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3766] close(3) = 0
[pid 3766] mkdir("./file0", 0777) = 0
[pid 3766] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3766] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3766] chdir("./file0") = 0
[pid 3766] ioctl(4, LOOP_CLR_FD) = 0
[pid 3766] close(4) = 0
[pid 3766] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3766] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3766] write(5, "13", 2) = 2
[ 103.735317][ T3766] loop0: detected capacity change from 0 to 64
[ 103.770600][ T3766] FAULT_INJECTION: forcing a failure.
[ 103.770600][ T3766] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 103.783726][ T3766] CPU: 1 PID: 3766 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 103.794125][ T3766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 103.804173][ T3766] Call Trace:
[ 103.807460][ T3766]
[ 103.810392][ T3766] dump_stack_lvl+0x1b1/0x28e
[ 103.815068][ T3766] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 103.820514][ T3766] ? panic+0x710/0x710
[ 103.824571][ T3766] ? hfs_free_extents+0x420/0x420
[ 103.829589][ T3766] ? PageHeadHuge+0x8a/0x1d0
[ 103.834171][ T3766] should_fail_ex+0x395/0x4c0
[ 103.838841][ T3766] copy_page_from_iter_atomic+0x217/0x1140
[ 103.844660][ T3766] ? generic_cont_expand_simple+0x250/0x250
[ 103.850567][ T3766] ? pipe_zero+0x200/0x200
[ 103.854980][ T3766] ? hfs_write_begin+0x86/0xd0
[ 103.859738][ T3766] ? hfs_free_extents+0x420/0x420
[ 103.864768][ T3766] ? hfs_write_begin+0x9e/0xd0
[ 103.869526][ T3766] generic_perform_write+0x35a/0x5e0
[ 103.874821][ T3766] ? __block_commit_write+0x420/0x420
[ 103.880214][ T3766] ? generic_file_direct_write+0x610/0x610
[ 103.886031][ T3766] ? __file_remove_privs+0x6c0/0x6c0
[ 103.891315][ T3766] ? generic_write_checks+0x15c/0x1c0
[ 103.896711][ T3766] __generic_file_write_iter+0x176/0x400
[ 103.902368][ T3766] generic_file_write_iter+0xab/0x310
[ 103.907767][ T3766] vfs_write+0x7dc/0xc50
[ 103.912038][ T3766] ? file_end_write+0x230/0x230
[ 103.916898][ T3766] ? ptrace_stop+0x74d/0x970
[ 103.921503][ T3766] ? _raw_spin_unlock_irq+0x2a/0x40
[ 103.926712][ T3766] ? __fdget_pos+0x252/0x2e0
[ 103.931309][ T3766] ksys_write+0x177/0x2a0
[ 103.935650][ T3766] ? __ia32_sys_read+0x80/0x80
[ 103.940411][ T3766] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 103.946393][ T3766] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 103.952390][ T3766] do_syscall_64+0x3d/0xb0
[ 103.956802][ T3766] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 103.962684][ T3766] RIP: 0033:0x7f0fa5191c89
[ 103.967101][ T3766] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 103.986722][ T3766] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 103.995217][ T3766] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 104.003204][ T3766] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 104.011174][ T3766] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 104.019152][ T3766] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 104.027114][ T3766] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000077
[pid 3766] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 3766] exit_group(0) = ?
[pid 3766] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3766, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./119", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./119", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./119/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./119/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./119/binderfs") = 0
umount2("./119/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./119/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./119/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./119/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./119/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./119/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./119") = 0
mkdir("./120", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
[ 104.035099][ T3766]
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3767
./strace-static-x86_64: Process 3767 attached
[pid 3767] chdir("./120") = 0
[pid 3767] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3767] setpgid(0, 0) = 0
[pid 3767] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3767] write(3, "1000", 4) = 4
[pid 3767] close(3) = 0
[pid 3767] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3767] memfd_create("syzkaller", 0) = 3
[pid 3767] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3767] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3767] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3767] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3767] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3767] close(3) = 0
[pid 3767] mkdir("./file0", 0777) = 0
[pid 3767] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3767] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3767] chdir("./file0") = 0
[pid 3767] ioctl(4, LOOP_CLR_FD) = 0
[pid 3767] close(4) = 0
[pid 3767] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3767] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3767] write(5, "13", 2) = 2
[ 104.094687][ T3767] loop0: detected capacity change from 0 to 64
[ 104.125558][ T3767] FAULT_INJECTION: forcing a failure.
[ 104.125558][ T3767] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 104.138699][ T3767] CPU: 1 PID: 3767 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 104.149103][ T3767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 104.159162][ T3767] Call Trace:
[ 104.162439][ T3767]
[ 104.165365][ T3767] dump_stack_lvl+0x1b1/0x28e
[ 104.170051][ T3767] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 104.175550][ T3767] ? panic+0x710/0x710
[ 104.179636][ T3767] ? hfs_free_extents+0x420/0x420
[ 104.184663][ T3767] ? PageHeadHuge+0x8a/0x1d0
[ 104.189269][ T3767] should_fail_ex+0x395/0x4c0
[ 104.193964][ T3767] copy_page_from_iter_atomic+0x217/0x1140
[ 104.199792][ T3767] ? generic_cont_expand_simple+0x250/0x250
[ 104.205697][ T3767] ? pipe_zero+0x200/0x200
[ 104.210125][ T3767] ? hfs_write_begin+0x86/0xd0
[ 104.214885][ T3767] ? hfs_free_extents+0x420/0x420
[ 104.219908][ T3767] ? hfs_write_begin+0x9e/0xd0
[ 104.224673][ T3767] generic_perform_write+0x35a/0x5e0
[ 104.229963][ T3767] ? __block_commit_write+0x420/0x420
[ 104.235341][ T3767] ? generic_file_direct_write+0x610/0x610
[ 104.241151][ T3767] ? __file_remove_privs+0x6c0/0x6c0
[ 104.246437][ T3767] ? generic_write_checks+0x15c/0x1c0
[ 104.251817][ T3767] __generic_file_write_iter+0x176/0x400
[ 104.257454][ T3767] generic_file_write_iter+0xab/0x310
[ 104.262830][ T3767] vfs_write+0x7dc/0xc50
[ 104.267091][ T3767] ? file_end_write+0x230/0x230
[ 104.271939][ T3767] ? ptrace_stop+0x74d/0x970
[ 104.276541][ T3767] ? _raw_spin_unlock_irq+0x2a/0x40
[ 104.281751][ T3767] ? __fdget_pos+0x252/0x2e0
[ 104.286343][ T3767] ksys_write+0x177/0x2a0
[ 104.290681][ T3767] ? __ia32_sys_read+0x80/0x80
[ 104.295447][ T3767] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 104.301430][ T3767] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 104.307502][ T3767] do_syscall_64+0x3d/0xb0
[ 104.311916][ T3767] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 104.317810][ T3767] RIP: 0033:0x7f0fa5191c89
[ 104.322222][ T3767] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid 3767] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 3767] exit_group(0) = ?
[pid 3767] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3767, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./120", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./120", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./120/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./120/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./120/binderfs") = 0
umount2("./120/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./120/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./120/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./120/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./120/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./120/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
[ 104.341910][ T3767] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 104.350322][ T3767] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 104.358299][ T3767] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 104.366273][ T3767] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 104.374241][ T3767] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 104.382207][ T3767] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000078
[ 104.390191][ T3767]
rmdir("./120") = 0
mkdir("./121", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3768
./strace-static-x86_64: Process 3768 attached
[pid 3768] chdir("./121") = 0
[pid 3768] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3768] setpgid(0, 0) = 0
[pid 3768] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3768] write(3, "1000", 4) = 4
[pid 3768] close(3) = 0
[pid 3768] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3768] memfd_create("syzkaller", 0) = 3
[pid 3768] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3768] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3768] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3768] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3768] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3768] close(3) = 0
[pid 3768] mkdir("./file0", 0777) = 0
[pid 3768] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3768] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3768] chdir("./file0") = 0
[pid 3768] ioctl(4, LOOP_CLR_FD) = 0
[pid 3768] close(4) = 0
[pid 3768] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3768] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3768] write(5, "13", 2) = 2
[ 104.445621][ T3768] loop0: detected capacity change from 0 to 64
[ 104.467922][ T3768] FAULT_INJECTION: forcing a failure.
[ 104.467922][ T3768] name failslab, interval 1, probability 0, space 0, times 0
[ 104.484051][ T3768] CPU: 0 PID: 3768 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 104.494505][ T3768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 104.504561][ T3768] Call Trace:
[ 104.507842][ T3768]
[ 104.510776][ T3768] dump_stack_lvl+0x1b1/0x28e
[ 104.515540][ T3768] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 104.520989][ T3768] ? panic+0x710/0x710
[ 104.525049][ T3768] ? __might_sleep+0xc0/0xc0
[ 104.529625][ T3768] ? __mutex_lock_common+0x45f/0x26e0
[ 104.535072][ T3768] should_fail_ex+0x395/0x4c0
[ 104.539784][ T3768] ? hfs_find_init+0x8b/0x1e0
[ 104.544462][ T3768] should_failslab+0x5/0x20
[ 104.548972][ T3768] __kmem_cache_alloc_node+0x69/0x310
[ 104.554358][ T3768] ? rcu_lock_release+0x5/0x20
[ 104.559119][ T3768] ? hfs_find_init+0x8b/0x1e0
[ 104.563788][ T3768] __kmalloc+0x9e/0x1a0
[ 104.567938][ T3768] hfs_find_init+0x8b/0x1e0
[ 104.572433][ T3768] hfs_extend_file+0x2f8/0x1420
[ 104.577270][ T3768] ? xas_find+0x937/0xa60
[ 104.581605][ T3768] ? hfs_get_block+0xbb0/0xbb0
[ 104.586355][ T3768] ? filemap_get_folios+0x557/0x830
[ 104.591544][ T3768] ? find_lock_entries+0xf60/0xf60
[ 104.596672][ T3768] ? trace_writeback_dirty_inode+0xdf/0x2b0
[ 104.602592][ T3768] hfs_get_block+0x3fc/0xbb0
[ 104.607185][ T3768] ? hfs_free_extents+0x420/0x420
[ 104.612213][ T3768] ? do_raw_spin_unlock+0x134/0x8a0
[ 104.617432][ T3768] ? create_page_buffers+0x244/0x4b0
[ 104.622724][ T3768] __block_write_begin_int+0x54c/0x1a80
[ 104.628282][ T3768] ? hfs_free_extents+0x420/0x420
[ 104.633302][ T3768] ? page_zero_new_buffers+0x940/0x940
[ 104.638761][ T3768] ? PageHeadHuge+0x8a/0x1d0
[ 104.643342][ T3768] ? hfs_free_extents+0x420/0x420
[ 104.648351][ T3768] block_write_begin+0x93/0x1e0
[ 104.653192][ T3768] ? cont_write_begin+0x5e5/0x860
[ 104.658290][ T3768] ? hfs_free_extents+0x420/0x420
[ 104.663324][ T3768] cont_write_begin+0x606/0x860
[ 104.668188][ T3768] ? fault_in_readable+0x1d5/0x310
[ 104.673551][ T3768] ? generic_cont_expand_simple+0x250/0x250
[ 104.679704][ T3768] ? fault_in_readable+0x219/0x310
[ 104.684826][ T3768] ? fault_in_safe_writeable+0x240/0x240
[ 104.690453][ T3768] hfs_write_begin+0x86/0xd0
[ 104.695032][ T3768] ? hfs_free_extents+0x420/0x420
[ 104.700047][ T3768] generic_perform_write+0x2e4/0x5e0
[ 104.705332][ T3768] ? __block_commit_write+0x420/0x420
[ 104.710693][ T3768] ? generic_file_direct_write+0x610/0x610
[ 104.716497][ T3768] ? __file_remove_privs+0x6c0/0x6c0
[ 104.721781][ T3768] ? generic_write_checks+0x15c/0x1c0
[ 104.727156][ T3768] __generic_file_write_iter+0x176/0x400
[ 104.732789][ T3768] generic_file_write_iter+0xab/0x310
[ 104.738157][ T3768] vfs_write+0x7dc/0xc50
[ 104.742423][ T3768] ? file_end_write+0x230/0x230
[ 104.747273][ T3768] ? ptrace_stop+0x74d/0x970
[ 104.751879][ T3768] ? _raw_spin_unlock_irq+0x2a/0x40
[ 104.757097][ T3768] ? __fdget_pos+0x252/0x2e0
[ 104.762127][ T3768] ksys_write+0x177/0x2a0
[ 104.766451][ T3768] ? __ia32_sys_read+0x80/0x80
[ 104.771208][ T3768] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 104.777194][ T3768] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 104.783181][ T3768] do_syscall_64+0x3d/0xb0
[ 104.787586][ T3768] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 104.793485][ T3768] RIP: 0033:0x7f0fa5191c89
[ 104.797912][ T3768] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 104.817560][ T3768] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 104.825971][ T3768] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 104.833943][ T3768] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid 3768] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3768] exit_group(0) = ?
[pid 3768] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3768, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./121", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./121", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./121/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./121/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./121/binderfs") = 0
umount2("./121/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./121/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./121/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./121/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./121/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./121/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./121") = 0
mkdir("./122", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3769
./strace-static-x86_64: Process 3769 attached
[pid 3769] chdir("./122") = 0
[ 104.841915][ T3768] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 104.849871][ T3768] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 104.857832][ T3768] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000079
[ 104.865978][ T3768]
[pid 3769] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3769] setpgid(0, 0) = 0
[pid 3769] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3769] write(3, "1000", 4) = 4
[pid 3769] close(3) = 0
[pid 3769] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3769] memfd_create("syzkaller", 0) = 3
[pid 3769] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3769] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3769] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3769] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3769] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3769] close(3) = 0
[pid 3769] mkdir("./file0", 0777) = 0
[pid 3769] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3769] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3769] chdir("./file0") = 0
[pid 3769] ioctl(4, LOOP_CLR_FD) = 0
[pid 3769] close(4) = 0
[pid 3769] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3769] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3769] write(5, "13", 2) = 2
[ 104.922548][ T3769] loop0: detected capacity change from 0 to 64
[ 104.950324][ T3769] FAULT_INJECTION: forcing a failure.
[ 104.950324][ T3769] name failslab, interval 1, probability 0, space 0, times 0
[ 104.963283][ T3769] CPU: 0 PID: 3769 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 104.973775][ T3769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 104.983814][ T3769] Call Trace:
[ 104.987079][ T3769]
[ 104.989994][ T3769] dump_stack_lvl+0x1b1/0x28e
[ 104.994660][ T3769] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 105.000101][ T3769] ? panic+0x710/0x710
[ 105.004158][ T3769] ? __might_sleep+0xc0/0xc0
[ 105.008730][ T3769] ? __mutex_lock_common+0x45f/0x26e0
[ 105.014115][ T3769] should_fail_ex+0x395/0x4c0
[ 105.018792][ T3769] ? hfs_find_init+0x8b/0x1e0
[ 105.023478][ T3769] should_failslab+0x5/0x20
[ 105.027993][ T3769] __kmem_cache_alloc_node+0x69/0x310
[ 105.033368][ T3769] ? hfs_find_init+0x8b/0x1e0
[ 105.038047][ T3769] __kmalloc+0x9e/0x1a0
[ 105.042210][ T3769] hfs_find_init+0x8b/0x1e0
[ 105.046725][ T3769] hfs_extend_file+0x2f8/0x1420
[ 105.051588][ T3769] ? hfs_get_block+0xbb0/0xbb0
[ 105.056358][ T3769] ? lru_cache_disable+0x30/0x30
[ 105.061299][ T3769] ? __might_sleep+0xc0/0xc0
[ 105.065903][ T3769] hfs_get_block+0x3fc/0xbb0
[ 105.070508][ T3769] ? hfs_free_extents+0x420/0x420
[ 105.075533][ T3769] ? do_raw_spin_unlock+0x134/0x8a0
[ 105.080738][ T3769] ? create_page_buffers+0x244/0x4b0
[ 105.086028][ T3769] __block_write_begin_int+0x54c/0x1a80
[ 105.091593][ T3769] ? hfs_free_extents+0x420/0x420
[ 105.096615][ T3769] ? page_zero_new_buffers+0x940/0x940
[ 105.102071][ T3769] ? PageHeadHuge+0x8a/0x1d0
[ 105.106662][ T3769] ? hfs_free_extents+0x420/0x420
[ 105.111678][ T3769] block_write_begin+0x93/0x1e0
[ 105.116532][ T3769] ? cont_write_begin+0x5e5/0x860
[ 105.121554][ T3769] ? hfs_free_extents+0x420/0x420
[ 105.126576][ T3769] cont_write_begin+0x606/0x860
[ 105.131432][ T3769] ? fault_in_readable+0x1d5/0x310
[ 105.136545][ T3769] ? generic_cont_expand_simple+0x250/0x250
[ 105.142436][ T3769] ? fault_in_readable+0x219/0x310
[ 105.147545][ T3769] ? fault_in_safe_writeable+0x240/0x240
[ 105.153181][ T3769] hfs_write_begin+0x86/0xd0
[ 105.157767][ T3769] ? hfs_free_extents+0x420/0x420
[ 105.162790][ T3769] generic_perform_write+0x2e4/0x5e0
[ 105.168079][ T3769] ? __block_commit_write+0x420/0x420
[ 105.173451][ T3769] ? generic_file_direct_write+0x610/0x610
[ 105.179259][ T3769] ? __file_remove_privs+0x6c0/0x6c0
[ 105.184541][ T3769] ? generic_write_checks+0x15c/0x1c0
[ 105.189919][ T3769] __generic_file_write_iter+0x176/0x400
[ 105.195558][ T3769] generic_file_write_iter+0xab/0x310
[ 105.200948][ T3769] vfs_write+0x7dc/0xc50
[ 105.205211][ T3769] ? file_end_write+0x230/0x230
[ 105.210065][ T3769] ? ptrace_stop+0x74d/0x970
[ 105.214682][ T3769] ? _raw_spin_unlock_irq+0x2a/0x40
[ 105.219898][ T3769] ? __fdget_pos+0x252/0x2e0
[ 105.224494][ T3769] ksys_write+0x177/0x2a0
[ 105.228840][ T3769] ? __ia32_sys_read+0x80/0x80
[ 105.233617][ T3769] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 105.239602][ T3769] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 105.245582][ T3769] do_syscall_64+0x3d/0xb0
[ 105.250012][ T3769] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 105.255913][ T3769] RIP: 0033:0x7f0fa5191c89
[ 105.260336][ T3769] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 105.279944][ T3769] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 105.288358][ T3769] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 105.296326][ T3769] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 105.304313][ T3769] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 105.312294][ T3769] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid 3769] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3769] exit_group(0) = ?
[pid 3769] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3769, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./122", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./122", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./122/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./122/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./122/binderfs") = 0
umount2("./122/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./122/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./122/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./122/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./122/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./122/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./122") = 0
mkdir("./123", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3770
./strace-static-x86_64: Process 3770 attached
[pid 3770] chdir("./123") = 0
[pid 3770] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3770] setpgid(0, 0) = 0
[pid 3770] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3770] write(3, "1000", 4) = 4
[pid 3770] close(3) = 0
[pid 3770] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3770] memfd_create("syzkaller", 0) = 3
[pid 3770] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3770] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3770] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3770] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3770] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3770] close(3) = 0
[pid 3770] mkdir("./file0", 0777) = 0
[pid 3770] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3770] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3770] chdir("./file0") = 0
[ 105.320349][ T3769] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000007a
[ 105.328363][ T3769]
[ 105.362197][ T3770] loop0: detected capacity change from 0 to 64
[pid 3770] ioctl(4, LOOP_CLR_FD) = 0
[pid 3770] close(4) = 0
[pid 3770] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3770] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3770] write(5, "13", 2) = 2
[ 105.378938][ T3770] FAULT_INJECTION: forcing a failure.
[ 105.378938][ T3770] name failslab, interval 1, probability 0, space 0, times 0
[ 105.392498][ T3770] CPU: 0 PID: 3770 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 105.402930][ T3770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 105.412979][ T3770] Call Trace:
[ 105.416252][ T3770]
[ 105.419175][ T3770] dump_stack_lvl+0x1b1/0x28e
[ 105.423865][ T3770] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 105.429600][ T3770] ? panic+0x710/0x710
[ 105.433676][ T3770] ? __might_sleep+0xc0/0xc0
[ 105.438278][ T3770] ? __mutex_lock_common+0x45f/0x26e0
[ 105.443658][ T3770] should_fail_ex+0x395/0x4c0
[ 105.448346][ T3770] ? hfs_find_init+0x8b/0x1e0
[ 105.453025][ T3770] should_failslab+0x5/0x20
[ 105.457526][ T3770] __kmem_cache_alloc_node+0x69/0x310
[ 105.462888][ T3770] ? rcu_lock_release+0x5/0x20
[ 105.467656][ T3770] ? hfs_find_init+0x8b/0x1e0
[ 105.472342][ T3770] __kmalloc+0x9e/0x1a0
[ 105.476495][ T3770] hfs_find_init+0x8b/0x1e0
[ 105.480990][ T3770] hfs_extend_file+0x2f8/0x1420
[ 105.485840][ T3770] ? xas_find+0x937/0xa60
[ 105.490201][ T3770] ? hfs_get_block+0xbb0/0xbb0
[ 105.494961][ T3770] ? filemap_get_folios+0x557/0x830
[ 105.500152][ T3770] ? find_lock_entries+0xf60/0xf60
[ 105.505276][ T3770] ? trace_writeback_dirty_inode+0xdf/0x2b0
[ 105.511183][ T3770] hfs_get_block+0x3fc/0xbb0
[ 105.515788][ T3770] ? hfs_free_extents+0x420/0x420
[ 105.520807][ T3770] ? do_raw_spin_unlock+0x134/0x8a0
[ 105.526017][ T3770] ? create_page_buffers+0x244/0x4b0
[ 105.531310][ T3770] __block_write_begin_int+0x54c/0x1a80
[ 105.536904][ T3770] ? hfs_free_extents+0x420/0x420
[ 105.541933][ T3770] ? page_zero_new_buffers+0x940/0x940
[ 105.547388][ T3770] ? PageHeadHuge+0x8a/0x1d0
[ 105.551986][ T3770] ? hfs_free_extents+0x420/0x420
[ 105.557019][ T3770] block_write_begin+0x93/0x1e0
[ 105.561861][ T3770] ? cont_write_begin+0x5e5/0x860
[ 105.566882][ T3770] ? hfs_free_extents+0x420/0x420
[ 105.571910][ T3770] cont_write_begin+0x606/0x860
[ 105.576775][ T3770] ? fault_in_readable+0x1d5/0x310
[ 105.581897][ T3770] ? generic_cont_expand_simple+0x250/0x250
[ 105.587790][ T3770] ? fault_in_readable+0x219/0x310
[ 105.592911][ T3770] ? fault_in_safe_writeable+0x240/0x240
[ 105.598554][ T3770] hfs_write_begin+0x86/0xd0
[ 105.603149][ T3770] ? hfs_free_extents+0x420/0x420
[ 105.608180][ T3770] generic_perform_write+0x2e4/0x5e0
[ 105.613486][ T3770] ? __block_commit_write+0x420/0x420
[ 105.618852][ T3770] ? generic_file_direct_write+0x610/0x610
[ 105.624657][ T3770] ? __file_remove_privs+0x6c0/0x6c0
[ 105.629949][ T3770] ? generic_write_checks+0x15c/0x1c0
[ 105.635316][ T3770] __generic_file_write_iter+0x176/0x400
[ 105.641031][ T3770] generic_file_write_iter+0xab/0x310
[ 105.646395][ T3770] vfs_write+0x7dc/0xc50
[ 105.650635][ T3770] ? file_end_write+0x230/0x230
[ 105.655473][ T3770] ? ptrace_stop+0x74d/0x970
[ 105.660062][ T3770] ? _raw_spin_unlock_irq+0x2a/0x40
[ 105.665253][ T3770] ? __fdget_pos+0x252/0x2e0
[ 105.669838][ T3770] ksys_write+0x177/0x2a0
[ 105.674199][ T3770] ? __ia32_sys_read+0x80/0x80
[ 105.678966][ T3770] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 105.684939][ T3770] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 105.690922][ T3770] do_syscall_64+0x3d/0xb0
[ 105.695339][ T3770] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 105.701223][ T3770] RIP: 0033:0x7f0fa5191c89
[ 105.705635][ T3770] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid 3770] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3770] exit_group(0) = ?
[pid 3770] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3770, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./123", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./123", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./123/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./123/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./123/binderfs") = 0
umount2("./123/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./123/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./123/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./123/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./123/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
[ 105.725320][ T3770] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 105.733731][ T3770] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 105.741804][ T3770] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 105.749772][ T3770] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 105.757743][ T3770] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 105.765710][ T3770] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000007b
[ 105.773698][ T3770]
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./123/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./123") = 0
mkdir("./124", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3771
./strace-static-x86_64: Process 3771 attached
[pid 3771] chdir("./124") = 0
[pid 3771] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3771] setpgid(0, 0) = 0
[pid 3771] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3771] write(3, "1000", 4) = 4
[pid 3771] close(3) = 0
[pid 3771] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3771] memfd_create("syzkaller", 0) = 3
[pid 3771] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3771] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3771] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3771] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3771] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3771] close(3) = 0
[pid 3771] mkdir("./file0", 0777) = 0
[pid 3771] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3771] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3771] chdir("./file0") = 0
[pid 3771] ioctl(4, LOOP_CLR_FD) = 0
[pid 3771] close(4) = 0
[pid 3771] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3771] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3771] write(5, "13", 2) = 2
[ 105.836990][ T3771] loop0: detected capacity change from 0 to 64
[ 105.870371][ T3771] FAULT_INJECTION: forcing a failure.
[ 105.870371][ T3771] name failslab, interval 1, probability 0, space 0, times 0
[ 105.883543][ T3771] CPU: 0 PID: 3771 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 105.894003][ T3771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 105.904050][ T3771] Call Trace:
[ 105.907374][ T3771]
[ 105.910311][ T3771] dump_stack_lvl+0x1b1/0x28e
[ 105.915000][ T3771] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 105.920445][ T3771] ? panic+0x710/0x710
[ 105.924770][ T3771] ? __might_sleep+0xc0/0xc0
[ 105.929349][ T3771] ? __mutex_lock_common+0x45f/0x26e0
[ 105.934722][ T3771] should_fail_ex+0x395/0x4c0
[ 105.939527][ T3771] ? hfs_find_init+0x8b/0x1e0
[ 105.944215][ T3771] should_failslab+0x5/0x20
[ 105.948739][ T3771] __kmem_cache_alloc_node+0x69/0x310
[ 105.954108][ T3771] ? hfs_find_init+0x8b/0x1e0
[ 105.958791][ T3771] __kmalloc+0x9e/0x1a0
[ 105.962978][ T3771] hfs_find_init+0x8b/0x1e0
[ 105.967495][ T3771] hfs_extend_file+0x2f8/0x1420
[ 105.972344][ T3771] ? hfs_get_block+0xbb0/0xbb0
[ 105.977099][ T3771] ? lru_cache_disable+0x30/0x30
[ 105.982029][ T3771] ? __might_sleep+0xc0/0xc0
[ 105.986712][ T3771] hfs_get_block+0x3fc/0xbb0
[ 105.991328][ T3771] ? hfs_free_extents+0x420/0x420
[ 105.996347][ T3771] ? do_raw_spin_unlock+0x134/0x8a0
[ 106.001557][ T3771] ? create_page_buffers+0x244/0x4b0
[ 106.006870][ T3771] __block_write_begin_int+0x54c/0x1a80
[ 106.012470][ T3771] ? hfs_free_extents+0x420/0x420
[ 106.017504][ T3771] ? page_zero_new_buffers+0x940/0x940
[ 106.022954][ T3771] ? PageHeadHuge+0x8a/0x1d0
[ 106.027556][ T3771] ? hfs_free_extents+0x420/0x420
[ 106.032588][ T3771] block_write_begin+0x93/0x1e0
[ 106.037430][ T3771] ? cont_write_begin+0x5e5/0x860
[ 106.042448][ T3771] ? hfs_free_extents+0x420/0x420
[ 106.047461][ T3771] cont_write_begin+0x606/0x860
[ 106.052320][ T3771] ? fault_in_readable+0x1d5/0x310
[ 106.057541][ T3771] ? generic_cont_expand_simple+0x250/0x250
[ 106.063436][ T3771] ? fault_in_readable+0x219/0x310
[ 106.068549][ T3771] ? fault_in_safe_writeable+0x240/0x240
[ 106.074184][ T3771] hfs_write_begin+0x86/0xd0
[ 106.078777][ T3771] ? hfs_free_extents+0x420/0x420
[ 106.083815][ T3771] generic_perform_write+0x2e4/0x5e0
[ 106.089188][ T3771] ? __block_commit_write+0x420/0x420
[ 106.094557][ T3771] ? generic_file_direct_write+0x610/0x610
[ 106.100356][ T3771] ? __file_remove_privs+0x6c0/0x6c0
[ 106.105641][ T3771] ? generic_write_checks+0x15c/0x1c0
[ 106.111018][ T3771] __generic_file_write_iter+0x176/0x400
[ 106.116648][ T3771] generic_file_write_iter+0xab/0x310
[ 106.122015][ T3771] vfs_write+0x7dc/0xc50
[ 106.126266][ T3771] ? file_end_write+0x230/0x230
[ 106.131192][ T3771] ? ptrace_stop+0x74d/0x970
[ 106.135782][ T3771] ? _raw_spin_unlock_irq+0x2a/0x40
[ 106.140988][ T3771] ? __fdget_pos+0x252/0x2e0
[ 106.145595][ T3771] ksys_write+0x177/0x2a0
[ 106.149919][ T3771] ? __ia32_sys_read+0x80/0x80
[ 106.154691][ T3771] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 106.160680][ T3771] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 106.166659][ T3771] do_syscall_64+0x3d/0xb0
[ 106.171069][ T3771] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 106.176960][ T3771] RIP: 0033:0x7f0fa5191c89
[ 106.181370][ T3771] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 106.201054][ T3771] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 106.209545][ T3771] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 106.217680][ T3771] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 106.225641][ T3771] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid 3771] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3771] exit_group(0) = ?
[pid 3771] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3771, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./124", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./124", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./124/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./124/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./124/binderfs") = 0
umount2("./124/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./124/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./124/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./124/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./124/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./124/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./124") = 0
mkdir("./125", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3772
./strace-static-x86_64: Process 3772 attached
[pid 3772] chdir("./125") = 0
[pid 3772] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3772] setpgid(0, 0) = 0
[pid 3772] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3772] write(3, "1000", 4) = 4
[ 106.233604][ T3771] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 106.241575][ T3771] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000007c
[ 106.249569][ T3771]
[pid 3772] close(3) = 0
[pid 3772] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3772] memfd_create("syzkaller", 0) = 3
[pid 3772] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3772] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3772] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3772] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3772] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3772] close(3) = 0
[pid 3772] mkdir("./file0", 0777) = 0
[pid 3772] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3772] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3772] chdir("./file0") = 0
[pid 3772] ioctl(4, LOOP_CLR_FD) = 0
[pid 3772] close(4) = 0
[pid 3772] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3772] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3772] write(5, "13", 2) = 2
[ 106.307093][ T3772] loop0: detected capacity change from 0 to 64
[ 106.338178][ T3772] FAULT_INJECTION: forcing a failure.
[ 106.338178][ T3772] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 106.351788][ T3772] CPU: 0 PID: 3772 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 106.362227][ T3772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 106.372373][ T3772] Call Trace:
[ 106.375648][ T3772]
[ 106.378568][ T3772] dump_stack_lvl+0x1b1/0x28e
[ 106.383243][ T3772] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 106.388693][ T3772] ? panic+0x710/0x710
[ 106.392751][ T3772] ? do_anonymous_page+0xd4a/0x1150
[ 106.397956][ T3772] ? mark_lock+0x9a/0x350
[ 106.402309][ T3772] should_fail_ex+0x395/0x4c0
[ 106.406998][ T3772] prepare_alloc_pages+0x1d7/0x5a0
[ 106.412107][ T3772] __alloc_pages+0x161/0x560
[ 106.416711][ T3772] ? zone_statistics+0x160/0x160
[ 106.421749][ T3772] ? rcu_lock_release+0x5/0x20
[ 106.426512][ T3772] ? alloc_pages+0x520/0x7b0
[ 106.431119][ T3772] ? xas_descend+0x1f3/0x400
[ 106.435702][ T3772] folio_alloc+0x1a/0x50
[ 106.439930][ T3772] filemap_alloc_folio+0x7e/0x1c0
[ 106.444966][ T3772] __filemap_get_folio+0x898/0x1260
[ 106.450177][ T3772] ? page_cache_prev_miss+0x4e0/0x4e0
[ 106.455543][ T3772] ? lockdep_hardirqs_on_prepare+0x428/0x790
[ 106.461515][ T3772] ? print_irqtrace_events+0x220/0x220
[ 106.466978][ T3772] pagecache_get_page+0x28/0x260
[ 106.471915][ T3772] ? hfs_free_extents+0x420/0x420
[ 106.476939][ T3772] block_write_begin+0x2e/0x1e0
[ 106.481801][ T3772] ? cont_write_begin+0x5e5/0x860
[ 106.486814][ T3772] ? hfs_free_extents+0x420/0x420
[ 106.491835][ T3772] cont_write_begin+0x606/0x860
[ 106.496702][ T3772] ? fault_in_readable+0x1d5/0x310
[ 106.501806][ T3772] ? generic_cont_expand_simple+0x250/0x250
[ 106.507690][ T3772] ? fault_in_readable+0x219/0x310
[ 106.512794][ T3772] ? fault_in_safe_writeable+0x240/0x240
[ 106.518488][ T3772] hfs_write_begin+0x86/0xd0
[ 106.523065][ T3772] ? hfs_free_extents+0x420/0x420
[ 106.528079][ T3772] generic_perform_write+0x2e4/0x5e0
[ 106.533450][ T3772] ? __block_commit_write+0x420/0x420
[ 106.538824][ T3772] ? generic_file_direct_write+0x610/0x610
[ 106.544637][ T3772] ? __file_remove_privs+0x6c0/0x6c0
[ 106.549915][ T3772] ? generic_write_checks+0x15c/0x1c0
[ 106.555295][ T3772] __generic_file_write_iter+0x176/0x400
[ 106.560951][ T3772] generic_file_write_iter+0xab/0x310
[ 106.566345][ T3772] vfs_write+0x7dc/0xc50
[ 106.570614][ T3772] ? file_end_write+0x230/0x230
[ 106.575470][ T3772] ? ptrace_stop+0x74d/0x970
[ 106.580076][ T3772] ? _raw_spin_unlock_irq+0x2a/0x40
[ 106.585284][ T3772] ? __fdget_pos+0x252/0x2e0
[ 106.589878][ T3772] ksys_write+0x177/0x2a0
[ 106.594215][ T3772] ? __ia32_sys_read+0x80/0x80
[ 106.598970][ T3772] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 106.604951][ T3772] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 106.610941][ T3772] do_syscall_64+0x3d/0xb0
[ 106.615345][ T3772] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 106.621237][ T3772] RIP: 0033:0x7f0fa5191c89
[ 106.625658][ T3772] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 106.645340][ T3772] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 3772] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3772] exit_group(0) = ?
[pid 3772] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3772, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./125", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./125", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./125/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./125/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./125/binderfs") = 0
umount2("./125/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./125/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./125/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./125/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./125/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./125/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./125") = 0
mkdir("./126", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3773
./strace-static-x86_64: Process 3773 attached
[pid 3773] chdir("./126") = 0
[pid 3773] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3773] setpgid(0, 0) = 0
[pid 3773] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3773] write(3, "1000", 4) = 4
[pid 3773] close(3) = 0
[pid 3773] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3773] memfd_create("syzkaller", 0) = 3
[pid 3773] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3773] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[ 106.653743][ T3772] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 106.661703][ T3772] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 106.669671][ T3772] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 106.677638][ T3772] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 106.685610][ T3772] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000007d
[ 106.693583][ T3772]
[pid 3773] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3773] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3773] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3773] close(3) = 0
[pid 3773] mkdir("./file0", 0777) = 0
[pid 3773] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3773] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3773] chdir("./file0") = 0
[pid 3773] ioctl(4, LOOP_CLR_FD) = 0
[pid 3773] close(4) = 0
[pid 3773] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3773] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3773] write(5, "13", 2) = 2
[ 106.743727][ T3773] loop0: detected capacity change from 0 to 64
[ 106.774724][ T3773] FAULT_INJECTION: forcing a failure.
[ 106.774724][ T3773] name failslab, interval 1, probability 0, space 0, times 0
[ 106.787672][ T3773] CPU: 0 PID: 3773 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 106.798098][ T3773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 106.808145][ T3773] Call Trace:
[ 106.811425][ T3773]
[ 106.814369][ T3773] dump_stack_lvl+0x1b1/0x28e
[ 106.819050][ T3773] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 106.824513][ T3773] ? panic+0x710/0x710
[ 106.828570][ T3773] ? __might_sleep+0xc0/0xc0
[ 106.833146][ T3773] ? __mutex_lock_common+0x45f/0x26e0
[ 106.838516][ T3773] should_fail_ex+0x395/0x4c0
[ 106.843206][ T3773] ? hfs_find_init+0x8b/0x1e0
[ 106.847896][ T3773] should_failslab+0x5/0x20
[ 106.852389][ T3773] __kmem_cache_alloc_node+0x69/0x310
[ 106.857754][ T3773] ? hfs_find_init+0x8b/0x1e0
[ 106.862434][ T3773] __kmalloc+0x9e/0x1a0
[ 106.866612][ T3773] hfs_find_init+0x8b/0x1e0
[ 106.871120][ T3773] hfs_extend_file+0x2f8/0x1420
[ 106.875985][ T3773] ? hfs_get_block+0xbb0/0xbb0
[ 106.880757][ T3773] ? lru_cache_disable+0x30/0x30
[ 106.885697][ T3773] ? __might_sleep+0xc0/0xc0
[ 106.890306][ T3773] hfs_get_block+0x3fc/0xbb0
[ 106.894895][ T3773] ? hfs_free_extents+0x420/0x420
[ 106.899910][ T3773] ? do_raw_spin_unlock+0x134/0x8a0
[ 106.905120][ T3773] ? create_page_buffers+0x244/0x4b0
[ 106.910422][ T3773] __block_write_begin_int+0x54c/0x1a80
[ 106.916017][ T3773] ? hfs_free_extents+0x420/0x420
[ 106.921415][ T3773] ? page_zero_new_buffers+0x940/0x940
[ 106.926900][ T3773] ? PageHeadHuge+0x8a/0x1d0
[ 106.931501][ T3773] ? hfs_free_extents+0x420/0x420
[ 106.936524][ T3773] block_write_begin+0x93/0x1e0
[ 106.941416][ T3773] ? cont_write_begin+0x5e5/0x860
[ 106.946434][ T3773] ? hfs_free_extents+0x420/0x420
[ 106.951457][ T3773] cont_write_begin+0x606/0x860
[ 106.956324][ T3773] ? fault_in_readable+0x1d5/0x310
[ 106.961430][ T3773] ? generic_cont_expand_simple+0x250/0x250
[ 106.967399][ T3773] ? fault_in_readable+0x219/0x310
[ 106.972503][ T3773] ? fault_in_safe_writeable+0x240/0x240
[ 106.978131][ T3773] hfs_write_begin+0x86/0xd0
[ 106.982710][ T3773] ? hfs_free_extents+0x420/0x420
[ 106.987724][ T3773] generic_perform_write+0x2e4/0x5e0
[ 106.993041][ T3773] ? __block_commit_write+0x420/0x420
[ 106.998418][ T3773] ? generic_file_direct_write+0x610/0x610
[ 107.004234][ T3773] ? __file_remove_privs+0x6c0/0x6c0
[ 107.009511][ T3773] ? generic_write_checks+0x15c/0x1c0
[ 107.014894][ T3773] __generic_file_write_iter+0x176/0x400
[ 107.020540][ T3773] generic_file_write_iter+0xab/0x310
[ 107.025913][ T3773] vfs_write+0x7dc/0xc50
[ 107.030172][ T3773] ? file_end_write+0x230/0x230
[ 107.035008][ T3773] ? ptrace_stop+0x74d/0x970
[ 107.039612][ T3773] ? _raw_spin_unlock_irq+0x2a/0x40
[ 107.044824][ T3773] ? __fdget_pos+0x252/0x2e0
[ 107.049414][ T3773] ksys_write+0x177/0x2a0
[ 107.053741][ T3773] ? __ia32_sys_read+0x80/0x80
[ 107.058507][ T3773] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 107.064490][ T3773] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 107.070469][ T3773] do_syscall_64+0x3d/0xb0
[ 107.074883][ T3773] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 107.080775][ T3773] RIP: 0033:0x7f0fa5191c89
[ 107.085190][ T3773] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 107.104792][ T3773] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 107.113203][ T3773] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 107.121171][ T3773] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 107.129143][ T3773] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 107.137113][ T3773] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid 3773] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3773] exit_group(0) = ?
[pid 3773] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3773, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./126", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./126", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./126/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./126/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./126/binderfs") = 0
umount2("./126/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./126/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./126/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./126/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./126/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./126/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./126") = 0
mkdir("./127", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3774
./strace-static-x86_64: Process 3774 attached
[pid 3774] chdir("./127") = 0
[pid 3774] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3774] setpgid(0, 0) = 0
[pid 3774] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3774] write(3, "1000", 4) = 4
[pid 3774] close(3) = 0
[pid 3774] symlink("/dev/binderfs", "./binderfs") = 0
[ 107.145080][ T3773] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000007e
[ 107.153065][ T3773]
[pid 3774] memfd_create("syzkaller", 0) = 3
[pid 3774] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3774] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3774] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3774] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3774] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3774] close(3) = 0
[pid 3774] mkdir("./file0", 0777) = 0
[pid 3774] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3774] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3774] chdir("./file0") = 0
[pid 3774] ioctl(4, LOOP_CLR_FD) = 0
[pid 3774] close(4) = 0
[pid 3774] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3774] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3774] write(5, "13", 2) = 2
[ 107.212121][ T3774] loop0: detected capacity change from 0 to 64
[ 107.242021][ T3774] FAULT_INJECTION: forcing a failure.
[ 107.242021][ T3774] name failslab, interval 1, probability 0, space 0, times 0
[ 107.254938][ T3774] CPU: 1 PID: 3774 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 107.265354][ T3774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 107.275414][ T3774] Call Trace:
[ 107.278697][ T3774]
[ 107.281626][ T3774] dump_stack_lvl+0x1b1/0x28e
[ 107.286307][ T3774] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 107.291766][ T3774] ? panic+0x710/0x710
[ 107.295834][ T3774] ? __might_sleep+0xc0/0xc0
[ 107.300455][ T3774] ? __mutex_lock_common+0x45f/0x26e0
[ 107.305859][ T3774] should_fail_ex+0x395/0x4c0
[ 107.310573][ T3774] ? hfs_find_init+0x8b/0x1e0
[ 107.315442][ T3774] should_failslab+0x5/0x20
[ 107.319970][ T3774] __kmem_cache_alloc_node+0x69/0x310
[ 107.325379][ T3774] ? hfs_find_init+0x8b/0x1e0
[ 107.330068][ T3774] __kmalloc+0x9e/0x1a0
[ 107.334242][ T3774] hfs_find_init+0x8b/0x1e0
[ 107.338752][ T3774] hfs_extend_file+0x2f8/0x1420
[ 107.343619][ T3774] ? hfs_get_block+0xbb0/0xbb0
[ 107.348385][ T3774] ? lru_cache_disable+0x30/0x30
[ 107.353357][ T3774] ? __might_sleep+0xc0/0xc0
[ 107.358051][ T3774] hfs_get_block+0x3fc/0xbb0
[ 107.362661][ T3774] ? hfs_free_extents+0x420/0x420
[ 107.367683][ T3774] ? do_raw_spin_unlock+0x134/0x8a0
[ 107.372993][ T3774] ? create_page_buffers+0x244/0x4b0
[ 107.378299][ T3774] __block_write_begin_int+0x54c/0x1a80
[ 107.383879][ T3774] ? hfs_free_extents+0x420/0x420
[ 107.388929][ T3774] ? page_zero_new_buffers+0x940/0x940
[ 107.394401][ T3774] ? PageHeadHuge+0x8a/0x1d0
[ 107.398999][ T3774] ? hfs_free_extents+0x420/0x420
[ 107.404023][ T3774] block_write_begin+0x93/0x1e0
[ 107.408882][ T3774] ? cont_write_begin+0x5e5/0x860
[ 107.413910][ T3774] ? hfs_free_extents+0x420/0x420
[ 107.418933][ T3774] cont_write_begin+0x606/0x860
[ 107.423793][ T3774] ? fault_in_readable+0x1d5/0x310
[ 107.428995][ T3774] ? generic_cont_expand_simple+0x250/0x250
[ 107.434891][ T3774] ? fault_in_readable+0x219/0x310
[ 107.440004][ T3774] ? fault_in_safe_writeable+0x240/0x240
[ 107.445646][ T3774] hfs_write_begin+0x86/0xd0
[ 107.450232][ T3774] ? hfs_free_extents+0x420/0x420
[ 107.455258][ T3774] generic_perform_write+0x2e4/0x5e0
[ 107.460554][ T3774] ? __block_commit_write+0x420/0x420
[ 107.465930][ T3774] ? generic_file_direct_write+0x610/0x610
[ 107.471737][ T3774] ? __file_remove_privs+0x6c0/0x6c0
[ 107.477030][ T3774] ? generic_write_checks+0x15c/0x1c0
[ 107.482417][ T3774] __generic_file_write_iter+0x176/0x400
[ 107.488065][ T3774] generic_file_write_iter+0xab/0x310
[ 107.493444][ T3774] vfs_write+0x7dc/0xc50
[ 107.497697][ T3774] ? file_end_write+0x230/0x230
[ 107.502562][ T3774] ? ptrace_stop+0x74d/0x970
[ 107.507182][ T3774] ? _raw_spin_unlock_irq+0x2a/0x40
[ 107.512399][ T3774] ? __fdget_pos+0x252/0x2e0
[ 107.517005][ T3774] ksys_write+0x177/0x2a0
[ 107.521348][ T3774] ? __ia32_sys_read+0x80/0x80
[ 107.526118][ T3774] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 107.532105][ T3774] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 107.538087][ T3774] do_syscall_64+0x3d/0xb0
[ 107.542503][ T3774] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 107.548393][ T3774] RIP: 0033:0x7f0fa5191c89
[ 107.552810][ T3774] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 107.572414][ T3774] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 107.580831][ T3774] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 107.588884][ T3774] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 107.596849][ T3774] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 107.604817][ T3774] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid 3774] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3774] exit_group(0) = ?
[pid 3774] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3774, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./127", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./127", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./127/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./127/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./127/binderfs") = 0
umount2("./127/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./127/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./127/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./127/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./127/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./127/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./127") = 0
mkdir("./128", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3775 attached
, child_tidptr=0x555555b7f5d0) = 3775
[pid 3775] chdir("./128") = 0
[pid 3775] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3775] setpgid(0, 0) = 0
[pid 3775] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3775] write(3, "1000", 4) = 4
[pid 3775] close(3) = 0
[pid 3775] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3775] memfd_create("syzkaller", 0) = 3
[pid 3775] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3775] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3775] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3775] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 107.612787][ T3774] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 000000000000007f
[ 107.620767][ T3774]
[pid 3775] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3775] close(3) = 0
[pid 3775] mkdir("./file0", 0777) = 0
[pid 3775] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3775] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3775] chdir("./file0") = 0
[pid 3775] ioctl(4, LOOP_CLR_FD) = 0
[pid 3775] close(4) = 0
[pid 3775] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3775] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3775] write(5, "13", 2) = 2
[ 107.665333][ T3775] loop0: detected capacity change from 0 to 64
[ 107.684205][ T3775] FAULT_INJECTION: forcing a failure.
[ 107.684205][ T3775] name failslab, interval 1, probability 0, space 0, times 0
[ 107.697929][ T3775] CPU: 0 PID: 3775 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 107.708360][ T3775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 107.718408][ T3775] Call Trace:
[ 107.721680][ T3775]
[ 107.724601][ T3775] dump_stack_lvl+0x1b1/0x28e
[ 107.729277][ T3775] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 107.734744][ T3775] ? panic+0x710/0x710
[ 107.738814][ T3775] ? __might_sleep+0xc0/0xc0
[ 107.743392][ T3775] ? __mutex_lock_common+0x45f/0x26e0
[ 107.748759][ T3775] should_fail_ex+0x395/0x4c0
[ 107.753432][ T3775] ? hfs_find_init+0x8b/0x1e0
[ 107.758125][ T3775] should_failslab+0x5/0x20
[ 107.762618][ T3775] __kmem_cache_alloc_node+0x69/0x310
[ 107.767983][ T3775] ? rcu_lock_release+0x5/0x20
[ 107.772737][ T3775] ? hfs_find_init+0x8b/0x1e0
[ 107.777408][ T3775] __kmalloc+0x9e/0x1a0
[ 107.781558][ T3775] hfs_find_init+0x8b/0x1e0
[ 107.786064][ T3775] hfs_extend_file+0x2f8/0x1420
[ 107.790922][ T3775] ? xas_find+0x937/0xa60
[ 107.795246][ T3775] ? hfs_get_block+0xbb0/0xbb0
[ 107.799995][ T3775] ? filemap_get_folios+0x557/0x830
[ 107.805190][ T3775] ? find_lock_entries+0xf60/0xf60
[ 107.810310][ T3775] ? trace_writeback_dirty_inode+0xdf/0x2b0
[ 107.816211][ T3775] hfs_get_block+0x3fc/0xbb0
[ 107.820803][ T3775] ? hfs_free_extents+0x420/0x420
[ 107.825839][ T3775] ? do_raw_spin_unlock+0x134/0x8a0
[ 107.831048][ T3775] ? create_page_buffers+0x244/0x4b0
[ 107.836326][ T3775] __block_write_begin_int+0x54c/0x1a80
[ 107.841880][ T3775] ? hfs_free_extents+0x420/0x420
[ 107.846889][ T3775] ? page_zero_new_buffers+0x940/0x940
[ 107.852338][ T3775] ? PageHeadHuge+0x8a/0x1d0
[ 107.856920][ T3775] ? hfs_free_extents+0x420/0x420
[ 107.861930][ T3775] block_write_begin+0x93/0x1e0
[ 107.866770][ T3775] ? cont_write_begin+0x5e5/0x860
[ 107.871783][ T3775] ? hfs_free_extents+0x420/0x420
[ 107.876806][ T3775] cont_write_begin+0x606/0x860
[ 107.881664][ T3775] ? fault_in_readable+0x1d5/0x310
[ 107.886768][ T3775] ? generic_cont_expand_simple+0x250/0x250
[ 107.892651][ T3775] ? fault_in_readable+0x219/0x310
[ 107.897751][ T3775] ? fault_in_safe_writeable+0x240/0x240
[ 107.903376][ T3775] hfs_write_begin+0x86/0xd0
[ 107.907955][ T3775] ? hfs_free_extents+0x420/0x420
[ 107.912970][ T3775] generic_perform_write+0x2e4/0x5e0
[ 107.918250][ T3775] ? __block_commit_write+0x420/0x420
[ 107.923612][ T3775] ? generic_file_direct_write+0x610/0x610
[ 107.929406][ T3775] ? __file_remove_privs+0x6c0/0x6c0
[ 107.934679][ T3775] ? generic_write_checks+0x15c/0x1c0
[ 107.940047][ T3775] __generic_file_write_iter+0x176/0x400
[ 107.945676][ T3775] generic_file_write_iter+0xab/0x310
[ 107.951041][ T3775] vfs_write+0x7dc/0xc50
[ 107.955282][ T3775] ? file_end_write+0x230/0x230
[ 107.960118][ T3775] ? ptrace_stop+0x74d/0x970
[ 107.964713][ T3775] ? _raw_spin_unlock_irq+0x2a/0x40
[ 107.969916][ T3775] ? __fdget_pos+0x252/0x2e0
[ 107.974510][ T3775] ksys_write+0x177/0x2a0
[ 107.978842][ T3775] ? __ia32_sys_read+0x80/0x80
[ 107.983605][ T3775] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 107.989585][ T3775] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 107.995566][ T3775] do_syscall_64+0x3d/0xb0
[ 107.999984][ T3775] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 108.005871][ T3775] RIP: 0033:0x7f0fa5191c89
[ 108.010285][ T3775] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 108.029886][ T3775] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 108.038300][ T3775] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 108.046268][ T3775] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 108.054232][ T3775] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid 3775] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3775] exit_group(0) = ?
[pid 3775] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3775, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./128", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./128", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./128/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./128/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./128/binderfs") = 0
umount2("./128/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./128/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./128/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./128/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./128/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./128/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./128") = 0
mkdir("./129", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3776
./strace-static-x86_64: Process 3776 attached
[pid 3776] chdir("./129") = 0
[pid 3776] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3776] setpgid(0, 0) = 0
[pid 3776] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3776] write(3, "1000", 4) = 4
[pid 3776] close(3) = 0
[pid 3776] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3776] memfd_create("syzkaller", 0) = 3
[pid 3776] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3776] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3776] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3776] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 108.062199][ T3775] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 108.070166][ T3775] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000080
[ 108.078147][ T3775]
[pid 3776] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3776] close(3) = 0
[pid 3776] mkdir("./file0", 0777) = 0
[pid 3776] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3776] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3776] chdir("./file0") = 0
[pid 3776] ioctl(4, LOOP_CLR_FD) = 0
[pid 3776] close(4) = 0
[pid 3776] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3776] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3776] write(5, "13", 2) = 2
[ 108.122985][ T3776] loop0: detected capacity change from 0 to 64
[ 108.155130][ T3776] FAULT_INJECTION: forcing a failure.
[ 108.155130][ T3776] name failslab, interval 1, probability 0, space 0, times 0
[ 108.167922][ T3776] CPU: 0 PID: 3776 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 108.178357][ T3776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 108.188427][ T3776] Call Trace:
[ 108.191702][ T3776]
[ 108.194745][ T3776] dump_stack_lvl+0x1b1/0x28e
[ 108.199431][ T3776] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 108.204894][ T3776] ? panic+0x710/0x710
[ 108.208985][ T3776] ? __might_sleep+0xc0/0xc0
[ 108.213588][ T3776] ? __mutex_lock_common+0x45f/0x26e0
[ 108.218967][ T3776] should_fail_ex+0x395/0x4c0
[ 108.223649][ T3776] ? hfs_find_init+0x8b/0x1e0
[ 108.228335][ T3776] should_failslab+0x5/0x20
[ 108.232851][ T3776] __kmem_cache_alloc_node+0x69/0x310
[ 108.238218][ T3776] ? hfs_find_init+0x8b/0x1e0
[ 108.242896][ T3776] __kmalloc+0x9e/0x1a0
[ 108.247049][ T3776] hfs_find_init+0x8b/0x1e0
[ 108.251546][ T3776] hfs_extend_file+0x2f8/0x1420
[ 108.256394][ T3776] ? hfs_get_block+0xbb0/0xbb0
[ 108.261149][ T3776] ? lru_cache_disable+0x30/0x30
[ 108.266079][ T3776] ? __might_sleep+0xc0/0xc0
[ 108.270709][ T3776] hfs_get_block+0x3fc/0xbb0
[ 108.275328][ T3776] ? hfs_free_extents+0x420/0x420
[ 108.280433][ T3776] ? do_raw_spin_unlock+0x134/0x8a0
[ 108.285633][ T3776] ? create_page_buffers+0x244/0x4b0
[ 108.290918][ T3776] __block_write_begin_int+0x54c/0x1a80
[ 108.296509][ T3776] ? hfs_free_extents+0x420/0x420
[ 108.301546][ T3776] ? page_zero_new_buffers+0x940/0x940
[ 108.307000][ T3776] ? PageHeadHuge+0x8a/0x1d0
[ 108.311606][ T3776] ? hfs_free_extents+0x420/0x420
[ 108.316735][ T3776] block_write_begin+0x93/0x1e0
[ 108.321599][ T3776] ? cont_write_begin+0x5e5/0x860
[ 108.326641][ T3776] ? hfs_free_extents+0x420/0x420
[ 108.331675][ T3776] cont_write_begin+0x606/0x860
[ 108.336535][ T3776] ? fault_in_readable+0x1d5/0x310
[ 108.341654][ T3776] ? generic_cont_expand_simple+0x250/0x250
[ 108.347549][ T3776] ? fault_in_readable+0x219/0x310
[ 108.352657][ T3776] ? fault_in_safe_writeable+0x240/0x240
[ 108.358288][ T3776] hfs_write_begin+0x86/0xd0
[ 108.362871][ T3776] ? hfs_free_extents+0x420/0x420
[ 108.367892][ T3776] generic_perform_write+0x2e4/0x5e0
[ 108.373193][ T3776] ? __block_commit_write+0x420/0x420
[ 108.378590][ T3776] ? generic_file_direct_write+0x610/0x610
[ 108.384409][ T3776] ? __file_remove_privs+0x6c0/0x6c0
[ 108.389697][ T3776] ? generic_write_checks+0x15c/0x1c0
[ 108.395095][ T3776] __generic_file_write_iter+0x176/0x400
[ 108.400771][ T3776] generic_file_write_iter+0xab/0x310
[ 108.406171][ T3776] vfs_write+0x7dc/0xc50
[ 108.410455][ T3776] ? file_end_write+0x230/0x230
[ 108.415317][ T3776] ? ptrace_stop+0x74d/0x970
[ 108.419950][ T3776] ? _raw_spin_unlock_irq+0x2a/0x40
[ 108.425165][ T3776] ? __fdget_pos+0x252/0x2e0
[ 108.429767][ T3776] ksys_write+0x177/0x2a0
[ 108.434112][ T3776] ? __ia32_sys_read+0x80/0x80
[ 108.438868][ T3776] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 108.444854][ T3776] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 108.450862][ T3776] do_syscall_64+0x3d/0xb0
[ 108.455276][ T3776] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 108.461161][ T3776] RIP: 0033:0x7f0fa5191c89
[ 108.465571][ T3776] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 108.485184][ T3776] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 108.493612][ T3776] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 108.501589][ T3776] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 108.509584][ T3776] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[pid 3776] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3776] exit_group(0) = ?
[pid 3776] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3776, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./129", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./129", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./129/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./129/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./129/binderfs") = 0
umount2("./129/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./129/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./129/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./129/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./129/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./129/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./129") = 0
mkdir("./130", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3777
./strace-static-x86_64: Process 3777 attached
[pid 3777] chdir("./130") = 0
[ 108.517548][ T3776] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 108.525521][ T3776] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000081
[ 108.533671][ T3776]
[pid 3777] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3777] setpgid(0, 0) = 0
[pid 3777] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3777] write(3, "1000", 4) = 4
[pid 3777] close(3) = 0
[pid 3777] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3777] memfd_create("syzkaller", 0) = 3
[pid 3777] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3777] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3777] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3777] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3777] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3777] close(3) = 0
[pid 3777] mkdir("./file0", 0777) = 0
[pid 3777] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3777] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3777] chdir("./file0") = 0
[pid 3777] ioctl(4, LOOP_CLR_FD) = 0
[pid 3777] close(4) = 0
[pid 3777] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3777] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3777] write(5, "13", 2) = 2
[ 108.598568][ T3777] loop0: detected capacity change from 0 to 64
[ 108.623501][ T3777] FAULT_INJECTION: forcing a failure.
[ 108.623501][ T3777] name failslab, interval 1, probability 0, space 0, times 0
[ 108.636413][ T3777] CPU: 0 PID: 3777 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 108.646851][ T3777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 108.656910][ T3777] Call Trace:
[ 108.660179][ T3777]
[ 108.663099][ T3777] dump_stack_lvl+0x1b1/0x28e
[ 108.667775][ T3777] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 108.673238][ T3777] ? panic+0x710/0x710
[ 108.677299][ T3777] ? __might_sleep+0xc0/0xc0
[ 108.681887][ T3777] ? __mutex_lock_common+0x45f/0x26e0
[ 108.687252][ T3777] should_fail_ex+0x395/0x4c0
[ 108.691927][ T3777] ? hfs_find_init+0x8b/0x1e0
[ 108.696608][ T3777] should_failslab+0x5/0x20
[ 108.701112][ T3777] __kmem_cache_alloc_node+0x69/0x310
[ 108.706483][ T3777] ? rcu_lock_release+0x5/0x20
[ 108.711247][ T3777] ? hfs_find_init+0x8b/0x1e0
[ 108.715934][ T3777] __kmalloc+0x9e/0x1a0
[ 108.720103][ T3777] hfs_find_init+0x8b/0x1e0
[ 108.724609][ T3777] hfs_extend_file+0x2f8/0x1420
[ 108.729459][ T3777] ? xas_find+0x937/0xa60
[ 108.733797][ T3777] ? hfs_get_block+0xbb0/0xbb0
[ 108.738555][ T3777] ? filemap_get_folios+0x557/0x830
[ 108.743756][ T3777] ? find_lock_entries+0xf60/0xf60
[ 108.748892][ T3777] ? trace_writeback_dirty_inode+0xdf/0x2b0
[ 108.754798][ T3777] hfs_get_block+0x3fc/0xbb0
[ 108.759401][ T3777] ? hfs_free_extents+0x420/0x420
[ 108.764419][ T3777] ? do_raw_spin_unlock+0x134/0x8a0
[ 108.769623][ T3777] ? create_page_buffers+0x244/0x4b0
[ 108.774914][ T3777] __block_write_begin_int+0x54c/0x1a80
[ 108.780487][ T3777] ? hfs_free_extents+0x420/0x420
[ 108.785508][ T3777] ? page_zero_new_buffers+0x940/0x940
[ 108.790969][ T3777] ? PageHeadHuge+0x8a/0x1d0
[ 108.795566][ T3777] ? hfs_free_extents+0x420/0x420
[ 108.800587][ T3777] block_write_begin+0x93/0x1e0
[ 108.805440][ T3777] ? cont_write_begin+0x5e5/0x860
[ 108.810465][ T3777] ? hfs_free_extents+0x420/0x420
[ 108.815575][ T3777] cont_write_begin+0x606/0x860
[ 108.820451][ T3777] ? fault_in_readable+0x1d5/0x310
[ 108.825569][ T3777] ? generic_cont_expand_simple+0x250/0x250
[ 108.831462][ T3777] ? fault_in_readable+0x219/0x310
[ 108.836576][ T3777] ? fault_in_safe_writeable+0x240/0x240
[ 108.842215][ T3777] hfs_write_begin+0x86/0xd0
[ 108.846800][ T3777] ? hfs_free_extents+0x420/0x420
[ 108.851824][ T3777] generic_perform_write+0x2e4/0x5e0
[ 108.857115][ T3777] ? __block_commit_write+0x420/0x420
[ 108.862491][ T3777] ? generic_file_direct_write+0x610/0x610
[ 108.868296][ T3777] ? __file_remove_privs+0x6c0/0x6c0
[ 108.873584][ T3777] ? generic_write_checks+0x15c/0x1c0
[ 108.878965][ T3777] __generic_file_write_iter+0x176/0x400
[ 108.884608][ T3777] generic_file_write_iter+0xab/0x310
[ 108.889986][ T3777] vfs_write+0x7dc/0xc50
[ 108.894236][ T3777] ? file_end_write+0x230/0x230
[ 108.899087][ T3777] ? ptrace_stop+0x74d/0x970
[ 108.903688][ T3777] ? _raw_spin_unlock_irq+0x2a/0x40
[ 108.908896][ T3777] ? __fdget_pos+0x252/0x2e0
[ 108.913491][ T3777] ksys_write+0x177/0x2a0
[ 108.917824][ T3777] ? __ia32_sys_read+0x80/0x80
[ 108.922587][ T3777] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 108.928742][ T3777] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 108.934724][ T3777] do_syscall_64+0x3d/0xb0
[ 108.939144][ T3777] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 108.945031][ T3777] RIP: 0033:0x7f0fa5191c89
[ 108.949443][ T3777] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 108.969048][ T3777] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 108.977456][ T3777] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 108.985424][ T3777] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid 3777] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3777] exit_group(0) = ?
[pid 3777] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3777, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
umount2("./130", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./130", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./130/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./130/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./130/binderfs") = 0
umount2("./130/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./130/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./130/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./130/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./130/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./130/file0") = 0
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./130") = 0
mkdir("./131", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3778
./strace-static-x86_64: Process 3778 attached
[pid 3778] chdir("./131") = 0
[pid 3778] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3778] setpgid(0, 0) = 0
[pid 3778] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3778] write(3, "1000", 4) = 4
[pid 3778] close(3) = 0
[pid 3778] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3778] memfd_create("syzkaller", 0) = 3
[pid 3778] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[ 108.993388][ T3777] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 109.001352][ T3777] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 109.009318][ T3777] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000082
[ 109.017300][ T3777]
[pid 3778] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3778] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3778] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3778] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3778] close(3) = 0
[pid 3778] mkdir("./file0", 0777) = 0
[pid 3778] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3778] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3778] chdir("./file0") = 0
[pid 3778] ioctl(4, LOOP_CLR_FD) = 0
[pid 3778] close(4) = 0
[pid 3778] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3778] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3778] write(5, "13", 2) = 2
[ 109.065376][ T3778] loop0: detected capacity change from 0 to 64
[ 109.086050][ T3778] FAULT_INJECTION: forcing a failure.
[ 109.086050][ T3778] name failslab, interval 1, probability 0, space 0, times 0
[ 109.098818][ T3778] CPU: 0 PID: 3778 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 109.109247][ T3778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 109.119298][ T3778] Call Trace:
[ 109.122580][ T3778]
[ 109.125502][ T3778] dump_stack_lvl+0x1b1/0x28e
[ 109.130171][ T3778] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 109.135619][ T3778] ? panic+0x710/0x710
[ 109.139680][ T3778] ? __might_sleep+0xc0/0xc0
[ 109.144255][ T3778] ? __mutex_lock_common+0x45f/0x26e0
[ 109.149624][ T3778] should_fail_ex+0x395/0x4c0
[ 109.154298][ T3778] ? hfs_find_init+0x8b/0x1e0
[ 109.158970][ T3778] should_failslab+0x5/0x20
[ 109.163467][ T3778] __kmem_cache_alloc_node+0x69/0x310
[ 109.168842][ T3778] ? hfs_find_init+0x8b/0x1e0
[ 109.173522][ T3778] __kmalloc+0x9e/0x1a0
[ 109.177696][ T3778] hfs_find_init+0x8b/0x1e0
[ 109.182203][ T3778] hfs_extend_file+0x2f8/0x1420
[ 109.187059][ T3778] ? hfs_get_block+0xbb0/0xbb0
[ 109.191819][ T3778] ? lru_cache_disable+0x30/0x30
[ 109.196765][ T3778] ? __might_sleep+0xc0/0xc0
[ 109.201409][ T3778] hfs_get_block+0x3fc/0xbb0
[ 109.206020][ T3778] ? hfs_free_extents+0x420/0x420
[ 109.211040][ T3778] ? do_raw_spin_unlock+0x134/0x8a0
[ 109.216239][ T3778] ? create_page_buffers+0x244/0x4b0
[ 109.221524][ T3778] __block_write_begin_int+0x54c/0x1a80
[ 109.227081][ T3778] ? hfs_free_extents+0x420/0x420
[ 109.232104][ T3778] ? page_zero_new_buffers+0x940/0x940
[ 109.237587][ T3778] ? PageHeadHuge+0x8a/0x1d0
[ 109.242189][ T3778] ? hfs_free_extents+0x420/0x420
[ 109.247213][ T3778] block_write_begin+0x93/0x1e0
[ 109.252075][ T3778] ? cont_write_begin+0x5e5/0x860
[ 109.257092][ T3778] ? hfs_free_extents+0x420/0x420
[ 109.262105][ T3778] cont_write_begin+0x606/0x860
[ 109.266956][ T3778] ? fault_in_readable+0x1d5/0x310
[ 109.272074][ T3778] ? generic_cont_expand_simple+0x250/0x250
[ 109.277978][ T3778] ? fault_in_readable+0x219/0x310
[ 109.283092][ T3778] ? fault_in_safe_writeable+0x240/0x240
[ 109.288758][ T3778] hfs_write_begin+0x86/0xd0
[ 109.293336][ T3778] ? hfs_free_extents+0x420/0x420
[ 109.298350][ T3778] generic_perform_write+0x2e4/0x5e0
[ 109.303646][ T3778] ? __block_commit_write+0x420/0x420
[ 109.309038][ T3778] ? generic_file_direct_write+0x610/0x610
[ 109.314856][ T3778] ? __file_remove_privs+0x6c0/0x6c0
[ 109.320144][ T3778] ? generic_write_checks+0x15c/0x1c0
[ 109.325545][ T3778] __generic_file_write_iter+0x176/0x400
[ 109.331204][ T3778] generic_file_write_iter+0xab/0x310
[ 109.336601][ T3778] vfs_write+0x7dc/0xc50
[ 109.340872][ T3778] ? file_end_write+0x230/0x230
[ 109.345734][ T3778] ? ptrace_stop+0x74d/0x970
[ 109.350337][ T3778] ? _raw_spin_unlock_irq+0x2a/0x40
[ 109.355552][ T3778] ? __fdget_pos+0x252/0x2e0
[ 109.360152][ T3778] ksys_write+0x177/0x2a0
[ 109.364517][ T3778] ? __ia32_sys_read+0x80/0x80
[ 109.369296][ T3778] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 109.375269][ T3778] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 109.381264][ T3778] do_syscall_64+0x3d/0xb0
[ 109.385697][ T3778] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 109.391578][ T3778] RIP: 0033:0x7f0fa5191c89
[ 109.396076][ T3778] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid 3778] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid 3778] exit_group(0) = ?
[pid 3778] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3778, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./131", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./131", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b80620 /* 4 entries */, 32768) = 112
umount2("./131/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./131/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./131/binderfs") = 0
umount2("./131/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./131/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./131/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./131/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./131/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b88660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b88660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./131/file0") = 0
[ 109.415682][ T3778] RSP: 002b:00007ffde9a45668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 109.424090][ T3778] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0fa5191c89
[ 109.432059][ T3778] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 109.440019][ T3778] RBP: 00007ffde9a45690 R08: 0000000000000002 R09: 00007ffde9a456a0
[ 109.448078][ T3778] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 109.456139][ T3778] R13: 00007ffde9a456d0 R14: 00007ffde9a456b0 R15: 0000000000000083
[ 109.464116][ T3778]
getdents64(3, 0x555555b80620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./131") = 0
mkdir("./132", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7f5d0) = 3779
./strace-static-x86_64: Process 3779 attached
[pid 3779] chdir("./132") = 0
[pid 3779] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3779] setpgid(0, 0) = 0
[pid 3779] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3779] write(3, "1000", 4) = 4
[pid 3779] close(3) = 0
[pid 3779] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3779] memfd_create("syzkaller", 0) = 3
[pid 3779] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f9cc00000
[pid 3779] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 3779] munmap(0x7f0f9cc00000, 32768) = 0
[pid 3779] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3779] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3779] close(3) = 0
[pid 3779] mkdir("./file0", 0777) = 0
[pid 3779] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 3779] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3779] chdir("./file0") = 0
[pid 3779] ioctl(4, LOOP_CLR_FD) = 0
[pid 3779] close(4) = 0
[pid 3779] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 3779] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 3779] write(5, "13", 2) = 2
[ 109.525388][ T3779] loop0: detected capacity change from 0 to 64
[ 109.565757][ T3779] FAULT_INJECTION: forcing a failure.
[ 109.565757][ T3779] name failslab, interval 1, probability 0, space 0, times 0
[ 109.578468][ T3779] CPU: 1 PID: 3779 Comm: syz-executor286 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0
[ 109.588899][ T3779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 109.598981][ T3779] Call Trace:
[ 109.602266][ T3779]
[ 109.605200][ T3779] dump_stack_lvl+0x1b1/0x28e
[ 109.609880][ T3779] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 109.615336][ T3779] ? panic+0x710/0x710
[ 109.619411][ T3779] ? __might_sleep+0xc0/0xc0
[ 109.623995][ T3