./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor678841236
<...>
DUID 00:04:76:8b:f6:84:a4:3b:36:39:6c:68:e7:10:38:dd:b7:2c
forked to background, child pid 4646
[ 35.892051][ T4647] 8021q: adding VLAN 0 to HW filter on device bond0
[ 35.920217][ T4647] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.10.3' (ECDSA) to the list of known hosts.
execve("./syz-executor678841236", ["./syz-executor678841236"], 0x7ffeae131660 /* 10 vars */) = 0
brk(NULL) = 0x5555562c7000
brk(0x5555562c7c40) = 0x5555562c7c40
arch_prctl(ARCH_SET_FS, 0x5555562c7300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor678841236", 4096) = 27
brk(0x5555562e8c40) = 0x5555562e8c40
brk(0x5555562e9000) = 0x5555562e9000
mprotect(0x7f1b3d0aa000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
getpid() = 5070
mkdir("./syzkaller.awneFz", 0700) = 0
chmod("./syzkaller.awneFz", 0777) = 0
chdir("./syzkaller.awneFz") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5071
./strace-static-x86_64: Process 5071 attached
[pid 5071] chdir("./0") = 0
[pid 5071] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5071] setpgid(0, 0) = 0
[pid 5071] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5071] write(3, "1000", 4) = 4
[pid 5071] close(3) = 0
[pid 5071] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5071] memfd_create("syzkaller", 0) = 3
[pid 5071] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5071] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5071] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5071] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
syzkaller login: [ 59.446082][ T5071] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5071 'syz-executor678'
[pid 5071] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5071] close(3) = 0
[pid 5071] mkdir("./file0", 0777) = 0
[ 59.491490][ T5071] loop0: detected capacity change from 0 to 4096
[ 59.502495][ T5071] ntfs: (device loop0): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel.
[ 59.524483][ T5071] ntfs: (device loop0): read_ntfs_boot_sector(): Primary boot sector is invalid.
[ 59.534005][ T5071] ntfs: (device loop0): read_ntfs_boot_sector(): Hot-fix: Recovering invalid primary boot sector from backup copy.
[ 59.550397][ T5071] ntfs: (device loop0): ntfs_mapping_pairs_decompress(): Corrupt attribute.
[ 59.559427][ T5071] ntfs: (device loop0): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5).
[ 59.579741][ T5071] ntfs: (device loop0): ntfs_mapping_pairs_decompress(): Corrupt attribute.
[ 59.588504][ T5071] ntfs: (device loop0): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x0, offset 0x200 because its location on disk could not be determined even after retrying (error code -5).
[ 59.608653][ T5071] ntfs: (device loop0): ntfs_mapping_pairs_decompress(): Corrupt attribute.
[ 59.617388][ T5071] ntfs: (device loop0): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x1, offset 0x0 because its location on disk could not be determined even after retrying (error code -5).
[pid 5071] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5071] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5071] chdir("./file0") = 0
[pid 5071] ioctl(4, LOOP_CLR_FD) = 0
[pid 5071] close(4) = 0
[pid 5071] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5071] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5071] write(5, "12", 2) = 2
[ 59.637419][ T5071] ntfs: (device loop0): ntfs_mapping_pairs_decompress(): Corrupt attribute.
[ 59.647911][ T5071] ntfs: volume version 3.1.
[ 59.685497][ T5071] FAULT_INJECTION: forcing a failure.
[ 59.685497][ T5071] name failslab, interval 1, probability 0, space 0, times 1
[ 59.698589][ T5071] CPU: 0 PID: 5071 Comm: syz-executor678 Not tainted 6.3.0-rc2-syzkaller-00077-g38e04b3e4240 #0
[ 59.709124][ T5071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 59.719180][ T5071] Call Trace:
[ 59.722456][ T5071]
[ 59.725394][ T5071] dump_stack_lvl+0x1e7/0x2d0
[ 59.730161][ T5071] ? nf_tcp_handle_invalid+0x650/0x650
[ 59.735663][ T5071] ? panic+0x770/0x770
[ 59.739757][ T5071] ? __might_sleep+0xc0/0xc0
[ 59.744386][ T5071] should_fail_ex+0x3aa/0x4e0
[ 59.749114][ T5071] should_failslab+0x9/0x20
[ 59.753639][ T5071] slab_pre_alloc_hook+0x59/0x2b0
[ 59.758709][ T5071] ? do_read_cache_page+0xf7/0x230
[ 59.763839][ T5071] kmem_cache_alloc+0x52/0x2e0
[ 59.768647][ T5071] ? ntfs_attr_get_search_ctx+0x51/0x180
[ 59.774284][ T5071] ntfs_attr_get_search_ctx+0x51/0x180
[ 59.779759][ T5071] __ntfs_write_inode+0x128/0xbb0
[ 59.784808][ T5071] ntfs_file_fsync+0x15e/0x2d0
[ 59.789598][ T5071] ntfs_file_write_iter+0x12e4/0x1a00
[ 59.794985][ T5071] vfs_write+0x7b2/0xbb0
[ 59.799248][ T5071] ? file_end_write+0x250/0x250
[ 59.804203][ T5071] ? lockdep_hardirqs_on+0x98/0x140
[ 59.809444][ T5071] ? __fdget_pos+0x265/0x2f0
[ 59.814046][ T5071] ksys_write+0x1a0/0x2c0
[ 59.818391][ T5071] ? __ia32_sys_read+0x90/0x90
[ 59.823162][ T5071] ? syscall_enter_from_user_mode+0x32/0x260
[ 59.829144][ T5071] ? syscall_enter_from_user_mode+0x8c/0x260
[ 59.835128][ T5071] do_syscall_64+0x41/0xc0
[ 59.839550][ T5071] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 59.845456][ T5071] RIP: 0033:0x7f1b3d01dba9
[ 59.849925][ T5071] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 59.869546][ T5071] RSP: 002b:00007ffe44a89ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 59.877992][ T5071] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1b3d01dba9
[pid 5071] write(4, "t", 1) = -1 ENOMEM (Cannot allocate memory)
[pid 5071] exit_group(0) = ?
[pid 5071] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5071, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} ---
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs") = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[ 59.885965][ T5071] RDX: 0000000000000001 RSI: 0000000020004200 RDI: 0000000000000004
[ 59.893936][ T5071] RBP: 00007ffe44a89f20 R08: 0000000000000002 R09: 00007ffe44a89f30
[ 59.901912][ T5071] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 59.909908][ T5071] R13: 00007ffe44a89f60 R14: 00007ffe44a89f40 R15: 0000000000000000
[ 59.917903][ T5071]
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5073
./strace-static-x86_64: Process 5073 attached
[pid 5073] chdir("./1") = 0
[pid 5073] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5073] setpgid(0, 0) = 0
[pid 5073] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5073] write(3, "1000", 4) = 4
[pid 5073] close(3) = 0
[pid 5073] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5073] memfd_create("syzkaller", 0) = 3
[pid 5073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5073] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5073] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5073] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5073] close(3) = 0
[pid 5073] mkdir("./file0", 0777) = 0
[pid 5073] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5073] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5073] chdir("./file0") = 0
[pid 5073] ioctl(4, LOOP_CLR_FD) = 0
[pid 5073] close(4) = 0
[pid 5073] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5073] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5073] write(5, "12", 2) = 2
[pid 5073] write(4, "t", 1) = 1
[pid 5073] exit_group(0) = ?
[pid 5073] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5073, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./1/binderfs") = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
[ 60.030432][ T5073] loop0: detected capacity change from 0 to 4096
[ 60.047787][ T5073] ntfs: volume version 3.1.
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5074 attached
, child_tidptr=0x5555562c75d0) = 5074
[pid 5074] chdir("./2") = 0
[pid 5074] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5074] setpgid(0, 0) = 0
[pid 5074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5074] write(3, "1000", 4) = 4
[pid 5074] close(3) = 0
[pid 5074] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5074] memfd_create("syzkaller", 0) = 3
[pid 5074] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5074] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5074] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5074] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5074] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5074] close(3) = 0
[pid 5074] mkdir("./file0", 0777) = 0
[pid 5074] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5074] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5074] chdir("./file0") = 0
[pid 5074] ioctl(4, LOOP_CLR_FD) = 0
[pid 5074] close(4) = 0
[pid 5074] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5074] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5074] write(5, "12", 2) = 2
[ 60.167282][ T5074] loop0: detected capacity change from 0 to 4096
[ 60.183361][ T5074] ntfs: volume version 3.1.
[ 60.228421][ T5074] FAULT_INJECTION: forcing a failure.
[ 60.228421][ T5074] name failslab, interval 1, probability 0, space 0, times 0
[ 60.241161][ T5074] CPU: 0 PID: 5074 Comm: syz-executor678 Not tainted 6.3.0-rc2-syzkaller-00077-g38e04b3e4240 #0
[ 60.251596][ T5074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 60.261656][ T5074] Call Trace:
[ 60.264938][ T5074]
[ 60.267866][ T5074] dump_stack_lvl+0x1e7/0x2d0
[ 60.272549][ T5074] ? nf_tcp_handle_invalid+0x650/0x650
[ 60.278008][ T5074] ? panic+0x770/0x770
[ 60.282076][ T5074] ? __might_sleep+0xc0/0xc0
[ 60.286686][ T5074] should_fail_ex+0x3aa/0x4e0
[ 60.291379][ T5074] should_failslab+0x9/0x20
[ 60.295901][ T5074] slab_pre_alloc_hook+0x59/0x2b0
[ 60.300970][ T5074] ? do_read_cache_page+0xf7/0x230
[ 60.306195][ T5074] kmem_cache_alloc+0x52/0x2e0
[ 60.311008][ T5074] ? ntfs_attr_get_search_ctx+0x51/0x180
[ 60.316669][ T5074] ntfs_attr_get_search_ctx+0x51/0x180
[ 60.322165][ T5074] __ntfs_write_inode+0x128/0xbb0
[ 60.327219][ T5074] ntfs_file_fsync+0x15e/0x2d0
[ 60.332011][ T5074] ntfs_file_write_iter+0x12e4/0x1a00
[ 60.337415][ T5074] vfs_write+0x7b2/0xbb0
[ 60.341695][ T5074] ? file_end_write+0x250/0x250
[ 60.346664][ T5074] ? lockdep_hardirqs_on+0x98/0x140
[ 60.351878][ T5074] ? __fdget_pos+0x265/0x2f0
[ 60.356493][ T5074] ksys_write+0x1a0/0x2c0
[ 60.360841][ T5074] ? __ia32_sys_read+0x90/0x90
[ 60.365624][ T5074] ? syscall_enter_from_user_mode+0x32/0x260
[ 60.371621][ T5074] ? syscall_enter_from_user_mode+0x8c/0x260
[ 60.377633][ T5074] do_syscall_64+0x41/0xc0
[ 60.382158][ T5074] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 60.388064][ T5074] RIP: 0033:0x7f1b3d01dba9
[ 60.392515][ T5074] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 60.412122][ T5074] RSP: 002b:00007ffe44a89ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 60.420549][ T5074] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1b3d01dba9
[pid 5074] write(4, "t", 1) = -1 ENOMEM (Cannot allocate memory)
[pid 5074] exit_group(0) = ?
[pid 5074] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5074, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./2/binderfs") = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./2/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5075
./strace-static-x86_64: Process 5075 attached
[pid 5075] chdir("./3") = 0
[pid 5075] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5075] setpgid(0, 0) = 0
[pid 5075] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5075] write(3, "1000", 4) = 4
[pid 5075] close(3) = 0
[pid 5075] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5075] memfd_create("syzkaller", 0) = 3
[pid 5075] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[ 60.428525][ T5074] RDX: 0000000000000001 RSI: 0000000020004200 RDI: 0000000000000004
[ 60.436499][ T5074] RBP: 00007ffe44a89f20 R08: 0000000000000002 R09: 00007ffe44a89f30
[ 60.444489][ T5074] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 60.452466][ T5074] R13: 00007ffe44a89f60 R14: 00007ffe44a89f40 R15: 0000000000000002
[ 60.460457][ T5074]
[pid 5075] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5075] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5075] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5075] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5075] close(3) = 0
[pid 5075] mkdir("./file0", 0777) = 0
[pid 5075] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5075] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5075] chdir("./file0") = 0
[pid 5075] ioctl(4, LOOP_CLR_FD) = 0
[pid 5075] close(4) = 0
[pid 5075] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5075] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5075] write(5, "12", 2) = 2
[ 60.545344][ T5075] loop0: detected capacity change from 0 to 4096
[ 60.561904][ T5075] ntfs: volume version 3.1.
[ 60.588364][ T5075] FAULT_INJECTION: forcing a failure.
[ 60.588364][ T5075] name failslab, interval 1, probability 0, space 0, times 0
[ 60.601059][ T5075] CPU: 1 PID: 5075 Comm: syz-executor678 Not tainted 6.3.0-rc2-syzkaller-00077-g38e04b3e4240 #0
[ 60.611508][ T5075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 60.621581][ T5075] Call Trace:
[ 60.624864][ T5075]
[ 60.627797][ T5075] dump_stack_lvl+0x1e7/0x2d0
[ 60.632498][ T5075] ? nf_tcp_handle_invalid+0x650/0x650
[ 60.638017][ T5075] ? panic+0x770/0x770
[ 60.642106][ T5075] ? __might_sleep+0xc0/0xc0
[ 60.646713][ T5075] should_fail_ex+0x3aa/0x4e0
[ 60.651431][ T5075] should_failslab+0x9/0x20
[ 60.655983][ T5075] slab_pre_alloc_hook+0x59/0x2b0
[ 60.661043][ T5075] ? do_read_cache_page+0xf7/0x230
[ 60.666195][ T5075] kmem_cache_alloc+0x52/0x2e0
[ 60.670993][ T5075] ? ntfs_attr_get_search_ctx+0x51/0x180
[ 60.676639][ T5075] ntfs_attr_get_search_ctx+0x51/0x180
[ 60.682115][ T5075] __ntfs_write_inode+0x128/0xbb0
[ 60.687179][ T5075] ntfs_file_fsync+0x15e/0x2d0
[ 60.691979][ T5075] ntfs_file_write_iter+0x12e4/0x1a00
[ 60.697398][ T5075] vfs_write+0x7b2/0xbb0
[ 60.701665][ T5075] ? file_end_write+0x250/0x250
[ 60.706537][ T5075] ? lockdep_hardirqs_on+0x98/0x140
[ 60.711747][ T5075] ? __fdget_pos+0x265/0x2f0
[ 60.716355][ T5075] ksys_write+0x1a0/0x2c0
[ 60.720699][ T5075] ? __ia32_sys_read+0x90/0x90
[ 60.725481][ T5075] ? syscall_enter_from_user_mode+0x32/0x260
[ 60.731494][ T5075] ? syscall_enter_from_user_mode+0x8c/0x260
[ 60.737484][ T5075] do_syscall_64+0x41/0xc0
[ 60.741917][ T5075] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 60.747833][ T5075] RIP: 0033:0x7f1b3d01dba9
[ 60.752277][ T5075] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 60.771927][ T5075] RSP: 002b:00007ffe44a89ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 60.780372][ T5075] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1b3d01dba9
[pid 5075] write(4, "t", 1) = -1 ENOMEM (Cannot allocate memory)
[pid 5075] exit_group(0) = ?
[pid 5075] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5075, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} ---
umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./3/binderfs") = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./3/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./3") = 0
mkdir("./4", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
[ 60.788359][ T5075] RDX: 0000000000000001 RSI: 0000000020004200 RDI: 0000000000000004
[ 60.796349][ T5075] RBP: 00007ffe44a89f20 R08: 0000000000000002 R09: 00007ffe44a89f30
[ 60.804360][ T5075] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 60.812338][ T5075] R13: 00007ffe44a89f60 R14: 00007ffe44a89f40 R15: 0000000000000003
[ 60.820326][ T5075]
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5076
./strace-static-x86_64: Process 5076 attached
[pid 5076] chdir("./4") = 0
[pid 5076] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5076] setpgid(0, 0) = 0
[pid 5076] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5076] write(3, "1000", 4) = 4
[pid 5076] close(3) = 0
[pid 5076] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5076] memfd_create("syzkaller", 0) = 3
[pid 5076] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5076] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5076] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5076] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5076] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5076] close(3) = 0
[pid 5076] mkdir("./file0", 0777) = 0
[pid 5076] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5076] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5076] chdir("./file0") = 0
[pid 5076] ioctl(4, LOOP_CLR_FD) = 0
[pid 5076] close(4) = 0
[pid 5076] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5076] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5076] write(5, "12", 2) = 2
[ 60.919622][ T5076] loop0: detected capacity change from 0 to 4096
[ 60.936323][ T5076] ntfs: volume version 3.1.
[ 60.973973][ T5076] FAULT_INJECTION: forcing a failure.
[ 60.973973][ T5076] name failslab, interval 1, probability 0, space 0, times 0
[ 60.987291][ T5076] CPU: 0 PID: 5076 Comm: syz-executor678 Not tainted 6.3.0-rc2-syzkaller-00077-g38e04b3e4240 #0
[ 60.997759][ T5076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 61.007848][ T5076] Call Trace:
[ 61.011155][ T5076]
[ 61.014107][ T5076] dump_stack_lvl+0x1e7/0x2d0
[ 61.018812][ T5076] ? nf_tcp_handle_invalid+0x650/0x650
[ 61.024290][ T5076] ? panic+0x770/0x770
[ 61.028375][ T5076] ? __might_sleep+0xc0/0xc0
[ 61.032984][ T5076] should_fail_ex+0x3aa/0x4e0
[ 61.037695][ T5076] should_failslab+0x9/0x20
[ 61.042214][ T5076] slab_pre_alloc_hook+0x59/0x2b0
[ 61.047260][ T5076] ? do_read_cache_page+0xf7/0x230
[ 61.052398][ T5076] kmem_cache_alloc+0x52/0x2e0
[ 61.057185][ T5076] ? ntfs_attr_get_search_ctx+0x51/0x180
[ 61.062850][ T5076] ntfs_attr_get_search_ctx+0x51/0x180
[ 61.068330][ T5076] __ntfs_write_inode+0x128/0xbb0
[ 61.073401][ T5076] ntfs_file_fsync+0x15e/0x2d0
[ 61.078194][ T5076] ntfs_file_write_iter+0x12e4/0x1a00
[ 61.083594][ T5076] vfs_write+0x7b2/0xbb0
[ 61.087862][ T5076] ? file_end_write+0x250/0x250
[ 61.092733][ T5076] ? lockdep_hardirqs_on+0x98/0x140
[ 61.097957][ T5076] ? __fdget_pos+0x265/0x2f0
[ 61.102586][ T5076] ksys_write+0x1a0/0x2c0
[ 61.106957][ T5076] ? __ia32_sys_read+0x90/0x90
[ 61.111752][ T5076] ? syscall_enter_from_user_mode+0x32/0x260
[ 61.117754][ T5076] ? syscall_enter_from_user_mode+0x8c/0x260
[ 61.123745][ T5076] do_syscall_64+0x41/0xc0
[ 61.128187][ T5076] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 61.134091][ T5076] RIP: 0033:0x7f1b3d01dba9
[ 61.138567][ T5076] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 61.158209][ T5076] RSP: 002b:00007ffe44a89ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 61.166642][ T5076] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1b3d01dba9
[pid 5076] write(4, "t", 1) = -1 ENOMEM (Cannot allocate memory)
[pid 5076] exit_group(0) = ?
[pid 5076] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5076, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./4/binderfs") = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./4/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./4") = 0
mkdir("./5", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5077
./strace-static-x86_64: Process 5077 attached
[pid 5077] chdir("./5") = 0
[pid 5077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5077] setpgid(0, 0) = 0
[pid 5077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5077] write(3, "1000", 4) = 4
[pid 5077] close(3) = 0
[pid 5077] symlink("/dev/binderfs", "./binderfs") = 0
[ 61.174624][ T5076] RDX: 0000000000000001 RSI: 0000000020004200 RDI: 0000000000000004
[ 61.182599][ T5076] RBP: 00007ffe44a89f20 R08: 0000000000000002 R09: 00007ffe44a89f30
[ 61.190574][ T5076] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 61.198635][ T5076] R13: 00007ffe44a89f60 R14: 00007ffe44a89f40 R15: 0000000000000004
[ 61.206654][ T5076]
[pid 5077] memfd_create("syzkaller", 0) = 3
[pid 5077] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5077] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5077] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5077] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5077] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5077] close(3) = 0
[pid 5077] mkdir("./file0", 0777) = 0
[pid 5077] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5077] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5077] chdir("./file0") = 0
[pid 5077] ioctl(4, LOOP_CLR_FD) = 0
[pid 5077] close(4) = 0
[pid 5077] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5077] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5077] write(5, "12", 2) = 2
[pid 5077] write(4, "t", 1) = 1
[pid 5077] exit_group(0) = ?
[pid 5077] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5077, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./5/binderfs") = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./5/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
[ 61.290699][ T5077] loop0: detected capacity change from 0 to 4096
[ 61.306338][ T5077] ntfs: volume version 3.1.
rmdir("./5") = 0
mkdir("./6", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5078
./strace-static-x86_64: Process 5078 attached
[pid 5078] chdir("./6") = 0
[pid 5078] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5078] setpgid(0, 0) = 0
[pid 5078] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5078] write(3, "1000", 4) = 4
[pid 5078] close(3) = 0
[pid 5078] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5078] memfd_create("syzkaller", 0) = 3
[pid 5078] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5078] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5078] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5078] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5078] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5078] close(3) = 0
[pid 5078] mkdir("./file0", 0777) = 0
[pid 5078] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5078] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5078] chdir("./file0") = 0
[pid 5078] ioctl(4, LOOP_CLR_FD) = 0
[pid 5078] close(4) = 0
[pid 5078] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5078] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5078] write(5, "12", 2) = 2
[ 61.409973][ T5078] loop0: detected capacity change from 0 to 4096
[ 61.437614][ T5078] ntfs: volume version 3.1.
[ 61.470575][ T5078] FAULT_INJECTION: forcing a failure.
[ 61.470575][ T5078] name failslab, interval 1, probability 0, space 0, times 0
[ 61.483582][ T5078] CPU: 0 PID: 5078 Comm: syz-executor678 Not tainted 6.3.0-rc2-syzkaller-00077-g38e04b3e4240 #0
[ 61.494033][ T5078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 61.504112][ T5078] Call Trace:
[ 61.507400][ T5078]
[ 61.510356][ T5078] dump_stack_lvl+0x1e7/0x2d0
[ 61.515065][ T5078] ? nf_tcp_handle_invalid+0x650/0x650
[ 61.520545][ T5078] ? panic+0x770/0x770
[ 61.524623][ T5078] ? __might_sleep+0xc0/0xc0
[ 61.529228][ T5078] should_fail_ex+0x3aa/0x4e0
[ 61.533934][ T5078] should_failslab+0x9/0x20
[ 61.538463][ T5078] slab_pre_alloc_hook+0x59/0x2b0
[ 61.543528][ T5078] ? do_read_cache_page+0xf7/0x230
[ 61.548666][ T5078] kmem_cache_alloc+0x52/0x2e0
[ 61.553475][ T5078] ? ntfs_attr_get_search_ctx+0x51/0x180
[ 61.559155][ T5078] ntfs_attr_get_search_ctx+0x51/0x180
[ 61.564673][ T5078] __ntfs_write_inode+0x128/0xbb0
[ 61.569737][ T5078] ntfs_file_fsync+0x15e/0x2d0
[ 61.574514][ T5078] ntfs_file_write_iter+0x12e4/0x1a00
[ 61.579931][ T5078] vfs_write+0x7b2/0xbb0
[ 61.584194][ T5078] ? file_end_write+0x250/0x250
[ 61.589085][ T5078] ? lockdep_hardirqs_on+0x98/0x140
[ 61.594315][ T5078] ? __fdget_pos+0x265/0x2f0
[ 61.598936][ T5078] ksys_write+0x1a0/0x2c0
[ 61.603311][ T5078] ? __ia32_sys_read+0x90/0x90
[ 61.608125][ T5078] ? syscall_enter_from_user_mode+0x32/0x260
[ 61.614123][ T5078] ? syscall_enter_from_user_mode+0x8c/0x260
[ 61.620129][ T5078] do_syscall_64+0x41/0xc0
[ 61.624561][ T5078] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 61.630486][ T5078] RIP: 0033:0x7f1b3d01dba9
[ 61.634904][ T5078] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 61.654601][ T5078] RSP: 002b:00007ffe44a89ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 61.663022][ T5078] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1b3d01dba9
[pid 5078] write(4, "t", 1) = -1 ENOMEM (Cannot allocate memory)
[pid 5078] exit_group(0) = ?
[pid 5078] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5078, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} ---
umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./6/binderfs") = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./6/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./6") = 0
mkdir("./7", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5079
./strace-static-x86_64: Process 5079 attached
[pid 5079] chdir("./7") = 0
[pid 5079] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5079] setpgid(0, 0) = 0
[pid 5079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5079] write(3, "1000", 4) = 4
[pid 5079] close(3) = 0
[pid 5079] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5079] memfd_create("syzkaller", 0) = 3
[pid 5079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[ 61.670993][ T5078] RDX: 0000000000000001 RSI: 0000000020004200 RDI: 0000000000000004
[ 61.678979][ T5078] RBP: 00007ffe44a89f20 R08: 0000000000000002 R09: 00007ffe44a89f30
[ 61.686963][ T5078] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 61.695024][ T5078] R13: 00007ffe44a89f60 R14: 00007ffe44a89f40 R15: 0000000000000006
[ 61.703033][ T5078]
[pid 5079] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5079] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5079] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5079] close(3) = 0
[pid 5079] mkdir("./file0", 0777) = 0
[pid 5079] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5079] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5079] chdir("./file0") = 0
[pid 5079] ioctl(4, LOOP_CLR_FD) = 0
[pid 5079] close(4) = 0
[pid 5079] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5079] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5079] write(5, "12", 2) = 2
[ 61.789355][ T5079] loop0: detected capacity change from 0 to 4096
[ 61.806048][ T5079] ntfs: volume version 3.1.
[ 61.839551][ T5079] FAULT_INJECTION: forcing a failure.
[ 61.839551][ T5079] name failslab, interval 1, probability 0, space 0, times 0
[ 61.852345][ T5079] CPU: 1 PID: 5079 Comm: syz-executor678 Not tainted 6.3.0-rc2-syzkaller-00077-g38e04b3e4240 #0
[ 61.862794][ T5079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 61.872882][ T5079] Call Trace:
[ 61.876180][ T5079]
[ 61.879117][ T5079] dump_stack_lvl+0x1e7/0x2d0
[ 61.883811][ T5079] ? nf_tcp_handle_invalid+0x650/0x650
[ 61.889285][ T5079] ? panic+0x770/0x770
[ 61.893370][ T5079] ? __might_sleep+0xc0/0xc0
[ 61.897985][ T5079] should_fail_ex+0x3aa/0x4e0
[ 61.902673][ T5079] should_failslab+0x9/0x20
[ 61.907179][ T5079] slab_pre_alloc_hook+0x59/0x2b0
[ 61.912221][ T5079] ? do_read_cache_page+0xf7/0x230
[ 61.917359][ T5079] kmem_cache_alloc+0x52/0x2e0
[ 61.922142][ T5079] ? ntfs_attr_get_search_ctx+0x51/0x180
[ 61.927805][ T5079] ntfs_attr_get_search_ctx+0x51/0x180
[ 61.933275][ T5079] __ntfs_write_inode+0x128/0xbb0
[ 61.938314][ T5079] ntfs_file_fsync+0x15e/0x2d0
[ 61.943084][ T5079] ntfs_file_write_iter+0x12e4/0x1a00
[ 61.948484][ T5079] vfs_write+0x7b2/0xbb0
[ 61.952746][ T5079] ? file_end_write+0x250/0x250
[ 61.957621][ T5079] ? lockdep_hardirqs_on+0x98/0x140
[ 61.962829][ T5079] ? __fdget_pos+0x265/0x2f0
[ 61.967443][ T5079] ksys_write+0x1a0/0x2c0
[ 61.971795][ T5079] ? __ia32_sys_read+0x90/0x90
[ 61.976579][ T5079] ? syscall_enter_from_user_mode+0x32/0x260
[ 61.982574][ T5079] ? syscall_enter_from_user_mode+0x8c/0x260
[ 61.988564][ T5079] do_syscall_64+0x41/0xc0
[ 61.993000][ T5079] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 61.998921][ T5079] RIP: 0033:0x7f1b3d01dba9
[ 62.003363][ T5079] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 62.022974][ T5079] RSP: 002b:00007ffe44a89ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 62.031409][ T5079] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1b3d01dba9
[pid 5079] write(4, "t", 1) = -1 ENOMEM (Cannot allocate memory)
[pid 5079] exit_group(0) = ?
[pid 5079] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5079, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./7/binderfs") = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./7/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./7") = 0
mkdir("./8", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 62.039398][ T5079] RDX: 0000000000000001 RSI: 0000000020004200 RDI: 0000000000000004
[ 62.047374][ T5079] RBP: 00007ffe44a89f20 R08: 0000000000000002 R09: 00007ffe44a89f30
[ 62.055349][ T5079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 62.063346][ T5079] R13: 00007ffe44a89f60 R14: 00007ffe44a89f40 R15: 0000000000000007
[ 62.071339][ T5079]
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5080
./strace-static-x86_64: Process 5080 attached
[pid 5080] chdir("./8") = 0
[pid 5080] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5080] setpgid(0, 0) = 0
[pid 5080] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5080] write(3, "1000", 4) = 4
[pid 5080] close(3) = 0
[pid 5080] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5080] memfd_create("syzkaller", 0) = 3
[pid 5080] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5080] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5080] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5080] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5080] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5080] close(3) = 0
[pid 5080] mkdir("./file0", 0777) = 0
[pid 5080] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5080] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5080] chdir("./file0") = 0
[pid 5080] ioctl(4, LOOP_CLR_FD) = 0
[pid 5080] close(4) = 0
[pid 5080] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5080] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5080] write(5, "12", 2) = 2
[pid 5080] write(4, "t", 1) = 1
[pid 5080] exit_group(0) = ?
[pid 5080] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5080, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
[ 62.162006][ T5080] loop0: detected capacity change from 0 to 4096
[ 62.179907][ T5080] ntfs: volume version 3.1.
umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./8/binderfs") = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./8/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./8") = 0
mkdir("./9", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5081
./strace-static-x86_64: Process 5081 attached
[pid 5081] chdir("./9") = 0
[pid 5081] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5081] setpgid(0, 0) = 0
[pid 5081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5081] write(3, "1000", 4) = 4
[pid 5081] close(3) = 0
[pid 5081] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5081] memfd_create("syzkaller", 0) = 3
[pid 5081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5081] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5081] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5081] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5081] close(3) = 0
[pid 5081] mkdir("./file0", 0777) = 0
[pid 5081] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5081] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5081] chdir("./file0") = 0
[pid 5081] ioctl(4, LOOP_CLR_FD) = 0
[pid 5081] close(4) = 0
[pid 5081] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5081] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5081] write(5, "12", 2) = 2
[ 62.304891][ T5081] loop0: detected capacity change from 0 to 4096
[ 62.321530][ T5081] ntfs: volume version 3.1.
[ 62.355629][ T5081] FAULT_INJECTION: forcing a failure.
[ 62.355629][ T5081] name failslab, interval 1, probability 0, space 0, times 0
[ 62.369059][ T5081] CPU: 0 PID: 5081 Comm: syz-executor678 Not tainted 6.3.0-rc2-syzkaller-00077-g38e04b3e4240 #0
[ 62.379530][ T5081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 62.389638][ T5081] Call Trace:
[ 62.392921][ T5081]
[ 62.395855][ T5081] dump_stack_lvl+0x1e7/0x2d0
[ 62.400545][ T5081] ? nf_tcp_handle_invalid+0x650/0x650
[ 62.406004][ T5081] ? panic+0x770/0x770
[ 62.410082][ T5081] ? __might_sleep+0xc0/0xc0
[ 62.414689][ T5081] should_fail_ex+0x3aa/0x4e0
[ 62.419383][ T5081] should_failslab+0x9/0x20
[ 62.423902][ T5081] slab_pre_alloc_hook+0x59/0x2b0
[ 62.428936][ T5081] ? do_read_cache_page+0xf7/0x230
[ 62.434059][ T5081] kmem_cache_alloc+0x52/0x2e0
[ 62.438841][ T5081] ? ntfs_attr_get_search_ctx+0x51/0x180
[ 62.444505][ T5081] ntfs_attr_get_search_ctx+0x51/0x180
[ 62.449978][ T5081] __ntfs_write_inode+0x128/0xbb0
[ 62.455030][ T5081] ntfs_file_fsync+0x15e/0x2d0
[ 62.459800][ T5081] ntfs_file_write_iter+0x12e4/0x1a00
[ 62.465206][ T5081] vfs_write+0x7b2/0xbb0
[ 62.469462][ T5081] ? file_end_write+0x250/0x250
[ 62.474329][ T5081] ? lockdep_hardirqs_on+0x98/0x140
[ 62.479544][ T5081] ? __fdget_pos+0x265/0x2f0
[ 62.484143][ T5081] ksys_write+0x1a0/0x2c0
[ 62.488487][ T5081] ? __ia32_sys_read+0x90/0x90
[ 62.493259][ T5081] ? syscall_enter_from_user_mode+0x32/0x260
[ 62.499246][ T5081] ? syscall_enter_from_user_mode+0x8c/0x260
[ 62.505232][ T5081] do_syscall_64+0x41/0xc0
[ 62.509662][ T5081] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 62.515568][ T5081] RIP: 0033:0x7f1b3d01dba9
[ 62.519982][ T5081] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 62.539686][ T5081] RSP: 002b:00007ffe44a89ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 62.548104][ T5081] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1b3d01dba9
[pid 5081] write(4, "t", 1) = -1 ENOMEM (Cannot allocate memory)
[pid 5081] exit_group(0) = ?
[pid 5081] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5081, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./9/binderfs") = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./9/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./9") = 0
mkdir("./10", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5082
./strace-static-x86_64: Process 5082 attached
[pid 5082] chdir("./10") = 0
[ 62.556086][ T5081] RDX: 0000000000000001 RSI: 0000000020004200 RDI: 0000000000000004
[ 62.564058][ T5081] RBP: 00007ffe44a89f20 R08: 0000000000000002 R09: 00007ffe44a89f30
[ 62.572029][ T5081] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 62.580000][ T5081] R13: 00007ffe44a89f60 R14: 00007ffe44a89f40 R15: 0000000000000009
[ 62.587991][ T5081]
[pid 5082] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5082] setpgid(0, 0) = 0
[pid 5082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5082] write(3, "1000", 4) = 4
[pid 5082] close(3) = 0
[pid 5082] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5082] memfd_create("syzkaller", 0) = 3
[pid 5082] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5082] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5082] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5082] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5082] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5082] close(3) = 0
[pid 5082] mkdir("./file0", 0777) = 0
[pid 5082] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5082] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5082] chdir("./file0") = 0
[pid 5082] ioctl(4, LOOP_CLR_FD) = 0
[pid 5082] close(4) = 0
[pid 5082] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5082] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5082] write(5, "12", 2) = 2
[ 62.680477][ T5082] loop0: detected capacity change from 0 to 4096
[ 62.698472][ T5082] ntfs: volume version 3.1.
[ 62.720189][ T5082] FAULT_INJECTION: forcing a failure.
[ 62.720189][ T5082] name failslab, interval 1, probability 0, space 0, times 0
[ 62.734084][ T5082] CPU: 0 PID: 5082 Comm: syz-executor678 Not tainted 6.3.0-rc2-syzkaller-00077-g38e04b3e4240 #0
[ 62.744545][ T5082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 62.754615][ T5082] Call Trace:
[ 62.757901][ T5082]
[ 62.760836][ T5082] dump_stack_lvl+0x1e7/0x2d0
[ 62.765548][ T5082] ? nf_tcp_handle_invalid+0x650/0x650
[ 62.771023][ T5082] ? panic+0x770/0x770
[ 62.775096][ T5082] ? __might_sleep+0xc0/0xc0
[ 62.779728][ T5082] should_fail_ex+0x3aa/0x4e0
[ 62.784429][ T5082] should_failslab+0x9/0x20
[ 62.788951][ T5082] slab_pre_alloc_hook+0x59/0x2b0
[ 62.793996][ T5082] ? do_read_cache_page+0xf7/0x230
[ 62.800312][ T5082] kmem_cache_alloc+0x52/0x2e0
[ 62.805134][ T5082] ? ntfs_attr_get_search_ctx+0x51/0x180
[ 62.810804][ T5082] ntfs_attr_get_search_ctx+0x51/0x180
[ 62.816297][ T5082] __ntfs_write_inode+0x128/0xbb0
[ 62.821335][ T5082] ntfs_file_fsync+0x15e/0x2d0
[ 62.826105][ T5082] ntfs_file_write_iter+0x12e4/0x1a00
[ 62.831494][ T5082] vfs_write+0x7b2/0xbb0
[ 62.835784][ T5082] ? file_end_write+0x250/0x250
[ 62.840652][ T5082] ? lockdep_hardirqs_on+0x98/0x140
[ 62.845854][ T5082] ? __fdget_pos+0x265/0x2f0
[ 62.850454][ T5082] ksys_write+0x1a0/0x2c0
[ 62.854800][ T5082] ? __ia32_sys_read+0x90/0x90
[ 62.859581][ T5082] ? syscall_enter_from_user_mode+0x32/0x260
[ 62.865572][ T5082] ? syscall_enter_from_user_mode+0x8c/0x260
[ 62.871559][ T5082] do_syscall_64+0x41/0xc0
[ 62.875984][ T5082] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 62.881881][ T5082] RIP: 0033:0x7f1b3d01dba9
[ 62.886312][ T5082] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 62.905921][ T5082] RSP: 002b:00007ffe44a89ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 62.914345][ T5082] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1b3d01dba9
[ 62.922330][ T5082] RDX: 0000000000000001 RSI: 0000000020004200 RDI: 0000000000000004
[pid 5082] write(4, "t", 1) = -1 ENOMEM (Cannot allocate memory)
[pid 5082] exit_group(0) = ?
[pid 5082] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5082, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} ---
umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./10/binderfs") = 0
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./10/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./10") = 0
mkdir("./11", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5083
./strace-static-x86_64: Process 5083 attached
[pid 5083] chdir("./11") = 0
[pid 5083] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5083] setpgid(0, 0) = 0
[pid 5083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5083] write(3, "1000", 4) = 4
[pid 5083] close(3) = 0
[ 62.930318][ T5082] RBP: 00007ffe44a89f20 R08: 0000000000000002 R09: 00007ffe44a89f30
[ 62.938290][ T5082] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 62.946264][ T5082] R13: 00007ffe44a89f60 R14: 00007ffe44a89f40 R15: 000000000000000a
[ 62.954253][ T5082]
[pid 5083] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5083] memfd_create("syzkaller", 0) = 3
[pid 5083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5083] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5083] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5083] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5083] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5083] close(3) = 0
[pid 5083] mkdir("./file0", 0777) = 0
[pid 5083] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5083] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5083] chdir("./file0") = 0
[pid 5083] ioctl(4, LOOP_CLR_FD) = 0
[pid 5083] close(4) = 0
[pid 5083] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5083] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5083] write(5, "12", 2) = 2
[ 63.049371][ T5083] loop0: detected capacity change from 0 to 4096
[ 63.066654][ T5083] ntfs: volume version 3.1.
[ 63.097354][ T5083] FAULT_INJECTION: forcing a failure.
[ 63.097354][ T5083] name failslab, interval 1, probability 0, space 0, times 0
[ 63.110301][ T5083] CPU: 0 PID: 5083 Comm: syz-executor678 Not tainted 6.3.0-rc2-syzkaller-00077-g38e04b3e4240 #0
[ 63.120827][ T5083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 63.130923][ T5083] Call Trace:
[ 63.134225][ T5083]
[ 63.137164][ T5083] dump_stack_lvl+0x1e7/0x2d0
[ 63.141876][ T5083] ? nf_tcp_handle_invalid+0x650/0x650
[ 63.147351][ T5083] ? panic+0x770/0x770
[ 63.151454][ T5083] ? __might_sleep+0xc0/0xc0
[ 63.156079][ T5083] should_fail_ex+0x3aa/0x4e0
[ 63.160779][ T5083] should_failslab+0x9/0x20
[ 63.165344][ T5083] slab_pre_alloc_hook+0x59/0x2b0
[ 63.170396][ T5083] ? do_read_cache_page+0xf7/0x230
[ 63.175549][ T5083] kmem_cache_alloc+0x52/0x2e0
[ 63.180340][ T5083] ? ntfs_attr_get_search_ctx+0x51/0x180
[ 63.186029][ T5083] ntfs_attr_get_search_ctx+0x51/0x180
[ 63.191528][ T5083] __ntfs_write_inode+0x128/0xbb0
[ 63.196576][ T5083] ntfs_file_fsync+0x15e/0x2d0
[ 63.201358][ T5083] ntfs_file_write_iter+0x12e4/0x1a00
[ 63.206768][ T5083] vfs_write+0x7b2/0xbb0
[ 63.211029][ T5083] ? file_end_write+0x250/0x250
[ 63.215923][ T5083] ? lockdep_hardirqs_on+0x98/0x140
[ 63.221153][ T5083] ? __fdget_pos+0x265/0x2f0
[ 63.225778][ T5083] ksys_write+0x1a0/0x2c0
[ 63.230167][ T5083] ? __ia32_sys_read+0x90/0x90
[ 63.234967][ T5083] ? syscall_enter_from_user_mode+0x32/0x260
[ 63.240960][ T5083] ? syscall_enter_from_user_mode+0x8c/0x260
[ 63.246957][ T5083] do_syscall_64+0x41/0xc0
[ 63.251407][ T5083] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 63.257337][ T5083] RIP: 0033:0x7f1b3d01dba9
[ 63.261753][ T5083] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 63.281366][ T5083] RSP: 002b:00007ffe44a89ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 63.289800][ T5083] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1b3d01dba9
[pid 5083] write(4, "t", 1) = -1 ENOMEM (Cannot allocate memory)
[pid 5083] exit_group(0) = ?
[pid 5083] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5083, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./11/binderfs") = 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./11/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./11") = 0
mkdir("./12", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 63.297784][ T5083] RDX: 0000000000000001 RSI: 0000000020004200 RDI: 0000000000000004
[ 63.305793][ T5083] RBP: 00007ffe44a89f20 R08: 0000000000000002 R09: 00007ffe44a89f30
[ 63.313802][ T5083] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 63.321800][ T5083] R13: 00007ffe44a89f60 R14: 00007ffe44a89f40 R15: 000000000000000b
[ 63.329789][ T5083]
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5084 attached
, child_tidptr=0x5555562c75d0) = 5084
[pid 5084] chdir("./12") = 0
[pid 5084] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5084] setpgid(0, 0) = 0
[pid 5084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5084] write(3, "1000", 4) = 4
[pid 5084] close(3) = 0
[pid 5084] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5084] memfd_create("syzkaller", 0) = 3
[pid 5084] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5084] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5084] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5084] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5084] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5084] close(3) = 0
[pid 5084] mkdir("./file0", 0777) = 0
[pid 5084] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5084] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5084] chdir("./file0") = 0
[pid 5084] ioctl(4, LOOP_CLR_FD) = 0
[pid 5084] close(4) = 0
[pid 5084] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5084] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5084] write(5, "12", 2) = 2
[pid 5084] write(4, "t", 1) = 1
[pid 5084] exit_group(0) = ?
[pid 5084] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5084, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./12/binderfs") = 0
[ 63.447019][ T5084] loop0: detected capacity change from 0 to 4096
[ 63.464243][ T5084] ntfs: volume version 3.1.
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./12/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./12") = 0
mkdir("./13", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5085
./strace-static-x86_64: Process 5085 attached
[pid 5085] chdir("./13") = 0
[pid 5085] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5085] setpgid(0, 0) = 0
[pid 5085] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5085] write(3, "1000", 4) = 4
[pid 5085] close(3) = 0
[pid 5085] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5085] memfd_create("syzkaller", 0) = 3
[pid 5085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5085] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5085] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5085] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5085] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5085] close(3) = 0
[pid 5085] mkdir("./file0", 0777) = 0
[pid 5085] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5085] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5085] chdir("./file0") = 0
[pid 5085] ioctl(4, LOOP_CLR_FD) = 0
[pid 5085] close(4) = 0
[pid 5085] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5085] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5085] write(5, "12", 2) = 2
[ 63.572113][ T5085] loop0: detected capacity change from 0 to 4096
[ 63.588777][ T5085] ntfs: volume version 3.1.
[ 63.607594][ T5085] FAULT_INJECTION: forcing a failure.
[ 63.607594][ T5085] name failslab, interval 1, probability 0, space 0, times 0
[ 63.620531][ T5085] CPU: 0 PID: 5085 Comm: syz-executor678 Not tainted 6.3.0-rc2-syzkaller-00077-g38e04b3e4240 #0
[ 63.630994][ T5085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 63.641091][ T5085] Call Trace:
[ 63.644409][ T5085]
[ 63.647347][ T5085] dump_stack_lvl+0x1e7/0x2d0
[ 63.652040][ T5085] ? nf_tcp_handle_invalid+0x650/0x650
[ 63.657514][ T5085] ? panic+0x770/0x770
[ 63.661607][ T5085] ? __might_sleep+0xc0/0xc0
[ 63.666234][ T5085] should_fail_ex+0x3aa/0x4e0
[ 63.670931][ T5085] should_failslab+0x9/0x20
[ 63.675449][ T5085] slab_pre_alloc_hook+0x59/0x2b0
[ 63.680507][ T5085] ? do_read_cache_page+0xf7/0x230
[ 63.685657][ T5085] kmem_cache_alloc+0x52/0x2e0
[ 63.690458][ T5085] ? ntfs_attr_get_search_ctx+0x51/0x180
[ 63.696111][ T5085] ntfs_attr_get_search_ctx+0x51/0x180
[ 63.701584][ T5085] __ntfs_write_inode+0x128/0xbb0
[ 63.706653][ T5085] ntfs_file_fsync+0x15e/0x2d0
[ 63.711479][ T5085] ntfs_file_write_iter+0x12e4/0x1a00
[ 63.716996][ T5085] vfs_write+0x7b2/0xbb0
[ 63.721286][ T5085] ? file_end_write+0x250/0x250
[ 63.726160][ T5085] ? lockdep_hardirqs_on+0x98/0x140
[ 63.731374][ T5085] ? __fdget_pos+0x265/0x2f0
[ 63.735985][ T5085] ksys_write+0x1a0/0x2c0
[ 63.740340][ T5085] ? __ia32_sys_read+0x90/0x90
[ 63.745140][ T5085] ? syscall_enter_from_user_mode+0x32/0x260
[ 63.751527][ T5085] ? syscall_enter_from_user_mode+0x8c/0x260
[ 63.757521][ T5085] do_syscall_64+0x41/0xc0
[ 63.761957][ T5085] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 63.767862][ T5085] RIP: 0033:0x7f1b3d01dba9
[ 63.772291][ T5085] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 63.791924][ T5085] RSP: 002b:00007ffe44a89ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 63.800365][ T5085] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1b3d01dba9
[ 63.808342][ T5085] RDX: 0000000000000001 RSI: 0000000020004200 RDI: 0000000000000004
[pid 5085] write(4, "t", 1) = -1 ENOMEM (Cannot allocate memory)
[pid 5085] exit_group(0) = ?
[pid 5085] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5085, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./13/binderfs") = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./13/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
[ 63.816355][ T5085] RBP: 00007ffe44a89f20 R08: 0000000000000002 R09: 00007ffe44a89f30
[ 63.824393][ T5085] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 63.832422][ T5085] R13: 00007ffe44a89f60 R14: 00007ffe44a89f40 R15: 000000000000000d
[ 63.840459][ T5085]
close(3) = 0
rmdir("./13") = 0
mkdir("./14", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5086 attached
[pid 5086] chdir("./14") = 0
[pid 5086] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5086] setpgid(0, 0) = 0
[pid 5086] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5086] write(3, "1000", 4) = 4
[pid 5086] close(3) = 0
[pid 5086] symlink("/dev/binderfs", "./binderfs"
[pid 5070] <... clone resumed>, child_tidptr=0x5555562c75d0) = 5086
[pid 5086] <... symlink resumed>) = 0
[pid 5086] memfd_create("syzkaller", 0) = 3
[pid 5086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5086] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5086] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5086] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5086] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5086] close(3) = 0
[pid 5086] mkdir("./file0", 0777) = 0
[pid 5086] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5086] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5086] chdir("./file0") = 0
[pid 5086] ioctl(4, LOOP_CLR_FD) = 0
[pid 5086] close(4) = 0
[pid 5086] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5086] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5086] write(5, "12", 2) = 2
[ 63.928026][ T5086] loop0: detected capacity change from 0 to 4096
[ 63.945204][ T5086] ntfs: volume version 3.1.
[ 63.975462][ T5086] FAULT_INJECTION: forcing a failure.
[ 63.975462][ T5086] name failslab, interval 1, probability 0, space 0, times 0
[ 63.988391][ T5086] CPU: 0 PID: 5086 Comm: syz-executor678 Not tainted 6.3.0-rc2-syzkaller-00077-g38e04b3e4240 #0
[ 63.998845][ T5086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 64.008920][ T5086] Call Trace:
[ 64.012244][ T5086]
[ 64.015185][ T5086] dump_stack_lvl+0x1e7/0x2d0
[ 64.019887][ T5086] ? nf_tcp_handle_invalid+0x650/0x650
[ 64.025366][ T5086] ? panic+0x770/0x770
[ 64.029464][ T5086] ? __might_sleep+0xc0/0xc0
[ 64.034097][ T5086] should_fail_ex+0x3aa/0x4e0
[ 64.038821][ T5086] should_failslab+0x9/0x20
[ 64.043347][ T5086] slab_pre_alloc_hook+0x59/0x2b0
[ 64.048409][ T5086] ? do_read_cache_page+0xf7/0x230
[ 64.053559][ T5086] kmem_cache_alloc+0x52/0x2e0
[ 64.058371][ T5086] ? ntfs_attr_get_search_ctx+0x51/0x180
[ 64.064052][ T5086] ntfs_attr_get_search_ctx+0x51/0x180
[ 64.069532][ T5086] __ntfs_write_inode+0x128/0xbb0
[ 64.074581][ T5086] ntfs_file_fsync+0x15e/0x2d0
[ 64.079402][ T5086] ntfs_file_write_iter+0x12e4/0x1a00
[ 64.084827][ T5086] vfs_write+0x7b2/0xbb0
[ 64.089094][ T5086] ? file_end_write+0x250/0x250
[ 64.093991][ T5086] ? lockdep_hardirqs_on+0x98/0x140
[ 64.099222][ T5086] ? __fdget_pos+0x265/0x2f0
[ 64.103842][ T5086] ksys_write+0x1a0/0x2c0
[ 64.108223][ T5086] ? __ia32_sys_read+0x90/0x90
[ 64.113035][ T5086] ? syscall_enter_from_user_mode+0x32/0x260
[ 64.119026][ T5086] ? syscall_enter_from_user_mode+0x8c/0x260
[ 64.125030][ T5086] do_syscall_64+0x41/0xc0
[ 64.129537][ T5086] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 64.135465][ T5086] RIP: 0033:0x7f1b3d01dba9
[ 64.139885][ T5086] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 64.159519][ T5086] RSP: 002b:00007ffe44a89ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 64.167971][ T5086] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1b3d01dba9
[pid 5086] write(4, "t", 1) = -1 ENOMEM (Cannot allocate memory)
[pid 5086] exit_group(0) = ?
[pid 5086] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5086, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} ---
umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./14/binderfs") = 0
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./14/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./14") = 0
mkdir("./15", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5087
./strace-static-x86_64: Process 5087 attached
[ 64.175950][ T5086] RDX: 0000000000000001 RSI: 0000000020004200 RDI: 0000000000000004
[ 64.183950][ T5086] RBP: 00007ffe44a89f20 R08: 0000000000000002 R09: 00007ffe44a89f30
[ 64.191949][ T5086] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 64.199930][ T5086] R13: 00007ffe44a89f60 R14: 00007ffe44a89f40 R15: 000000000000000e
[ 64.207946][ T5086]
[pid 5087] chdir("./15") = 0
[pid 5087] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5087] setpgid(0, 0) = 0
[pid 5087] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5087] write(3, "1000", 4) = 4
[pid 5087] close(3) = 0
[pid 5087] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5087] memfd_create("syzkaller", 0) = 3
[pid 5087] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5087] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5087] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5087] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5087] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5087] close(3) = 0
[pid 5087] mkdir("./file0", 0777) = 0
[pid 5087] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5087] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5087] chdir("./file0") = 0
[pid 5087] ioctl(4, LOOP_CLR_FD) = 0
[pid 5087] close(4) = 0
[pid 5087] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5087] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5087] write(5, "12", 2) = 2
[ 64.302623][ T5087] loop0: detected capacity change from 0 to 4096
[ 64.318478][ T5087] ntfs: volume version 3.1.
[ 64.341174][ T5087] FAULT_INJECTION: forcing a failure.
[ 64.341174][ T5087] name failslab, interval 1, probability 0, space 0, times 0
[ 64.354407][ T5087] CPU: 0 PID: 5087 Comm: syz-executor678 Not tainted 6.3.0-rc2-syzkaller-00077-g38e04b3e4240 #0
[ 64.364864][ T5087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 64.374958][ T5087] Call Trace:
[ 64.378248][ T5087]
[ 64.381209][ T5087] dump_stack_lvl+0x1e7/0x2d0
[ 64.385903][ T5087] ? nf_tcp_handle_invalid+0x650/0x650
[ 64.391371][ T5087] ? panic+0x770/0x770
[ 64.395457][ T5087] ? __might_sleep+0xc0/0xc0
[ 64.400061][ T5087] should_fail_ex+0x3aa/0x4e0
[ 64.404747][ T5087] should_failslab+0x9/0x20
[ 64.409258][ T5087] slab_pre_alloc_hook+0x59/0x2b0
[ 64.414284][ T5087] ? do_read_cache_page+0xf7/0x230
[ 64.419402][ T5087] kmem_cache_alloc+0x52/0x2e0
[ 64.424174][ T5087] ? ntfs_attr_get_search_ctx+0x51/0x180
[ 64.429825][ T5087] ntfs_attr_get_search_ctx+0x51/0x180
[ 64.435299][ T5087] __ntfs_write_inode+0x128/0xbb0
[ 64.440345][ T5087] ntfs_file_fsync+0x15e/0x2d0
[ 64.445133][ T5087] ntfs_file_write_iter+0x12e4/0x1a00
[ 64.450518][ T5087] vfs_write+0x7b2/0xbb0
[ 64.454775][ T5087] ? file_end_write+0x250/0x250
[ 64.459640][ T5087] ? lockdep_hardirqs_on+0x98/0x140
[ 64.464847][ T5087] ? __fdget_pos+0x265/0x2f0
[ 64.469462][ T5087] ksys_write+0x1a0/0x2c0
[ 64.473811][ T5087] ? __ia32_sys_read+0x90/0x90
[ 64.478607][ T5087] ? syscall_enter_from_user_mode+0x32/0x260
[ 64.484619][ T5087] ? syscall_enter_from_user_mode+0x8c/0x260
[ 64.490620][ T5087] do_syscall_64+0x41/0xc0
[ 64.495053][ T5087] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 64.500962][ T5087] RIP: 0033:0x7f1b3d01dba9
[ 64.505394][ T5087] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 64.525006][ T5087] RSP: 002b:00007ffe44a89ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 64.533435][ T5087] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1b3d01dba9
[ 64.541439][ T5087] RDX: 0000000000000001 RSI: 0000000020004200 RDI: 0000000000000004
[ 64.549418][ T5087] RBP: 00007ffe44a89f20 R08: 0000000000000002 R09: 00007ffe44a89f30
[ 64.557398][ T5087] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 64.565382][ T5087] R13: 00007ffe44a89f60 R14: 00007ffe44a89f40 R15: 000000000000000f
[ 64.573391][ T5087]
[ 64.576754][ T5087] __ntfs_warning: 332 callbacks suppressed
[ 64.576767][ T5087] ntfs: (device loop0): __ntfs_write_inode(): Not enough memory to write inode. Marking the inode dirty again, so the VFS retries later.
[pid 5087] write(4, "t", 1) = -1 ENOMEM (Cannot allocate memory)
[pid 5087] exit_group(0) = ?
[pid 5087] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5087, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./15/binderfs") = 0
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./15/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
[ 64.598325][ T5087] ntfs: (device loop0): ntfs_file_fsync(): Failed to fsync inode 0x43. Error 12.
rmdir("./15") = 0
mkdir("./16", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5088
./strace-static-x86_64: Process 5088 attached
[pid 5088] chdir("./16") = 0
[pid 5088] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5088] setpgid(0, 0) = 0
[pid 5088] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5088] write(3, "1000", 4) = 4
[pid 5088] close(3) = 0
[pid 5088] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5088] memfd_create("syzkaller", 0) = 3
[pid 5088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5088] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5088] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5088] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5088] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5088] close(3) = 0
[pid 5088] mkdir("./file0", 0777) = 0
[ 64.695741][ T5088] loop0: detected capacity change from 0 to 4096
[ 64.706758][ T5088] ntfs: (device loop0): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel.
[ 64.728169][ T5088] ntfs: (device loop0): read_ntfs_boot_sector(): Primary boot sector is invalid.
[ 64.737702][ T5088] ntfs: (device loop0): read_ntfs_boot_sector(): Hot-fix: Recovering invalid primary boot sector from backup copy.
[ 64.753979][ T5088] ntfs: (device loop0): ntfs_mapping_pairs_decompress(): Corrupt attribute.
[ 64.762771][ T5088] ntfs: (device loop0): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5).
[ 64.783032][ T5088] ntfs: (device loop0): ntfs_mapping_pairs_decompress(): Corrupt attribute.
[pid 5088] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5088] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5088] chdir("./file0") = 0
[pid 5088] ioctl(4, LOOP_CLR_FD) = 0
[pid 5088] close(4) = 0
[pid 5088] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5088] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5088] write(5, "12", 2) = 2
[ 64.791975][ T5088] ntfs: (device loop0): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x0, offset 0x200 because its location on disk could not be determined even after retrying (error code -5).
[ 64.812490][ T5088] ntfs: (device loop0): ntfs_mapping_pairs_decompress(): Corrupt attribute.
[ 64.822981][ T5088] ntfs: volume version 3.1.
[ 64.859548][ T5088] FAULT_INJECTION: forcing a failure.
[ 64.859548][ T5088] name failslab, interval 1, probability 0, space 0, times 0
[ 64.872818][ T5088] CPU: 0 PID: 5088 Comm: syz-executor678 Not tainted 6.3.0-rc2-syzkaller-00077-g38e04b3e4240 #0
[ 64.883255][ T5088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 64.893313][ T5088] Call Trace:
[ 64.896592][ T5088]
[ 64.899526][ T5088] dump_stack_lvl+0x1e7/0x2d0
[ 64.904220][ T5088] ? nf_tcp_handle_invalid+0x650/0x650
[ 64.909686][ T5088] ? panic+0x770/0x770
[ 64.913754][ T5088] ? __might_sleep+0xc0/0xc0
[ 64.918348][ T5088] should_fail_ex+0x3aa/0x4e0
[ 64.923034][ T5088] should_failslab+0x9/0x20
[ 64.927551][ T5088] slab_pre_alloc_hook+0x59/0x2b0
[ 64.932581][ T5088] ? do_read_cache_page+0xf7/0x230
[ 64.937695][ T5088] kmem_cache_alloc+0x52/0x2e0
[ 64.942463][ T5088] ? ntfs_attr_get_search_ctx+0x51/0x180
[ 64.948096][ T5088] ntfs_attr_get_search_ctx+0x51/0x180
[ 64.953579][ T5088] __ntfs_write_inode+0x128/0xbb0
[ 64.958614][ T5088] ntfs_file_fsync+0x15e/0x2d0
[ 64.963385][ T5088] ntfs_file_write_iter+0x12e4/0x1a00
[ 64.968790][ T5088] vfs_write+0x7b2/0xbb0
[ 64.973043][ T5088] ? file_end_write+0x250/0x250
[ 64.977918][ T5088] ? lockdep_hardirqs_on+0x98/0x140
[ 64.983148][ T5088] ? __fdget_pos+0x265/0x2f0
[ 64.987763][ T5088] ksys_write+0x1a0/0x2c0
[ 64.992113][ T5088] ? __ia32_sys_read+0x90/0x90
[ 64.996894][ T5088] ? syscall_enter_from_user_mode+0x32/0x260
[ 65.002887][ T5088] ? syscall_enter_from_user_mode+0x8c/0x260
[ 65.008880][ T5088] do_syscall_64+0x41/0xc0
[ 65.013316][ T5088] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 65.019224][ T5088] RIP: 0033:0x7f1b3d01dba9
[ 65.023648][ T5088] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 65.043263][ T5088] RSP: 002b:00007ffe44a89ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 65.051691][ T5088] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1b3d01dba9
[pid 5088] write(4, "t", 1) = -1 ENOMEM (Cannot allocate memory)
[pid 5088] exit_group(0) = ?
[pid 5088] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5088, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./16/binderfs") = 0
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./16/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./16") = 0
mkdir("./17", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
[ 65.059666][ T5088] RDX: 0000000000000001 RSI: 0000000020004200 RDI: 0000000000000004
[ 65.067638][ T5088] RBP: 00007ffe44a89f20 R08: 0000000000000002 R09: 00007ffe44a89f30
[ 65.075618][ T5088] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 65.083599][ T5088] R13: 00007ffe44a89f60 R14: 00007ffe44a89f40 R15: 0000000000000010
[ 65.091590][ T5088]
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5089
./strace-static-x86_64: Process 5089 attached
[pid 5089] chdir("./17") = 0
[pid 5089] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5089] setpgid(0, 0) = 0
[pid 5089] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5089] write(3, "1000", 4) = 4
[pid 5089] close(3) = 0
[pid 5089] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5089] memfd_create("syzkaller", 0) = 3
[pid 5089] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5089] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5089] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5089] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5089] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5089] close(3) = 0
[pid 5089] mkdir("./file0", 0777) = 0
[pid 5089] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5089] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5089] chdir("./file0") = 0
[pid 5089] ioctl(4, LOOP_CLR_FD) = 0
[pid 5089] close(4) = 0
[pid 5089] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5089] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5089] write(5, "12", 2) = 2
[pid 5089] write(4, "t", 1) = 1
[pid 5089] exit_group(0) = ?
[pid 5089] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5089, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./17/binderfs") = 0
[ 65.190818][ T5089] loop0: detected capacity change from 0 to 4096
[ 65.207555][ T5089] ntfs: volume version 3.1.
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./17/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./17") = 0
mkdir("./18", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5090
./strace-static-x86_64: Process 5090 attached
[pid 5090] chdir("./18") = 0
[pid 5090] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5090] setpgid(0, 0) = 0
[pid 5090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5090] write(3, "1000", 4) = 4
[pid 5090] close(3) = 0
[pid 5090] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5090] memfd_create("syzkaller", 0) = 3
[pid 5090] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5090] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5090] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5090] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5090] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5090] close(3) = 0
[pid 5090] mkdir("./file0", 0777) = 0
[pid 5090] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5090] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5090] chdir("./file0") = 0
[pid 5090] ioctl(4, LOOP_CLR_FD) = 0
[pid 5090] close(4) = 0
[pid 5090] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5090] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5090] write(5, "12", 2) = 2
[ 65.336487][ T5090] loop0: detected capacity change from 0 to 4096
[ 65.351762][ T5090] ntfs: volume version 3.1.
[ 65.383158][ T5090] FAULT_INJECTION: forcing a failure.
[ 65.383158][ T5090] name failslab, interval 1, probability 0, space 0, times 0
[ 65.396203][ T5090] CPU: 0 PID: 5090 Comm: syz-executor678 Not tainted 6.3.0-rc2-syzkaller-00077-g38e04b3e4240 #0
[ 65.406656][ T5090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 65.416734][ T5090] Call Trace:
[ 65.420066][ T5090]
[ 65.423029][ T5090] dump_stack_lvl+0x1e7/0x2d0
[ 65.427787][ T5090] ? nf_tcp_handle_invalid+0x650/0x650
[ 65.433278][ T5090] ? panic+0x770/0x770
[ 65.437383][ T5090] ? __might_sleep+0xc0/0xc0
[ 65.442007][ T5090] should_fail_ex+0x3aa/0x4e0
[ 65.446777][ T5090] should_failslab+0x9/0x20
[ 65.451289][ T5090] slab_pre_alloc_hook+0x59/0x2b0
[ 65.456362][ T5090] ? do_read_cache_page+0xf7/0x230
[ 65.461507][ T5090] kmem_cache_alloc+0x52/0x2e0
[ 65.466300][ T5090] ? ntfs_attr_get_search_ctx+0x51/0x180
[ 65.471994][ T5090] ntfs_attr_get_search_ctx+0x51/0x180
[ 65.477494][ T5090] __ntfs_write_inode+0x128/0xbb0
[ 65.482546][ T5090] ntfs_file_fsync+0x15e/0x2d0
[ 65.487328][ T5090] ntfs_file_write_iter+0x12e4/0x1a00
[ 65.492736][ T5090] vfs_write+0x7b2/0xbb0
[ 65.496999][ T5090] ? file_end_write+0x250/0x250
[ 65.501868][ T5090] ? lockdep_hardirqs_on+0x98/0x140
[ 65.507099][ T5090] ? __fdget_pos+0x265/0x2f0
[ 65.511721][ T5090] ksys_write+0x1a0/0x2c0
[ 65.516067][ T5090] ? __ia32_sys_read+0x90/0x90
[ 65.520859][ T5090] ? syscall_enter_from_user_mode+0x32/0x260
[ 65.526873][ T5090] ? syscall_enter_from_user_mode+0x8c/0x260
[ 65.532868][ T5090] do_syscall_64+0x41/0xc0
[ 65.537307][ T5090] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 65.543216][ T5090] RIP: 0033:0x7f1b3d01dba9
[ 65.547646][ T5090] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 65.567305][ T5090] RSP: 002b:00007ffe44a89ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 65.575751][ T5090] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1b3d01dba9
[pid 5090] write(4, "t", 1) = -1 ENOMEM (Cannot allocate memory)
[pid 5090] exit_group(0) = ?
[pid 5090] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5090, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./18/binderfs") = 0
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./18/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./18") = 0
mkdir("./19", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 65.583739][ T5090] RDX: 0000000000000001 RSI: 0000000020004200 RDI: 0000000000000004
[ 65.591719][ T5090] RBP: 00007ffe44a89f20 R08: 0000000000000002 R09: 00007ffe44a89f30
[ 65.599700][ T5090] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 65.607695][ T5090] R13: 00007ffe44a89f60 R14: 00007ffe44a89f40 R15: 0000000000000012
[ 65.615709][ T5090]
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5091
./strace-static-x86_64: Process 5091 attached
[pid 5091] chdir("./19") = 0
[pid 5091] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5091] setpgid(0, 0) = 0
[pid 5091] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5091] write(3, "1000", 4) = 4
[pid 5091] close(3) = 0
[pid 5091] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5091] memfd_create("syzkaller", 0) = 3
[pid 5091] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5091] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5091] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5091] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5091] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5091] close(3) = 0
[pid 5091] mkdir("./file0", 0777) = 0
[pid 5091] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5091] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5091] chdir("./file0") = 0
[pid 5091] ioctl(4, LOOP_CLR_FD) = 0
[pid 5091] close(4) = 0
[pid 5091] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5091] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5091] write(5, "12", 2) = 2
[pid 5091] write(4, "t", 1) = 1
[pid 5091] exit_group(0) = ?
[pid 5091] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5091, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./19/binderfs") = 0
umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
[ 65.716969][ T5091] loop0: detected capacity change from 0 to 4096
[ 65.733021][ T5091] ntfs: volume version 3.1.
umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./19/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./19") = 0
mkdir("./20", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5092
./strace-static-x86_64: Process 5092 attached
[pid 5092] chdir("./20") = 0
[pid 5092] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5092] setpgid(0, 0) = 0
[pid 5092] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5092] write(3, "1000", 4) = 4
[pid 5092] close(3) = 0
[pid 5092] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5092] memfd_create("syzkaller", 0) = 3
[pid 5092] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5092] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5092] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5092] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5092] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5092] close(3) = 0
[pid 5092] mkdir("./file0", 0777) = 0
[pid 5092] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5092] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5092] chdir("./file0") = 0
[pid 5092] ioctl(4, LOOP_CLR_FD) = 0
[pid 5092] close(4) = 0
[pid 5092] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5092] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5092] write(5, "12", 2) = 2
[ 65.854383][ T5092] loop0: detected capacity change from 0 to 4096
[ 65.869932][ T5092] ntfs: volume version 3.1.
[ 65.909224][ T5092] FAULT_INJECTION: forcing a failure.
[ 65.909224][ T5092] name failslab, interval 1, probability 0, space 0, times 0
[ 65.922281][ T5092] CPU: 0 PID: 5092 Comm: syz-executor678 Not tainted 6.3.0-rc2-syzkaller-00077-g38e04b3e4240 #0
[ 65.932735][ T5092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 65.942813][ T5092] Call Trace:
[ 65.946109][ T5092]
[ 65.949050][ T5092] dump_stack_lvl+0x1e7/0x2d0
[ 65.953747][ T5092] ? nf_tcp_handle_invalid+0x650/0x650
[ 65.959230][ T5092] ? panic+0x770/0x770
[ 65.963309][ T5092] ? __might_sleep+0xc0/0xc0
[ 65.967923][ T5092] should_fail_ex+0x3aa/0x4e0
[ 65.972628][ T5092] should_failslab+0x9/0x20
[ 65.977149][ T5092] slab_pre_alloc_hook+0x59/0x2b0
[ 65.982227][ T5092] ? do_read_cache_page+0xf7/0x230
[ 65.987361][ T5092] kmem_cache_alloc+0x52/0x2e0
[ 65.992140][ T5092] ? ntfs_attr_get_search_ctx+0x51/0x180
[ 65.997804][ T5092] ntfs_attr_get_search_ctx+0x51/0x180
[ 66.003291][ T5092] __ntfs_write_inode+0x128/0xbb0
[ 66.008345][ T5092] ntfs_file_fsync+0x15e/0x2d0
[ 66.013120][ T5092] ntfs_file_write_iter+0x12e4/0x1a00
[ 66.018514][ T5092] vfs_write+0x7b2/0xbb0
[ 66.022778][ T5092] ? file_end_write+0x250/0x250
[ 66.027671][ T5092] ? lockdep_hardirqs_on+0x98/0x140
[ 66.032881][ T5092] ? __fdget_pos+0x265/0x2f0
[ 66.037492][ T5092] ksys_write+0x1a0/0x2c0
[ 66.041845][ T5092] ? __ia32_sys_read+0x90/0x90
[ 66.046626][ T5092] ? syscall_enter_from_user_mode+0x32/0x260
[ 66.052616][ T5092] ? syscall_enter_from_user_mode+0x8c/0x260
[ 66.058616][ T5092] do_syscall_64+0x41/0xc0
[ 66.063053][ T5092] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 66.068958][ T5092] RIP: 0033:0x7f1b3d01dba9
[ 66.073382][ T5092] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 66.093016][ T5092] RSP: 002b:00007ffe44a89ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 66.101466][ T5092] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1b3d01dba9
[pid 5092] write(4, "t", 1) = -1 ENOMEM (Cannot allocate memory)
[pid 5092] exit_group(0) = ?
[pid 5092] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5092, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./20/binderfs") = 0
umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./20/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./20") = 0
[ 66.109539][ T5092] RDX: 0000000000000001 RSI: 0000000020004200 RDI: 0000000000000004
[ 66.117548][ T5092] RBP: 00007ffe44a89f20 R08: 0000000000000002 R09: 00007ffe44a89f30
[ 66.125551][ T5092] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 66.133541][ T5092] R13: 00007ffe44a89f60 R14: 00007ffe44a89f40 R15: 0000000000000014
[ 66.141542][ T5092]
mkdir("./21", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5093
./strace-static-x86_64: Process 5093 attached
[pid 5093] chdir("./21") = 0
[pid 5093] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5093] setpgid(0, 0) = 0
[pid 5093] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5093] write(3, "1000", 4) = 4
[pid 5093] close(3) = 0
[pid 5093] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5093] memfd_create("syzkaller", 0) = 3
[pid 5093] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5093] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5093] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5093] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5093] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5093] close(3) = 0
[pid 5093] mkdir("./file0", 0777) = 0
[pid 5093] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5093] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5093] chdir("./file0") = 0
[pid 5093] ioctl(4, LOOP_CLR_FD) = 0
[pid 5093] close(4) = 0
[pid 5093] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5093] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5093] write(5, "12", 2) = 2
[pid 5093] write(4, "t", 1) = 1
[pid 5093] exit_group(0) = ?
[pid 5093] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5093, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./21/binderfs") = 0
umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./21/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
[ 66.247158][ T5093] loop0: detected capacity change from 0 to 4096
[ 66.262815][ T5093] ntfs: volume version 3.1.
rmdir("./21") = 0
mkdir("./22", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5094
./strace-static-x86_64: Process 5094 attached
[pid 5094] chdir("./22") = 0
[pid 5094] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5094] setpgid(0, 0) = 0
[pid 5094] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5094] write(3, "1000", 4) = 4
[pid 5094] close(3) = 0
[pid 5094] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5094] memfd_create("syzkaller", 0) = 3
[pid 5094] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5094] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5094] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5094] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5094] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5094] close(3) = 0
[pid 5094] mkdir("./file0", 0777) = 0
[pid 5094] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5094] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5094] chdir("./file0") = 0
[pid 5094] ioctl(4, LOOP_CLR_FD) = 0
[pid 5094] close(4) = 0
[pid 5094] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5094] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5094] write(5, "12", 2) = 2
[pid 5094] write(4, "t", 1) = 1
[pid 5094] exit_group(0) = ?
[ 66.368756][ T5094] loop0: detected capacity change from 0 to 4096
[ 66.387049][ T5094] ntfs: volume version 3.1.
[pid 5094] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5094, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./22/binderfs") = 0
umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./22/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./22") = 0
mkdir("./23", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5095
./strace-static-x86_64: Process 5095 attached
[pid 5095] chdir("./23") = 0
[pid 5095] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5095] setpgid(0, 0) = 0
[pid 5095] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5095] write(3, "1000", 4) = 4
[pid 5095] close(3) = 0
[pid 5095] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5095] memfd_create("syzkaller", 0) = 3
[pid 5095] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5095] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5095] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5095] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5095] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5095] close(3) = 0
[pid 5095] mkdir("./file0", 0777) = 0
[pid 5095] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5095] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5095] chdir("./file0") = 0
[pid 5095] ioctl(4, LOOP_CLR_FD) = 0
[pid 5095] close(4) = 0
[pid 5095] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5095] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5095] write(5, "12", 2) = 2
[ 66.499870][ T5095] loop0: detected capacity change from 0 to 4096
[ 66.517767][ T5095] ntfs: volume version 3.1.
[ 66.539338][ T5095] FAULT_INJECTION: forcing a failure.
[ 66.539338][ T5095] name failslab, interval 1, probability 0, space 0, times 0
[ 66.552641][ T5095] CPU: 1 PID: 5095 Comm: syz-executor678 Not tainted 6.3.0-rc2-syzkaller-00077-g38e04b3e4240 #0
[ 66.563108][ T5095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 66.573192][ T5095] Call Trace:
[ 66.576488][ T5095]
[ 66.579417][ T5095] dump_stack_lvl+0x1e7/0x2d0
[ 66.584112][ T5095] ? nf_tcp_handle_invalid+0x650/0x650
[ 66.589580][ T5095] ? panic+0x770/0x770
[ 66.593654][ T5095] ? __might_sleep+0xc0/0xc0
[ 66.598280][ T5095] should_fail_ex+0x3aa/0x4e0
[ 66.602985][ T5095] should_failslab+0x9/0x20
[ 66.607540][ T5095] slab_pre_alloc_hook+0x59/0x2b0
[ 66.612581][ T5095] ? do_read_cache_page+0xf7/0x230
[ 66.617702][ T5095] kmem_cache_alloc+0x52/0x2e0
[ 66.622473][ T5095] ? ntfs_attr_get_search_ctx+0x51/0x180
[ 66.628118][ T5095] ntfs_attr_get_search_ctx+0x51/0x180
[ 66.633593][ T5095] __ntfs_write_inode+0x128/0xbb0
[ 66.638638][ T5095] ntfs_file_fsync+0x15e/0x2d0
[ 66.643428][ T5095] ntfs_file_write_iter+0x12e4/0x1a00
[ 66.648838][ T5095] vfs_write+0x7b2/0xbb0
[ 66.653106][ T5095] ? file_end_write+0x250/0x250
[ 66.657981][ T5095] ? lockdep_hardirqs_on+0x98/0x140
[ 66.663196][ T5095] ? __fdget_pos+0x265/0x2f0
[ 66.667809][ T5095] ksys_write+0x1a0/0x2c0
[ 66.672155][ T5095] ? __ia32_sys_read+0x90/0x90
[ 66.676935][ T5095] ? syscall_enter_from_user_mode+0x32/0x260
[ 66.682929][ T5095] ? syscall_enter_from_user_mode+0x8c/0x260
[ 66.688929][ T5095] do_syscall_64+0x41/0xc0
[ 66.693362][ T5095] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 66.699276][ T5095] RIP: 0033:0x7f1b3d01dba9
[ 66.703701][ T5095] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 66.723325][ T5095] RSP: 002b:00007ffe44a89ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 66.731751][ T5095] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1b3d01dba9
[pid 5095] write(4, "t", 1) = -1 ENOMEM (Cannot allocate memory)
[pid 5095] exit_group(0) = ?
[pid 5095] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5095, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./23/binderfs") = 0
umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./23/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./23") = 0
mkdir("./24", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 66.739726][ T5095] RDX: 0000000000000001 RSI: 0000000020004200 RDI: 0000000000000004
[ 66.752318][ T5095] RBP: 00007ffe44a89f20 R08: 0000000000000002 R09: 00007ffe44a89f30
[ 66.760387][ T5095] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 66.768367][ T5095] R13: 00007ffe44a89f60 R14: 00007ffe44a89f40 R15: 0000000000000017
[ 66.776365][ T5095]
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5096 attached
, child_tidptr=0x5555562c75d0) = 5096
[pid 5096] chdir("./24") = 0
[pid 5096] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5096] setpgid(0, 0) = 0
[pid 5096] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5096] write(3, "1000", 4) = 4
[pid 5096] close(3) = 0
[pid 5096] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5096] memfd_create("syzkaller", 0) = 3
[pid 5096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5096] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5096] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5096] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5096] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5096] close(3) = 0
[pid 5096] mkdir("./file0", 0777) = 0
[pid 5096] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5096] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5096] chdir("./file0") = 0
[pid 5096] ioctl(4, LOOP_CLR_FD) = 0
[pid 5096] close(4) = 0
[pid 5096] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5096] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5096] write(5, "12", 2) = 2
[ 66.886856][ T5096] loop0: detected capacity change from 0 to 4096
[ 66.903486][ T5096] ntfs: volume version 3.1.
[ 66.927450][ T5096] FAULT_INJECTION: forcing a failure.
[ 66.927450][ T5096] name failslab, interval 1, probability 0, space 0, times 0
[ 66.940256][ T5096] CPU: 1 PID: 5096 Comm: syz-executor678 Not tainted 6.3.0-rc2-syzkaller-00077-g38e04b3e4240 #0
[ 66.950704][ T5096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 66.960874][ T5096] Call Trace:
[ 66.964183][ T5096]
[ 66.967122][ T5096] dump_stack_lvl+0x1e7/0x2d0
[ 66.971849][ T5096] ? nf_tcp_handle_invalid+0x650/0x650
[ 66.977332][ T5096] ? panic+0x770/0x770
[ 66.981426][ T5096] ? __might_sleep+0xc0/0xc0
[ 66.986074][ T5096] should_fail_ex+0x3aa/0x4e0
[ 66.990777][ T5096] should_failslab+0x9/0x20
[ 66.995309][ T5096] slab_pre_alloc_hook+0x59/0x2b0
[ 67.000380][ T5096] ? do_read_cache_page+0xf7/0x230
[ 67.005518][ T5096] kmem_cache_alloc+0x52/0x2e0
[ 67.010330][ T5096] ? ntfs_attr_get_search_ctx+0x51/0x180
[ 67.015986][ T5096] ntfs_attr_get_search_ctx+0x51/0x180
[ 67.021469][ T5096] __ntfs_write_inode+0x128/0xbb0
[ 67.026527][ T5096] ntfs_file_fsync+0x15e/0x2d0
[ 67.031313][ T5096] ntfs_file_write_iter+0x12e4/0x1a00
[ 67.036718][ T5096] vfs_write+0x7b2/0xbb0
[ 67.040993][ T5096] ? file_end_write+0x250/0x250
[ 67.045870][ T5096] ? lockdep_hardirqs_on+0x98/0x140
[ 67.051103][ T5096] ? __fdget_pos+0x265/0x2f0
[ 67.055721][ T5096] ksys_write+0x1a0/0x2c0
[ 67.060071][ T5096] ? __ia32_sys_read+0x90/0x90
[ 67.064855][ T5096] ? syscall_enter_from_user_mode+0x32/0x260
[ 67.070858][ T5096] ? syscall_enter_from_user_mode+0x8c/0x260
[ 67.076856][ T5096] do_syscall_64+0x41/0xc0
[ 67.081294][ T5096] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 67.087254][ T5096] RIP: 0033:0x7f1b3d01dba9
[ 67.091742][ T5096] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 67.111381][ T5096] RSP: 002b:00007ffe44a89ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 67.119833][ T5096] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1b3d01dba9
[pid 5096] write(4, "t", 1) = -1 ENOMEM (Cannot allocate memory)
[pid 5096] exit_group(0) = ?
[pid 5096] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5096, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./24/binderfs") = 0
umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./24/file0") = 0
[ 67.127830][ T5096] RDX: 0000000000000001 RSI: 0000000020004200 RDI: 0000000000000004
[ 67.135819][ T5096] RBP: 00007ffe44a89f20 R08: 0000000000000002 R09: 00007ffe44a89f30
[ 67.143808][ T5096] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 67.151809][ T5096] R13: 00007ffe44a89f60 R14: 00007ffe44a89f40 R15: 0000000000000018
[ 67.159831][ T5096]
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./24") = 0
mkdir("./25", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5097 attached
, child_tidptr=0x5555562c75d0) = 5097
[pid 5097] chdir("./25") = 0
[pid 5097] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5097] setpgid(0, 0) = 0
[pid 5097] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5097] write(3, "1000", 4) = 4
[pid 5097] close(3) = 0
[pid 5097] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5097] memfd_create("syzkaller", 0) = 3
[pid 5097] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5097] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5097] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5097] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5097] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5097] close(3) = 0
[pid 5097] mkdir("./file0", 0777) = 0
[pid 5097] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5097] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5097] chdir("./file0") = 0
[pid 5097] ioctl(4, LOOP_CLR_FD) = 0
[pid 5097] close(4) = 0
[pid 5097] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5097] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5097] write(5, "12", 2) = 2
[pid 5097] write(4, "t", 1) = 1
[pid 5097] exit_group(0) = ?
[pid 5097] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5097, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./25/binderfs") = 0
[ 67.271781][ T5097] loop0: detected capacity change from 0 to 4096
[ 67.287945][ T5097] ntfs: volume version 3.1.
umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./25/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./25") = 0
mkdir("./26", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5098
./strace-static-x86_64: Process 5098 attached
[pid 5098] chdir("./26") = 0
[pid 5098] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5098] setpgid(0, 0) = 0
[pid 5098] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5098] write(3, "1000", 4) = 4
[pid 5098] close(3) = 0
[pid 5098] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5098] memfd_create("syzkaller", 0) = 3
[pid 5098] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5098] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5098] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5098] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5098] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5098] close(3) = 0
[pid 5098] mkdir("./file0", 0777) = 0
[pid 5098] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5098] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5098] chdir("./file0") = 0
[pid 5098] ioctl(4, LOOP_CLR_FD) = 0
[pid 5098] close(4) = 0
[pid 5098] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5098] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5098] write(5, "12", 2) = 2
[ 67.421388][ T5098] loop0: detected capacity change from 0 to 4096
[ 67.439773][ T5098] ntfs: volume version 3.1.
[ 67.467282][ T5098] FAULT_INJECTION: forcing a failure.
[ 67.467282][ T5098] name failslab, interval 1, probability 0, space 0, times 0
[ 67.480293][ T5098] CPU: 0 PID: 5098 Comm: syz-executor678 Not tainted 6.3.0-rc2-syzkaller-00077-g38e04b3e4240 #0
[ 67.490766][ T5098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 67.500822][ T5098] Call Trace:
[ 67.504133][ T5098]
[ 67.507063][ T5098] dump_stack_lvl+0x1e7/0x2d0
[ 67.511763][ T5098] ? nf_tcp_handle_invalid+0x650/0x650
[ 67.517230][ T5098] ? panic+0x770/0x770
[ 67.521318][ T5098] ? __might_sleep+0xc0/0xc0
[ 67.525948][ T5098] should_fail_ex+0x3aa/0x4e0
[ 67.530644][ T5098] should_failslab+0x9/0x20
[ 67.535161][ T5098] slab_pre_alloc_hook+0x59/0x2b0
[ 67.540218][ T5098] ? do_read_cache_page+0xf7/0x230
[ 67.545348][ T5098] kmem_cache_alloc+0x52/0x2e0
[ 67.550134][ T5098] ? ntfs_attr_get_search_ctx+0x51/0x180
[ 67.555783][ T5098] ntfs_attr_get_search_ctx+0x51/0x180
[ 67.561260][ T5098] __ntfs_write_inode+0x128/0xbb0
[ 67.566322][ T5098] ntfs_file_fsync+0x15e/0x2d0
[ 67.571108][ T5098] ntfs_file_write_iter+0x12e4/0x1a00
[ 67.576517][ T5098] vfs_write+0x7b2/0xbb0
[ 67.580786][ T5098] ? file_end_write+0x250/0x250
[ 67.585668][ T5098] ? lockdep_hardirqs_on+0x98/0x140
[ 67.590885][ T5098] ? __fdget_pos+0x265/0x2f0
[ 67.595498][ T5098] ksys_write+0x1a0/0x2c0
[ 67.599875][ T5098] ? __ia32_sys_read+0x90/0x90
[ 67.604654][ T5098] ? syscall_enter_from_user_mode+0x32/0x260
[ 67.610647][ T5098] ? syscall_enter_from_user_mode+0x8c/0x260
[ 67.616638][ T5098] do_syscall_64+0x41/0xc0
[ 67.621094][ T5098] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 67.626999][ T5098] RIP: 0033:0x7f1b3d01dba9
[ 67.631420][ T5098] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 67.651037][ T5098] RSP: 002b:00007ffe44a89ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 67.659458][ T5098] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1b3d01dba9
[pid 5098] write(4, "t", 1) = -1 ENOMEM (Cannot allocate memory)
[pid 5098] exit_group(0) = ?
[pid 5098] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5098, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./26/binderfs") = 0
umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./26/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./26") = 0
mkdir("./27", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5099
[ 67.667447][ T5098] RDX: 0000000000000001 RSI: 0000000020004200 RDI: 0000000000000004
[ 67.675425][ T5098] RBP: 00007ffe44a89f20 R08: 0000000000000002 R09: 00007ffe44a89f30
[ 67.683402][ T5098] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 67.691384][ T5098] R13: 00007ffe44a89f60 R14: 00007ffe44a89f40 R15: 000000000000001a
[ 67.699372][ T5098]
./strace-static-x86_64: Process 5099 attached
[pid 5099] chdir("./27") = 0
[pid 5099] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5099] setpgid(0, 0) = 0
[pid 5099] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5099] write(3, "1000", 4) = 4
[pid 5099] close(3) = 0
[pid 5099] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5099] memfd_create("syzkaller", 0) = 3
[pid 5099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5099] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5099] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5099] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5099] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5099] close(3) = 0
[pid 5099] mkdir("./file0", 0777) = 0
[pid 5099] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5099] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5099] chdir("./file0") = 0
[pid 5099] ioctl(4, LOOP_CLR_FD) = 0
[pid 5099] close(4) = 0
[pid 5099] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5099] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5099] write(5, "12", 2) = 2
[pid 5099] write(4, "t", 1) = 1
[pid 5099] exit_group(0) = ?
[pid 5099] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5099, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
[ 67.791929][ T5099] loop0: detected capacity change from 0 to 4096
[ 67.807740][ T5099] ntfs: volume version 3.1.
unlink("./27/binderfs") = 0
umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./27/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./27") = 0
mkdir("./28", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5100
./strace-static-x86_64: Process 5100 attached
[pid 5100] chdir("./28") = 0
[pid 5100] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5100] setpgid(0, 0) = 0
[pid 5100] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5100] write(3, "1000", 4) = 4
[pid 5100] close(3) = 0
[pid 5100] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5100] memfd_create("syzkaller", 0) = 3
[pid 5100] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5100] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5100] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5100] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5100] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5100] close(3) = 0
[pid 5100] mkdir("./file0", 0777) = 0
[pid 5100] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5100] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5100] chdir("./file0") = 0
[pid 5100] ioctl(4, LOOP_CLR_FD) = 0
[pid 5100] close(4) = 0
[pid 5100] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5100] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5100] write(5, "12", 2) = 2
[pid 5100] write(4, "t", 1) = 1
[pid 5100] exit_group(0) = ?
[pid 5100] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5100, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./28/binderfs") = 0
[ 67.940078][ T5100] loop0: detected capacity change from 0 to 4096
[ 67.957070][ T5100] ntfs: volume version 3.1.
umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./28/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./28") = 0
mkdir("./29", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5101
./strace-static-x86_64: Process 5101 attached
[pid 5101] chdir("./29") = 0
[pid 5101] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5101] setpgid(0, 0) = 0
[pid 5101] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5101] write(3, "1000", 4) = 4
[pid 5101] close(3) = 0
[pid 5101] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5101] memfd_create("syzkaller", 0) = 3
[pid 5101] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5101] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5101] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5101] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5101] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5101] close(3) = 0
[pid 5101] mkdir("./file0", 0777) = 0
[pid 5101] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5101] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5101] chdir("./file0") = 0
[pid 5101] ioctl(4, LOOP_CLR_FD) = 0
[pid 5101] close(4) = 0
[pid 5101] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5101] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5101] write(5, "12", 2) = 2
[pid 5101] write(4, "t", 1) = 1
[pid 5101] exit_group(0) = ?
[pid 5101] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5101, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
[ 68.076260][ T5101] loop0: detected capacity change from 0 to 4096
[ 68.092224][ T5101] ntfs: volume version 3.1.
umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./29/binderfs") = 0
umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./29/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./29") = 0
mkdir("./30", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5102 attached
, child_tidptr=0x5555562c75d0) = 5102
[pid 5102] chdir("./30") = 0
[pid 5102] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5102] setpgid(0, 0) = 0
[pid 5102] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5102] write(3, "1000", 4) = 4
[pid 5102] close(3) = 0
[pid 5102] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5102] memfd_create("syzkaller", 0) = 3
[pid 5102] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5102] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5102] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5102] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5102] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5102] close(3) = 0
[pid 5102] mkdir("./file0", 0777) = 0
[pid 5102] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5102] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5102] chdir("./file0") = 0
[pid 5102] ioctl(4, LOOP_CLR_FD) = 0
[pid 5102] close(4) = 0
[pid 5102] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5102] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5102] write(5, "12", 2) = 2
[ 68.207515][ T5102] loop0: detected capacity change from 0 to 4096
[ 68.223557][ T5102] ntfs: volume version 3.1.
[ 68.257588][ T5102] FAULT_INJECTION: forcing a failure.
[ 68.257588][ T5102] name failslab, interval 1, probability 0, space 0, times 0
[ 68.270936][ T5102] CPU: 0 PID: 5102 Comm: syz-executor678 Not tainted 6.3.0-rc2-syzkaller-00077-g38e04b3e4240 #0
[ 68.281398][ T5102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 68.291492][ T5102] Call Trace:
[ 68.294816][ T5102]
[ 68.297747][ T5102] dump_stack_lvl+0x1e7/0x2d0
[ 68.302460][ T5102] ? nf_tcp_handle_invalid+0x650/0x650
[ 68.307947][ T5102] ? panic+0x770/0x770
[ 68.312024][ T5102] ? __might_sleep+0xc0/0xc0
[ 68.316629][ T5102] should_fail_ex+0x3aa/0x4e0
[ 68.321328][ T5102] should_failslab+0x9/0x20
[ 68.325847][ T5102] slab_pre_alloc_hook+0x59/0x2b0
[ 68.330905][ T5102] ? do_read_cache_page+0xf7/0x230
[ 68.336050][ T5102] kmem_cache_alloc+0x52/0x2e0
[ 68.340827][ T5102] ? ntfs_attr_get_search_ctx+0x51/0x180
[ 68.346485][ T5102] ntfs_attr_get_search_ctx+0x51/0x180
[ 68.351955][ T5102] __ntfs_write_inode+0x128/0xbb0
[ 68.357012][ T5102] ntfs_file_fsync+0x15e/0x2d0
[ 68.361807][ T5102] ntfs_file_write_iter+0x12e4/0x1a00
[ 68.367227][ T5102] vfs_write+0x7b2/0xbb0
[ 68.371527][ T5102] ? file_end_write+0x250/0x250
[ 68.376427][ T5102] ? lockdep_hardirqs_on+0x98/0x140
[ 68.381642][ T5102] ? __fdget_pos+0x265/0x2f0
[ 68.386257][ T5102] ksys_write+0x1a0/0x2c0
[ 68.390607][ T5102] ? __ia32_sys_read+0x90/0x90
[ 68.395426][ T5102] ? syscall_enter_from_user_mode+0x32/0x260
[ 68.401429][ T5102] ? syscall_enter_from_user_mode+0x8c/0x260
[ 68.407426][ T5102] do_syscall_64+0x41/0xc0
[ 68.411860][ T5102] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 68.417768][ T5102] RIP: 0033:0x7f1b3d01dba9
[ 68.422200][ T5102] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 68.441825][ T5102] RSP: 002b:00007ffe44a89ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 68.450255][ T5102] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1b3d01dba9
[pid 5102] write(4, "t", 1) = -1 ENOMEM (Cannot allocate memory)
[pid 5102] exit_group(0) = ?
[pid 5102] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5102, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./30/binderfs") = 0
umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./30/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./30") = 0
mkdir("./31", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 68.458234][ T5102] RDX: 0000000000000001 RSI: 0000000020004200 RDI: 0000000000000004
[ 68.466217][ T5102] RBP: 00007ffe44a89f20 R08: 0000000000000002 R09: 00007ffe44a89f30
[ 68.474200][ T5102] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 68.482209][ T5102] R13: 00007ffe44a89f60 R14: 00007ffe44a89f40 R15: 000000000000001e
[ 68.490210][ T5102]
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5103
./strace-static-x86_64: Process 5103 attached
[pid 5103] chdir("./31") = 0
[pid 5103] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5103] setpgid(0, 0) = 0
[pid 5103] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5103] write(3, "1000", 4) = 4
[pid 5103] close(3) = 0
[pid 5103] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5103] memfd_create("syzkaller", 0) = 3
[pid 5103] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5103] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5103] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5103] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5103] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5103] close(3) = 0
[pid 5103] mkdir("./file0", 0777) = 0
[pid 5103] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5103] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5103] chdir("./file0") = 0
[pid 5103] ioctl(4, LOOP_CLR_FD) = 0
[pid 5103] close(4) = 0
[pid 5103] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5103] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5103] write(5, "12", 2) = 2
[pid 5103] write(4, "t", 1) = 1
[pid 5103] exit_group(0) = ?
[pid 5103] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5103, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
[ 68.592451][ T5103] loop0: detected capacity change from 0 to 4096
[ 68.609885][ T5103] ntfs: volume version 3.1.
unlink("./31/binderfs") = 0
umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./31/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./31") = 0
mkdir("./32", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5104 attached
[pid 5104] chdir("./32") = 0
[pid 5104] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5104] setpgid(0, 0) = 0
[pid 5104] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5104] write(3, "1000", 4) = 4
[pid 5104] close(3) = 0
[pid 5104] symlink("/dev/binderfs", "./binderfs"
[pid 5070] <... clone resumed>, child_tidptr=0x5555562c75d0) = 5104
[pid 5104] <... symlink resumed>) = 0
[pid 5104] memfd_create("syzkaller", 0) = 3
[pid 5104] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5104] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5104] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5104] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5104] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5104] close(3) = 0
[pid 5104] mkdir("./file0", 0777) = 0
[pid 5104] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5104] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5104] chdir("./file0") = 0
[pid 5104] ioctl(4, LOOP_CLR_FD) = 0
[pid 5104] close(4) = 0
[pid 5104] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5104] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5104] write(5, "12", 2) = 2
[pid 5104] write(4, "t", 1) = 1
[pid 5104] exit_group(0) = ?
[pid 5104] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5104, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./32/binderfs") = 0
umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 68.730424][ T5104] loop0: detected capacity change from 0 to 4096
[ 68.745965][ T5104] ntfs: volume version 3.1.
lstat("./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./32/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./32") = 0
mkdir("./33", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5105
./strace-static-x86_64: Process 5105 attached
[pid 5105] chdir("./33") = 0
[pid 5105] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5105] setpgid(0, 0) = 0
[pid 5105] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5105] write(3, "1000", 4) = 4
[pid 5105] close(3) = 0
[pid 5105] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5105] memfd_create("syzkaller", 0) = 3
[pid 5105] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5105] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5105] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5105] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5105] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5105] close(3) = 0
[pid 5105] mkdir("./file0", 0777) = 0
[pid 5105] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5105] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5105] chdir("./file0") = 0
[pid 5105] ioctl(4, LOOP_CLR_FD) = 0
[pid 5105] close(4) = 0
[pid 5105] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5105] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5105] write(5, "12", 2) = 2
[ 68.871844][ T5105] loop0: detected capacity change from 0 to 4096
[ 68.887468][ T5105] ntfs: volume version 3.1.
[ 68.909525][ T5105] FAULT_INJECTION: forcing a failure.
[ 68.909525][ T5105] name failslab, interval 1, probability 0, space 0, times 0
[ 68.922293][ T5105] CPU: 1 PID: 5105 Comm: syz-executor678 Not tainted 6.3.0-rc2-syzkaller-00077-g38e04b3e4240 #0
[ 68.932761][ T5105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 68.942875][ T5105] Call Trace:
[ 68.946169][ T5105]
[ 68.949119][ T5105] dump_stack_lvl+0x1e7/0x2d0
[ 68.953822][ T5105] ? nf_tcp_handle_invalid+0x650/0x650
[ 68.959298][ T5105] ? panic+0x770/0x770
[ 68.963381][ T5105] ? __might_sleep+0xc0/0xc0
[ 68.968005][ T5105] should_fail_ex+0x3aa/0x4e0
[ 68.972706][ T5105] should_failslab+0x9/0x20
[ 68.977231][ T5105] slab_pre_alloc_hook+0x59/0x2b0
[ 68.982275][ T5105] ? do_read_cache_page+0xf7/0x230
[ 68.987428][ T5105] kmem_cache_alloc+0x52/0x2e0
[ 68.992207][ T5105] ? ntfs_attr_get_search_ctx+0x51/0x180
[ 68.997906][ T5105] ntfs_attr_get_search_ctx+0x51/0x180
[ 69.003381][ T5105] __ntfs_write_inode+0x128/0xbb0
[ 69.008454][ T5105] ntfs_file_fsync+0x15e/0x2d0
[ 69.013242][ T5105] ntfs_file_write_iter+0x12e4/0x1a00
[ 69.018649][ T5105] vfs_write+0x7b2/0xbb0
[ 69.022927][ T5105] ? file_end_write+0x250/0x250
[ 69.027807][ T5105] ? lockdep_hardirqs_on+0x98/0x140
[ 69.033027][ T5105] ? __fdget_pos+0x265/0x2f0
[ 69.037653][ T5105] ksys_write+0x1a0/0x2c0
[ 69.042023][ T5105] ? __ia32_sys_read+0x90/0x90
[ 69.046817][ T5105] ? syscall_enter_from_user_mode+0x32/0x260
[ 69.052834][ T5105] ? syscall_enter_from_user_mode+0x8c/0x260
[ 69.058856][ T5105] do_syscall_64+0x41/0xc0
[ 69.063335][ T5105] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 69.069283][ T5105] RIP: 0033:0x7f1b3d01dba9
[ 69.073920][ T5105] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 69.093553][ T5105] RSP: 002b:00007ffe44a89ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 69.101992][ T5105] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1b3d01dba9
[ 69.109979][ T5105] RDX: 0000000000000001 RSI: 0000000020004200 RDI: 0000000000000004
[pid 5105] write(4, "t", 1) = -1 ENOMEM (Cannot allocate memory)
[pid 5105] exit_group(0) = ?
[pid 5105] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5105, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./33/binderfs") = 0
umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./33/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./33") = 0
[ 69.117966][ T5105] RBP: 00007ffe44a89f20 R08: 0000000000000002 R09: 00007ffe44a89f30
[ 69.125952][ T5105] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 69.133936][ T5105] R13: 00007ffe44a89f60 R14: 00007ffe44a89f40 R15: 0000000000000021
[ 69.141934][ T5105]
mkdir("./34", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5106
./strace-static-x86_64: Process 5106 attached
[pid 5106] chdir("./34") = 0
[pid 5106] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5106] setpgid(0, 0) = 0
[pid 5106] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5106] write(3, "1000", 4) = 4
[pid 5106] close(3) = 0
[pid 5106] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5106] memfd_create("syzkaller", 0) = 3
[pid 5106] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5106] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5106] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5106] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5106] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5106] close(3) = 0
[pid 5106] mkdir("./file0", 0777) = 0
[pid 5106] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5106] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5106] chdir("./file0") = 0
[pid 5106] ioctl(4, LOOP_CLR_FD) = 0
[pid 5106] close(4) = 0
[pid 5106] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5106] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5106] write(5, "12", 2) = 2
[ 69.231027][ T5106] loop0: detected capacity change from 0 to 4096
[ 69.247660][ T5106] ntfs: volume version 3.1.
[ 69.267629][ T5106] FAULT_INJECTION: forcing a failure.
[ 69.267629][ T5106] name failslab, interval 1, probability 0, space 0, times 0
[ 69.280513][ T5106] CPU: 0 PID: 5106 Comm: syz-executor678 Not tainted 6.3.0-rc2-syzkaller-00077-g38e04b3e4240 #0
[ 69.290981][ T5106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 69.301076][ T5106] Call Trace:
[ 69.304394][ T5106]
[ 69.307328][ T5106] dump_stack_lvl+0x1e7/0x2d0
[ 69.312031][ T5106] ? nf_tcp_handle_invalid+0x650/0x650
[ 69.317496][ T5106] ? panic+0x770/0x770
[ 69.321566][ T5106] ? __might_sleep+0xc0/0xc0
[ 69.326181][ T5106] should_fail_ex+0x3aa/0x4e0
[ 69.330882][ T5106] should_failslab+0x9/0x20
[ 69.335396][ T5106] slab_pre_alloc_hook+0x59/0x2b0
[ 69.340434][ T5106] ? do_read_cache_page+0xf7/0x230
[ 69.345553][ T5106] kmem_cache_alloc+0x52/0x2e0
[ 69.350330][ T5106] ? ntfs_attr_get_search_ctx+0x51/0x180
[ 69.355968][ T5106] ntfs_attr_get_search_ctx+0x51/0x180
[ 69.361437][ T5106] __ntfs_write_inode+0x128/0xbb0
[ 69.366477][ T5106] ntfs_file_fsync+0x15e/0x2d0
[ 69.371354][ T5106] ntfs_file_write_iter+0x12e4/0x1a00
[ 69.376752][ T5106] vfs_write+0x7b2/0xbb0
[ 69.381023][ T5106] ? file_end_write+0x250/0x250
[ 69.385899][ T5106] ? lockdep_hardirqs_on+0x98/0x140
[ 69.391112][ T5106] ? __fdget_pos+0x265/0x2f0
[ 69.395723][ T5106] ksys_write+0x1a0/0x2c0
[ 69.400076][ T5106] ? __ia32_sys_read+0x90/0x90
[ 69.404855][ T5106] ? syscall_enter_from_user_mode+0x32/0x260
[ 69.410846][ T5106] ? syscall_enter_from_user_mode+0x8c/0x260
[ 69.416841][ T5106] do_syscall_64+0x41/0xc0
[ 69.421273][ T5106] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 69.427181][ T5106] RIP: 0033:0x7f1b3d01dba9
[ 69.431606][ T5106] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 69.451569][ T5106] RSP: 002b:00007ffe44a89ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 69.459995][ T5106] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1b3d01dba9
[ 69.467978][ T5106] RDX: 0000000000000001 RSI: 0000000020004200 RDI: 0000000000000004
[pid 5106] write(4, "t", 1) = -1 ENOMEM (Cannot allocate memory)
[pid 5106] exit_group(0) = ?
[pid 5106] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5106, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./34/binderfs") = 0
umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./34/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
[ 69.475966][ T5106] RBP: 00007ffe44a89f20 R08: 0000000000000002 R09: 00007ffe44a89f30
[ 69.483965][ T5106] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 69.491993][ T5106] R13: 00007ffe44a89f60 R14: 00007ffe44a89f40 R15: 0000000000000022
[ 69.500032][ T5106]
rmdir("./34") = 0
mkdir("./35", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5107 attached
, child_tidptr=0x5555562c75d0) = 5107
[pid 5107] chdir("./35") = 0
[pid 5107] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5107] setpgid(0, 0) = 0
[pid 5107] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5107] write(3, "1000", 4) = 4
[pid 5107] close(3) = 0
[pid 5107] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5107] memfd_create("syzkaller", 0) = 3
[pid 5107] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5107] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5107] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5107] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5107] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5107] close(3) = 0
[pid 5107] mkdir("./file0", 0777) = 0
[ 69.598791][ T5107] loop0: detected capacity change from 0 to 4096
[ 69.609016][ T5107] __ntfs_warning: 390 callbacks suppressed
[ 69.609027][ T5107] ntfs: (device loop0): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel.
[ 69.636099][ T5107] ntfs: (device loop0): read_ntfs_boot_sector(): Primary boot sector is invalid.
[ 69.645832][ T5107] ntfs: (device loop0): read_ntfs_boot_sector(): Hot-fix: Recovering invalid primary boot sector from backup copy.
[ 69.661660][ T5107] ntfs: (device loop0): ntfs_mapping_pairs_decompress(): Corrupt attribute.
[ 69.670654][ T5107] ntfs: (device loop0): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5).
[ 69.690819][ T5107] ntfs: (device loop0): ntfs_mapping_pairs_decompress(): Corrupt attribute.
[ 69.699976][ T5107] ntfs: (device loop0): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x0, offset 0x200 because its location on disk could not be determined even after retrying (error code -5).
[ 69.720486][ T5107] ntfs: (device loop0): ntfs_mapping_pairs_decompress(): Corrupt attribute.
[ 69.729447][ T5107] ntfs: (device loop0): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x1, offset 0x0 because its location on disk could not be determined even after retrying (error code -5).
[pid 5107] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5107] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5107] chdir("./file0") = 0
[pid 5107] ioctl(4, LOOP_CLR_FD) = 0
[pid 5107] close(4) = 0
[pid 5107] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5107] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5107] write(5, "12", 2) = 2
[ 69.749730][ T5107] ntfs: (device loop0): ntfs_mapping_pairs_decompress(): Corrupt attribute.
[ 69.760799][ T5107] ntfs: volume version 3.1.
[ 69.789417][ T5107] FAULT_INJECTION: forcing a failure.
[ 69.789417][ T5107] name failslab, interval 1, probability 0, space 0, times 0
[ 69.802327][ T5107] CPU: 0 PID: 5107 Comm: syz-executor678 Not tainted 6.3.0-rc2-syzkaller-00077-g38e04b3e4240 #0
[ 69.812777][ T5107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 69.822846][ T5107] Call Trace:
[ 69.826137][ T5107]
[ 69.829079][ T5107] dump_stack_lvl+0x1e7/0x2d0
[ 69.833779][ T5107] ? nf_tcp_handle_invalid+0x650/0x650
[ 69.839254][ T5107] ? panic+0x770/0x770
[ 69.843483][ T5107] ? __might_sleep+0xc0/0xc0
[ 69.848117][ T5107] should_fail_ex+0x3aa/0x4e0
[ 69.852826][ T5107] should_failslab+0x9/0x20
[ 69.857339][ T5107] slab_pre_alloc_hook+0x59/0x2b0
[ 69.862408][ T5107] ? do_read_cache_page+0xf7/0x230
[ 69.867542][ T5107] kmem_cache_alloc+0x52/0x2e0
[ 69.872338][ T5107] ? ntfs_attr_get_search_ctx+0x51/0x180
[ 69.878008][ T5107] ntfs_attr_get_search_ctx+0x51/0x180
[ 69.883539][ T5107] __ntfs_write_inode+0x128/0xbb0
[ 69.888717][ T5107] ntfs_file_fsync+0x15e/0x2d0
[ 69.893508][ T5107] ntfs_file_write_iter+0x12e4/0x1a00
[ 69.898944][ T5107] vfs_write+0x7b2/0xbb0
[ 69.903217][ T5107] ? file_end_write+0x250/0x250
[ 69.908140][ T5107] ? lockdep_hardirqs_on+0x98/0x140
[ 69.913360][ T5107] ? __fdget_pos+0x265/0x2f0
[ 69.917987][ T5107] ksys_write+0x1a0/0x2c0
[ 69.922333][ T5107] ? __ia32_sys_read+0x90/0x90
[ 69.927114][ T5107] ? syscall_enter_from_user_mode+0x32/0x260
[ 69.933109][ T5107] ? syscall_enter_from_user_mode+0x8c/0x260
[ 69.939122][ T5107] do_syscall_64+0x41/0xc0
[ 69.943579][ T5107] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 69.949486][ T5107] RIP: 0033:0x7f1b3d01dba9
[ 69.953908][ T5107] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 69.973521][ T5107] RSP: 002b:00007ffe44a89ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 69.981969][ T5107] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1b3d01dba9
[ 69.989961][ T5107] RDX: 0000000000000001 RSI: 0000000020004200 RDI: 0000000000000004
[pid 5107] write(4, "t", 1) = -1 ENOMEM (Cannot allocate memory)
[pid 5107] exit_group(0) = ?
[pid 5107] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5107, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./35/binderfs") = 0
[ 69.997978][ T5107] RBP: 00007ffe44a89f20 R08: 0000000000000002 R09: 00007ffe44a89f30
[ 70.005958][ T5107] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 70.013946][ T5107] R13: 00007ffe44a89f60 R14: 00007ffe44a89f40 R15: 0000000000000023
[ 70.021963][ T5107]
umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./35/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./35") = 0
mkdir("./36", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5108
./strace-static-x86_64: Process 5108 attached
[pid 5108] chdir("./36") = 0
[pid 5108] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5108] setpgid(0, 0) = 0
[pid 5108] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5108] write(3, "1000", 4) = 4
[pid 5108] close(3) = 0
[pid 5108] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5108] memfd_create("syzkaller", 0) = 3
[pid 5108] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5108] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5108] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5108] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5108] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5108] close(3) = 0
[pid 5108] mkdir("./file0", 0777) = 0
[pid 5108] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5108] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5108] chdir("./file0") = 0
[pid 5108] ioctl(4, LOOP_CLR_FD) = 0
[pid 5108] close(4) = 0
[pid 5108] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5108] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5108] write(5, "12", 2) = 2
[pid 5108] write(4, "t", 1) = 1
[pid 5108] exit_group(0) = ?
[pid 5108] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5108, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
[ 70.136144][ T5108] loop0: detected capacity change from 0 to 4096
[ 70.151809][ T5108] ntfs: volume version 3.1.
umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./36/binderfs") = 0
umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./36/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./36") = 0
mkdir("./37", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5109 attached
, child_tidptr=0x5555562c75d0) = 5109
[pid 5109] chdir("./37") = 0
[pid 5109] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5109] setpgid(0, 0) = 0
[pid 5109] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5109] write(3, "1000", 4) = 4
[pid 5109] close(3) = 0
[pid 5109] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5109] memfd_create("syzkaller", 0) = 3
[pid 5109] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5109] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5109] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5109] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5109] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5109] close(3) = 0
[pid 5109] mkdir("./file0", 0777) = 0
[pid 5109] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5109] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5109] chdir("./file0") = 0
[pid 5109] ioctl(4, LOOP_CLR_FD) = 0
[pid 5109] close(4) = 0
[pid 5109] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5109] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5109] write(5, "12", 2) = 2
[ 70.288563][ T5109] loop0: detected capacity change from 0 to 4096
[ 70.306026][ T5109] ntfs: volume version 3.1.
[ 70.327966][ T5109] FAULT_INJECTION: forcing a failure.
[ 70.327966][ T5109] name failslab, interval 1, probability 0, space 0, times 0
[ 70.340904][ T5109] CPU: 1 PID: 5109 Comm: syz-executor678 Not tainted 6.3.0-rc2-syzkaller-00077-g38e04b3e4240 #0
[ 70.351401][ T5109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 70.361482][ T5109] Call Trace:
[ 70.364766][ T5109]
[ 70.367701][ T5109] dump_stack_lvl+0x1e7/0x2d0
[ 70.372407][ T5109] ? nf_tcp_handle_invalid+0x650/0x650
[ 70.377914][ T5109] ? panic+0x770/0x770
[ 70.381994][ T5109] ? __might_sleep+0xc0/0xc0
[ 70.386600][ T5109] should_fail_ex+0x3aa/0x4e0
[ 70.391311][ T5109] should_failslab+0x9/0x20
[ 70.395856][ T5109] slab_pre_alloc_hook+0x59/0x2b0
[ 70.400941][ T5109] ? do_read_cache_page+0xf7/0x230
[ 70.406080][ T5109] kmem_cache_alloc+0x52/0x2e0
[ 70.410887][ T5109] ? ntfs_attr_get_search_ctx+0x51/0x180
[ 70.416536][ T5109] ntfs_attr_get_search_ctx+0x51/0x180
[ 70.422105][ T5109] __ntfs_write_inode+0x128/0xbb0
[ 70.427165][ T5109] ntfs_file_fsync+0x15e/0x2d0
[ 70.431954][ T5109] ntfs_file_write_iter+0x12e4/0x1a00
[ 70.437371][ T5109] vfs_write+0x7b2/0xbb0
[ 70.441636][ T5109] ? file_end_write+0x250/0x250
[ 70.446515][ T5109] ? lockdep_hardirqs_on+0x98/0x140
[ 70.451735][ T5109] ? __fdget_pos+0x265/0x2f0
[ 70.456396][ T5109] ksys_write+0x1a0/0x2c0
[ 70.460766][ T5109] ? __ia32_sys_read+0x90/0x90
[ 70.465558][ T5109] ? syscall_enter_from_user_mode+0x32/0x260
[ 70.471636][ T5109] ? syscall_enter_from_user_mode+0x8c/0x260
[ 70.477640][ T5109] do_syscall_64+0x41/0xc0
[ 70.482195][ T5109] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 70.488389][ T5109] RIP: 0033:0x7f1b3d01dba9
[ 70.492811][ T5109] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 70.512456][ T5109] RSP: 002b:00007ffe44a89ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 70.520881][ T5109] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1b3d01dba9
[ 70.528861][ T5109] RDX: 0000000000000001 RSI: 0000000020004200 RDI: 0000000000000004
[pid 5109] write(4, "t", 1) = -1 ENOMEM (Cannot allocate memory)
[pid 5109] exit_group(0) = ?
[pid 5109] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5109, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./37/binderfs") = 0
umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[ 70.536838][ T5109] RBP: 00007ffe44a89f20 R08: 0000000000000002 R09: 00007ffe44a89f30
[ 70.544819][ T5109] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 70.552805][ T5109] R13: 00007ffe44a89f60 R14: 00007ffe44a89f40 R15: 0000000000000025
[ 70.560811][ T5109]
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./37/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./37") = 0
mkdir("./38", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5110
./strace-static-x86_64: Process 5110 attached
[pid 5110] chdir("./38") = 0
[pid 5110] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5110] setpgid(0, 0) = 0
[pid 5110] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5110] write(3, "1000", 4) = 4
[pid 5110] close(3) = 0
[pid 5110] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5110] memfd_create("syzkaller", 0) = 3
[pid 5110] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5110] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5110] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5110] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5110] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5110] close(3) = 0
[pid 5110] mkdir("./file0", 0777) = 0
[pid 5110] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5110] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5110] chdir("./file0") = 0
[pid 5110] ioctl(4, LOOP_CLR_FD) = 0
[pid 5110] close(4) = 0
[pid 5110] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5110] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5110] write(5, "12", 2) = 2
[ 70.663942][ T5110] loop0: detected capacity change from 0 to 4096
[ 70.678169][ T5110] ntfs: volume version 3.1.
[ 70.711153][ T5110] FAULT_INJECTION: forcing a failure.
[ 70.711153][ T5110] name failslab, interval 1, probability 0, space 0, times 0
[ 70.724075][ T5110] CPU: 0 PID: 5110 Comm: syz-executor678 Not tainted 6.3.0-rc2-syzkaller-00077-g38e04b3e4240 #0
[ 70.734517][ T5110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 70.744580][ T5110] Call Trace:
[ 70.747859][ T5110]
[ 70.750793][ T5110] dump_stack_lvl+0x1e7/0x2d0
[ 70.755510][ T5110] ? nf_tcp_handle_invalid+0x650/0x650
[ 70.760995][ T5110] ? panic+0x770/0x770
[ 70.765090][ T5110] ? __might_sleep+0xc0/0xc0
[ 70.769698][ T5110] should_fail_ex+0x3aa/0x4e0
[ 70.774404][ T5110] should_failslab+0x9/0x20
[ 70.778929][ T5110] slab_pre_alloc_hook+0x59/0x2b0
[ 70.784008][ T5110] ? do_read_cache_page+0xf7/0x230
[ 70.789156][ T5110] kmem_cache_alloc+0x52/0x2e0
[ 70.793971][ T5110] ? ntfs_attr_get_search_ctx+0x51/0x180
[ 70.799683][ T5110] ntfs_attr_get_search_ctx+0x51/0x180
[ 70.805175][ T5110] __ntfs_write_inode+0x128/0xbb0
[ 70.810237][ T5110] ntfs_file_fsync+0x15e/0x2d0
[ 70.815029][ T5110] ntfs_file_write_iter+0x12e4/0x1a00
[ 70.820442][ T5110] vfs_write+0x7b2/0xbb0
[ 70.824727][ T5110] ? file_end_write+0x250/0x250
[ 70.829617][ T5110] ? lockdep_hardirqs_on+0x98/0x140
[ 70.834837][ T5110] ? __fdget_pos+0x265/0x2f0
[ 70.839464][ T5110] ksys_write+0x1a0/0x2c0
[ 70.843814][ T5110] ? __ia32_sys_read+0x90/0x90
[ 70.848589][ T5110] ? syscall_enter_from_user_mode+0x32/0x260
[ 70.854589][ T5110] ? syscall_enter_from_user_mode+0x8c/0x260
[ 70.860605][ T5110] do_syscall_64+0x41/0xc0
[ 70.865055][ T5110] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 70.870959][ T5110] RIP: 0033:0x7f1b3d01dba9
[ 70.875401][ T5110] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 70.895015][ T5110] RSP: 002b:00007ffe44a89ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 70.903449][ T5110] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1b3d01dba9
[pid 5110] write(4, "t", 1) = -1 ENOMEM (Cannot allocate memory)
[pid 5110] exit_group(0) = ?
[pid 5110] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5110, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=5 /* 0.05 s */} ---
umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./38/binderfs") = 0
umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./38/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./38") = 0
mkdir("./39", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 70.911433][ T5110] RDX: 0000000000000001 RSI: 0000000020004200 RDI: 0000000000000004
[ 70.919407][ T5110] RBP: 00007ffe44a89f20 R08: 0000000000000002 R09: 00007ffe44a89f30
[ 70.927384][ T5110] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 70.935372][ T5110] R13: 00007ffe44a89f60 R14: 00007ffe44a89f40 R15: 0000000000000026
[ 70.943394][ T5110]
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5111 attached
[pid 5111] chdir("./39") = 0
[pid 5111] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5111] setpgid(0, 0) = 0
[pid 5111] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5111] write(3, "1000", 4) = 4
[pid 5111] close(3) = 0
[pid 5111] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5111] memfd_create("syzkaller", 0) = 3
[pid 5111] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5070] <... clone resumed>, child_tidptr=0x5555562c75d0) = 5111
[pid 5111] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5111] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5111] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5111] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5111] close(3) = 0
[pid 5111] mkdir("./file0", 0777) = 0
[pid 5111] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5111] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5111] chdir("./file0") = 0
[pid 5111] ioctl(4, LOOP_CLR_FD) = 0
[pid 5111] close(4) = 0
[pid 5111] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5111] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5111] write(5, "12", 2) = 2
[ 71.040443][ T5111] loop0: detected capacity change from 0 to 4096
[ 71.056805][ T5111] ntfs: volume version 3.1.
[ 71.096572][ T5111] FAULT_INJECTION: forcing a failure.
[ 71.096572][ T5111] name failslab, interval 1, probability 0, space 0, times 0
[ 71.109353][ T5111] CPU: 1 PID: 5111 Comm: syz-executor678 Not tainted 6.3.0-rc2-syzkaller-00077-g38e04b3e4240 #0
[ 71.119808][ T5111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 71.129987][ T5111] Call Trace:
[ 71.133295][ T5111]
[ 71.136230][ T5111] dump_stack_lvl+0x1e7/0x2d0
[ 71.140937][ T5111] ? nf_tcp_handle_invalid+0x650/0x650
[ 71.146415][ T5111] ? panic+0x770/0x770
[ 71.150510][ T5111] ? __might_sleep+0xc0/0xc0
[ 71.155128][ T5111] should_fail_ex+0x3aa/0x4e0
[ 71.159823][ T5111] should_failslab+0x9/0x20
[ 71.164352][ T5111] slab_pre_alloc_hook+0x59/0x2b0
[ 71.169413][ T5111] ? do_read_cache_page+0xf7/0x230
[ 71.174538][ T5111] kmem_cache_alloc+0x52/0x2e0
[ 71.179319][ T5111] ? ntfs_attr_get_search_ctx+0x51/0x180
[ 71.185089][ T5111] ntfs_attr_get_search_ctx+0x51/0x180
[ 71.190615][ T5111] __ntfs_write_inode+0x128/0xbb0
[ 71.195685][ T5111] ntfs_file_fsync+0x15e/0x2d0
[ 71.200468][ T5111] ntfs_file_write_iter+0x12e4/0x1a00
[ 71.205875][ T5111] vfs_write+0x7b2/0xbb0
[ 71.210141][ T5111] ? file_end_write+0x250/0x250
[ 71.215029][ T5111] ? lockdep_hardirqs_on+0x98/0x140
[ 71.220276][ T5111] ? __fdget_pos+0x265/0x2f0
[ 71.224894][ T5111] ksys_write+0x1a0/0x2c0
[ 71.229273][ T5111] ? __ia32_sys_read+0x90/0x90
[ 71.234072][ T5111] ? syscall_enter_from_user_mode+0x32/0x260
[ 71.240065][ T5111] ? syscall_enter_from_user_mode+0x8c/0x260
[ 71.246119][ T5111] do_syscall_64+0x41/0xc0
[ 71.250567][ T5111] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 71.256507][ T5111] RIP: 0033:0x7f1b3d01dba9
[ 71.260948][ T5111] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 71.280570][ T5111] RSP: 002b:00007ffe44a89ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 71.289033][ T5111] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1b3d01dba9
[pid 5111] write(4, "t", 1) = -1 ENOMEM (Cannot allocate memory)
[pid 5111] exit_group(0) = ?
[pid 5111] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5111, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} ---
umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./39/binderfs") = 0
umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./39/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./39") = 0
mkdir("./40", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5112
./strace-static-x86_64: Process 5112 attached
[pid 5112] chdir("./40") = 0
[pid 5112] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5112] setpgid(0, 0) = 0
[pid 5112] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[ 71.297024][ T5111] RDX: 0000000000000001 RSI: 0000000020004200 RDI: 0000000000000004
[ 71.305007][ T5111] RBP: 00007ffe44a89f20 R08: 0000000000000002 R09: 00007ffe44a89f30
[ 71.312995][ T5111] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 71.320989][ T5111] R13: 00007ffe44a89f60 R14: 00007ffe44a89f40 R15: 0000000000000027
[ 71.328979][ T5111]
[pid 5112] write(3, "1000", 4) = 4
[pid 5112] close(3) = 0
[pid 5112] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5112] memfd_create("syzkaller", 0) = 3
[pid 5112] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5112] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5112] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5112] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5112] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5112] close(3) = 0
[pid 5112] mkdir("./file0", 0777) = 0
[pid 5112] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5112] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5112] chdir("./file0") = 0
[pid 5112] ioctl(4, LOOP_CLR_FD) = 0
[pid 5112] close(4) = 0
[pid 5112] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5112] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5112] write(5, "12", 2) = 2
[ 71.428337][ T5112] loop0: detected capacity change from 0 to 4096
[ 71.444723][ T5112] ntfs: volume version 3.1.
[ 71.468857][ T5112] FAULT_INJECTION: forcing a failure.
[ 71.468857][ T5112] name failslab, interval 1, probability 0, space 0, times 0
[ 71.482001][ T5112] CPU: 0 PID: 5112 Comm: syz-executor678 Not tainted 6.3.0-rc2-syzkaller-00077-g38e04b3e4240 #0
[ 71.492476][ T5112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 71.502577][ T5112] Call Trace:
[ 71.505968][ T5112]
[ 71.508933][ T5112] dump_stack_lvl+0x1e7/0x2d0
[ 71.513661][ T5112] ? nf_tcp_handle_invalid+0x650/0x650
[ 71.519166][ T5112] ? panic+0x770/0x770
[ 71.523279][ T5112] ? __might_sleep+0xc0/0xc0
[ 71.527925][ T5112] should_fail_ex+0x3aa/0x4e0
[ 71.532655][ T5112] should_failslab+0x9/0x20
[ 71.537196][ T5112] slab_pre_alloc_hook+0x59/0x2b0
[ 71.542352][ T5112] ? do_read_cache_page+0xf7/0x230
[ 71.547506][ T5112] kmem_cache_alloc+0x52/0x2e0
[ 71.552342][ T5112] ? ntfs_attr_get_search_ctx+0x51/0x180
[ 71.558013][ T5112] ntfs_attr_get_search_ctx+0x51/0x180
[ 71.563508][ T5112] __ntfs_write_inode+0x128/0xbb0
[ 71.568578][ T5112] ntfs_file_fsync+0x15e/0x2d0
[ 71.573398][ T5112] ntfs_file_write_iter+0x12e4/0x1a00
[ 71.578826][ T5112] vfs_write+0x7b2/0xbb0
[ 71.583119][ T5112] ? file_end_write+0x250/0x250
[ 71.588028][ T5112] ? lockdep_hardirqs_on+0x98/0x140
[ 71.593290][ T5112] ? __fdget_pos+0x265/0x2f0
[ 71.597909][ T5112] ksys_write+0x1a0/0x2c0
[ 71.602282][ T5112] ? __ia32_sys_read+0x90/0x90
[ 71.607081][ T5112] ? syscall_enter_from_user_mode+0x32/0x260
[ 71.613095][ T5112] ? syscall_enter_from_user_mode+0x8c/0x260
[ 71.619117][ T5112] do_syscall_64+0x41/0xc0
[ 71.623583][ T5112] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 71.629542][ T5112] RIP: 0033:0x7f1b3d01dba9
[ 71.633991][ T5112] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 71.653630][ T5112] RSP: 002b:00007ffe44a89ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 71.662093][ T5112] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1b3d01dba9
[pid 5112] write(4, "t", 1) = -1 ENOMEM (Cannot allocate memory)
[pid 5112] exit_group(0) = ?
[pid 5112] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5112, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./40/binderfs") = 0
umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[ 71.670125][ T5112] RDX: 0000000000000001 RSI: 0000000020004200 RDI: 0000000000000004
[ 71.678137][ T5112] RBP: 00007ffe44a89f20 R08: 0000000000000002 R09: 00007ffe44a89f30
[ 71.686150][ T5112] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 71.694152][ T5112] R13: 00007ffe44a89f60 R14: 00007ffe44a89f40 R15: 0000000000000028
[ 71.702177][ T5112]
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./40/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./40") = 0
mkdir("./41", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5113
./strace-static-x86_64: Process 5113 attached
[pid 5113] chdir("./41") = 0
[pid 5113] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5113] setpgid(0, 0) = 0
[pid 5113] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5113] write(3, "1000", 4) = 4
[pid 5113] close(3) = 0
[pid 5113] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5113] memfd_create("syzkaller", 0) = 3
[pid 5113] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5113] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5113] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5113] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5113] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5113] close(3) = 0
[pid 5113] mkdir("./file0", 0777) = 0
[pid 5113] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5113] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5113] chdir("./file0") = 0
[pid 5113] ioctl(4, LOOP_CLR_FD) = 0
[pid 5113] close(4) = 0
[pid 5113] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5113] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5113] write(5, "12", 2) = 2
[ 71.823819][ T5113] loop0: detected capacity change from 0 to 4096
[ 71.839645][ T5113] ntfs: volume version 3.1.
[ 71.879779][ T5113] FAULT_INJECTION: forcing a failure.
[ 71.879779][ T5113] name failslab, interval 1, probability 0, space 0, times 0
[ 71.892556][ T5113] CPU: 0 PID: 5113 Comm: syz-executor678 Not tainted 6.3.0-rc2-syzkaller-00077-g38e04b3e4240 #0
[ 71.903001][ T5113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 71.913071][ T5113] Call Trace:
[ 71.916355][ T5113]
[ 71.919300][ T5113] dump_stack_lvl+0x1e7/0x2d0
[ 71.923991][ T5113] ? nf_tcp_handle_invalid+0x650/0x650
[ 71.929458][ T5113] ? panic+0x770/0x770
[ 71.933537][ T5113] ? __might_sleep+0xc0/0xc0
[ 71.938157][ T5113] should_fail_ex+0x3aa/0x4e0
[ 71.942859][ T5113] should_failslab+0x9/0x20
[ 71.947380][ T5113] slab_pre_alloc_hook+0x59/0x2b0
[ 71.952439][ T5113] ? do_read_cache_page+0xf7/0x230
[ 71.957570][ T5113] kmem_cache_alloc+0x52/0x2e0
[ 71.962358][ T5113] ? ntfs_attr_get_search_ctx+0x51/0x180
[ 71.968000][ T5113] ntfs_attr_get_search_ctx+0x51/0x180
[ 71.973469][ T5113] __ntfs_write_inode+0x128/0xbb0
[ 71.978526][ T5113] ntfs_file_fsync+0x15e/0x2d0
[ 71.983319][ T5113] ntfs_file_write_iter+0x12e4/0x1a00
[ 71.988714][ T5113] vfs_write+0x7b2/0xbb0
[ 71.992974][ T5113] ? file_end_write+0x250/0x250
[ 71.997858][ T5113] ? lockdep_hardirqs_on+0x98/0x140
[ 72.003086][ T5113] ? __fdget_pos+0x265/0x2f0
[ 72.007694][ T5113] ksys_write+0x1a0/0x2c0
[ 72.012062][ T5113] ? __ia32_sys_read+0x90/0x90
[ 72.016847][ T5113] ? syscall_enter_from_user_mode+0x32/0x260
[ 72.022840][ T5113] ? syscall_enter_from_user_mode+0x8c/0x260
[ 72.028829][ T5113] do_syscall_64+0x41/0xc0
[ 72.033279][ T5113] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 72.039198][ T5113] RIP: 0033:0x7f1b3d01dba9
[ 72.043646][ T5113] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 72.063280][ T5113] RSP: 002b:00007ffe44a89ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 72.071741][ T5113] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1b3d01dba9
[pid 5113] write(4, "t", 1) = -1 ENOMEM (Cannot allocate memory)
[pid 5113] exit_group(0) = ?
[pid 5113] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5113, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./41/binderfs") = 0
umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./41/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./41") = 0
mkdir("./42", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5114
./strace-static-x86_64: Process 5114 attached
[ 72.079730][ T5113] RDX: 0000000000000001 RSI: 0000000020004200 RDI: 0000000000000004
[ 72.087703][ T5113] RBP: 00007ffe44a89f20 R08: 0000000000000002 R09: 00007ffe44a89f30
[ 72.095686][ T5113] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 72.103683][ T5113] R13: 00007ffe44a89f60 R14: 00007ffe44a89f40 R15: 0000000000000029
[ 72.111673][ T5113]
[pid 5114] chdir("./42") = 0
[pid 5114] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5114] setpgid(0, 0) = 0
[pid 5114] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5114] write(3, "1000", 4) = 4
[pid 5114] close(3) = 0
[pid 5114] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5114] memfd_create("syzkaller", 0) = 3
[pid 5114] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5114] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5114] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5114] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5114] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5114] close(3) = 0
[pid 5114] mkdir("./file0", 0777) = 0
[pid 5114] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5114] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5114] chdir("./file0") = 0
[pid 5114] ioctl(4, LOOP_CLR_FD) = 0
[pid 5114] close(4) = 0
[pid 5114] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5114] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5114] write(5, "12", 2) = 2
[ 72.219159][ T5114] loop0: detected capacity change from 0 to 4096
[ 72.235648][ T5114] ntfs: volume version 3.1.
[ 72.266349][ T5114] FAULT_INJECTION: forcing a failure.
[ 72.266349][ T5114] name failslab, interval 1, probability 0, space 0, times 0
[ 72.279632][ T5114] CPU: 0 PID: 5114 Comm: syz-executor678 Not tainted 6.3.0-rc2-syzkaller-00077-g38e04b3e4240 #0
[ 72.290074][ T5114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 72.300131][ T5114] Call Trace:
[ 72.303418][ T5114]
[ 72.306381][ T5114] dump_stack_lvl+0x1e7/0x2d0
[ 72.311077][ T5114] ? nf_tcp_handle_invalid+0x650/0x650
[ 72.316561][ T5114] ? panic+0x770/0x770
[ 72.320650][ T5114] ? __might_sleep+0xc0/0xc0
[ 72.325251][ T5114] should_fail_ex+0x3aa/0x4e0
[ 72.329941][ T5114] should_failslab+0x9/0x20
[ 72.334461][ T5114] slab_pre_alloc_hook+0x59/0x2b0
[ 72.339506][ T5114] ? do_read_cache_page+0xf7/0x230
[ 72.344633][ T5114] kmem_cache_alloc+0x52/0x2e0
[ 72.349414][ T5114] ? ntfs_attr_get_search_ctx+0x51/0x180
[ 72.355067][ T5114] ntfs_attr_get_search_ctx+0x51/0x180
[ 72.360558][ T5114] __ntfs_write_inode+0x128/0xbb0
[ 72.365608][ T5114] ntfs_file_fsync+0x15e/0x2d0
[ 72.370407][ T5114] ntfs_file_write_iter+0x12e4/0x1a00
[ 72.375811][ T5114] vfs_write+0x7b2/0xbb0
[ 72.380080][ T5114] ? file_end_write+0x250/0x250
[ 72.384957][ T5114] ? lockdep_hardirqs_on+0x98/0x140
[ 72.390171][ T5114] ? __fdget_pos+0x265/0x2f0
[ 72.394778][ T5114] ksys_write+0x1a0/0x2c0
[ 72.399129][ T5114] ? __ia32_sys_read+0x90/0x90
[ 72.403909][ T5114] ? syscall_enter_from_user_mode+0x32/0x260
[ 72.409903][ T5114] ? syscall_enter_from_user_mode+0x8c/0x260
[ 72.415896][ T5114] do_syscall_64+0x41/0xc0
[ 72.420328][ T5114] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 72.426229][ T5114] RIP: 0033:0x7f1b3d01dba9
[ 72.430655][ T5114] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 72.450269][ T5114] RSP: 002b:00007ffe44a89ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 72.458694][ T5114] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1b3d01dba9
[pid 5114] write(4, "t", 1) = -1 ENOMEM (Cannot allocate memory)
[pid 5114] exit_group(0) = ?
[pid 5114] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5114, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./42/binderfs") = 0
umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./42/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./42") = 0
mkdir("./43", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[ 72.466672][ T5114] RDX: 0000000000000001 RSI: 0000000020004200 RDI: 0000000000000004
[ 72.474654][ T5114] RBP: 00007ffe44a89f20 R08: 0000000000000002 R09: 00007ffe44a89f30
[ 72.482650][ T5114] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 72.490627][ T5114] R13: 00007ffe44a89f60 R14: 00007ffe44a89f40 R15: 000000000000002a
[ 72.498622][ T5114]
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5115
./strace-static-x86_64: Process 5115 attached
[pid 5115] chdir("./43") = 0
[pid 5115] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5115] setpgid(0, 0) = 0
[pid 5115] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5115] write(3, "1000", 4) = 4
[pid 5115] close(3) = 0
[pid 5115] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5115] memfd_create("syzkaller", 0) = 3
[pid 5115] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5115] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5115] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5115] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5115] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5115] close(3) = 0
[pid 5115] mkdir("./file0", 0777) = 0
[pid 5115] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5115] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5115] chdir("./file0") = 0
[pid 5115] ioctl(4, LOOP_CLR_FD) = 0
[pid 5115] close(4) = 0
[pid 5115] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5115] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5115] write(5, "12", 2) = 2
[pid 5115] write(4, "t", 1) = 1
[pid 5115] exit_group(0) = ?
[pid 5115] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5115, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./43/binderfs") = 0
umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./43/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./43") = 0
mkdir("./44", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
[ 72.591995][ T5115] loop0: detected capacity change from 0 to 4096
[ 72.620221][ T5115] ntfs: volume version 3.1.
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5116
./strace-static-x86_64: Process 5116 attached
[pid 5116] chdir("./44") = 0
[pid 5116] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5116] setpgid(0, 0) = 0
[pid 5116] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5116] write(3, "1000", 4) = 4
[pid 5116] close(3) = 0
[pid 5116] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5116] memfd_create("syzkaller", 0) = 3
[pid 5116] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5116] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5116] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5116] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5116] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5116] close(3) = 0
[pid 5116] mkdir("./file0", 0777) = 0
[pid 5116] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5116] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5116] chdir("./file0") = 0
[pid 5116] ioctl(4, LOOP_CLR_FD) = 0
[pid 5116] close(4) = 0
[pid 5116] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5116] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5116] write(5, "12", 2) = 2
[ 72.736385][ T5116] loop0: detected capacity change from 0 to 4096
[ 72.752394][ T5116] ntfs: volume version 3.1.
[ 72.790786][ T5116] FAULT_INJECTION: forcing a failure.
[ 72.790786][ T5116] name failslab, interval 1, probability 0, space 0, times 0
[ 72.803724][ T5116] CPU: 1 PID: 5116 Comm: syz-executor678 Not tainted 6.3.0-rc2-syzkaller-00077-g38e04b3e4240 #0
[ 72.814203][ T5116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 72.824294][ T5116] Call Trace:
[ 72.827600][ T5116]
[ 72.830558][ T5116] dump_stack_lvl+0x1e7/0x2d0
[ 72.835274][ T5116] ? nf_tcp_handle_invalid+0x650/0x650
[ 72.840765][ T5116] ? panic+0x770/0x770
[ 72.844855][ T5116] ? __might_sleep+0xc0/0xc0
[ 72.849479][ T5116] should_fail_ex+0x3aa/0x4e0
[ 72.854174][ T5116] should_failslab+0x9/0x20
[ 72.858685][ T5116] slab_pre_alloc_hook+0x59/0x2b0
[ 72.863737][ T5116] ? do_read_cache_page+0xf7/0x230
[ 72.868891][ T5116] kmem_cache_alloc+0x52/0x2e0
[ 72.873710][ T5116] ? ntfs_attr_get_search_ctx+0x51/0x180
[ 72.879394][ T5116] ntfs_attr_get_search_ctx+0x51/0x180
[ 72.884906][ T5116] __ntfs_write_inode+0x128/0xbb0
[ 72.889974][ T5116] ntfs_file_fsync+0x15e/0x2d0
[ 72.894750][ T5116] ntfs_file_write_iter+0x12e4/0x1a00
[ 72.900152][ T5116] vfs_write+0x7b2/0xbb0
[ 72.904421][ T5116] ? file_end_write+0x250/0x250
[ 72.909307][ T5116] ? lockdep_hardirqs_on+0x98/0x140
[ 72.914559][ T5116] ? __fdget_pos+0x265/0x2f0
[ 72.919181][ T5116] ksys_write+0x1a0/0x2c0
[ 72.923565][ T5116] ? __ia32_sys_read+0x90/0x90
[ 72.928363][ T5116] ? syscall_enter_from_user_mode+0x32/0x260
[ 72.934358][ T5116] ? syscall_enter_from_user_mode+0x8c/0x260
[ 72.940355][ T5116] do_syscall_64+0x41/0xc0
[ 72.944805][ T5116] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 72.950742][ T5116] RIP: 0033:0x7f1b3d01dba9
[ 72.955189][ T5116] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 72.974816][ T5116] RSP: 002b:00007ffe44a89ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 72.983710][ T5116] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1b3d01dba9
[pid 5116] write(4, "t", 1) = -1 ENOMEM (Cannot allocate memory)
[pid 5116] exit_group(0) = ?
[pid 5116] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5116, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./44/binderfs") = 0
umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./44/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./44") = 0
mkdir("./45", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 72.991716][ T5116] RDX: 0000000000000001 RSI: 0000000020004200 RDI: 0000000000000004
[ 72.999708][ T5116] RBP: 00007ffe44a89f20 R08: 0000000000000002 R09: 00007ffe44a89f30
[ 73.007696][ T5116] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 73.015775][ T5116] R13: 00007ffe44a89f60 R14: 00007ffe44a89f40 R15: 000000000000002c
[ 73.023780][ T5116]
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5117
./strace-static-x86_64: Process 5117 attached
[pid 5117] chdir("./45") = 0
[pid 5117] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5117] setpgid(0, 0) = 0
[pid 5117] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5117] write(3, "1000", 4) = 4
[pid 5117] close(3) = 0
[pid 5117] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5117] memfd_create("syzkaller", 0) = 3
[pid 5117] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5117] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5117] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5117] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5117] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5117] close(3) = 0
[pid 5117] mkdir("./file0", 0777) = 0
[pid 5117] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5117] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5117] chdir("./file0") = 0
[pid 5117] ioctl(4, LOOP_CLR_FD) = 0
[pid 5117] close(4) = 0
[pid 5117] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5117] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5117] write(5, "12", 2) = 2
[pid 5117] write(4, "t", 1) = 1
[pid 5117] exit_group(0) = ?
[pid 5117] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5117, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} ---
umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 73.125598][ T5117] loop0: detected capacity change from 0 to 4096
[ 73.142965][ T5117] ntfs: volume version 3.1.
lstat("./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./45/binderfs") = 0
umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./45/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./45") = 0
mkdir("./46", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5118
./strace-static-x86_64: Process 5118 attached
[pid 5118] chdir("./46") = 0
[pid 5118] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5118] setpgid(0, 0) = 0
[pid 5118] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5118] write(3, "1000", 4) = 4
[pid 5118] close(3) = 0
[pid 5118] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5118] memfd_create("syzkaller", 0) = 3
[pid 5118] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5118] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5118] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5118] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5118] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5118] close(3) = 0
[pid 5118] mkdir("./file0", 0777) = 0
[pid 5118] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5118] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5118] chdir("./file0") = 0
[pid 5118] ioctl(4, LOOP_CLR_FD) = 0
[pid 5118] close(4) = 0
[pid 5118] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5118] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5118] write(5, "12", 2) = 2
[ 73.261767][ T5118] loop0: detected capacity change from 0 to 4096
[ 73.278575][ T5118] ntfs: volume version 3.1.
[ 73.310235][ T5118] FAULT_INJECTION: forcing a failure.
[ 73.310235][ T5118] name failslab, interval 1, probability 0, space 0, times 0
[ 73.323651][ T5118] CPU: 0 PID: 5118 Comm: syz-executor678 Not tainted 6.3.0-rc2-syzkaller-00077-g38e04b3e4240 #0
[ 73.334197][ T5118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 73.344277][ T5118] Call Trace:
[ 73.347557][ T5118]
[ 73.350489][ T5118] dump_stack_lvl+0x1e7/0x2d0
[ 73.355190][ T5118] ? nf_tcp_handle_invalid+0x650/0x650
[ 73.360665][ T5118] ? panic+0x770/0x770
[ 73.364764][ T5118] ? __might_sleep+0xc0/0xc0
[ 73.370081][ T5118] should_fail_ex+0x3aa/0x4e0
[ 73.374798][ T5118] should_failslab+0x9/0x20
[ 73.379326][ T5118] slab_pre_alloc_hook+0x59/0x2b0
[ 73.384372][ T5118] ? do_read_cache_page+0xf7/0x230
[ 73.389513][ T5118] kmem_cache_alloc+0x52/0x2e0
[ 73.394300][ T5118] ? ntfs_attr_get_search_ctx+0x51/0x180
[ 73.399954][ T5118] ntfs_attr_get_search_ctx+0x51/0x180
[ 73.405440][ T5118] __ntfs_write_inode+0x128/0xbb0
[ 73.410486][ T5118] ntfs_file_fsync+0x15e/0x2d0
[ 73.415268][ T5118] ntfs_file_write_iter+0x12e4/0x1a00
[ 73.420866][ T5118] vfs_write+0x7b2/0xbb0
[ 73.425129][ T5118] ? file_end_write+0x250/0x250
[ 73.430004][ T5118] ? lockdep_hardirqs_on+0x98/0x140
[ 73.435216][ T5118] ? __fdget_pos+0x265/0x2f0
[ 73.439855][ T5118] ksys_write+0x1a0/0x2c0
[ 73.444203][ T5118] ? __ia32_sys_read+0x90/0x90
[ 73.448993][ T5118] ? syscall_enter_from_user_mode+0x32/0x260
[ 73.454988][ T5118] ? syscall_enter_from_user_mode+0x8c/0x260
[ 73.460987][ T5118] do_syscall_64+0x41/0xc0
[ 73.465418][ T5118] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 73.471323][ T5118] RIP: 0033:0x7f1b3d01dba9
[ 73.475837][ T5118] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 73.495565][ T5118] RSP: 002b:00007ffe44a89ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 5118] write(4, "t", 1) = -1 ENOMEM (Cannot allocate memory)
[pid 5118] exit_group(0) = ?
[pid 5118] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5118, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./46/binderfs") = 0
umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./46/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./46") = 0
mkdir("./47", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[ 73.503994][ T5118] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1b3d01dba9
[ 73.511975][ T5118] RDX: 0000000000000001 RSI: 0000000020004200 RDI: 0000000000000004
[ 73.519955][ T5118] RBP: 00007ffe44a89f20 R08: 0000000000000002 R09: 00007ffe44a89f30
[ 73.527934][ T5118] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 73.535925][ T5118] R13: 00007ffe44a89f60 R14: 00007ffe44a89f40 R15: 000000000000002e
[ 73.543922][ T5118]
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5119
./strace-static-x86_64: Process 5119 attached
[pid 5119] chdir("./47") = 0
[pid 5119] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5119] setpgid(0, 0) = 0
[pid 5119] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5119] write(3, "1000", 4) = 4
[pid 5119] close(3) = 0
[pid 5119] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5119] memfd_create("syzkaller", 0) = 3
[pid 5119] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5119] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5119] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5119] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5119] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5119] close(3) = 0
[pid 5119] mkdir("./file0", 0777) = 0
[pid 5119] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5119] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5119] chdir("./file0") = 0
[pid 5119] ioctl(4, LOOP_CLR_FD) = 0
[pid 5119] close(4) = 0
[pid 5119] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5119] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5119] write(5, "12", 2) = 2
[pid 5119] write(4, "t", 1) = 1
[pid 5119] exit_group(0) = ?
[pid 5119] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5119, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./47/binderfs") = 0
[ 73.646136][ T5119] loop0: detected capacity change from 0 to 4096
[ 73.663913][ T5119] ntfs: volume version 3.1.
umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./47/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./47") = 0
mkdir("./48", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5120
./strace-static-x86_64: Process 5120 attached
[pid 5120] chdir("./48") = 0
[pid 5120] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5120] setpgid(0, 0) = 0
[pid 5120] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5120] write(3, "1000", 4) = 4
[pid 5120] close(3) = 0
[pid 5120] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5120] memfd_create("syzkaller", 0) = 3
[pid 5120] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5120] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5120] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5120] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5120] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5120] close(3) = 0
[pid 5120] mkdir("./file0", 0777) = 0
[pid 5120] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5120] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5120] chdir("./file0") = 0
[pid 5120] ioctl(4, LOOP_CLR_FD) = 0
[pid 5120] close(4) = 0
[pid 5120] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5120] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5120] write(5, "12", 2) = 2
[ 73.786968][ T5120] loop0: detected capacity change from 0 to 4096
[ 73.802494][ T5120] ntfs: volume version 3.1.
[ 73.833544][ T5120] FAULT_INJECTION: forcing a failure.
[ 73.833544][ T5120] name failslab, interval 1, probability 0, space 0, times 0
[ 73.846682][ T5120] CPU: 0 PID: 5120 Comm: syz-executor678 Not tainted 6.3.0-rc2-syzkaller-00077-g38e04b3e4240 #0
[ 73.857132][ T5120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 73.867230][ T5120] Call Trace:
[ 73.870545][ T5120]
[ 73.873481][ T5120] dump_stack_lvl+0x1e7/0x2d0
[ 73.878174][ T5120] ? nf_tcp_handle_invalid+0x650/0x650
[ 73.883643][ T5120] ? panic+0x770/0x770
[ 73.887730][ T5120] ? __might_sleep+0xc0/0xc0
[ 73.892354][ T5120] should_fail_ex+0x3aa/0x4e0
[ 73.897048][ T5120] should_failslab+0x9/0x20
[ 73.901555][ T5120] slab_pre_alloc_hook+0x59/0x2b0
[ 73.906611][ T5120] ? do_read_cache_page+0xf7/0x230
[ 73.911767][ T5120] kmem_cache_alloc+0x52/0x2e0
[ 73.916540][ T5120] ? ntfs_attr_get_search_ctx+0x51/0x180
[ 73.922193][ T5120] ntfs_attr_get_search_ctx+0x51/0x180
[ 73.927663][ T5120] __ntfs_write_inode+0x128/0xbb0
[ 73.932706][ T5120] ntfs_file_fsync+0x15e/0x2d0
[ 73.937476][ T5120] ntfs_file_write_iter+0x12e4/0x1a00
[ 73.942878][ T5120] vfs_write+0x7b2/0xbb0
[ 73.947137][ T5120] ? file_end_write+0x250/0x250
[ 73.952091][ T5120] ? lockdep_hardirqs_on+0x98/0x140
[ 73.957302][ T5120] ? __fdget_pos+0x265/0x2f0
[ 73.961933][ T5120] ksys_write+0x1a0/0x2c0
[ 73.966299][ T5120] ? __ia32_sys_read+0x90/0x90
[ 73.971082][ T5120] ? syscall_enter_from_user_mode+0x32/0x260
[ 73.977604][ T5120] ? syscall_enter_from_user_mode+0x8c/0x260
[ 73.983605][ T5120] do_syscall_64+0x41/0xc0
[ 73.988039][ T5120] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 73.993945][ T5120] RIP: 0033:0x7f1b3d01dba9
[ 73.998367][ T5120] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 74.017975][ T5120] RSP: 002b:00007ffe44a89ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 74.026396][ T5120] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1b3d01dba9
[pid 5120] write(4, "t", 1) = -1 ENOMEM (Cannot allocate memory)
[pid 5120] exit_group(0) = ?
[pid 5120] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5120, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./48/binderfs") = 0
umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
[ 74.034373][ T5120] RDX: 0000000000000001 RSI: 0000000020004200 RDI: 0000000000000004
[ 74.042348][ T5120] RBP: 00007ffe44a89f20 R08: 0000000000000002 R09: 00007ffe44a89f30
[ 74.050493][ T5120] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 74.058470][ T5120] R13: 00007ffe44a89f60 R14: 00007ffe44a89f40 R15: 0000000000000030
[ 74.066567][ T5120]
rmdir("./48/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./48") = 0
mkdir("./49", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5121 attached
, child_tidptr=0x5555562c75d0) = 5121
[pid 5121] chdir("./49") = 0
[pid 5121] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5121] setpgid(0, 0) = 0
[pid 5121] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5121] write(3, "1000", 4) = 4
[pid 5121] close(3) = 0
[pid 5121] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5121] memfd_create("syzkaller", 0) = 3
[pid 5121] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5121] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5121] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5121] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5121] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5121] close(3) = 0
[pid 5121] mkdir("./file0", 0777) = 0
[pid 5121] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5121] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5121] chdir("./file0") = 0
[pid 5121] ioctl(4, LOOP_CLR_FD) = 0
[pid 5121] close(4) = 0
[pid 5121] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5121] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5121] write(5, "12", 2) = 2
[ 74.174972][ T5121] loop0: detected capacity change from 0 to 4096
[ 74.190324][ T5121] ntfs: volume version 3.1.
[ 74.218735][ T5121] FAULT_INJECTION: forcing a failure.
[ 74.218735][ T5121] name failslab, interval 1, probability 0, space 0, times 0
[ 74.231626][ T5121] CPU: 0 PID: 5121 Comm: syz-executor678 Not tainted 6.3.0-rc2-syzkaller-00077-g38e04b3e4240 #0
[ 74.242083][ T5121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 74.252253][ T5121] Call Trace:
[ 74.255565][ T5121]
[ 74.258495][ T5121] dump_stack_lvl+0x1e7/0x2d0
[ 74.263194][ T5121] ? nf_tcp_handle_invalid+0x650/0x650
[ 74.268663][ T5121] ? panic+0x770/0x770
[ 74.272735][ T5121] ? __might_sleep+0xc0/0xc0
[ 74.277334][ T5121] should_fail_ex+0x3aa/0x4e0
[ 74.282032][ T5121] should_failslab+0x9/0x20
[ 74.286556][ T5121] slab_pre_alloc_hook+0x59/0x2b0
[ 74.291621][ T5121] ? do_read_cache_page+0xf7/0x230
[ 74.296762][ T5121] kmem_cache_alloc+0x52/0x2e0
[ 74.301586][ T5121] ? ntfs_attr_get_search_ctx+0x51/0x180
[ 74.307241][ T5121] ntfs_attr_get_search_ctx+0x51/0x180
[ 74.312725][ T5121] __ntfs_write_inode+0x128/0xbb0
[ 74.317783][ T5121] ntfs_file_fsync+0x15e/0x2d0
[ 74.322570][ T5121] ntfs_file_write_iter+0x12e4/0x1a00
[ 74.327997][ T5121] vfs_write+0x7b2/0xbb0
[ 74.332292][ T5121] ? file_end_write+0x250/0x250
[ 74.337186][ T5121] ? lockdep_hardirqs_on+0x98/0x140
[ 74.342405][ T5121] ? __fdget_pos+0x265/0x2f0
[ 74.347048][ T5121] ksys_write+0x1a0/0x2c0
[ 74.351402][ T5121] ? __ia32_sys_read+0x90/0x90
[ 74.356180][ T5121] ? syscall_enter_from_user_mode+0x32/0x260
[ 74.362170][ T5121] ? syscall_enter_from_user_mode+0x8c/0x260
[ 74.368164][ T5121] do_syscall_64+0x41/0xc0
[ 74.372632][ T5121] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 74.378534][ T5121] RIP: 0033:0x7f1b3d01dba9
[ 74.382956][ T5121] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 74.402573][ T5121] RSP: 002b:00007ffe44a89ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 74.411022][ T5121] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1b3d01dba9
[pid 5121] write(4, "t", 1) = -1 ENOMEM (Cannot allocate memory)
[pid 5121] exit_group(0) = ?
[pid 5121] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5121, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./49/binderfs") = 0
umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./49/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./49") = 0
mkdir("./50", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[ 74.419024][ T5121] RDX: 0000000000000001 RSI: 0000000020004200 RDI: 0000000000000004
[ 74.427015][ T5121] RBP: 00007ffe44a89f20 R08: 0000000000000002 R09: 00007ffe44a89f30
[ 74.434990][ T5121] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 74.442972][ T5121] R13: 00007ffe44a89f60 R14: 00007ffe44a89f40 R15: 0000000000000031
[ 74.450978][ T5121]
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5122
./strace-static-x86_64: Process 5122 attached
[pid 5122] chdir("./50") = 0
[pid 5122] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5122] setpgid(0, 0) = 0
[pid 5122] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5122] write(3, "1000", 4) = 4
[pid 5122] close(3) = 0
[pid 5122] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5122] memfd_create("syzkaller", 0) = 3
[pid 5122] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5122] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5122] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5122] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5122] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5122] close(3) = 0
[pid 5122] mkdir("./file0", 0777) = 0
[pid 5122] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5122] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5122] chdir("./file0") = 0
[pid 5122] ioctl(4, LOOP_CLR_FD) = 0
[pid 5122] close(4) = 0
[pid 5122] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5122] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5122] write(5, "12", 2) = 2
[pid 5122] write(4, "t", 1) = 1
[pid 5122] exit_group(0) = ?
[pid 5122] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5122, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./50/binderfs") = 0
umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[ 74.540441][ T5122] loop0: detected capacity change from 0 to 4096
[ 74.556615][ T5122] ntfs: volume version 3.1.
umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./50/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./50") = 0
mkdir("./51", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5123
./strace-static-x86_64: Process 5123 attached
[pid 5123] chdir("./51") = 0
[pid 5123] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5123] setpgid(0, 0) = 0
[pid 5123] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5123] write(3, "1000", 4) = 4
[pid 5123] close(3) = 0
[pid 5123] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5123] memfd_create("syzkaller", 0) = 3
[pid 5123] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5123] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5123] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5123] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5123] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5123] close(3) = 0
[pid 5123] mkdir("./file0", 0777) = 0
[ 74.652266][ T5123] loop0: detected capacity change from 0 to 4096
[ 74.662208][ T5123] __ntfs_warning: 332 callbacks suppressed
[ 74.662220][ T5123] ntfs: (device loop0): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel.
[ 74.688847][ T5123] ntfs: (device loop0): read_ntfs_boot_sector(): Primary boot sector is invalid.
[ 74.698511][ T5123] ntfs: (device loop0): read_ntfs_boot_sector(): Hot-fix: Recovering invalid primary boot sector from backup copy.
[ 74.714012][ T5123] ntfs: (device loop0): ntfs_mapping_pairs_decompress(): Corrupt attribute.
[ 74.722719][ T5123] ntfs: (device loop0): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5).
[ 74.742720][ T5123] ntfs: (device loop0): ntfs_mapping_pairs_decompress(): Corrupt attribute.
[ 74.751504][ T5123] ntfs: (device loop0): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x0, offset 0x200 because its location on disk could not be determined even after retrying (error code -5).
[ 74.771659][ T5123] ntfs: (device loop0): ntfs_mapping_pairs_decompress(): Corrupt attribute.
[ 74.780373][ T5123] ntfs: (device loop0): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x1, offset 0x0 because its location on disk could not be determined even after retrying (error code -5).
[pid 5123] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5123] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5123] chdir("./file0") = 0
[pid 5123] ioctl(4, LOOP_CLR_FD) = 0
[pid 5123] close(4) = 0
[pid 5123] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5123] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5123] write(5, "12", 2) = 2
[ 74.800389][ T5123] ntfs: (device loop0): ntfs_mapping_pairs_decompress(): Corrupt attribute.
[ 74.810837][ T5123] ntfs: volume version 3.1.
[ 74.851716][ T5123] FAULT_INJECTION: forcing a failure.
[ 74.851716][ T5123] name failslab, interval 1, probability 0, space 0, times 0
[ 74.864456][ T5123] CPU: 0 PID: 5123 Comm: syz-executor678 Not tainted 6.3.0-rc2-syzkaller-00077-g38e04b3e4240 #0
[ 74.874888][ T5123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 74.885461][ T5123] Call Trace:
[ 74.888754][ T5123]
[ 74.891701][ T5123] dump_stack_lvl+0x1e7/0x2d0
[ 74.896404][ T5123] ? nf_tcp_handle_invalid+0x650/0x650
[ 74.901874][ T5123] ? panic+0x770/0x770
[ 74.905950][ T5123] ? __might_sleep+0xc0/0xc0
[ 74.910551][ T5123] should_fail_ex+0x3aa/0x4e0
[ 74.915341][ T5123] should_failslab+0x9/0x20
[ 74.919864][ T5123] slab_pre_alloc_hook+0x59/0x2b0
[ 74.924899][ T5123] ? do_read_cache_page+0xf7/0x230
[ 74.930105][ T5123] kmem_cache_alloc+0x52/0x2e0
[ 74.934890][ T5123] ? ntfs_attr_get_search_ctx+0x51/0x180
[ 74.940545][ T5123] ntfs_attr_get_search_ctx+0x51/0x180
[ 74.946028][ T5123] __ntfs_write_inode+0x128/0xbb0
[ 74.951071][ T5123] ntfs_file_fsync+0x15e/0x2d0
[ 74.955849][ T5123] ntfs_file_write_iter+0x12e4/0x1a00
[ 74.961257][ T5123] vfs_write+0x7b2/0xbb0
[ 74.965559][ T5123] ? file_end_write+0x250/0x250
[ 74.970433][ T5123] ? lockdep_hardirqs_on+0x98/0x140
[ 74.975730][ T5123] ? __fdget_pos+0x265/0x2f0
[ 74.980429][ T5123] ksys_write+0x1a0/0x2c0
[ 74.984783][ T5123] ? __ia32_sys_read+0x90/0x90
[ 74.989580][ T5123] ? syscall_enter_from_user_mode+0x32/0x260
[ 74.995580][ T5123] ? syscall_enter_from_user_mode+0x8c/0x260
[ 75.001569][ T5123] do_syscall_64+0x41/0xc0
[ 75.006000][ T5123] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 75.011906][ T5123] RIP: 0033:0x7f1b3d01dba9
[ 75.016327][ T5123] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 75.035960][ T5123] RSP: 002b:00007ffe44a89ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 75.044396][ T5123] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1b3d01dba9
[pid 5123] write(4, "t", 1) = -1 ENOMEM (Cannot allocate memory)
[pid 5123] exit_group(0) = ?
[pid 5123] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5123, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} ---
umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./51/binderfs") = 0
umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./51/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./51") = 0
[ 75.052380][ T5123] RDX: 0000000000000001 RSI: 0000000020004200 RDI: 0000000000000004
[ 75.060365][ T5123] RBP: 00007ffe44a89f20 R08: 0000000000000002 R09: 00007ffe44a89f30
[ 75.068360][ T5123] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 75.076351][ T5123] R13: 00007ffe44a89f60 R14: 00007ffe44a89f40 R15: 0000000000000033
[ 75.084348][ T5123]
mkdir("./52", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5124
./strace-static-x86_64: Process 5124 attached
[pid 5124] chdir("./52") = 0
[pid 5124] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5124] setpgid(0, 0) = 0
[pid 5124] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5124] write(3, "1000", 4) = 4
[pid 5124] close(3) = 0
[pid 5124] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5124] memfd_create("syzkaller", 0) = 3
[pid 5124] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5124] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5124] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5124] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5124] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5124] close(3) = 0
[pid 5124] mkdir("./file0", 0777) = 0
[pid 5124] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5124] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5124] chdir("./file0") = 0
[pid 5124] ioctl(4, LOOP_CLR_FD) = 0
[pid 5124] close(4) = 0
[pid 5124] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5124] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5124] write(5, "12", 2) = 2
[ 75.188306][ T5124] loop0: detected capacity change from 0 to 4096
[ 75.205364][ T5124] ntfs: volume version 3.1.
[ 75.228045][ T5124] FAULT_INJECTION: forcing a failure.
[ 75.228045][ T5124] name failslab, interval 1, probability 0, space 0, times 0
[ 75.240923][ T5124] CPU: 1 PID: 5124 Comm: syz-executor678 Not tainted 6.3.0-rc2-syzkaller-00077-g38e04b3e4240 #0
[ 75.251382][ T5124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 75.261548][ T5124] Call Trace:
[ 75.264835][ T5124]
[ 75.267779][ T5124] dump_stack_lvl+0x1e7/0x2d0
[ 75.272474][ T5124] ? nf_tcp_handle_invalid+0x650/0x650
[ 75.277946][ T5124] ? panic+0x770/0x770
[ 75.282031][ T5124] ? __might_sleep+0xc0/0xc0
[ 75.286633][ T5124] should_fail_ex+0x3aa/0x4e0
[ 75.291330][ T5124] should_failslab+0x9/0x20
[ 75.295840][ T5124] slab_pre_alloc_hook+0x59/0x2b0
[ 75.300886][ T5124] ? do_read_cache_page+0xf7/0x230
[ 75.306038][ T5124] kmem_cache_alloc+0x52/0x2e0
[ 75.310828][ T5124] ? ntfs_attr_get_search_ctx+0x51/0x180
[ 75.316525][ T5124] ntfs_attr_get_search_ctx+0x51/0x180
[ 75.321997][ T5124] __ntfs_write_inode+0x128/0xbb0
[ 75.327042][ T5124] ntfs_file_fsync+0x15e/0x2d0
[ 75.331831][ T5124] ntfs_file_write_iter+0x12e4/0x1a00
[ 75.337228][ T5124] vfs_write+0x7b2/0xbb0
[ 75.341489][ T5124] ? file_end_write+0x250/0x250
[ 75.346395][ T5124] ? lockdep_hardirqs_on+0x98/0x140
[ 75.351621][ T5124] ? __fdget_pos+0x265/0x2f0
[ 75.356257][ T5124] ksys_write+0x1a0/0x2c0
[ 75.360615][ T5124] ? __ia32_sys_read+0x90/0x90
[ 75.365394][ T5124] ? syscall_enter_from_user_mode+0x32/0x260
[ 75.371398][ T5124] ? syscall_enter_from_user_mode+0x8c/0x260
[ 75.377394][ T5124] do_syscall_64+0x41/0xc0
[ 75.381849][ T5124] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 75.387767][ T5124] RIP: 0033:0x7f1b3d01dba9
[ 75.392191][ T5124] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 75.411821][ T5124] RSP: 002b:00007ffe44a89ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 75.420277][ T5124] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1b3d01dba9
[ 75.428265][ T5124] RDX: 0000000000000001 RSI: 0000000020004200 RDI: 0000000000000004
[pid 5124] write(4, "t", 1) = -1 ENOMEM (Cannot allocate memory)
[pid 5124] exit_group(0) = ?
[pid 5124] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5124, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} ---
umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./52/binderfs") = 0
umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
[ 75.436253][ T5124] RBP: 00007ffe44a89f20 R08: 0000000000000002 R09: 00007ffe44a89f30
[ 75.444234][ T5124] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 75.452309][ T5124] R13: 00007ffe44a89f60 R14: 00007ffe44a89f40 R15: 0000000000000034
[ 75.460319][ T5124]
rmdir("./52/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./52") = 0
mkdir("./53", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5125 attached
, child_tidptr=0x5555562c75d0) = 5125
[pid 5125] chdir("./53") = 0
[pid 5125] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5125] setpgid(0, 0) = 0
[pid 5125] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5125] write(3, "1000", 4) = 4
[pid 5125] close(3) = 0
[pid 5125] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5125] memfd_create("syzkaller", 0) = 3
[pid 5125] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5125] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5125] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5125] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5125] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5125] close(3) = 0
[pid 5125] mkdir("./file0", 0777) = 0
[pid 5125] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5125] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5125] chdir("./file0") = 0
[pid 5125] ioctl(4, LOOP_CLR_FD) = 0
[pid 5125] close(4) = 0
[ 75.565103][ T5125] loop0: detected capacity change from 0 to 4096
[ 75.580104][ T5125] ntfs: volume version 3.1.
[pid 5125] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5125] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5125] write(5, "12", 2) = 2
[pid 5125] write(4, "t", 1) = 1
[pid 5125] exit_group(0) = ?
[pid 5125] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5125, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./53/binderfs") = 0
umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./53/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./53") = 0
mkdir("./54", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5126
./strace-static-x86_64: Process 5126 attached
[pid 5126] chdir("./54") = 0
[pid 5126] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5126] setpgid(0, 0) = 0
[pid 5126] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5126] write(3, "1000", 4) = 4
[pid 5126] close(3) = 0
[pid 5126] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5126] memfd_create("syzkaller", 0) = 3
[pid 5126] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5126] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5126] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5126] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5126] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5126] close(3) = 0
[pid 5126] mkdir("./file0", 0777) = 0
[pid 5126] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5126] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5126] chdir("./file0") = 0
[pid 5126] ioctl(4, LOOP_CLR_FD) = 0
[pid 5126] close(4) = 0
[pid 5126] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5126] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5126] write(5, "12", 2) = 2
[ 75.727265][ T5126] loop0: detected capacity change from 0 to 4096
[ 75.744117][ T5126] ntfs: volume version 3.1.
[ 75.768578][ T5126] FAULT_INJECTION: forcing a failure.
[ 75.768578][ T5126] name failslab, interval 1, probability 0, space 0, times 0
[ 75.781367][ T5126] CPU: 1 PID: 5126 Comm: syz-executor678 Not tainted 6.3.0-rc2-syzkaller-00077-g38e04b3e4240 #0
[ 75.791810][ T5126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 75.801959][ T5126] Call Trace:
[ 75.805252][ T5126]
[ 75.808215][ T5126] dump_stack_lvl+0x1e7/0x2d0
[ 75.812942][ T5126] ? nf_tcp_handle_invalid+0x650/0x650
[ 75.818425][ T5126] ? panic+0x770/0x770
[ 75.822541][ T5126] ? __might_sleep+0xc0/0xc0
[ 75.827155][ T5126] should_fail_ex+0x3aa/0x4e0
[ 75.831876][ T5126] should_failslab+0x9/0x20
[ 75.836389][ T5126] slab_pre_alloc_hook+0x59/0x2b0
[ 75.841429][ T5126] ? do_read_cache_page+0xf7/0x230
[ 75.846572][ T5126] kmem_cache_alloc+0x52/0x2e0
[ 75.851365][ T5126] ? ntfs_attr_get_search_ctx+0x51/0x180
[ 75.857023][ T5126] ntfs_attr_get_search_ctx+0x51/0x180
[ 75.862489][ T5126] __ntfs_write_inode+0x128/0xbb0
[ 75.867546][ T5126] ntfs_file_fsync+0x15e/0x2d0
[ 75.872319][ T5126] ntfs_file_write_iter+0x12e4/0x1a00
[ 75.877734][ T5126] vfs_write+0x7b2/0xbb0
[ 75.882031][ T5126] ? file_end_write+0x250/0x250
[ 75.886915][ T5126] ? lockdep_hardirqs_on+0x98/0x140
[ 75.892134][ T5126] ? __fdget_pos+0x265/0x2f0
[ 75.896750][ T5126] ksys_write+0x1a0/0x2c0
[ 75.901110][ T5126] ? __ia32_sys_read+0x90/0x90
[ 75.905885][ T5126] ? syscall_enter_from_user_mode+0x32/0x260
[ 75.911888][ T5126] ? syscall_enter_from_user_mode+0x8c/0x260
[ 75.917996][ T5126] do_syscall_64+0x41/0xc0
[ 75.922447][ T5126] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 75.928348][ T5126] RIP: 0033:0x7f1b3d01dba9
[ 75.932763][ T5126] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 75.952404][ T5126] RSP: 002b:00007ffe44a89ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 75.960827][ T5126] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1b3d01dba9
[pid 5126] write(4, "t", 1) = -1 ENOMEM (Cannot allocate memory)
[pid 5126] exit_group(0) = ?
[pid 5126] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5126, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./54/binderfs") = 0
umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./54/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./54") = 0
mkdir("./55", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5127
./strace-static-x86_64: Process 5127 attached
[pid 5127] chdir("./55") = 0
[pid 5127] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5127] setpgid(0, 0) = 0
[pid 5127] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5127] write(3, "1000", 4) = 4
[pid 5127] close(3) = 0
[pid 5127] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5127] memfd_create("syzkaller", 0) = 3
[pid 5127] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[ 75.968813][ T5126] RDX: 0000000000000001 RSI: 0000000020004200 RDI: 0000000000000004
[ 75.976875][ T5126] RBP: 00007ffe44a89f20 R08: 0000000000000002 R09: 00007ffe44a89f30
[ 75.984860][ T5126] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 75.992855][ T5126] R13: 00007ffe44a89f60 R14: 00007ffe44a89f40 R15: 0000000000000036
[ 76.000843][ T5126]
[pid 5127] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5127] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5127] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5127] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5127] close(3) = 0
[pid 5127] mkdir("./file0", 0777) = 0
[pid 5127] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5127] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5127] chdir("./file0") = 0
[pid 5127] ioctl(4, LOOP_CLR_FD) = 0
[pid 5127] close(4) = 0
[pid 5127] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5127] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5127] write(5, "12", 2) = 2
[pid 5127] write(4, "t", 1) = 1
[pid 5127] exit_group(0) = ?
[pid 5127] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5127, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
[ 76.080857][ T5127] loop0: detected capacity change from 0 to 4096
[ 76.096833][ T5127] ntfs: volume version 3.1.
umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./55/binderfs") = 0
umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./55/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./55") = 0
mkdir("./56", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5128
./strace-static-x86_64: Process 5128 attached
[pid 5128] chdir("./56") = 0
[pid 5128] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5128] setpgid(0, 0) = 0
[pid 5128] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5128] write(3, "1000", 4) = 4
[pid 5128] close(3) = 0
[pid 5128] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5128] memfd_create("syzkaller", 0) = 3
[pid 5128] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5128] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5128] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5128] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5128] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5128] close(3) = 0
[pid 5128] mkdir("./file0", 0777) = 0
[pid 5128] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5128] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5128] chdir("./file0") = 0
[pid 5128] ioctl(4, LOOP_CLR_FD) = 0
[ 76.262652][ T5128] loop0: detected capacity change from 0 to 4096
[ 76.282545][ T5128] ntfs: volume version 3.1.
[pid 5128] close(4) = 0
[pid 5128] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5128] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5128] write(5, "12", 2) = 2
[ 76.345808][ T5128] FAULT_INJECTION: forcing a failure.
[ 76.345808][ T5128] name failslab, interval 1, probability 0, space 0, times 0
[ 76.358617][ T5128] CPU: 0 PID: 5128 Comm: syz-executor678 Not tainted 6.3.0-rc2-syzkaller-00077-g38e04b3e4240 #0
[ 76.369072][ T5128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 76.379146][ T5128] Call Trace:
[ 76.382442][ T5128]
[ 76.385392][ T5128] dump_stack_lvl+0x1e7/0x2d0
[ 76.390118][ T5128] ? nf_tcp_handle_invalid+0x650/0x650
[ 76.395612][ T5128] ? panic+0x770/0x770
[ 76.399718][ T5128] ? __might_sleep+0xc0/0xc0
[ 76.404335][ T5128] should_fail_ex+0x3aa/0x4e0
[ 76.409058][ T5128] should_failslab+0x9/0x20
[ 76.413592][ T5128] slab_pre_alloc_hook+0x59/0x2b0
[ 76.418652][ T5128] ? do_read_cache_page+0xf7/0x230
[ 76.423801][ T5128] kmem_cache_alloc+0x52/0x2e0
[ 76.428612][ T5128] ? ntfs_attr_get_search_ctx+0x51/0x180
[ 76.434284][ T5128] ntfs_attr_get_search_ctx+0x51/0x180
[ 76.439771][ T5128] __ntfs_write_inode+0x128/0xbb0
[ 76.444847][ T5128] ntfs_file_fsync+0x15e/0x2d0
[ 76.449690][ T5128] ntfs_file_write_iter+0x12e4/0x1a00
[ 76.455125][ T5128] vfs_write+0x7b2/0xbb0
[ 76.459435][ T5128] ? file_end_write+0x250/0x250
[ 76.464328][ T5128] ? lockdep_hardirqs_on+0x98/0x140
[ 76.469541][ T5128] ? __fdget_pos+0x265/0x2f0
[ 76.474150][ T5128] ksys_write+0x1a0/0x2c0
[ 76.478513][ T5128] ? __ia32_sys_read+0x90/0x90
[ 76.483312][ T5128] ? syscall_enter_from_user_mode+0x32/0x260
[ 76.489308][ T5128] ? syscall_enter_from_user_mode+0x8c/0x260
[ 76.495311][ T5128] do_syscall_64+0x41/0xc0
[ 76.499744][ T5128] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 76.505668][ T5128] RIP: 0033:0x7f1b3d01dba9
[ 76.512780][ T5128] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 76.532392][ T5128] RSP: 002b:00007ffe44a89ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 5128] write(4, "t", 1) = -1 ENOMEM (Cannot allocate memory)
[pid 5128] exit_group(0) = ?
[pid 5128] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5128, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} ---
umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./56/binderfs") = 0
[ 76.540818][ T5128] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1b3d01dba9
[ 76.548794][ T5128] RDX: 0000000000000001 RSI: 0000000020004200 RDI: 0000000000000004
[ 76.556777][ T5128] RBP: 00007ffe44a89f20 R08: 0000000000000002 R09: 00007ffe44a89f30
[ 76.564756][ T5128] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 76.572729][ T5128] R13: 00007ffe44a89f60 R14: 00007ffe44a89f40 R15: 0000000000000038
[ 76.580732][ T5128]
umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./56/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./56") = 0
mkdir("./57", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5129
./strace-static-x86_64: Process 5129 attached
[pid 5129] chdir("./57") = 0
[pid 5129] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5129] setpgid(0, 0) = 0
[pid 5129] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5129] write(3, "1000", 4) = 4
[pid 5129] close(3) = 0
[pid 5129] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5129] memfd_create("syzkaller", 0) = 3
[pid 5129] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5129] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5129] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5129] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5129] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5129] close(3) = 0
[pid 5129] mkdir("./file0", 0777) = 0
[ 76.762088][ T5129] loop0: detected capacity change from 0 to 4096
[pid 5129] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5129] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5129] chdir("./file0") = 0
[pid 5129] ioctl(4, LOOP_CLR_FD) = 0
[pid 5129] close(4) = 0
[pid 5129] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5129] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5129] write(5, "12", 2) = 2
[ 76.804176][ T5129] ntfs: volume version 3.1.
[ 76.836224][ T5129] FAULT_INJECTION: forcing a failure.
[ 76.836224][ T5129] name failslab, interval 1, probability 0, space 0, times 0
[ 76.880615][ T5129] CPU: 0 PID: 5129 Comm: syz-executor678 Not tainted 6.3.0-rc2-syzkaller-00077-g38e04b3e4240 #0
[ 76.891109][ T5129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 76.901185][ T5129] Call Trace:
[ 76.904482][ T5129]
[ 76.907407][ T5129] dump_stack_lvl+0x1e7/0x2d0
[ 76.912087][ T5129] ? nf_tcp_handle_invalid+0x650/0x650
[ 76.917546][ T5129] ? panic+0x770/0x770
[ 76.921620][ T5129] ? __might_sleep+0xc0/0xc0
[ 76.926216][ T5129] should_fail_ex+0x3aa/0x4e0
[ 76.930905][ T5129] should_failslab+0x9/0x20
[ 76.935417][ T5129] slab_pre_alloc_hook+0x59/0x2b0
[ 76.940456][ T5129] ? do_read_cache_page+0xf7/0x230
[ 76.945583][ T5129] kmem_cache_alloc+0x52/0x2e0
[ 76.950366][ T5129] ? ntfs_attr_get_search_ctx+0x51/0x180
[ 76.956015][ T5129] ntfs_attr_get_search_ctx+0x51/0x180
[ 76.961508][ T5129] __ntfs_write_inode+0x128/0xbb0
[ 76.966562][ T5129] ntfs_file_fsync+0x15e/0x2d0
[ 76.971340][ T5129] ntfs_file_write_iter+0x12e4/0x1a00
[ 76.976744][ T5129] vfs_write+0x7b2/0xbb0
[ 76.981009][ T5129] ? file_end_write+0x250/0x250
[ 76.985886][ T5129] ? lockdep_hardirqs_on+0x98/0x140
[ 76.991095][ T5129] ? __fdget_pos+0x265/0x2f0
[ 76.995702][ T5129] ksys_write+0x1a0/0x2c0
[ 77.000048][ T5129] ? __ia32_sys_read+0x90/0x90
[ 77.004825][ T5129] ? syscall_enter_from_user_mode+0x32/0x260
[ 77.010817][ T5129] ? syscall_enter_from_user_mode+0x8c/0x260
[ 77.016804][ T5129] do_syscall_64+0x41/0xc0
[ 77.021248][ T5129] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 77.027150][ T5129] RIP: 0033:0x7f1b3d01dba9
[ 77.031573][ T5129] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 77.051178][ T5129] RSP: 002b:00007ffe44a89ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 77.059597][ T5129] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1b3d01dba9
[ 77.067585][ T5129] RDX: 0000000000000001 RSI: 0000000020004200 RDI: 0000000000000004
[pid 5129] write(4, "t", 1) = -1 ENOMEM (Cannot allocate memory)
[pid 5129] exit_group(0) = ?
[pid 5129] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5129, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./57/binderfs") = 0
umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./57/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./57/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./57") = 0
mkdir("./58", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[ 77.075579][ T5129] RBP: 00007ffe44a89f20 R08: 0000000000000002 R09: 00007ffe44a89f30
[ 77.083557][ T5129] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 77.091564][ T5129] R13: 00007ffe44a89f60 R14: 00007ffe44a89f40 R15: 0000000000000039
[ 77.099558][ T5129]
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5130
./strace-static-x86_64: Process 5130 attached
[pid 5130] chdir("./58") = 0
[pid 5130] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5130] setpgid(0, 0) = 0
[pid 5130] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5130] write(3, "1000", 4) = 4
[pid 5130] close(3) = 0
[pid 5130] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5130] memfd_create("syzkaller", 0) = 3
[pid 5130] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5130] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5130] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5130] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5130] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5130] close(3) = 0
[pid 5130] mkdir("./file0", 0777) = 0
[pid 5130] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5130] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5130] chdir("./file0") = 0
[pid 5130] ioctl(4, LOOP_CLR_FD) = 0
[pid 5130] close(4) = 0
[pid 5130] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5130] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5130] write(5, "12", 2) = 2
[ 77.192071][ T5130] loop0: detected capacity change from 0 to 4096
[ 77.207724][ T5130] ntfs: volume version 3.1.
[ 77.241354][ T5130] FAULT_INJECTION: forcing a failure.
[ 77.241354][ T5130] name failslab, interval 1, probability 0, space 0, times 0
[ 77.254702][ T5130] CPU: 0 PID: 5130 Comm: syz-executor678 Not tainted 6.3.0-rc2-syzkaller-00077-g38e04b3e4240 #0
[ 77.265249][ T5130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 77.275330][ T5130] Call Trace:
[ 77.278610][ T5130]
[ 77.281550][ T5130] dump_stack_lvl+0x1e7/0x2d0
[ 77.286239][ T5130] ? nf_tcp_handle_invalid+0x650/0x650
[ 77.291704][ T5130] ? panic+0x770/0x770
[ 77.295778][ T5130] ? __might_sleep+0xc0/0xc0
[ 77.300388][ T5130] should_fail_ex+0x3aa/0x4e0
[ 77.305091][ T5130] should_failslab+0x9/0x20
[ 77.309601][ T5130] slab_pre_alloc_hook+0x59/0x2b0
[ 77.314642][ T5130] ? do_read_cache_page+0xf7/0x230
[ 77.319762][ T5130] kmem_cache_alloc+0x52/0x2e0
[ 77.324552][ T5130] ? ntfs_attr_get_search_ctx+0x51/0x180
[ 77.330215][ T5130] ntfs_attr_get_search_ctx+0x51/0x180
[ 77.335687][ T5130] __ntfs_write_inode+0x128/0xbb0
[ 77.340734][ T5130] ntfs_file_fsync+0x15e/0x2d0
[ 77.345527][ T5130] ntfs_file_write_iter+0x12e4/0x1a00
[ 77.350939][ T5130] vfs_write+0x7b2/0xbb0
[ 77.355194][ T5130] ? file_end_write+0x250/0x250
[ 77.360054][ T5130] ? lockdep_hardirqs_on+0x98/0x140
[ 77.365262][ T5130] ? __fdget_pos+0x265/0x2f0
[ 77.369868][ T5130] ksys_write+0x1a0/0x2c0
[ 77.374392][ T5130] ? __ia32_sys_read+0x90/0x90
[ 77.379168][ T5130] ? syscall_enter_from_user_mode+0x32/0x260
[ 77.385159][ T5130] ? syscall_enter_from_user_mode+0x8c/0x260
[ 77.391148][ T5130] do_syscall_64+0x41/0xc0
[ 77.395601][ T5130] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 77.401505][ T5130] RIP: 0033:0x7f1b3d01dba9
[ 77.405929][ T5130] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 77.425545][ T5130] RSP: 002b:00007ffe44a89ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 77.433974][ T5130] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1b3d01dba9
[pid 5130] write(4, "t", 1) = -1 ENOMEM (Cannot allocate memory)
[pid 5130] exit_group(0) = ?
[pid 5130] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5130, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./58/binderfs") = 0
umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./58/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./58") = 0
mkdir("./59", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5131
./strace-static-x86_64: Process 5131 attached
[pid 5131] chdir("./59") = 0
[ 77.441949][ T5130] RDX: 0000000000000001 RSI: 0000000020004200 RDI: 0000000000000004
[ 77.449923][ T5130] RBP: 00007ffe44a89f20 R08: 0000000000000002 R09: 00007ffe44a89f30
[ 77.457909][ T5130] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 77.465883][ T5130] R13: 00007ffe44a89f60 R14: 00007ffe44a89f40 R15: 000000000000003a
[ 77.473876][ T5130]
[pid 5131] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5131] setpgid(0, 0) = 0
[pid 5131] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5131] write(3, "1000", 4) = 4
[pid 5131] close(3) = 0
[pid 5131] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5131] memfd_create("syzkaller", 0) = 3
[pid 5131] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5131] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5131] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5131] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5131] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5131] close(3) = 0
[pid 5131] mkdir("./file0", 0777) = 0
[pid 5131] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5131] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5131] chdir("./file0") = 0
[pid 5131] ioctl(4, LOOP_CLR_FD) = 0
[pid 5131] close(4) = 0
[pid 5131] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5131] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5131] write(5, "12", 2) = 2
[pid 5131] write(4, "t", 1) = 1
[pid 5131] exit_group(0) = ?
[pid 5131] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5131, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./59/binderfs") = 0
[ 77.567093][ T5131] loop0: detected capacity change from 0 to 4096
[ 77.581738][ T5131] ntfs: volume version 3.1.
umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./59/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./59") = 0
mkdir("./60", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5132
./strace-static-x86_64: Process 5132 attached
[pid 5132] chdir("./60") = 0
[pid 5132] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5132] setpgid(0, 0) = 0
[pid 5132] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5132] write(3, "1000", 4) = 4
[pid 5132] close(3) = 0
[pid 5132] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5132] memfd_create("syzkaller", 0) = 3
[pid 5132] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5132] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5132] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5132] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5132] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5132] close(3) = 0
[pid 5132] mkdir("./file0", 0777) = 0
[pid 5132] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5132] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5132] chdir("./file0") = 0
[pid 5132] ioctl(4, LOOP_CLR_FD) = 0
[pid 5132] close(4) = 0
[pid 5132] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5132] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5132] write(5, "12", 2) = 2
[ 77.713123][ T5132] loop0: detected capacity change from 0 to 4096
[ 77.728321][ T5132] ntfs: volume version 3.1.
[ 77.747562][ T5132] FAULT_INJECTION: forcing a failure.
[ 77.747562][ T5132] name failslab, interval 1, probability 0, space 0, times 0
[ 77.760383][ T5132] CPU: 1 PID: 5132 Comm: syz-executor678 Not tainted 6.3.0-rc2-syzkaller-00077-g38e04b3e4240 #0
[ 77.770831][ T5132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 77.780910][ T5132] Call Trace:
[ 77.784206][ T5132]
[ 77.787165][ T5132] dump_stack_lvl+0x1e7/0x2d0
[ 77.791923][ T5132] ? nf_tcp_handle_invalid+0x650/0x650
[ 77.797412][ T5132] ? panic+0x770/0x770
[ 77.801511][ T5132] ? __might_sleep+0xc0/0xc0
[ 77.806125][ T5132] should_fail_ex+0x3aa/0x4e0
[ 77.810829][ T5132] should_failslab+0x9/0x20
[ 77.815344][ T5132] slab_pre_alloc_hook+0x59/0x2b0
[ 77.820393][ T5132] ? do_read_cache_page+0xf7/0x230
[ 77.825540][ T5132] kmem_cache_alloc+0x52/0x2e0
[ 77.830369][ T5132] ? ntfs_attr_get_search_ctx+0x51/0x180
[ 77.836030][ T5132] ntfs_attr_get_search_ctx+0x51/0x180
[ 77.841512][ T5132] __ntfs_write_inode+0x128/0xbb0
[ 77.846565][ T5132] ntfs_file_fsync+0x15e/0x2d0
[ 77.851354][ T5132] ntfs_file_write_iter+0x12e4/0x1a00
[ 77.856782][ T5132] vfs_write+0x7b2/0xbb0
[ 77.861037][ T5132] ? file_end_write+0x250/0x250
[ 77.865923][ T5132] ? lockdep_hardirqs_on+0x98/0x140
[ 77.871130][ T5132] ? __fdget_pos+0x265/0x2f0
[ 77.875736][ T5132] ksys_write+0x1a0/0x2c0
[ 77.880082][ T5132] ? __ia32_sys_read+0x90/0x90
[ 77.884856][ T5132] ? syscall_enter_from_user_mode+0x32/0x260
[ 77.890857][ T5132] ? syscall_enter_from_user_mode+0x8c/0x260
[ 77.896848][ T5132] do_syscall_64+0x41/0xc0
[ 77.901274][ T5132] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 77.907173][ T5132] RIP: 0033:0x7f1b3d01dba9
[ 77.911591][ T5132] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 77.931200][ T5132] RSP: 002b:00007ffe44a89ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 77.939636][ T5132] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1b3d01dba9
[ 77.947613][ T5132] RDX: 0000000000000001 RSI: 0000000020004200 RDI: 0000000000000004
[ 77.955600][ T5132] RBP: 00007ffe44a89f20 R08: 0000000000000002 R09: 00007ffe44a89f30
[pid 5132] write(4, "t", 1) = -1 ENOMEM (Cannot allocate memory)
[pid 5132] exit_group(0) = ?
[pid 5132] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5132, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} ---
umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./60/binderfs") = 0
umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./60/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./60") = 0
mkdir("./61", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5133
./strace-static-x86_64: Process 5133 attached
[ 77.963577][ T5132] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 77.971554][ T5132] R13: 00007ffe44a89f60 R14: 00007ffe44a89f40 R15: 000000000000003c
[ 77.979561][ T5132]
[pid 5133] chdir("./61") = 0
[pid 5133] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5133] setpgid(0, 0) = 0
[pid 5133] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5133] write(3, "1000", 4) = 4
[pid 5133] close(3) = 0
[pid 5133] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5133] memfd_create("syzkaller", 0) = 3
[pid 5133] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5133] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5133] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5133] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5133] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5133] close(3) = 0
[pid 5133] mkdir("./file0", 0777) = 0
[pid 5133] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5133] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5133] chdir("./file0") = 0
[pid 5133] ioctl(4, LOOP_CLR_FD) = 0
[pid 5133] close(4) = 0
[pid 5133] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5133] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5133] write(5, "12", 2) = 2
[pid 5133] write(4, "t", 1) = 1
[pid 5133] exit_group(0) = ?
[pid 5133] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5133, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./61/binderfs") = 0
[ 78.075349][ T5133] loop0: detected capacity change from 0 to 4096
[ 78.090423][ T5133] ntfs: volume version 3.1.
umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./61/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./61/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./61") = 0
mkdir("./62", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5134
./strace-static-x86_64: Process 5134 attached
[pid 5134] chdir("./62") = 0
[pid 5134] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5134] setpgid(0, 0) = 0
[pid 5134] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5134] write(3, "1000", 4) = 4
[pid 5134] close(3) = 0
[pid 5134] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5134] memfd_create("syzkaller", 0) = 3
[pid 5134] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5134] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5134] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5134] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5134] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5134] close(3) = 0
[pid 5134] mkdir("./file0", 0777) = 0
[pid 5134] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5134] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5134] chdir("./file0") = 0
[pid 5134] ioctl(4, LOOP_CLR_FD) = 0
[pid 5134] close(4) = 0
[pid 5134] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5134] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5134] write(5, "12", 2) = 2
[pid 5134] write(4, "t", 1) = 1
[pid 5134] exit_group(0) = ?
[pid 5134] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5134, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./62/binderfs") = 0
[ 78.211572][ T5134] loop0: detected capacity change from 0 to 4096
[ 78.227872][ T5134] ntfs: volume version 3.1.
umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./62/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./62/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./62") = 0
mkdir("./63", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5135 attached
, child_tidptr=0x5555562c75d0) = 5135
[pid 5135] chdir("./63") = 0
[pid 5135] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5135] setpgid(0, 0) = 0
[pid 5135] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5135] write(3, "1000", 4) = 4
[pid 5135] close(3) = 0
[pid 5135] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5135] memfd_create("syzkaller", 0) = 3
[pid 5135] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5135] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5135] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5135] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5135] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5135] close(3) = 0
[pid 5135] mkdir("./file0", 0777) = 0
[pid 5135] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5135] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5135] chdir("./file0") = 0
[pid 5135] ioctl(4, LOOP_CLR_FD) = 0
[pid 5135] close(4) = 0
[pid 5135] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5135] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5135] write(5, "12", 2) = 2
[ 78.363702][ T5135] loop0: detected capacity change from 0 to 4096
[ 78.380251][ T5135] ntfs: volume version 3.1.
[ 78.403141][ T5135] FAULT_INJECTION: forcing a failure.
[ 78.403141][ T5135] name failslab, interval 1, probability 0, space 0, times 0
[ 78.416410][ T5135] CPU: 1 PID: 5135 Comm: syz-executor678 Not tainted 6.3.0-rc2-syzkaller-00077-g38e04b3e4240 #0
[ 78.426859][ T5135] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 78.436926][ T5135] Call Trace:
[ 78.440209][ T5135]
[ 78.443143][ T5135] dump_stack_lvl+0x1e7/0x2d0
[ 78.447842][ T5135] ? nf_tcp_handle_invalid+0x650/0x650
[ 78.453323][ T5135] ? panic+0x770/0x770
[ 78.457527][ T5135] ? __might_sleep+0xc0/0xc0
[ 78.462139][ T5135] should_fail_ex+0x3aa/0x4e0
[ 78.466861][ T5135] should_failslab+0x9/0x20
[ 78.471417][ T5135] slab_pre_alloc_hook+0x59/0x2b0
[ 78.476482][ T5135] ? do_read_cache_page+0xf7/0x230
[ 78.481631][ T5135] kmem_cache_alloc+0x52/0x2e0
[ 78.486965][ T5135] ? ntfs_attr_get_search_ctx+0x51/0x180
[ 78.492614][ T5135] ntfs_attr_get_search_ctx+0x51/0x180
[ 78.498086][ T5135] __ntfs_write_inode+0x128/0xbb0
[ 78.503135][ T5135] ntfs_file_fsync+0x15e/0x2d0
[ 78.507913][ T5135] ntfs_file_write_iter+0x12e4/0x1a00
[ 78.513414][ T5135] vfs_write+0x7b2/0xbb0
[ 78.517680][ T5135] ? file_end_write+0x250/0x250
[ 78.522570][ T5135] ? lockdep_hardirqs_on+0x98/0x140
[ 78.527780][ T5135] ? __fdget_pos+0x265/0x2f0
[ 78.532384][ T5135] ksys_write+0x1a0/0x2c0
[ 78.536748][ T5135] ? __ia32_sys_read+0x90/0x90
[ 78.541529][ T5135] ? syscall_enter_from_user_mode+0x32/0x260
[ 78.547522][ T5135] ? syscall_enter_from_user_mode+0x8c/0x260
[ 78.553519][ T5135] do_syscall_64+0x41/0xc0
[ 78.557945][ T5135] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 78.563847][ T5135] RIP: 0033:0x7f1b3d01dba9
[ 78.568265][ T5135] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 78.588404][ T5135] RSP: 002b:00007ffe44a89ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 78.596825][ T5135] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1b3d01dba9
[ 78.604801][ T5135] RDX: 0000000000000001 RSI: 0000000020004200 RDI: 0000000000000004
[pid 5135] write(4, "t", 1) = -1 ENOMEM (Cannot allocate memory)
[pid 5135] exit_group(0) = ?
[pid 5135] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5135, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./63/binderfs") = 0
umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./63/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
[ 78.612771][ T5135] RBP: 00007ffe44a89f20 R08: 0000000000000002 R09: 00007ffe44a89f30
[ 78.620745][ T5135] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 78.628718][ T5135] R13: 00007ffe44a89f60 R14: 00007ffe44a89f40 R15: 000000000000003f
[ 78.636724][ T5135]
close(4) = 0
rmdir("./63/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./63") = 0
mkdir("./64", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5136
./strace-static-x86_64: Process 5136 attached
[pid 5136] chdir("./64") = 0
[pid 5136] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5136] setpgid(0, 0) = 0
[pid 5136] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5136] write(3, "1000", 4) = 4
[pid 5136] close(3) = 0
[pid 5136] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5136] memfd_create("syzkaller", 0) = 3
[pid 5136] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5136] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5136] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5136] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5136] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5136] close(3) = 0
[pid 5136] mkdir("./file0", 0777) = 0
[pid 5136] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5136] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5136] chdir("./file0") = 0
[pid 5136] ioctl(4, LOOP_CLR_FD) = 0
[pid 5136] close(4) = 0
[pid 5136] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5136] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5136] write(5, "12", 2) = 2
[ 78.723814][ T5136] loop0: detected capacity change from 0 to 4096
[ 78.739751][ T5136] ntfs: volume version 3.1.
[ 78.773347][ T5136] FAULT_INJECTION: forcing a failure.
[ 78.773347][ T5136] name failslab, interval 1, probability 0, space 0, times 0
[ 78.786562][ T5136] CPU: 0 PID: 5136 Comm: syz-executor678 Not tainted 6.3.0-rc2-syzkaller-00077-g38e04b3e4240 #0
[ 78.796997][ T5136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 78.807050][ T5136] Call Trace:
[ 78.810345][ T5136]
[ 78.813274][ T5136] dump_stack_lvl+0x1e7/0x2d0
[ 78.817964][ T5136] ? nf_tcp_handle_invalid+0x650/0x650
[ 78.823447][ T5136] ? panic+0x770/0x770
[ 78.827541][ T5136] ? __might_sleep+0xc0/0xc0
[ 78.832136][ T5136] should_fail_ex+0x3aa/0x4e0
[ 78.836825][ T5136] should_failslab+0x9/0x20
[ 78.841347][ T5136] slab_pre_alloc_hook+0x59/0x2b0
[ 78.846404][ T5136] ? do_read_cache_page+0xf7/0x230
[ 78.851614][ T5136] kmem_cache_alloc+0x52/0x2e0
[ 78.856389][ T5136] ? ntfs_attr_get_search_ctx+0x51/0x180
[ 78.862031][ T5136] ntfs_attr_get_search_ctx+0x51/0x180
[ 78.867494][ T5136] __ntfs_write_inode+0x128/0xbb0
[ 78.872556][ T5136] ntfs_file_fsync+0x15e/0x2d0
[ 78.877357][ T5136] ntfs_file_write_iter+0x12e4/0x1a00
[ 78.882746][ T5136] vfs_write+0x7b2/0xbb0
[ 78.887001][ T5136] ? file_end_write+0x250/0x250
[ 78.891863][ T5136] ? lockdep_hardirqs_on+0x98/0x140
[ 78.897076][ T5136] ? __fdget_pos+0x265/0x2f0
[ 78.901672][ T5136] ksys_write+0x1a0/0x2c0
[ 78.906012][ T5136] ? __ia32_sys_read+0x90/0x90
[ 78.910795][ T5136] ? syscall_enter_from_user_mode+0x32/0x260
[ 78.916799][ T5136] ? syscall_enter_from_user_mode+0x8c/0x260
[ 78.922789][ T5136] do_syscall_64+0x41/0xc0
[ 78.927217][ T5136] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 78.933116][ T5136] RIP: 0033:0x7f1b3d01dba9
[ 78.937547][ T5136] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 78.957316][ T5136] RSP: 002b:00007ffe44a89ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 78.965751][ T5136] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1b3d01dba9
[pid 5136] write(4, "t", 1) = -1 ENOMEM (Cannot allocate memory)
[pid 5136] exit_group(0) = ?
[pid 5136] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5136, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./64/binderfs") = 0
umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./64/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./64/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./64") = 0
mkdir("./65", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5137
[ 78.973761][ T5136] RDX: 0000000000000001 RSI: 0000000020004200 RDI: 0000000000000004
[ 78.981758][ T5136] RBP: 00007ffe44a89f20 R08: 0000000000000002 R09: 00007ffe44a89f30
[ 78.990210][ T5136] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 78.998205][ T5136] R13: 00007ffe44a89f60 R14: 00007ffe44a89f40 R15: 0000000000000040
[ 79.006209][ T5136]
./strace-static-x86_64: Process 5137 attached
[pid 5137] chdir("./65") = 0
[pid 5137] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5137] setpgid(0, 0) = 0
[pid 5137] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5137] write(3, "1000", 4) = 4
[pid 5137] close(3) = 0
[pid 5137] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5137] memfd_create("syzkaller", 0) = 3
[pid 5137] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5137] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5137] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5137] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5137] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5137] close(3) = 0
[pid 5137] mkdir("./file0", 0777) = 0
[pid 5137] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5137] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5137] chdir("./file0") = 0
[pid 5137] ioctl(4, LOOP_CLR_FD) = 0
[pid 5137] close(4) = 0
[pid 5137] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5137] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5137] write(5, "12", 2) = 2
[pid 5137] write(4, "t", 1) = 1
[pid 5137] exit_group(0) = ?
[pid 5137] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5137, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./65/binderfs") = 0
[ 79.096247][ T5137] loop0: detected capacity change from 0 to 4096
[ 79.111099][ T5137] ntfs: volume version 3.1.
umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./65/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./65/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./65") = 0
mkdir("./66", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5138
./strace-static-x86_64: Process 5138 attached
[pid 5138] chdir("./66") = 0
[pid 5138] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5138] setpgid(0, 0) = 0
[pid 5138] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5138] write(3, "1000", 4) = 4
[pid 5138] close(3) = 0
[pid 5138] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5138] memfd_create("syzkaller", 0) = 3
[pid 5138] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5138] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5138] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5138] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5138] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5138] close(3) = 0
[pid 5138] mkdir("./file0", 0777) = 0
[pid 5138] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5138] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5138] chdir("./file0") = 0
[pid 5138] ioctl(4, LOOP_CLR_FD) = 0
[pid 5138] close(4) = 0
[pid 5138] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5138] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5138] write(5, "12", 2) = 2
[ 79.245717][ T5138] loop0: detected capacity change from 0 to 4096
[ 79.260302][ T5138] ntfs: volume version 3.1.
[ 79.283035][ T5138] FAULT_INJECTION: forcing a failure.
[ 79.283035][ T5138] name failslab, interval 1, probability 0, space 0, times 0
[ 79.296014][ T5138] CPU: 0 PID: 5138 Comm: syz-executor678 Not tainted 6.3.0-rc2-syzkaller-00077-g38e04b3e4240 #0
[ 79.306472][ T5138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 79.316557][ T5138] Call Trace:
[ 79.319872][ T5138]
[ 79.322804][ T5138] dump_stack_lvl+0x1e7/0x2d0
[ 79.327493][ T5138] ? nf_tcp_handle_invalid+0x650/0x650
[ 79.332967][ T5138] ? panic+0x770/0x770
[ 79.337141][ T5138] ? __might_sleep+0xc0/0xc0
[ 79.341757][ T5138] should_fail_ex+0x3aa/0x4e0
[ 79.346447][ T5138] should_failslab+0x9/0x20
[ 79.350963][ T5138] slab_pre_alloc_hook+0x59/0x2b0
[ 79.356025][ T5138] ? do_read_cache_page+0xf7/0x230
[ 79.361182][ T5138] kmem_cache_alloc+0x52/0x2e0
[ 79.365964][ T5138] ? ntfs_attr_get_search_ctx+0x51/0x180
[ 79.371617][ T5138] ntfs_attr_get_search_ctx+0x51/0x180
[ 79.377086][ T5138] __ntfs_write_inode+0x128/0xbb0
[ 79.382158][ T5138] ntfs_file_fsync+0x15e/0x2d0
[ 79.386966][ T5138] ntfs_file_write_iter+0x12e4/0x1a00
[ 79.392452][ T5138] vfs_write+0x7b2/0xbb0
[ 79.396722][ T5138] ? file_end_write+0x250/0x250
[ 79.401602][ T5138] ? lockdep_hardirqs_on+0x98/0x140
[ 79.406823][ T5138] ? __fdget_pos+0x265/0x2f0
[ 79.411426][ T5138] ksys_write+0x1a0/0x2c0
[ 79.415801][ T5138] ? __ia32_sys_read+0x90/0x90
[ 79.420679][ T5138] ? syscall_enter_from_user_mode+0x32/0x260
[ 79.426682][ T5138] ? syscall_enter_from_user_mode+0x8c/0x260
[ 79.432695][ T5138] do_syscall_64+0x41/0xc0
[ 79.437127][ T5138] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 79.443040][ T5138] RIP: 0033:0x7f1b3d01dba9
[ 79.447492][ T5138] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 79.467125][ T5138] RSP: 002b:00007ffe44a89ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 79.475570][ T5138] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1b3d01dba9
[ 79.483984][ T5138] RDX: 0000000000000001 RSI: 0000000020004200 RDI: 0000000000000004
[pid 5138] write(4, "t", 1) = -1 ENOMEM (Cannot allocate memory)
[pid 5138] exit_group(0) = ?
[pid 5138] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5138, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} ---
umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562c8620 /* 4 entries */, 32768) = 112
umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./66/binderfs") = 0
umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./66/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[ 79.492139][ T5138] RBP: 00007ffe44a89f20 R08: 0000000000000002 R09: 00007ffe44a89f30
[ 79.500205][ T5138] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 79.508180][ T5138] R13: 00007ffe44a89f60 R14: 00007ffe44a89f40 R15: 0000000000000042
[ 79.516173][ T5138]
umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562d0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562d0660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./66/file0") = 0
getdents64(3, 0x5555562c8620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./66") = 0
mkdir("./67", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562c75d0) = 5139
./strace-static-x86_64: Process 5139 attached
[pid 5139] chdir("./67") = 0
[pid 5139] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5139] setpgid(0, 0) = 0
[pid 5139] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5139] write(3, "1000", 4) = 4
[pid 5139] close(3) = 0
[pid 5139] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5139] memfd_create("syzkaller", 0) = 3
[pid 5139] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b34bd0000
[pid 5139] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5139] munmap(0x7f1b34bd0000, 2097152) = 0
[pid 5139] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5139] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5139] close(3) = 0
[pid 5139] mkdir("./file0", 0777) = 0
[pid 5139] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5139] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5139] chdir("./file0") = 0
[pid 5139] ioctl(4, LOOP_CLR_FD) = 0
[pid 5139] close(4) = 0
[pid 5139] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5139] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5139] write(5, "12", 2) = 2
[ 79.620391][ T5139] loop0: detected capacity change from 0 to 4096
[ 79.636245][ T5139] ntfs: volume version 3.1.
[ 79.653205][ T5139] FAULT_INJECTION: forcing a failure.
[ 79.653205][ T5139] name fail_usercopy, interval 1, probability 0, space 0, times 1
[ 79.666328][ T5139] CPU: 0 PID: 5139 Comm: syz-executor678 Not tainted 6.3.0-rc2-syzkaller-00077-g38e04b3e4240 #0
[ 79.676857][ T5139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 79.686937][ T5139] Call Trace:
[ 79.690229][ T5139]
[ 79.693179][ T5139] dump_stack_lvl+0x1e7/0x2d0
[ 79.697872][ T5139] ? nf_tcp_handle_invalid+0x650/0x650
[ 79.703342][ T5139] ? panic+0x770/0x770
[ 79.707466][ T5139] should_fail_ex+0x3aa/0x4e0
[ 79.712174][ T5139] copy_page_from_iter_atomic+0x211/0x1140
[ 79.717987][ T5139] ? print_irqtrace_events+0x220/0x220
[ 79.723467][ T5139] ? pipe_zero+0x230/0x230
[ 79.727914][ T5139] ? _raw_read_unlock_irqrestore+0xdd/0x140
[ 79.733816][ T5139] ? _raw_read_unlock+0x40/0x40
[ 79.738681][ T5139] ? do_raw_spin_unlock+0x13b/0x8b0
[ 79.744684][ T5139] ntfs_perform_write+0x408b/0x7520
[ 79.749975][ T5139] ? ntfs_file_fsync+0x2d0/0x2d0
[ 79.754948][ T5139] ntfs_file_write_iter+0x10ed/0x1a00
[ 79.760342][ T5139] vfs_write+0x7b2/0xbb0
[ 79.764601][ T5139] ? file_end_write+0x250/0x250
[ 79.769487][ T5139] ? lockdep_hardirqs_on+0x98/0x140
[ 79.774740][ T5139] ? __fdget_pos+0x265/0x2f0
[ 79.779363][ T5139] ksys_write+0x1a0/0x2c0
[ 79.783716][ T5139] ? __ia32_sys_read+0x90/0x90
[ 79.788510][ T5139] ? syscall_enter_from_user_mode+0x32/0x260
[ 79.794519][ T5139] ? syscall_enter_from_user_mode+0x8c/0x260
[ 79.800529][ T5139] do_syscall_64+0x41/0xc0
[ 79.805151][ T5139] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 79.811060][ T5139] RIP: 0033:0x7f1b3d01dba9
[ 79.815493][ T5139] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 79.835145][ T5139] RSP: 002b:00007ffe44a89ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 79.843572][ T5139] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1b3d01dba9
[ 79.851551][ T5139] RDX: 0000000000000001 RSI: 0000000020004200 RDI: 0000000000000004
[ 79.859538][ T5139] RBP: 00007ffe44a89f20 R08: 0000000000000002 R09: 00007ffe44a89f30
[ 79.867514][ T5139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 79.875492][ T5139] R13: 00007ffe44a89f60 R14: 00007ffe44a89f40 R15: 0000000000000043
[ 79.883501][ T5139]
[ 79.898822][ T5139] ------------[ cut here ]------------
[ 79.904457][ T5139] kernel BUG at fs/ntfs/file.c:493!
[ 79.919520][ T5139] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[ 79.925626][ T5139] CPU: 0 PID: 5139 Comm: syz-executor678 Not tainted 6.3.0-rc2-syzkaller-00077-g38e04b3e4240 #0
[ 79.936037][ T5139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 79.946109][ T5139] RIP: 0010:ntfs_perform_write+0x73c7/0x7520
[ 79.952098][ T5139] Code: ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 9c f4 ff ff 48 89 df e8 aa 64 20 ff e9 8f f4 ff ff e8 e0 b3 ca fe 0f 0b e8 d9 b3 ca fe <0f> 0b e8 d2 b3 ca fe 0f 0b e8 cb b3 ca fe 0f 0b e8 c4 b3 ca fe 0f
[ 79.971715][ T5139] RSP: 0018:ffffc900055177a0 EFLAGS: 00010293
[ 79.977872][ T5139] RAX: ffffffff82bfb947 RBX: 0000000000000000 RCX: ffff888075b41d40
[ 79.985927][ T5139] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 79.993923][ T5139] RBP: ffffc90005517bd0 R08: ffffffff82bf49f3 R09: ffffffff842d6f19
[ 80.001907][ T5139] R10: 0000000000000002 R11: ffff888075b41d40 R12: dffffc0000000000
[ 80.009876][ T5139] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 80.017856][ T5139] FS: 00005555562c7300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[ 80.026802][ T5139] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 80.033382][ T5139] CR2: 0000000020004200 CR3: 0000000020bb6000 CR4: 00000000003506f0
[ 80.041364][ T5139] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 80.049514][ T5139] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 80.057486][ T5139] Call Trace:
[ 80.060765][ T5139]
[ 80.063733][ T5139] ? ntfs_file_fsync+0x2d0/0x2d0
[ 80.068701][ T5139] ntfs_file_write_iter+0x10ed/0x1a00
[ 80.074089][ T5139] vfs_write+0x7b2/0xbb0
[ 80.078344][ T5139] ? file_end_write+0x250/0x250
[ 80.083366][ T5139] ? lockdep_hardirqs_on+0x98/0x140
[ 80.088600][ T5139] ? __fdget_pos+0x265/0x2f0
[ 80.093204][ T5139] ksys_write+0x1a0/0x2c0
[ 80.097558][ T5139] ? __ia32_sys_read+0x90/0x90
[ 80.102372][ T5139] ? syscall_enter_from_user_mode+0x32/0x260
[ 80.108366][ T5139] ? syscall_enter_from_user_mode+0x8c/0x260
[ 80.114464][ T5139] do_syscall_64+0x41/0xc0
[ 80.118891][ T5139] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 80.124790][ T5139] RIP: 0033:0x7f1b3d01dba9
[ 80.129209][ T5139] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 80.148817][ T5139] RSP: 002b:00007ffe44a89ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 80.157233][ T5139] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1b3d01dba9
[ 80.165206][ T5139] RDX: 0000000000000001 RSI: 0000000020004200 RDI: 0000000000000004
[ 80.173173][ T5139] RBP: 00007ffe44a89f20 R08: 0000000000000002 R09: 00007ffe44a89f30
[ 80.181145][ T5139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 80.189151][ T5139] R13: 00007ffe44a89f60 R14: 00007ffe44a89f40 R15: 0000000000000043
[ 80.197128][ T5139]
[ 80.200142][ T5139] Modules linked in:
[ 80.206680][ T5139] ---[ end trace 0000000000000000 ]---
[ 80.212228][ T5139] RIP: 0010:ntfs_perform_write+0x73c7/0x7520
[ 80.218502][ T5139] Code: ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 9c f4 ff ff 48 89 df e8 aa 64 20 ff e9 8f f4 ff ff e8 e0 b3 ca fe 0f 0b e8 d9 b3 ca fe <0f> 0b e8 d2 b3 ca fe 0f 0b e8 cb b3 ca fe 0f 0b e8 c4 b3 ca fe 0f
[ 80.238557][ T5139] RSP: 0018:ffffc900055177a0 EFLAGS: 00010293
[ 80.244833][ T5139] RAX: ffffffff82bfb947 RBX: 0000000000000000 RCX: ffff888075b41d40
[ 80.252810][ T5139] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 80.260971][ T5139] RBP: ffffc90005517bd0 R08: ffffffff82bf49f3 R09: ffffffff842d6f19
[ 80.269084][ T5139] R10: 0000000000000002 R11: ffff888075b41d40 R12: dffffc0000000000
[ 80.277096][ T5139] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 80.285092][ T5139] FS: 00005555562c7300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[ 80.294236][ T5139] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 80.300852][ T5139] CR2: 0000000020004200 CR3: 0000000020bb6000 CR4: 00000000003506f0
[ 80.308888][ T5139] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 80.317055][ T5139] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 80.325277][ T5139] Kernel panic - not syncing: Fatal exception
[ 80.331608][ T5139] Kernel Offset: disabled
[ 80.336119][ T5139] Rebooting in 86400 seconds..
[pid 5139] write(4, "t", 1