./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor111942048
<...>
DUID 00:04:ab:21:30:2a:f6:ad:63:06:1d:ce:9a:68:94:64:4e:95
forked to background, child pid 4668
[ 20.089259][ T4669] 8021q: adding VLAN 0 to HW filter on device bond0
[ 20.099481][ T4669] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.0.30' (ECDSA) to the list of known hosts.
execve("./syz-executor111942048", ["./syz-executor111942048"], 0x7ffd66112800 /* 10 vars */) = 0
brk(NULL) = 0x555555ffa000
brk(0x555555ffac40) = 0x555555ffac40
arch_prctl(ARCH_SET_FS, 0x555555ffa300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor111942048", 4096) = 27
brk(0x55555601bc40) = 0x55555601bc40
brk(0x55555601c000) = 0x55555601c000
mprotect(0x7fd0fafc0000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
getpid() = 4999
mkdir("./syzkaller.PJoM3b", 0700) = 0
chmod("./syzkaller.PJoM3b", 0777) = 0
chdir("./syzkaller.PJoM3b") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ffa5d0) = 5000
./strace-static-x86_64: Process 5000 attached
[pid 5000] chdir("./0") = 0
[pid 5000] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5000] setpgid(0, 0) = 0
[pid 5000] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5000] write(3, "1000", 4) = 4
[pid 5000] close(3) = 0
[pid 5000] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5000] memfd_create("syzkaller", 0) = 3
[pid 5000] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd0f2ae6000
[pid 5000] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5000] munmap(0x7fd0f2ae6000, 2097152) = 0
[pid 5000] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5000] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5000] close(3) = 0
[pid 5000] mkdir("./file0", 0777) = 0
syzkaller login: [ 50.877896][ T5000] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5000 'syz-executor111'
[ 50.908475][ T5000] loop0: detected capacity change from 0 to 4096
[ 50.918409][ T5000] ntfs: (device loop0): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel.
[ 50.939654][ T5000] ntfs: (device loop0): read_ntfs_boot_sector(): Primary boot sector is invalid.
[ 50.949091][ T5000] ntfs: (device loop0): read_ntfs_boot_sector(): Hot-fix: Recovering invalid primary boot sector from backup copy.
[ 50.963615][ T5000] ntfs: (device loop0): ntfs_mapping_pairs_decompress(): Corrupt attribute.
[ 50.972335][ T5000] ntfs: (device loop0): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5).
[ 50.992443][ T5000] ntfs: (device loop0): ntfs_mapping_pairs_decompress(): Corrupt attribute.
[ 51.001174][ T5000] ntfs: (device loop0): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x0, offset 0x200 because its location on disk could not be determined even after retrying (error code -5).
[pid 5000] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5000] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5000] chdir("./file0") = 0
[pid 5000] ioctl(4, LOOP_CLR_FD) = 0
[pid 5000] close(4) = 0
[pid 5000] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5000] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5000] write(5, "12", 2) = 2
[pid 5000] write(4, "t", 1) = 1
[pid 5000] exit_group(0) = ?
[pid 5000] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5000, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555ffb620 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs") = 0
[ 51.021295][ T5000] ntfs: (device loop0): ntfs_mapping_pairs_decompress(): Corrupt attribute.
[ 51.030037][ T5000] ntfs: (device loop0): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x1, offset 0x0 because its location on disk could not be determined even after retrying (error code -5).
[ 51.050012][ T5000] ntfs: (device loop0): ntfs_mapping_pairs_decompress(): Corrupt attribute.
[ 51.060164][ T5000] ntfs: volume version 3.1.
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556003660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556003660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file0") = 0
getdents64(3, 0x555555ffb620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ffa5d0) = 5002
./strace-static-x86_64: Process 5002 attached
[pid 5002] chdir("./1") = 0
[pid 5002] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5002] setpgid(0, 0) = 0
[pid 5002] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5002] write(3, "1000", 4) = 4
[pid 5002] close(3) = 0
[pid 5002] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5002] memfd_create("syzkaller", 0) = 3
[pid 5002] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd0f2ae6000
[pid 5002] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5002] munmap(0x7fd0f2ae6000, 2097152) = 0
[pid 5002] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5002] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5002] close(3) = 0
[pid 5002] mkdir("./file0", 0777) = 0
[pid 5002] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5002] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5002] chdir("./file0") = 0
[pid 5002] ioctl(4, LOOP_CLR_FD) = 0
[pid 5002] close(4) = 0
[pid 5002] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5002] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5002] write(5, "12", 2) = 2
[pid 5002] write(4, "t", 1) = 1
[pid 5002] exit_group(0) = ?
[pid 5002] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5002, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555ffb620 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./1/binderfs") = 0
[ 51.192455][ T5002] loop0: detected capacity change from 0 to 4096
[ 51.205668][ T5002] ntfs: volume version 3.1.
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556003660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556003660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file0") = 0
getdents64(3, 0x555555ffb620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ffa5d0) = 5003
./strace-static-x86_64: Process 5003 attached
[pid 5003] chdir("./2") = 0
[pid 5003] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5003] setpgid(0, 0) = 0
[pid 5003] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5003] write(3, "1000", 4) = 4
[pid 5003] close(3) = 0
[pid 5003] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5003] memfd_create("syzkaller", 0) = 3
[pid 5003] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd0f2ae6000
[pid 5003] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5003] munmap(0x7fd0f2ae6000, 2097152) = 0
[pid 5003] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5003] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5003] close(3) = 0
[pid 5003] mkdir("./file0", 0777) = 0
[pid 5003] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5003] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5003] chdir("./file0") = 0
[pid 5003] ioctl(4, LOOP_CLR_FD) = 0
[pid 5003] close(4) = 0
[pid 5003] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5003] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5003] write(5, "12", 2) = 2
[pid 5003] write(4, "t", 1) = 1
[pid 5003] exit_group(0) = ?
[pid 5003] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5003, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555ffb620 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./2/binderfs") = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556003660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556003660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./2/file0") = 0
getdents64(3, 0x555555ffb620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ffa5d0) = 5004
./strace-static-x86_64: Process 5004 attached
[pid 5004] chdir("./3") = 0
[pid 5004] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5004] setpgid(0, 0) = 0
[ 51.314771][ T5003] loop0: detected capacity change from 0 to 4096
[ 51.327004][ T5003] ntfs: volume version 3.1.
[pid 5004] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5004] write(3, "1000", 4) = 4
[pid 5004] close(3) = 0
[pid 5004] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5004] memfd_create("syzkaller", 0) = 3
[pid 5004] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd0f2ae6000
[pid 5004] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5004] munmap(0x7fd0f2ae6000, 2097152) = 0
[pid 5004] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5004] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5004] close(3) = 0
[pid 5004] mkdir("./file0", 0777) = 0
[pid 5004] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5004] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5004] chdir("./file0") = 0
[pid 5004] ioctl(4, LOOP_CLR_FD) = 0
[pid 5004] close(4) = 0
[pid 5004] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5004] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5004] write(5, "12", 2) = 2
[pid 5004] write(4, "t", 1) = 1
[pid 5004] exit_group(0) = ?
[pid 5004] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5004, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555ffb620 /* 4 entries */, 32768) = 112
umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./3/binderfs") = 0
[ 51.404938][ T5004] loop0: detected capacity change from 0 to 4096
[ 51.417621][ T5004] ntfs: volume version 3.1.
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556003660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556003660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./3/file0") = 0
getdents64(3, 0x555555ffb620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./3") = 0
mkdir("./4", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ffa5d0) = 5005
./strace-static-x86_64: Process 5005 attached
[pid 5005] chdir("./4") = 0
[pid 5005] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5005] setpgid(0, 0) = 0
[pid 5005] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5005] write(3, "1000", 4) = 4
[pid 5005] close(3) = 0
[pid 5005] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5005] memfd_create("syzkaller", 0) = 3
[pid 5005] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd0f2ae6000
[pid 5005] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5005] munmap(0x7fd0f2ae6000, 2097152) = 0
[pid 5005] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5005] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5005] close(3) = 0
[pid 5005] mkdir("./file0", 0777) = 0
[pid 5005] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5005] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5005] chdir("./file0") = 0
[pid 5005] ioctl(4, LOOP_CLR_FD) = 0
[pid 5005] close(4) = 0
[pid 5005] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5005] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5005] write(5, "12", 2) = 2
[pid 5005] write(4, "t", 1) = 1
[pid 5005] exit_group(0) = ?
[pid 5005] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5005, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555ffb620 /* 4 entries */, 32768) = 112
umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./4/binderfs") = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556003660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556003660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./4/file0") = 0
[ 51.518963][ T5005] loop0: detected capacity change from 0 to 4096
[ 51.531420][ T5005] ntfs: volume version 3.1.
getdents64(3, 0x555555ffb620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./4") = 0
mkdir("./5", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ffa5d0) = 5006
./strace-static-x86_64: Process 5006 attached
[pid 5006] chdir("./5") = 0
[pid 5006] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5006] setpgid(0, 0) = 0
[pid 5006] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5006] write(3, "1000", 4) = 4
[pid 5006] close(3) = 0
[pid 5006] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5006] memfd_create("syzkaller", 0) = 3
[pid 5006] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd0f2ae6000
[pid 5006] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5006] munmap(0x7fd0f2ae6000, 2097152) = 0
[pid 5006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5006] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5006] close(3) = 0
[pid 5006] mkdir("./file0", 0777) = 0
[pid 5006] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5006] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5006] chdir("./file0") = 0
[pid 5006] ioctl(4, LOOP_CLR_FD) = 0
[pid 5006] close(4) = 0
[pid 5006] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5006] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5006] write(5, "12", 2) = 2
[ 51.613964][ T5006] loop0: detected capacity change from 0 to 4096
[ 51.627387][ T5006] ntfs: volume version 3.1.
[ 51.655347][ T5006] FAULT_INJECTION: forcing a failure.
[ 51.655347][ T5006] name failslab, interval 1, probability 0, space 0, times 0
[ 51.668620][ T5006] CPU: 0 PID: 5006 Comm: syz-executor111 Not tainted 6.4.0-rc4-syzkaller-00268-g51f269a6ecc7 #0
[ 51.679031][ T5006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[ 51.689093][ T5006] Call Trace:
[ 51.692368][ T5006]
[ 51.695292][ T5006] dump_stack_lvl+0x136/0x150
[ 51.699988][ T5006] should_fail_ex+0x4a3/0x5b0
[ 51.704656][ T5006] should_failslab+0x9/0x20
[ 51.709142][ T5006] kmem_cache_alloc+0x63/0x3b0
[ 51.713894][ T5006] ntfs_attr_get_search_ctx+0x45/0x200
[ 51.719363][ T5006] __ntfs_write_inode+0xc0/0xc40
[ 51.724290][ T5006] ntfs_file_fsync+0x173/0x410
[ 51.729043][ T5006] ? put_page+0x280/0x280
[ 51.733366][ T5006] vfs_fsync_range+0x13e/0x230
[ 51.738812][ T5006] ntfs_file_write_iter+0x6cd/0x1e30
[ 51.744093][ T5006] vfs_write+0x945/0xd50
[ 51.748341][ T5006] ? kernel_write+0x670/0x670
[ 51.753012][ T5006] ? recalc_sigpending_tsk+0x18b/0x1d0
[ 51.758482][ T5006] ? find_held_lock+0x2d/0x110
[ 51.763248][ T5006] ? lock_downgrade+0x690/0x690
[ 51.768101][ T5006] ? __fget_light+0x20a/0x270
[ 51.772781][ T5006] ksys_write+0x12b/0x250
[ 51.777130][ T5006] ? __ia32_sys_read+0xb0/0xb0
[ 51.781882][ T5006] ? lockdep_hardirqs_on+0x7d/0x100
[ 51.787072][ T5006] ? _raw_spin_unlock_irq+0x2e/0x50
[ 51.792261][ T5006] ? ptrace_notify+0xfe/0x140
[ 51.796946][ T5006] do_syscall_64+0x39/0xb0
[ 51.801369][ T5006] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 51.807259][ T5006] RIP: 0033:0x7fd0faf33ba9
[ 51.811658][ T5006] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 51.831358][ T5006] RSP: 002b:00007ffed4aa0838 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 51.839846][ T5006] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fd0faf33ba9
[ 51.847805][ T5006] RDX: 0000000000000001 RSI: 0000000020004200 RDI: 0000000000000004
[pid 5006] write(4, "t", 1) = -1 ENOMEM (Cannot allocate memory)
[pid 5006] exit_group(0) = ?
[pid 5006] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5006, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555ffb620 /* 4 entries */, 32768) = 112
umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./5/binderfs") = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556003660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556003660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./5/file0") = 0
getdents64(3, 0x555555ffb620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./5") = 0
mkdir("./6", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ffa5d0) = 5007
./strace-static-x86_64: Process 5007 attached
[pid 5007] chdir("./6") = 0
[pid 5007] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5007] setpgid(0, 0) = 0
[pid 5007] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5007] write(3, "1000", 4) = 4
[pid 5007] close(3) = 0
[pid 5007] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5007] memfd_create("syzkaller", 0) = 3
[pid 5007] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd0f2ae6000
[ 51.855756][ T5006] RBP: 00007ffed4aa0860 R08: 0000000000000002 R09: 00007ffed4aa0870
[ 51.863716][ T5006] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 51.871673][ T5006] R13: 00007ffed4aa08a0 R14: 00007ffed4aa0880 R15: 0000000000000005
[ 51.879639][ T5006]
[pid 5007] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5007] munmap(0x7fd0f2ae6000, 2097152) = 0
[pid 5007] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5007] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5007] close(3) = 0
[pid 5007] mkdir("./file0", 0777) = 0
[pid 5007] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5007] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5007] chdir("./file0") = 0
[pid 5007] ioctl(4, LOOP_CLR_FD) = 0
[pid 5007] close(4) = 0
[pid 5007] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5007] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5007] write(5, "12", 2) = 2
[ 51.943786][ T5007] loop0: detected capacity change from 0 to 4096
[ 51.955960][ T5007] ntfs: volume version 3.1.
[ 51.982132][ T5007] FAULT_INJECTION: forcing a failure.
[ 51.982132][ T5007] name failslab, interval 1, probability 0, space 0, times 0
[ 51.996586][ T5007] CPU: 0 PID: 5007 Comm: syz-executor111 Not tainted 6.4.0-rc4-syzkaller-00268-g51f269a6ecc7 #0
[ 52.007009][ T5007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[ 52.017055][ T5007] Call Trace:
[ 52.020324][ T5007]
[ 52.023263][ T5007] dump_stack_lvl+0x136/0x150
[ 52.027939][ T5007] should_fail_ex+0x4a3/0x5b0
[ 52.032622][ T5007] should_failslab+0x9/0x20
[ 52.037202][ T5007] kmem_cache_alloc+0x63/0x3b0
[ 52.041969][ T5007] ntfs_attr_get_search_ctx+0x45/0x200
[ 52.047420][ T5007] __ntfs_write_inode+0xc0/0xc40
[ 52.052438][ T5007] ntfs_file_fsync+0x173/0x410
[ 52.057196][ T5007] ? put_page+0x280/0x280
[ 52.061516][ T5007] vfs_fsync_range+0x13e/0x230
[ 52.066274][ T5007] ntfs_file_write_iter+0x6cd/0x1e30
[ 52.071559][ T5007] vfs_write+0x945/0xd50
[ 52.075789][ T5007] ? kernel_write+0x670/0x670
[ 52.080450][ T5007] ? recalc_sigpending_tsk+0x18b/0x1d0
[ 52.085897][ T5007] ? find_held_lock+0x2d/0x110
[ 52.090654][ T5007] ? lock_downgrade+0x690/0x690
[ 52.095493][ T5007] ? __fget_light+0x20a/0x270
[ 52.100161][ T5007] ksys_write+0x12b/0x250
[ 52.104475][ T5007] ? __ia32_sys_read+0xb0/0xb0
[ 52.109223][ T5007] ? lockdep_hardirqs_on+0x7d/0x100
[ 52.114419][ T5007] ? _raw_spin_unlock_irq+0x2e/0x50
[ 52.119618][ T5007] ? ptrace_notify+0xfe/0x140
[ 52.124289][ T5007] do_syscall_64+0x39/0xb0
[ 52.128699][ T5007] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 52.134583][ T5007] RIP: 0033:0x7fd0faf33ba9
[ 52.138988][ T5007] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 52.158583][ T5007] RSP: 002b:00007ffed4aa0838 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 52.166987][ T5007] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fd0faf33ba9
[ 52.174944][ T5007] RDX: 0000000000000001 RSI: 0000000020004200 RDI: 0000000000000004
[ 52.182998][ T5007] RBP: 00007ffed4aa0860 R08: 0000000000000002 R09: 00007ffed4aa0870
[pid 5007] write(4, "t", 1) = -1 ENOMEM (Cannot allocate memory)
[pid 5007] exit_group(0) = ?
[pid 5007] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5007, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555ffb620 /* 4 entries */, 32768) = 112
umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./6/binderfs") = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556003660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556003660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./6/file0") = 0
getdents64(3, 0x555555ffb620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./6") = 0
mkdir("./7", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5008 attached
[pid 5008] chdir("./7") = 0
[pid 5008] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5008] setpgid(0, 0) = 0
[pid 5008] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5008] write(3, "1000", 4) = 4
[pid 5008] close(3) = 0
[pid 5008] symlink("/dev/binderfs", "./binderfs"
[pid 4999] <... clone resumed>, child_tidptr=0x555555ffa5d0) = 5008
[pid 5008] <... symlink resumed>) = 0
[pid 5008] memfd_create("syzkaller", 0) = 3
[pid 5008] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd0f2ae6000
[ 52.190955][ T5007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 52.198937][ T5007] R13: 00007ffed4aa08a0 R14: 00007ffed4aa0880 R15: 0000000000000006
[ 52.206907][ T5007]
[pid 5008] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5008] munmap(0x7fd0f2ae6000, 2097152) = 0
[pid 5008] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5008] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5008] close(3) = 0
[pid 5008] mkdir("./file0", 0777) = 0
[pid 5008] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5008] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5008] chdir("./file0") = 0
[pid 5008] ioctl(4, LOOP_CLR_FD) = 0
[pid 5008] close(4) = 0
[pid 5008] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5008] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5008] write(5, "12", 2) = 2
[pid 5008] write(4, "t", 1) = 1
[pid 5008] exit_group(0) = ?
[pid 5008] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5008, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555ffb620 /* 4 entries */, 32768) = 112
umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./7/binderfs") = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556003660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556003660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./7/file0") = 0
getdents64(3, 0x555555ffb620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./7") = 0
mkdir("./8", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5009 attached
, child_tidptr=0x555555ffa5d0) = 5009
[pid 5009] chdir("./8") = 0
[pid 5009] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5009] setpgid(0, 0) = 0
[pid 5009] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5009] write(3, "1000", 4) = 4
[pid 5009] close(3) = 0
[pid 5009] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5009] memfd_create("syzkaller", 0) = 3
[pid 5009] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd0f2ae6000
[ 52.279266][ T5008] loop0: detected capacity change from 0 to 4096
[ 52.291742][ T5008] ntfs: volume version 3.1.
[pid 5009] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5009] munmap(0x7fd0f2ae6000, 2097152) = 0
[pid 5009] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5009] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5009] close(3) = 0
[pid 5009] mkdir("./file0", 0777) = 0
[pid 5009] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5009] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5009] chdir("./file0") = 0
[pid 5009] ioctl(4, LOOP_CLR_FD) = 0
[pid 5009] close(4) = 0
[pid 5009] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5009] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5009] write(5, "12", 2) = 2
[ 52.363402][ T5009] loop0: detected capacity change from 0 to 4096
[ 52.376409][ T5009] ntfs: volume version 3.1.
[ 52.406600][ T5009] FAULT_INJECTION: forcing a failure.
[ 52.406600][ T5009] name failslab, interval 1, probability 0, space 0, times 0
[ 52.419495][ T5009] CPU: 0 PID: 5009 Comm: syz-executor111 Not tainted 6.4.0-rc4-syzkaller-00268-g51f269a6ecc7 #0
[ 52.429913][ T5009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[ 52.440030][ T5009] Call Trace:
[ 52.443299][ T5009]
[ 52.446217][ T5009] dump_stack_lvl+0x136/0x150
[ 52.450894][ T5009] should_fail_ex+0x4a3/0x5b0
[ 52.455566][ T5009] should_failslab+0x9/0x20
[ 52.460055][ T5009] kmem_cache_alloc+0x63/0x3b0
[ 52.464816][ T5009] ntfs_attr_get_search_ctx+0x45/0x200
[ 52.470262][ T5009] __ntfs_write_inode+0xc0/0xc40
[ 52.475193][ T5009] ntfs_file_fsync+0x173/0x410
[ 52.479943][ T5009] ? put_page+0x280/0x280
[ 52.484262][ T5009] vfs_fsync_range+0x13e/0x230
[ 52.489036][ T5009] ntfs_file_write_iter+0x6cd/0x1e30
[ 52.494314][ T5009] vfs_write+0x945/0xd50
[ 52.499672][ T5009] ? kernel_write+0x670/0x670
[ 52.504440][ T5009] ? recalc_sigpending_tsk+0x18b/0x1d0
[ 52.510237][ T5009] ? find_held_lock+0x2d/0x110
[ 52.514991][ T5009] ? lock_downgrade+0x690/0x690
[ 52.519840][ T5009] ? __fget_light+0x20a/0x270
[ 52.524540][ T5009] ksys_write+0x12b/0x250
[ 52.528858][ T5009] ? __ia32_sys_read+0xb0/0xb0
[ 52.533639][ T5009] ? lockdep_hardirqs_on+0x7d/0x100
[ 52.538826][ T5009] ? _raw_spin_unlock_irq+0x2e/0x50
[ 52.544014][ T5009] ? ptrace_notify+0xfe/0x140
[ 52.548681][ T5009] do_syscall_64+0x39/0xb0
[ 52.553089][ T5009] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 52.558973][ T5009] RIP: 0033:0x7fd0faf33ba9
[ 52.563375][ T5009] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 52.582974][ T5009] RSP: 002b:00007ffed4aa0838 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 52.591376][ T5009] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fd0faf33ba9
[ 52.599335][ T5009] RDX: 0000000000000001 RSI: 0000000020004200 RDI: 0000000000000004
[pid 5009] write(4, "t", 1) = -1 ENOMEM (Cannot allocate memory)
[pid 5009] exit_group(0) = ?
[pid 5009] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5009, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} ---
umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555ffb620 /* 4 entries */, 32768) = 112
umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./8/binderfs") = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556003660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556003660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./8/file0") = 0
getdents64(3, 0x555555ffb620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./8") = 0
mkdir("./9", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ffa5d0) = 5010
./strace-static-x86_64: Process 5010 attached
[pid 5010] chdir("./9") = 0
[pid 5010] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5010] setpgid(0, 0) = 0
[pid 5010] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5010] write(3, "1000", 4) = 4
[pid 5010] close(3) = 0
[pid 5010] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5010] memfd_create("syzkaller", 0) = 3
[pid 5010] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd0f2ae6000
[pid 5010] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5010] munmap(0x7fd0f2ae6000, 2097152) = 0
[pid 5010] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 52.607299][ T5009] RBP: 00007ffed4aa0860 R08: 0000000000000002 R09: 00007ffed4aa0870
[ 52.615258][ T5009] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 52.623212][ T5009] R13: 00007ffed4aa08a0 R14: 00007ffed4aa0880 R15: 0000000000000008
[ 52.631181][ T5009]
[pid 5010] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5010] close(3) = 0
[pid 5010] mkdir("./file0", 0777) = 0
[pid 5010] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5010] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5010] chdir("./file0") = 0
[pid 5010] ioctl(4, LOOP_CLR_FD) = 0
[pid 5010] close(4) = 0
[pid 5010] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5010] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5010] write(5, "12", 2) = 2
[pid 5010] write(4, "t", 1) = 1
[pid 5010] exit_group(0) = ?
[pid 5010] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5010, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555ffb620 /* 4 entries */, 32768) = 112
umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./9/binderfs") = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556003660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556003660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./9/file0") = 0
getdents64(3, 0x555555ffb620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./9") = 0
mkdir("./10", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ffa5d0) = 5011
./strace-static-x86_64: Process 5011 attached
[pid 5011] chdir("./10") = 0
[pid 5011] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5011] setpgid(0, 0) = 0
[pid 5011] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5011] write(3, "1000", 4) = 4
[pid 5011] close(3) = 0
[pid 5011] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5011] memfd_create("syzkaller", 0) = 3
[pid 5011] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd0f2ae6000
[ 52.683547][ T5010] loop0: detected capacity change from 0 to 4096
[ 52.695677][ T5010] ntfs: volume version 3.1.
[pid 5011] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5011] munmap(0x7fd0f2ae6000, 2097152) = 0
[pid 5011] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5011] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5011] close(3) = 0
[pid 5011] mkdir("./file0", 0777) = 0
[pid 5011] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5011] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5011] chdir("./file0") = 0
[pid 5011] ioctl(4, LOOP_CLR_FD) = 0
[pid 5011] close(4) = 0
[pid 5011] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5011] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5011] write(5, "12", 2) = 2
[pid 5011] write(4, "t", 1) = 1
[pid 5011] exit_group(0) = ?
[pid 5011] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5011, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555ffb620 /* 4 entries */, 32768) = 112
umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./10/binderfs") = 0
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556003660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556003660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./10/file0") = 0
getdents64(3, 0x555555ffb620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./10") = 0
mkdir("./11", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5012 attached
[ 52.766115][ T5011] loop0: detected capacity change from 0 to 4096
[ 52.779196][ T5011] ntfs: volume version 3.1.
, child_tidptr=0x555555ffa5d0) = 5012
[pid 5012] chdir("./11") = 0
[pid 5012] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5012] setpgid(0, 0) = 0
[pid 5012] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5012] write(3, "1000", 4) = 4
[pid 5012] close(3) = 0
[pid 5012] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5012] memfd_create("syzkaller", 0) = 3
[pid 5012] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd0f2ae6000
[pid 5012] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5012] munmap(0x7fd0f2ae6000, 2097152) = 0
[pid 5012] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5012] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5012] close(3) = 0
[pid 5012] mkdir("./file0", 0777) = 0
[pid 5012] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5012] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5012] chdir("./file0") = 0
[pid 5012] ioctl(4, LOOP_CLR_FD) = 0
[pid 5012] close(4) = 0
[pid 5012] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5012] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5012] write(5, "12", 2) = 2
[ 52.862503][ T5012] loop0: detected capacity change from 0 to 4096
[ 52.874128][ T5012] ntfs: volume version 3.1.
[ 52.893938][ T5012] FAULT_INJECTION: forcing a failure.
[ 52.893938][ T5012] name failslab, interval 1, probability 0, space 0, times 0
[ 52.906758][ T5012] CPU: 0 PID: 5012 Comm: syz-executor111 Not tainted 6.4.0-rc4-syzkaller-00268-g51f269a6ecc7 #0
[ 52.917268][ T5012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[ 52.927747][ T5012] Call Trace:
[ 52.931083][ T5012]
[ 52.934088][ T5012] dump_stack_lvl+0x136/0x150
[ 52.938757][ T5012] should_fail_ex+0x4a3/0x5b0
[ 52.943449][ T5012] should_failslab+0x9/0x20
[ 52.947953][ T5012] kmem_cache_alloc+0x63/0x3b0
[ 52.952706][ T5012] ntfs_attr_get_search_ctx+0x45/0x200
[ 52.958150][ T5012] __ntfs_write_inode+0xc0/0xc40
[ 52.963073][ T5012] ntfs_file_fsync+0x173/0x410
[ 52.967836][ T5012] ? put_page+0x280/0x280
[ 52.972155][ T5012] vfs_fsync_range+0x13e/0x230
[ 52.976986][ T5012] ntfs_file_write_iter+0x6cd/0x1e30
[ 52.982259][ T5012] vfs_write+0x945/0xd50
[ 52.986494][ T5012] ? kernel_write+0x670/0x670
[ 52.991164][ T5012] ? recalc_sigpending_tsk+0x18b/0x1d0
[ 52.996618][ T5012] ? find_held_lock+0x2d/0x110
[ 53.001394][ T5012] ? lock_downgrade+0x690/0x690
[ 53.006245][ T5012] ? __fget_light+0x20a/0x270
[ 53.010907][ T5012] ksys_write+0x12b/0x250
[ 53.015215][ T5012] ? __ia32_sys_read+0xb0/0xb0
[ 53.019957][ T5012] ? lockdep_hardirqs_on+0x7d/0x100
[ 53.025136][ T5012] ? _raw_spin_unlock_irq+0x2e/0x50
[ 53.030319][ T5012] ? ptrace_notify+0xfe/0x140
[ 53.035007][ T5012] do_syscall_64+0x39/0xb0
[ 53.039419][ T5012] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 53.045338][ T5012] RIP: 0033:0x7fd0faf33ba9
[ 53.049735][ T5012] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 53.069494][ T5012] RSP: 002b:00007ffed4aa0838 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 53.077886][ T5012] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fd0faf33ba9
[ 53.085850][ T5012] RDX: 0000000000000001 RSI: 0000000020004200 RDI: 0000000000000004
[ 53.093830][ T5012] RBP: 00007ffed4aa0860 R08: 0000000000000002 R09: 00007ffed4aa0870
[ 53.101798][ T5012] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid 5012] write(4, "t", 1) = -1 ENOMEM (Cannot allocate memory)
[pid 5012] exit_group(0) = ?
[pid 5012] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5012, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555ffb620 /* 4 entries */, 32768) = 112
umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./11/binderfs") = 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556003660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556003660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./11/file0") = 0
getdents64(3, 0x555555ffb620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./11") = 0
mkdir("./12", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ffa5d0) = 5013
./strace-static-x86_64: Process 5013 attached
[pid 5013] chdir("./12") = 0
[pid 5013] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5013] setpgid(0, 0) = 0
[pid 5013] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5013] write(3, "1000", 4) = 4
[pid 5013] close(3) = 0
[pid 5013] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5013] memfd_create("syzkaller", 0) = 3
[pid 5013] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd0f2ae6000
[ 53.109764][ T5012] R13: 00007ffed4aa08a0 R14: 00007ffed4aa0880 R15: 000000000000000b
[ 53.117724][ T5012]
[pid 5013] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5013] munmap(0x7fd0f2ae6000, 2097152) = 0
[pid 5013] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5013] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5013] close(3) = 0
[pid 5013] mkdir("./file0", 0777) = 0
[pid 5013] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5013] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5013] chdir("./file0") = 0
[pid 5013] ioctl(4, LOOP_CLR_FD) = 0
[pid 5013] close(4) = 0
[pid 5013] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5013] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5013] write(5, "12", 2) = 2
[ 53.178757][ T5013] loop0: detected capacity change from 0 to 4096
[ 53.191137][ T5013] ntfs: volume version 3.1.
[ 53.216119][ T5013] FAULT_INJECTION: forcing a failure.
[ 53.216119][ T5013] name failslab, interval 1, probability 0, space 0, times 0
[ 53.229452][ T5013] CPU: 0 PID: 5013 Comm: syz-executor111 Not tainted 6.4.0-rc4-syzkaller-00268-g51f269a6ecc7 #0
[ 53.239869][ T5013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[ 53.249992][ T5013] Call Trace:
[ 53.253261][ T5013]
[ 53.256187][ T5013] dump_stack_lvl+0x136/0x150
[ 53.260861][ T5013] should_fail_ex+0x4a3/0x5b0
[ 53.265553][ T5013] should_failslab+0x9/0x20
[ 53.270054][ T5013] kmem_cache_alloc+0x63/0x3b0
[ 53.274826][ T5013] ntfs_attr_get_search_ctx+0x45/0x200
[ 53.280279][ T5013] __ntfs_write_inode+0xc0/0xc40
[ 53.285220][ T5013] ntfs_file_fsync+0x173/0x410
[ 53.289968][ T5013] ? put_page+0x280/0x280
[ 53.294278][ T5013] vfs_fsync_range+0x13e/0x230
[ 53.299023][ T5013] ntfs_file_write_iter+0x6cd/0x1e30
[ 53.304298][ T5013] vfs_write+0x945/0xd50
[ 53.308526][ T5013] ? kernel_write+0x670/0x670
[ 53.313197][ T5013] ? recalc_sigpending_tsk+0x18b/0x1d0
[ 53.318635][ T5013] ? find_held_lock+0x2d/0x110
[ 53.323403][ T5013] ? lock_downgrade+0x690/0x690
[ 53.328242][ T5013] ? __fget_light+0x20a/0x270
[ 53.332907][ T5013] ksys_write+0x12b/0x250
[ 53.337219][ T5013] ? __ia32_sys_read+0xb0/0xb0
[ 53.341967][ T5013] ? lockdep_hardirqs_on+0x7d/0x100
[ 53.347173][ T5013] ? _raw_spin_unlock_irq+0x2e/0x50
[ 53.352380][ T5013] ? ptrace_notify+0xfe/0x140
[ 53.357042][ T5013] do_syscall_64+0x39/0xb0
[ 53.361451][ T5013] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 53.367339][ T5013] RIP: 0033:0x7fd0faf33ba9
[ 53.371748][ T5013] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 53.391429][ T5013] RSP: 002b:00007ffed4aa0838 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 53.399884][ T5013] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fd0faf33ba9
[ 53.407855][ T5013] RDX: 0000000000000001 RSI: 0000000020004200 RDI: 0000000000000004
[ 53.415837][ T5013] RBP: 00007ffed4aa0860 R08: 0000000000000002 R09: 00007ffed4aa0870
[pid 5013] write(4, "t", 1) = -1 ENOMEM (Cannot allocate memory)
[pid 5013] exit_group(0) = ?
[pid 5013] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5013, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555ffb620 /* 4 entries */, 32768) = 112
umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./12/binderfs") = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556003660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556003660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./12/file0") = 0
getdents64(3, 0x555555ffb620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./12") = 0
mkdir("./13", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ffa5d0) = 5014
./strace-static-x86_64: Process 5014 attached
[pid 5014] chdir("./13") = 0
[pid 5014] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5014] setpgid(0, 0) = 0
[pid 5014] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5014] write(3, "1000", 4) = 4
[pid 5014] close(3) = 0
[pid 5014] symlink("/dev/binderfs", "./binderfs") = 0
[ 53.423792][ T5013] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 53.431745][ T5013] R13: 00007ffed4aa08a0 R14: 00007ffed4aa0880 R15: 000000000000000c
[ 53.439714][ T5013]
[pid 5014] memfd_create("syzkaller", 0) = 3
[pid 5014] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd0f2ae6000
[pid 5014] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5014] munmap(0x7fd0f2ae6000, 2097152) = 0
[pid 5014] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5014] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5014] close(3) = 0
[pid 5014] mkdir("./file0", 0777) = 0
[pid 5014] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5014] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5014] chdir("./file0") = 0
[pid 5014] ioctl(4, LOOP_CLR_FD) = 0
[pid 5014] close(4) = 0
[pid 5014] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5014] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5014] write(5, "12", 2) = 2
[pid 5014] write(4, "t", 1) = 1
[pid 5014] exit_group(0) = ?
[pid 5014] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5014, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555ffb620 /* 4 entries */, 32768) = 112
umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./13/binderfs") = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556003660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556003660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./13/file0") = 0
getdents64(3, 0x555555ffb620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./13") = 0
mkdir("./14", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ffa5d0) = 5015
./strace-static-x86_64: Process 5015 attached
[pid 5015] chdir("./14") = 0
[pid 5015] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[ 53.510609][ T5014] loop0: detected capacity change from 0 to 4096
[ 53.522654][ T5014] ntfs: volume version 3.1.
[pid 5015] setpgid(0, 0) = 0
[pid 5015] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5015] write(3, "1000", 4) = 4
[pid 5015] close(3) = 0
[pid 5015] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5015] memfd_create("syzkaller", 0) = 3
[pid 5015] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd0f2ae6000
[pid 5015] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5015] munmap(0x7fd0f2ae6000, 2097152) = 0
[pid 5015] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5015] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5015] close(3) = 0
[pid 5015] mkdir("./file0", 0777) = 0
[pid 5015] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5015] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5015] chdir("./file0") = 0
[pid 5015] ioctl(4, LOOP_CLR_FD) = 0
[pid 5015] close(4) = 0
[pid 5015] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5015] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5015] write(5, "12", 2) = 2
[pid 5015] write(4, "t", 1) = 1
[pid 5015] exit_group(0) = ?
[pid 5015] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5015, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555ffb620 /* 4 entries */, 32768) = 112
umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./14/binderfs") = 0
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[ 53.607164][ T5015] loop0: detected capacity change from 0 to 4096
[ 53.619511][ T5015] ntfs: volume version 3.1.
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556003660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556003660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./14/file0") = 0
getdents64(3, 0x555555ffb620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./14") = 0
mkdir("./15", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ffa5d0) = 5016
./strace-static-x86_64: Process 5016 attached
[pid 5016] chdir("./15") = 0
[pid 5016] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5016] setpgid(0, 0) = 0
[pid 5016] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5016] write(3, "1000", 4) = 4
[pid 5016] close(3) = 0
[pid 5016] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5016] memfd_create("syzkaller", 0) = 3
[pid 5016] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd0f2ae6000
[pid 5016] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5016] munmap(0x7fd0f2ae6000, 2097152) = 0
[pid 5016] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5016] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5016] close(3) = 0
[pid 5016] mkdir("./file0", 0777) = 0
[pid 5016] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5016] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5016] chdir("./file0") = 0
[pid 5016] ioctl(4, LOOP_CLR_FD) = 0
[pid 5016] close(4) = 0
[pid 5016] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5016] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5016] write(5, "12", 2) = 2
[pid 5016] write(4, "t", 1) = 1
[pid 5016] exit_group(0) = ?
[pid 5016] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5016, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555ffb620 /* 4 entries */, 32768) = 112
umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./15/binderfs") = 0
[ 53.707982][ T5016] loop0: detected capacity change from 0 to 4096
[ 53.720614][ T5016] ntfs: volume version 3.1.
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556003660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556003660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./15/file0") = 0
getdents64(3, 0x555555ffb620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./15") = 0
mkdir("./16", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ffa5d0) = 5017
./strace-static-x86_64: Process 5017 attached
[pid 5017] chdir("./16") = 0
[pid 5017] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5017] setpgid(0, 0) = 0
[pid 5017] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5017] write(3, "1000", 4) = 4
[pid 5017] close(3) = 0
[pid 5017] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5017] memfd_create("syzkaller", 0) = 3
[pid 5017] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd0f2ae6000
[pid 5017] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5017] munmap(0x7fd0f2ae6000, 2097152) = 0
[pid 5017] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5017] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5017] close(3) = 0
[pid 5017] mkdir("./file0", 0777) = 0
[pid 5017] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5017] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5017] chdir("./file0") = 0
[pid 5017] ioctl(4, LOOP_CLR_FD) = 0
[pid 5017] close(4) = 0
[pid 5017] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5017] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5017] write(5, "12", 2) = 2
[pid 5017] write(4, "t", 1) = 1
[pid 5017] exit_group(0) = ?
[pid 5017] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5017, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555ffb620 /* 4 entries */, 32768) = 112
umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./16/binderfs") = 0
[ 53.839434][ T5017] loop0: detected capacity change from 0 to 4096
[ 53.851627][ T5017] ntfs: volume version 3.1.
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556003660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556003660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./16/file0") = 0
getdents64(3, 0x555555ffb620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./16") = 0
mkdir("./17", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5018 attached
, child_tidptr=0x555555ffa5d0) = 5018
[pid 5018] chdir("./17") = 0
[pid 5018] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5018] setpgid(0, 0) = 0
[pid 5018] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5018] write(3, "1000", 4) = 4
[pid 5018] close(3) = 0
[pid 5018] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5018] memfd_create("syzkaller", 0) = 3
[pid 5018] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd0f2ae6000
[pid 5018] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5018] munmap(0x7fd0f2ae6000, 2097152) = 0
[pid 5018] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5018] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5018] close(3) = 0
[pid 5018] mkdir("./file0", 0777) = 0
[pid 5018] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5018] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5018] chdir("./file0") = 0
[pid 5018] ioctl(4, LOOP_CLR_FD) = 0
[pid 5018] close(4) = 0
[pid 5018] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5018] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5018] write(5, "12", 2) = 2
[ 53.967642][ T5018] loop0: detected capacity change from 0 to 4096
[ 53.980238][ T5018] ntfs: volume version 3.1.
[ 54.000177][ T5018] FAULT_INJECTION: forcing a failure.
[ 54.000177][ T5018] name failslab, interval 1, probability 0, space 0, times 0
[ 54.012989][ T5018] CPU: 0 PID: 5018 Comm: syz-executor111 Not tainted 6.4.0-rc4-syzkaller-00268-g51f269a6ecc7 #0
[ 54.023404][ T5018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[ 54.033446][ T5018] Call Trace:
[ 54.036717][ T5018]
[ 54.039640][ T5018] dump_stack_lvl+0x136/0x150
[ 54.044341][ T5018] should_fail_ex+0x4a3/0x5b0
[ 54.049028][ T5018] should_failslab+0x9/0x20
[ 54.053552][ T5018] kmem_cache_alloc+0x63/0x3b0
[ 54.058314][ T5018] ntfs_attr_get_search_ctx+0x45/0x200
[ 54.063759][ T5018] __ntfs_write_inode+0xc0/0xc40
[ 54.068686][ T5018] ntfs_file_fsync+0x173/0x410
[ 54.073465][ T5018] ? put_page+0x280/0x280
[ 54.077787][ T5018] vfs_fsync_range+0x13e/0x230
[ 54.082539][ T5018] ntfs_file_write_iter+0x6cd/0x1e30
[ 54.087817][ T5018] vfs_write+0x945/0xd50
[ 54.092046][ T5018] ? kernel_write+0x670/0x670
[ 54.096705][ T5018] ? recalc_sigpending_tsk+0x18b/0x1d0
[ 54.102152][ T5018] ? find_held_lock+0x2d/0x110
[ 54.106924][ T5018] ? lock_downgrade+0x690/0x690
[ 54.111776][ T5018] ? __fget_light+0x20a/0x270
[ 54.116447][ T5018] ksys_write+0x12b/0x250
[ 54.120769][ T5018] ? __ia32_sys_read+0xb0/0xb0
[ 54.125515][ T5018] ? lockdep_hardirqs_on+0x7d/0x100
[ 54.130701][ T5018] ? _raw_spin_unlock_irq+0x2e/0x50
[ 54.135892][ T5018] ? ptrace_notify+0xfe/0x140
[ 54.140647][ T5018] do_syscall_64+0x39/0xb0
[ 54.145058][ T5018] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 54.150941][ T5018] RIP: 0033:0x7fd0faf33ba9
[ 54.155339][ T5018] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 54.174943][ T5018] RSP: 002b:00007ffed4aa0838 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 54.183522][ T5018] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fd0faf33ba9
[ 54.191488][ T5018] RDX: 0000000000000001 RSI: 0000000020004200 RDI: 0000000000000004
[ 54.199445][ T5018] RBP: 00007ffed4aa0860 R08: 0000000000000002 R09: 00007ffed4aa0870
[ 54.207405][ T5018] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid 5018] write(4, "t", 1) = -1 ENOMEM (Cannot allocate memory)
[pid 5018] exit_group(0) = ?
[pid 5018] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5018, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555ffb620 /* 4 entries */, 32768) = 112
umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./17/binderfs") = 0
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556003660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556003660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./17/file0") = 0
getdents64(3, 0x555555ffb620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./17") = 0
mkdir("./18", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ffa5d0) = 5019
./strace-static-x86_64: Process 5019 attached
[pid 5019] chdir("./18") = 0
[pid 5019] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5019] setpgid(0, 0) = 0
[pid 5019] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5019] write(3, "1000", 4) = 4
[pid 5019] close(3) = 0
[pid 5019] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5019] memfd_create("syzkaller", 0) = 3
[pid 5019] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd0f2ae6000
[pid 5019] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5019] munmap(0x7fd0f2ae6000, 2097152) = 0
[pid 5019] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 54.215360][ T5018] R13: 00007ffed4aa08a0 R14: 00007ffed4aa0880 R15: 0000000000000011
[ 54.223327][ T5018]
[pid 5019] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5019] close(3) = 0
[pid 5019] mkdir("./file0", 0777) = 0
[pid 5019] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5019] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5019] chdir("./file0") = 0
[pid 5019] ioctl(4, LOOP_CLR_FD) = 0
[pid 5019] close(4) = 0
[pid 5019] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5019] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5019] write(5, "12", 2) = 2
[pid 5019] write(4, "t", 1) = 1
[pid 5019] exit_group(0) = ?
[pid 5019] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5019, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555ffb620 /* 4 entries */, 32768) = 112
umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./18/binderfs") = 0
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556003660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556003660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./18/file0") = 0
getdents64(3, 0x555555ffb620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./18") = 0
mkdir("./19", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ffa5d0) = 5020
./strace-static-x86_64: Process 5020 attached
[pid 5020] chdir("./19") = 0
[pid 5020] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5020] setpgid(0, 0) = 0
[pid 5020] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[ 54.279256][ T5019] loop0: detected capacity change from 0 to 4096
[ 54.291584][ T5019] ntfs: volume version 3.1.
[pid 5020] write(3, "1000", 4) = 4
[pid 5020] close(3) = 0
[pid 5020] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5020] memfd_create("syzkaller", 0) = 3
[pid 5020] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd0f2ae6000
[pid 5020] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5020] munmap(0x7fd0f2ae6000, 2097152) = 0
[pid 5020] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5020] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5020] close(3) = 0
[pid 5020] mkdir("./file0", 0777) = 0
[pid 5020] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5020] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5020] chdir("./file0") = 0
[pid 5020] ioctl(4, LOOP_CLR_FD) = 0
[pid 5020] close(4) = 0
[pid 5020] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5020] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5020] write(5, "12", 2) = 2
[ 54.362825][ T5020] loop0: detected capacity change from 0 to 4096
[ 54.375138][ T5020] ntfs: volume version 3.1.
[ 54.400437][ T5020] FAULT_INJECTION: forcing a failure.
[ 54.400437][ T5020] name failslab, interval 1, probability 0, space 0, times 0
[ 54.413181][ T5020] CPU: 0 PID: 5020 Comm: syz-executor111 Not tainted 6.4.0-rc4-syzkaller-00268-g51f269a6ecc7 #0
[ 54.423609][ T5020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[ 54.433658][ T5020] Call Trace:
[ 54.436937][ T5020]
[ 54.439853][ T5020] dump_stack_lvl+0x136/0x150
[ 54.444525][ T5020] should_fail_ex+0x4a3/0x5b0
[ 54.449197][ T5020] should_failslab+0x9/0x20
[ 54.453686][ T5020] kmem_cache_alloc+0x63/0x3b0
[ 54.458444][ T5020] ntfs_attr_get_search_ctx+0x45/0x200
[ 54.463896][ T5020] __ntfs_write_inode+0xc0/0xc40
[ 54.468826][ T5020] ntfs_file_fsync+0x173/0x410
[ 54.473577][ T5020] ? put_page+0x280/0x280
[ 54.477897][ T5020] vfs_fsync_range+0x13e/0x230
[ 54.482649][ T5020] ntfs_file_write_iter+0x6cd/0x1e30
[ 54.487932][ T5020] vfs_write+0x945/0xd50
[ 54.492161][ T5020] ? kernel_write+0x670/0x670
[ 54.496820][ T5020] ? recalc_sigpending_tsk+0x18b/0x1d0
[ 54.502265][ T5020] ? find_held_lock+0x2d/0x110
[ 54.507022][ T5020] ? lock_downgrade+0x690/0x690
[ 54.511867][ T5020] ? __fget_light+0x20a/0x270
[ 54.516541][ T5020] ksys_write+0x12b/0x250
[ 54.520858][ T5020] ? __ia32_sys_read+0xb0/0xb0
[ 54.525602][ T5020] ? lockdep_hardirqs_on+0x7d/0x100
[ 54.530788][ T5020] ? _raw_spin_unlock_irq+0x2e/0x50
[ 54.535979][ T5020] ? ptrace_notify+0xfe/0x140
[ 54.540646][ T5020] do_syscall_64+0x39/0xb0
[ 54.545054][ T5020] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 54.550940][ T5020] RIP: 0033:0x7fd0faf33ba9
[ 54.555342][ T5020] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 54.574937][ T5020] RSP: 002b:00007ffed4aa0838 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 54.583343][ T5020] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fd0faf33ba9
[ 54.591306][ T5020] RDX: 0000000000000001 RSI: 0000000020004200 RDI: 0000000000000004
[ 54.599263][ T5020] RBP: 00007ffed4aa0860 R08: 0000000000000002 R09: 00007ffed4aa0870
[pid 5020] write(4, "t", 1) = -1 ENOMEM (Cannot allocate memory)
[pid 5020] exit_group(0) = ?
[pid 5020] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5020, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} ---
umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555ffb620 /* 4 entries */, 32768) = 112
umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./19/binderfs") = 0
umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556003660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556003660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./19/file0") = 0
getdents64(3, 0x555555ffb620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./19") = 0
mkdir("./20", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
[ 54.607219][ T5020] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 54.615169][ T5020] R13: 00007ffed4aa08a0 R14: 00007ffed4aa0880 R15: 0000000000000013
[ 54.623138][ T5020]
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ffa5d0) = 5021
./strace-static-x86_64: Process 5021 attached
[pid 5021] chdir("./20") = 0
[pid 5021] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5021] setpgid(0, 0) = 0
[pid 5021] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5021] write(3, "1000", 4) = 4
[pid 5021] close(3) = 0
[pid 5021] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5021] memfd_create("syzkaller", 0) = 3
[pid 5021] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd0f2ae6000
[pid 5021] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5021] munmap(0x7fd0f2ae6000, 2097152) = 0
[pid 5021] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5021] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5021] close(3) = 0
[pid 5021] mkdir("./file0", 0777) = 0
[pid 5021] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5021] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5021] chdir("./file0") = 0
[pid 5021] ioctl(4, LOOP_CLR_FD) = 0
[pid 5021] close(4) = 0
[pid 5021] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5021] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5021] write(5, "12", 2) = 2
[ 54.701827][ T5021] loop0: detected capacity change from 0 to 4096
[ 54.713811][ T5021] ntfs: volume version 3.1.
[ 54.736251][ T5021] FAULT_INJECTION: forcing a failure.
[ 54.736251][ T5021] name failslab, interval 1, probability 0, space 0, times 0
[ 54.751523][ T5021] CPU: 0 PID: 5021 Comm: syz-executor111 Not tainted 6.4.0-rc4-syzkaller-00268-g51f269a6ecc7 #0
[ 54.762023][ T5021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[ 54.772069][ T5021] Call Trace:
[ 54.775344][ T5021]
[ 54.778261][ T5021] dump_stack_lvl+0x136/0x150
[ 54.782955][ T5021] should_fail_ex+0x4a3/0x5b0
[ 54.787656][ T5021] should_failslab+0x9/0x20
[ 54.792143][ T5021] kmem_cache_alloc+0x63/0x3b0
[ 54.796895][ T5021] ntfs_attr_get_search_ctx+0x45/0x200
[ 54.802342][ T5021] __ntfs_write_inode+0xc0/0xc40
[ 54.807274][ T5021] ntfs_file_fsync+0x173/0x410
[ 54.812035][ T5021] ? put_page+0x280/0x280
[ 54.816424][ T5021] vfs_fsync_range+0x13e/0x230
[ 54.821178][ T5021] ntfs_file_write_iter+0x6cd/0x1e30
[ 54.826467][ T5021] vfs_write+0x945/0xd50
[ 54.830705][ T5021] ? kernel_write+0x670/0x670
[ 54.835375][ T5021] ? recalc_sigpending_tsk+0x18b/0x1d0
[ 54.840925][ T5021] ? find_held_lock+0x2d/0x110
[ 54.845691][ T5021] ? lock_downgrade+0x690/0x690
[ 54.850560][ T5021] ? __fget_light+0x20a/0x270
[ 54.855238][ T5021] ksys_write+0x12b/0x250
[ 54.859561][ T5021] ? __ia32_sys_read+0xb0/0xb0
[ 54.864311][ T5021] ? lockdep_hardirqs_on+0x7d/0x100
[ 54.869510][ T5021] ? _raw_spin_unlock_irq+0x2e/0x50
[ 54.874698][ T5021] ? ptrace_notify+0xfe/0x140
[ 54.879368][ T5021] do_syscall_64+0x39/0xb0
[ 54.883781][ T5021] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 54.889665][ T5021] RIP: 0033:0x7fd0faf33ba9
[ 54.894061][ T5021] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 54.913660][ T5021] RSP: 002b:00007ffed4aa0838 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 54.922065][ T5021] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fd0faf33ba9
[ 54.930020][ T5021] RDX: 0000000000000001 RSI: 0000000020004200 RDI: 0000000000000004
[ 54.937981][ T5021] RBP: 00007ffed4aa0860 R08: 0000000000000002 R09: 00007ffed4aa0870
[pid 5021] write(4, "t", 1) = -1 ENOMEM (Cannot allocate memory)
[pid 5021] exit_group(0) = ?
[pid 5021] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5021, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555ffb620 /* 4 entries */, 32768) = 112
umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./20/binderfs") = 0
umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556003660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556003660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./20/file0") = 0
getdents64(3, 0x555555ffb620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./20") = 0
mkdir("./21", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ffa5d0) = 5022
./strace-static-x86_64: Process 5022 attached
[pid 5022] chdir("./21") = 0
[pid 5022] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5022] setpgid(0, 0) = 0
[pid 5022] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5022] write(3, "1000", 4) = 4
[pid 5022] close(3) = 0
[pid 5022] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5022] memfd_create("syzkaller", 0) = 3
[pid 5022] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd0f2ae6000
[ 54.945937][ T5021] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 54.953895][ T5021] R13: 00007ffed4aa08a0 R14: 00007ffed4aa0880 R15: 0000000000000014
[ 54.961864][ T5021]
[pid 5022] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\xb5\x0b\x00\x00\x04\x00\x00\x00\xf7\x9a\x81\x47\x2b\x73\xcf\x43\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5022] munmap(0x7fd0f2ae6000, 2097152) = 0
[pid 5022] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5022] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5022] close(3) = 0
[pid 5022] mkdir("./file0", 0777) = 0
[pid 5022] mount("/dev/loop0", "./file0", "ntfs", 0, "errors=continue,errors=recover,utf8,errors=recover,fmask=00000000000017777777777,dmask=0000000000400"...) = 0
[pid 5022] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5022] chdir("./file0") = 0
[pid 5022] ioctl(4, LOOP_CLR_FD) = 0
[pid 5022] close(4) = 0
[pid 5022] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5022] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5022] write(5, "12", 2) = 2
[ 55.027509][ T5022] loop0: detected capacity change from 0 to 4096
[ 55.040589][ T5022] ntfs: volume version 3.1.
[ 55.060500][ T5022] FAULT_INJECTION: forcing a failure.
[ 55.060500][ T5022] name fail_usercopy, interval 1, probability 0, space 0, times 1
[ 55.073787][ T5022] CPU: 0 PID: 5022 Comm: syz-executor111 Not tainted 6.4.0-rc4-syzkaller-00268-g51f269a6ecc7 #0
[ 55.084210][ T5022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[ 55.094263][ T5022] Call Trace:
[ 55.097535][ T5022]
[ 55.100458][ T5022] dump_stack_lvl+0x136/0x150
[ 55.105147][ T5022] should_fail_ex+0x4a3/0x5b0
[ 55.109819][ T5022] ? page_copy_sane+0xcc/0x2d0
[ 55.114571][ T5022] copy_page_from_iter_atomic+0x232/0x1400
[ 55.120372][ T5022] ? csum_and_copy_from_iter+0x1460/0x1460
[ 55.126168][ T5022] ? ntfs_file_fsync+0x410/0x410
[ 55.131094][ T5022] ? folio_flags.constprop.0+0x53/0x150
[ 55.136637][ T5022] ntfs_perform_write.isra.0+0x7f9/0x30a0
[ 55.142349][ T5022] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 55.148326][ T5022] ? find_held_lock+0x2d/0x110
[ 55.153073][ T5022] ? ntfs_prepare_pages_for_non_resident_write+0x4dd0/0x4dd0
[ 55.160431][ T5022] ? ntfs_file_write_iter+0x4e9/0x1e30
[ 55.165877][ T5022] ? lock_downgrade+0x690/0x690
[ 55.170719][ T5022] ? mark_held_locks+0x9f/0xe0
[ 55.175560][ T5022] ? _raw_read_unlock_irqrestore+0x54/0x70
[ 55.181362][ T5022] ntfs_file_write_iter+0x5c0/0x1e30
[ 55.186644][ T5022] vfs_write+0x945/0xd50
[ 55.190869][ T5022] ? kernel_write+0x670/0x670
[ 55.195525][ T5022] ? recalc_sigpending_tsk+0x18b/0x1d0
[ 55.200970][ T5022] ? find_held_lock+0x2d/0x110
[ 55.205725][ T5022] ? lock_downgrade+0x690/0x690
[ 55.210565][ T5022] ? __fget_light+0x20a/0x270
[ 55.215236][ T5022] ksys_write+0x12b/0x250
[ 55.219554][ T5022] ? __ia32_sys_read+0xb0/0xb0
[ 55.224300][ T5022] ? lockdep_hardirqs_on+0x7d/0x100
[ 55.229489][ T5022] ? _raw_spin_unlock_irq+0x2e/0x50
[ 55.234702][ T5022] ? ptrace_notify+0xfe/0x140
[ 55.239369][ T5022] do_syscall_64+0x39/0xb0
[ 55.243780][ T5022] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 55.249664][ T5022] RIP: 0033:0x7fd0faf33ba9
[ 55.254060][ T5022] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 55.273750][ T5022] RSP: 002b:00007ffed4aa0838 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 55.282153][ T5022] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fd0faf33ba9
[ 55.290109][ T5022] RDX: 0000000000000001 RSI: 0000000020004200 RDI: 0000000000000004
[ 55.298067][ T5022] RBP: 00007ffed4aa0860 R08: 0000000000000002 R09: 00007ffed4aa0870
[ 55.306023][ T5022] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 55.313983][ T5022] R13: 00007ffed4aa08a0 R14: 00007ffed4aa0880 R15: 0000000000000015
[ 55.321952][ T5022]
[ 55.326978][ T5022] ------------[ cut here ]------------
[ 55.332414][ T5022] kernel BUG at fs/ntfs/file.c:493!
[ 55.337814][ T5022] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[ 55.343876][ T5022] CPU: 0 PID: 5022 Comm: syz-executor111 Not tainted 6.4.0-rc4-syzkaller-00268-g51f269a6ecc7 #0
[ 55.354356][ T5022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[ 55.364397][ T5022] RIP: 0010:ntfs_perform_write.isra.0+0x16ff/0x30a0
[ 55.370975][ T5022] Code: 00 00 48 8b 44 24 40 41 89 d9 48 c7 c2 60 83 81 8a 48 c7 c7 20 89 81 8a 48 8b 30 e8 7b 2b ff ff e9 44 ef ff ff e8 e1 0b d6 fe <0f> 0b e8 da 0b d6 fe 48 8b 5c 24 48 31 ff 48 89 de e8 0b 08 d6 fe
[ 55.390570][ T5022] RSP: 0018:ffffc9000426fa78 EFLAGS: 00010293
[ 55.396620][ T5022] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 55.404577][ T5022] RDX: ffff888021781dc0 RSI: ffffffff82ae3a5f RDI: 0000000000000005
[ 55.412548][ T5022] RBP: ffffc9000426fbb8 R08: 0000000000000005 R09: 0000000000000000
[ 55.420501][ T5022] R10: 0000000000000000 R11: 0000000000000001 R12: ffffea0001cdef00
[ 55.428453][ T5022] R13: ffffea0001cdefc0 R14: 0000000000000000 R15: dffffc0000000000
[ 55.436518][ T5022] FS: 0000555555ffa300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[ 55.445432][ T5022] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 55.452043][ T5022] CR2: 0000000020004200 CR3: 00000000157e4000 CR4: 0000000000350ef0
[ 55.460004][ T5022] Call Trace:
[ 55.463265][ T5022]
[ 55.466178][ T5022] ? die+0x32/0x90
[ 55.469891][ T5022] ? do_trap+0x1b2/0x3f0
[ 55.474117][ T5022] ? ntfs_perform_write.isra.0+0x16ff/0x30a0
[ 55.480081][ T5022] ? ntfs_perform_write.isra.0+0x16ff/0x30a0
[ 55.486044][ T5022] ? do_error_trap+0xb1/0x170
[ 55.490702][ T5022] ? ntfs_perform_write.isra.0+0x16ff/0x30a0
[ 55.496668][ T5022] ? handle_invalid_op+0x2c/0x30
[ 55.501591][ T5022] ? ntfs_perform_write.isra.0+0x16ff/0x30a0
[ 55.507555][ T5022] ? exc_invalid_op+0x2f/0x50
[ 55.512215][ T5022] ? asm_exc_invalid_op+0x1a/0x20
[ 55.517230][ T5022] ? ntfs_perform_write.isra.0+0x16ff/0x30a0
[ 55.523281][ T5022] ? ntfs_perform_write.isra.0+0x16ff/0x30a0
[ 55.529250][ T5022] ? ntfs_perform_write.isra.0+0x16ff/0x30a0
[ 55.535222][ T5022] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 55.541192][ T5022] ? find_held_lock+0x2d/0x110
[ 55.545941][ T5022] ? ntfs_prepare_pages_for_non_resident_write+0x4dd0/0x4dd0
[ 55.553303][ T5022] ? ntfs_file_write_iter+0x4e9/0x1e30
[ 55.558747][ T5022] ? lock_downgrade+0x690/0x690
[ 55.563607][ T5022] ? mark_held_locks+0x9f/0xe0
[ 55.568358][ T5022] ? _raw_read_unlock_irqrestore+0x54/0x70
[ 55.574170][ T5022] ntfs_file_write_iter+0x5c0/0x1e30
[ 55.579461][ T5022] vfs_write+0x945/0xd50
[ 55.583698][ T5022] ? kernel_write+0x670/0x670
[ 55.588354][ T5022] ? recalc_sigpending_tsk+0x18b/0x1d0
[ 55.593796][ T5022] ? find_held_lock+0x2d/0x110
[ 55.598544][ T5022] ? lock_downgrade+0x690/0x690
[ 55.603381][ T5022] ? __fget_light+0x20a/0x270
[ 55.608047][ T5022] ksys_write+0x12b/0x250
[ 55.612358][ T5022] ? __ia32_sys_read+0xb0/0xb0
[ 55.617104][ T5022] ? lockdep_hardirqs_on+0x7d/0x100
[ 55.622288][ T5022] ? _raw_spin_unlock_irq+0x2e/0x50
[ 55.627486][ T5022] ? ptrace_notify+0xfe/0x140
[ 55.632164][ T5022] do_syscall_64+0x39/0xb0
[ 55.636589][ T5022] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 55.642492][ T5022] RIP: 0033:0x7fd0faf33ba9
[ 55.646889][ T5022] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 55.666478][ T5022] RSP: 002b:00007ffed4aa0838 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 55.674956][ T5022] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fd0faf33ba9
[ 55.682924][ T5022] RDX: 0000000000000001 RSI: 0000000020004200 RDI: 0000000000000004
[ 55.690876][ T5022] RBP: 00007ffed4aa0860 R08: 0000000000000002 R09: 00007ffed4aa0870
[ 55.698829][ T5022] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 55.706781][ T5022] R13: 00007ffed4aa08a0 R14: 00007ffed4aa0880 R15: 0000000000000015
[ 55.714735][ T5022]
[ 55.717731][ T5022] Modules linked in:
[ 55.721861][ T5022] ---[ end trace 0000000000000000 ]---
[ 55.727385][ T5022] RIP: 0010:ntfs_perform_write.isra.0+0x16ff/0x30a0
[ 55.734049][ T5022] Code: 00 00 48 8b 44 24 40 41 89 d9 48 c7 c2 60 83 81 8a 48 c7 c7 20 89 81 8a 48 8b 30 e8 7b 2b ff ff e9 44 ef ff ff e8 e1 0b d6 fe <0f> 0b e8 da 0b d6 fe 48 8b 5c 24 48 31 ff 48 89 de e8 0b 08 d6 fe
[ 55.753765][ T5022] RSP: 0018:ffffc9000426fa78 EFLAGS: 00010293
[ 55.759845][ T5022] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 55.767819][ T5022] RDX: ffff888021781dc0 RSI: ffffffff82ae3a5f RDI: 0000000000000005
[ 55.775778][ T5022] RBP: ffffc9000426fbb8 R08: 0000000000000005 R09: 0000000000000000
[ 55.783860][ T5022] R10: 0000000000000000 R11: 0000000000000001 R12: ffffea0001cdef00
[ 55.791841][ T5022] R13: ffffea0001cdefc0 R14: 0000000000000000 R15: dffffc0000000000
[ 55.799821][ T5022] FS: 0000555555ffa300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[ 55.808758][ T5022] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 55.815328][ T5022] CR2: 0000000020004200 CR3: 00000000157e4000 CR4: 0000000000350ef0
[ 55.823322][ T5022] Kernel panic - not syncing: Fatal exception
[ 55.830101][ T5022] Kernel Offset: disabled
[ 55.834404][ T5022] Rebooting in 86400 seconds..