./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3489494346
<...>
DUID 00:04:ab:86:5b:51:31:5e:ac:a3:74:55:84:ab:cd:90:ff:3d
forked to background, child pid 4650
[ 34.202820][ T4651] 8021q: adding VLAN 0 to HW filter on device bond0
[ 34.220020][ T4651] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.10.27' (ECDSA) to the list of known hosts.
execve("./syz-executor3489494346", ["./syz-executor3489494346"], 0x7ffdd93c3460 /* 10 vars */) = 0
brk(NULL) = 0x555555c62000
brk(0x555555c62c40) = 0x555555c62c40
arch_prctl(ARCH_SET_FS, 0x555555c62300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor3489494346", 4096) = 28
brk(0x555555c83c40) = 0x555555c83c40
brk(0x555555c84000) = 0x555555c84000
mprotect(0x7f1bf3c19000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
getpid() = 5076
mkdir("./syzkaller.2aPEiZ", 0700) = 0
chmod("./syzkaller.2aPEiZ", 0777) = 0
chdir("./syzkaller.2aPEiZ") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c625d0) = 5077
./strace-static-x86_64: Process 5077 attached
[pid 5077] chdir("./0") = 0
[pid 5077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5077] setpgid(0, 0) = 0
[pid 5077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5077] write(3, "1000", 4) = 4
[pid 5077] close(3) = 0
[pid 5077] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5077] memfd_create("syzkaller", 0) = 3
[pid 5077] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1beb75d000
[pid 5077] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5077] munmap(0x7f1beb75d000, 32768) = 0
[pid 5077] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5077] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5077] close(3) = 0
[pid 5077] mkdir("./file0", 0777) = 0
[pid 5077] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5077] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5077] chdir("./file0") = 0
[pid 5077] ioctl(4, LOOP_CLR_FD) = 0
[pid 5077] close(4) = 0
[pid 5077] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5077] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5077] write(5, "9", 1) = 1
[pid 5077] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
syzkaller login: [ 54.978636][ T5077] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5077 'syz-executor348'
[ 54.994450][ T5077] loop0: detected capacity change from 0 to 64
[pid 5077] exit_group(0) = ?
[pid 5077] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5077, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c63620 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs") = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555c6b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555c6b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file0") = 0
getdents64(3, 0x555555c63620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c625d0) = 5079
./strace-static-x86_64: Process 5079 attached
[pid 5079] chdir("./1") = 0
[pid 5079] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5079] setpgid(0, 0) = 0
[pid 5079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5079] write(3, "1000", 4) = 4
[pid 5079] close(3) = 0
[pid 5079] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5079] memfd_create("syzkaller", 0) = 3
[pid 5079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1beb75d000
[pid 5079] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5079] munmap(0x7f1beb75d000, 32768) = 0
[pid 5079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5079] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5079] close(3) = 0
[pid 5079] mkdir("./file0", 0777) = 0
[pid 5079] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5079] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5079] chdir("./file0") = 0
[pid 5079] ioctl(4, LOOP_CLR_FD) = 0
[pid 5079] close(4) = 0
[pid 5079] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5079] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5079] write(5, "9", 1) = 1
[ 55.113880][ T5079] loop0: detected capacity change from 0 to 64
[ 55.147810][ T5079] FAULT_INJECTION: forcing a failure.
[ 55.147810][ T5079] name failslab, interval 1, probability 0, space 0, times 1
[ 55.160881][ T5079] CPU: 0 PID: 5079 Comm: syz-executor348 Not tainted 6.2.0-rc2-next-20230105-syzkaller #0
[ 55.170769][ T5079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 55.180812][ T5079] Call Trace:
[ 55.184079][ T5079]
[ 55.187000][ T5079] dump_stack_lvl+0xd1/0x138
[ 55.191599][ T5079] should_fail_ex.cold+0x5/0xa
[ 55.196366][ T5079] should_failslab+0x9/0x20
[ 55.200866][ T5079] __kmem_cache_alloc_node+0x5b/0x330
[ 55.206235][ T5079] ? hfs_find_init+0x95/0x240
[ 55.210919][ T5079] ? hfs_find_init+0x95/0x240
[ 55.215584][ T5079] __kmalloc+0x4a/0xd0
[ 55.219653][ T5079] hfs_find_init+0x95/0x240
[ 55.224150][ T5079] hfs_ext_read_extent+0x18d/0xa20
[ 55.229254][ T5079] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 55.234793][ T5079] ? hfs_free_extents+0x2e0/0x2e0
[ 55.239815][ T5079] ? clean_bdev_aliases+0x4f9/0x600
[ 55.245018][ T5079] hfs_extend_file+0x4b5/0xae0
[ 55.249779][ T5079] ? hfs_free_fork+0x920/0x920
[ 55.254536][ T5079] ? rcu_read_lock_sched_held+0x3e/0x70
[ 55.260081][ T5079] ? __mark_inode_dirty+0x32c/0x1250
[ 55.265510][ T5079] hfs_get_block+0x17f/0x820
[ 55.270111][ T5079] __block_write_begin_int+0x3bd/0x14b0
[ 55.275661][ T5079] ? hfs_extend_file+0xae0/0xae0
[ 55.280602][ T5079] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 55.286144][ T5079] ? PageHeadHuge+0x1a2/0x200
[ 55.290823][ T5079] ? hfs_extend_file+0xae0/0xae0
[ 55.295756][ T5079] block_write_begin+0xb9/0x4d0
[ 55.300604][ T5079] cont_write_begin+0x534/0x740
[ 55.305461][ T5079] ? hfs_extend_file+0xae0/0xae0
[ 55.310410][ T5079] ? block_write_begin+0x4d0/0x4d0
[ 55.315529][ T5079] ? fault_in_readable+0x179/0x290
[ 55.320640][ T5079] ? fault_in_subpage_writeable+0x20/0x20
[ 55.326360][ T5079] hfs_write_begin+0x87/0x150
[ 55.331035][ T5079] ? hfs_extend_file+0xae0/0xae0
[ 55.335972][ T5079] generic_perform_write+0x256/0x570
[ 55.341257][ T5079] ? folio_add_wait_queue+0x1c0/0x1c0
[ 55.346622][ T5079] ? new_inode+0x280/0x280
[ 55.351041][ T5079] ? generic_write_checks+0x2c0/0x400
[ 55.356415][ T5079] __generic_file_write_iter+0x2ae/0x500
[ 55.362050][ T5079] generic_file_write_iter+0xe3/0x350
[ 55.367426][ T5079] vfs_write+0x9ed/0xe10
[ 55.371674][ T5079] ? kernel_write+0x670/0x670
[ 55.376351][ T5079] ? find_held_lock+0x2d/0x110
[ 55.381121][ T5079] ? lock_downgrade+0x6e0/0x6e0
[ 55.385965][ T5079] ? __fget_light+0x20a/0x270
[ 55.390638][ T5079] ksys_write+0x12b/0x250
[ 55.394961][ T5079] ? __ia32_sys_read+0xb0/0xb0
[ 55.399714][ T5079] ? lockdep_hardirqs_on+0x7d/0x100
[ 55.404902][ T5079] ? _raw_spin_unlock_irq+0x2e/0x50
[ 55.410093][ T5079] ? ptrace_notify+0xfe/0x140
[ 55.414765][ T5079] do_syscall_64+0x39/0xb0
[ 55.419178][ T5079] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 55.425067][ T5079] RIP: 0033:0x7f1bf3baa9e9
[ 55.429470][ T5079] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 55.449066][ T5079] RSP: 002b:00007ffe1572a138 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 55.457468][ T5079] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f1bf3baa9e9
[pid 5079] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5079] exit_group(0) = ?
[pid 5079] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5079, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c63620 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./1/binderfs") = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555c6b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555c6b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file0") = 0
getdents64(3, 0x555555c63620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5080 attached
, child_tidptr=0x555555c625d0) = 5080
[ 55.465425][ T5079] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 55.473386][ T5079] RBP: 00007ffe1572a160 R08: 0000000000000001 R09: 00007ffe1572a170
[ 55.481344][ T5079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 55.489302][ T5079] R13: 00007ffe1572a1a0 R14: 00007ffe1572a180 R15: 0000000000000001
[ 55.497272][ T5079]
[pid 5080] chdir("./2") = 0
[pid 5080] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5080] setpgid(0, 0) = 0
[pid 5080] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5080] write(3, "1000", 4) = 4
[pid 5080] close(3) = 0
[pid 5080] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5080] memfd_create("syzkaller", 0) = 3
[pid 5080] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1beb75d000
[pid 5080] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5080] munmap(0x7f1beb75d000, 32768) = 0
[pid 5080] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5080] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5080] close(3) = 0
[pid 5080] mkdir("./file0", 0777) = 0
[pid 5080] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5080] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5080] chdir("./file0") = 0
[pid 5080] ioctl(4, LOOP_CLR_FD) = 0
[pid 5080] close(4) = 0
[pid 5080] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5080] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5080] write(5, "9", 1) = 1
[ 55.564669][ T5080] loop0: detected capacity change from 0 to 64
[ 55.607009][ T5080] FAULT_INJECTION: forcing a failure.
[ 55.607009][ T5080] name failslab, interval 1, probability 0, space 0, times 0
[ 55.619825][ T5080] CPU: 0 PID: 5080 Comm: syz-executor348 Not tainted 6.2.0-rc2-next-20230105-syzkaller #0
[ 55.629724][ T5080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 55.639789][ T5080] Call Trace:
[ 55.643073][ T5080]
[ 55.646011][ T5080] dump_stack_lvl+0xd1/0x138
[ 55.650632][ T5080] should_fail_ex.cold+0x5/0xa
[ 55.655416][ T5080] should_failslab+0x9/0x20
[ 55.659947][ T5080] __kmem_cache_alloc_node+0x5b/0x330
[ 55.665338][ T5080] ? hfs_find_init+0x95/0x240
[ 55.670056][ T5080] ? hfs_find_init+0x95/0x240
[ 55.674773][ T5080] __kmalloc+0x4a/0xd0
[ 55.678883][ T5080] hfs_find_init+0x95/0x240
[ 55.683411][ T5080] hfs_ext_read_extent+0x18d/0xa20
[ 55.688546][ T5080] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 55.694116][ T5080] ? hfs_free_extents+0x2e0/0x2e0
[ 55.699170][ T5080] ? clean_bdev_aliases+0x4f9/0x600
[ 55.704393][ T5080] hfs_extend_file+0x4b5/0xae0
[ 55.709185][ T5080] ? hfs_free_fork+0x920/0x920
[ 55.713968][ T5080] ? rcu_read_lock_sched_held+0x3e/0x70
[ 55.719525][ T5080] ? __mark_inode_dirty+0x32c/0x1250
[ 55.724829][ T5080] hfs_get_block+0x17f/0x820
[ 55.729446][ T5080] __block_write_begin_int+0x3bd/0x14b0
[ 55.735015][ T5080] ? hfs_extend_file+0xae0/0xae0
[ 55.739985][ T5080] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 55.745551][ T5080] ? PageHeadHuge+0x1a2/0x200
[ 55.750256][ T5080] ? hfs_extend_file+0xae0/0xae0
[ 55.755209][ T5080] block_write_begin+0xb9/0x4d0
[ 55.760090][ T5080] cont_write_begin+0x534/0x740
[ 55.764967][ T5080] ? hfs_extend_file+0xae0/0xae0
[ 55.769921][ T5080] ? block_write_begin+0x4d0/0x4d0
[ 55.775057][ T5080] ? fault_in_readable+0x179/0x290
[ 55.780193][ T5080] ? fault_in_subpage_writeable+0x20/0x20
[ 55.785936][ T5080] hfs_write_begin+0x87/0x150
[ 55.790631][ T5080] ? hfs_extend_file+0xae0/0xae0
[ 55.795591][ T5080] generic_perform_write+0x256/0x570
[ 55.800903][ T5080] ? folio_add_wait_queue+0x1c0/0x1c0
[ 55.806297][ T5080] ? new_inode+0x280/0x280
[ 55.810740][ T5080] ? generic_write_checks+0x2c0/0x400
[ 55.816139][ T5080] __generic_file_write_iter+0x2ae/0x500
[ 55.821799][ T5080] generic_file_write_iter+0xe3/0x350
[ 55.827194][ T5080] vfs_write+0x9ed/0xe10
[ 55.831456][ T5080] ? kernel_write+0x670/0x670
[ 55.836152][ T5080] ? find_held_lock+0x2d/0x110
[ 55.840949][ T5080] ? lock_downgrade+0x6e0/0x6e0
[ 55.845816][ T5080] ? __fget_light+0x20a/0x270
[ 55.850512][ T5080] ksys_write+0x12b/0x250
[ 55.854857][ T5080] ? __ia32_sys_read+0xb0/0xb0
[ 55.859635][ T5080] ? lockdep_hardirqs_on+0x7d/0x100
[ 55.864852][ T5080] ? _raw_spin_unlock_irq+0x2e/0x50
[ 55.870069][ T5080] ? ptrace_notify+0xfe/0x140
[ 55.874772][ T5080] do_syscall_64+0x39/0xb0
[ 55.879211][ T5080] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 55.885118][ T5080] RIP: 0033:0x7f1bf3baa9e9
[ 55.889543][ T5080] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 55.909161][ T5080] RSP: 002b:00007ffe1572a138 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 55.917589][ T5080] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f1bf3baa9e9
[ 55.925567][ T5080] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 55.933545][ T5080] RBP: 00007ffe1572a160 R08: 0000000000000001 R09: 00007ffe1572a170
[ 55.941523][ T5080] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 55.949503][ T5080] R13: 00007ffe1572a1a0 R14: 00007ffe1572a180 R15: 0000000000000002
[pid 5080] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5080] exit_group(0) = ?
[pid 5080] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5080, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c63620 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./2/binderfs") = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555c6b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555c6b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./2/file0") = 0
getdents64(3, 0x555555c63620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c625d0) = 5081
./strace-static-x86_64: Process 5081 attached
[pid 5081] chdir("./3") = 0
[pid 5081] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[ 55.957500][ T5080]
[pid 5081] setpgid(0, 0) = 0
[pid 5081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5081] write(3, "1000", 4) = 4
[pid 5081] close(3) = 0
[pid 5081] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5081] memfd_create("syzkaller", 0) = 3
[pid 5081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1beb75d000
[pid 5081] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5081] munmap(0x7f1beb75d000, 32768) = 0
[pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5081] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5081] close(3) = 0
[pid 5081] mkdir("./file0", 0777) = 0
[pid 5081] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5081] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5081] chdir("./file0") = 0
[pid 5081] ioctl(4, LOOP_CLR_FD) = 0
[pid 5081] close(4) = 0
[pid 5081] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5081] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5081] write(5, "9", 1) = 1
[ 56.014795][ T5081] loop0: detected capacity change from 0 to 64
[ 56.037900][ T5081] FAULT_INJECTION: forcing a failure.
[ 56.037900][ T5081] name failslab, interval 1, probability 0, space 0, times 0
[ 56.050596][ T5081] CPU: 0 PID: 5081 Comm: syz-executor348 Not tainted 6.2.0-rc2-next-20230105-syzkaller #0
[ 56.060517][ T5081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 56.070683][ T5081] Call Trace:
[ 56.073969][ T5081]
[ 56.076895][ T5081] dump_stack_lvl+0xd1/0x138
[ 56.081486][ T5081] should_fail_ex.cold+0x5/0xa
[ 56.086260][ T5081] should_failslab+0x9/0x20
[ 56.090799][ T5081] __kmem_cache_alloc_node+0x5b/0x330
[ 56.096198][ T5081] ? hfs_find_init+0x95/0x240
[ 56.100880][ T5081] ? hfs_find_init+0x95/0x240
[ 56.105564][ T5081] __kmalloc+0x4a/0xd0
[ 56.109664][ T5081] hfs_find_init+0x95/0x240
[ 56.114191][ T5081] hfs_ext_read_extent+0x18d/0xa20
[ 56.119327][ T5081] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 56.124867][ T5081] ? rcu_read_lock_sched_held+0x3e/0x70
[ 56.130428][ T5081] ? hfs_free_extents+0x2e0/0x2e0
[ 56.135482][ T5081] ? clean_bdev_aliases+0x4f9/0x600
[ 56.140675][ T5081] ? find_held_lock+0x2d/0x110
[ 56.145444][ T5081] hfs_extend_file+0x4b5/0xae0
[ 56.150222][ T5081] ? hfs_free_fork+0x920/0x920
[ 56.155012][ T5081] ? rcu_read_lock_sched_held+0x3e/0x70
[ 56.160563][ T5081] ? __mark_inode_dirty+0x32c/0x1250
[ 56.165873][ T5081] hfs_get_block+0x17f/0x820
[ 56.170510][ T5081] __block_write_begin_int+0x3bd/0x14b0
[ 56.176088][ T5081] ? hfs_extend_file+0xae0/0xae0
[ 56.181058][ T5081] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 56.186599][ T5081] ? PageHeadHuge+0x1a2/0x200
[ 56.191277][ T5081] ? hfs_extend_file+0xae0/0xae0
[ 56.196208][ T5081] block_write_begin+0xb9/0x4d0
[ 56.201077][ T5081] cont_write_begin+0x534/0x740
[ 56.205951][ T5081] ? hfs_extend_file+0xae0/0xae0
[ 56.210910][ T5081] ? block_write_begin+0x4d0/0x4d0
[ 56.216023][ T5081] ? fault_in_readable+0x179/0x290
[ 56.221134][ T5081] ? fault_in_subpage_writeable+0x20/0x20
[ 56.226960][ T5081] hfs_write_begin+0x87/0x150
[ 56.231651][ T5081] ? hfs_extend_file+0xae0/0xae0
[ 56.236616][ T5081] generic_perform_write+0x256/0x570
[ 56.241913][ T5081] ? folio_add_wait_queue+0x1c0/0x1c0
[ 56.247300][ T5081] ? new_inode+0x280/0x280
[ 56.251747][ T5081] ? generic_write_checks+0x2c0/0x400
[ 56.257138][ T5081] __generic_file_write_iter+0x2ae/0x500
[ 56.262821][ T5081] generic_file_write_iter+0xe3/0x350
[ 56.268225][ T5081] vfs_write+0x9ed/0xe10
[ 56.272466][ T5081] ? kernel_write+0x670/0x670
[ 56.277155][ T5081] ? find_held_lock+0x2d/0x110
[ 56.281945][ T5081] ? lock_downgrade+0x6e0/0x6e0
[ 56.286806][ T5081] ? __fget_light+0x20a/0x270
[ 56.291506][ T5081] ksys_write+0x12b/0x250
[ 56.295834][ T5081] ? __ia32_sys_read+0xb0/0xb0
[ 56.300594][ T5081] ? lockdep_hardirqs_on+0x7d/0x100
[ 56.305789][ T5081] ? _raw_spin_unlock_irq+0x2e/0x50
[ 56.311002][ T5081] ? ptrace_notify+0xfe/0x140
[ 56.315701][ T5081] do_syscall_64+0x39/0xb0
[ 56.320118][ T5081] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 56.326006][ T5081] RIP: 0033:0x7f1bf3baa9e9
[ 56.330414][ T5081] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 56.350020][ T5081] RSP: 002b:00007ffe1572a138 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 56.358428][ T5081] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f1bf3baa9e9
[pid 5081] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5081] exit_group(0) = ?
[pid 5081] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5081, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c63620 /* 4 entries */, 32768) = 112
umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./3/binderfs") = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555c6b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555c6b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./3/file0") = 0
getdents64(3, 0x555555c63620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./3") = 0
mkdir("./4", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c625d0) = 5082
./strace-static-x86_64: Process 5082 attached
[pid 5082] chdir("./4") = 0
[pid 5082] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[ 56.366409][ T5081] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 56.375609][ T5081] RBP: 00007ffe1572a160 R08: 0000000000000001 R09: 00007ffe1572a170
[ 56.383589][ T5081] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 56.391556][ T5081] R13: 00007ffe1572a1a0 R14: 00007ffe1572a180 R15: 0000000000000003
[ 56.399538][ T5081]
[pid 5082] setpgid(0, 0) = 0
[pid 5082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5082] write(3, "1000", 4) = 4
[pid 5082] close(3) = 0
[pid 5082] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5082] memfd_create("syzkaller", 0) = 3
[pid 5082] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1beb75d000
[pid 5082] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5082] munmap(0x7f1beb75d000, 32768) = 0
[pid 5082] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5082] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5082] close(3) = 0
[pid 5082] mkdir("./file0", 0777) = 0
[pid 5082] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5082] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5082] chdir("./file0") = 0
[pid 5082] ioctl(4, LOOP_CLR_FD) = 0
[pid 5082] close(4) = 0
[pid 5082] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5082] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5082] write(5, "9", 1) = 1
[ 56.461964][ T5082] loop0: detected capacity change from 0 to 64
[ 56.497545][ T5082] FAULT_INJECTION: forcing a failure.
[ 56.497545][ T5082] name failslab, interval 1, probability 0, space 0, times 0
[ 56.510386][ T5082] CPU: 1 PID: 5082 Comm: syz-executor348 Not tainted 6.2.0-rc2-next-20230105-syzkaller #0
[ 56.520304][ T5082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 56.530355][ T5082] Call Trace:
[ 56.533626][ T5082]
[ 56.536551][ T5082] dump_stack_lvl+0xd1/0x138
[ 56.541155][ T5082] should_fail_ex.cold+0x5/0xa
[ 56.545945][ T5082] should_failslab+0x9/0x20
[ 56.550454][ T5082] __kmem_cache_alloc_node+0x5b/0x330
[ 56.555837][ T5082] ? hfs_find_init+0x95/0x240
[ 56.560552][ T5082] ? hfs_find_init+0x95/0x240
[ 56.565237][ T5082] __kmalloc+0x4a/0xd0
[ 56.569322][ T5082] hfs_find_init+0x95/0x240
[ 56.573844][ T5082] hfs_ext_read_extent+0x18d/0xa20
[ 56.578965][ T5082] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 56.584526][ T5082] ? hfs_free_extents+0x2e0/0x2e0
[ 56.589553][ T5082] ? clean_bdev_aliases+0x4f9/0x600
[ 56.594769][ T5082] hfs_extend_file+0x4b5/0xae0
[ 56.599557][ T5082] ? hfs_free_fork+0x920/0x920
[ 56.604316][ T5082] ? rcu_read_lock_sched_held+0x3e/0x70
[ 56.609857][ T5082] ? __mark_inode_dirty+0x32c/0x1250
[ 56.615156][ T5082] hfs_get_block+0x17f/0x820
[ 56.619776][ T5082] __block_write_begin_int+0x3bd/0x14b0
[ 56.625329][ T5082] ? hfs_extend_file+0xae0/0xae0
[ 56.630269][ T5082] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 56.635814][ T5082] ? PageHeadHuge+0x1a2/0x200
[ 56.640507][ T5082] ? hfs_extend_file+0xae0/0xae0
[ 56.645473][ T5082] block_write_begin+0xb9/0x4d0
[ 56.650325][ T5082] cont_write_begin+0x534/0x740
[ 56.655180][ T5082] ? hfs_extend_file+0xae0/0xae0
[ 56.660114][ T5082] ? block_write_begin+0x4d0/0x4d0
[ 56.665226][ T5082] ? fault_in_readable+0x179/0x290
[ 56.670338][ T5082] ? fault_in_subpage_writeable+0x20/0x20
[ 56.676058][ T5082] hfs_write_begin+0x87/0x150
[ 56.680751][ T5082] ? hfs_extend_file+0xae0/0xae0
[ 56.685713][ T5082] generic_perform_write+0x256/0x570
[ 56.691001][ T5082] ? folio_add_wait_queue+0x1c0/0x1c0
[ 56.696383][ T5082] ? new_inode+0x280/0x280
[ 56.700839][ T5082] ? generic_write_checks+0x2c0/0x400
[ 56.706230][ T5082] __generic_file_write_iter+0x2ae/0x500
[ 56.711908][ T5082] generic_file_write_iter+0xe3/0x350
[ 56.717308][ T5082] vfs_write+0x9ed/0xe10
[ 56.721548][ T5082] ? kernel_write+0x670/0x670
[ 56.726239][ T5082] ? find_held_lock+0x2d/0x110
[ 56.731040][ T5082] ? lock_downgrade+0x6e0/0x6e0
[ 56.735886][ T5082] ? __fget_light+0x20a/0x270
[ 56.740577][ T5082] ksys_write+0x12b/0x250
[ 56.744940][ T5082] ? __ia32_sys_read+0xb0/0xb0
[ 56.749720][ T5082] ? lockdep_hardirqs_on+0x7d/0x100
[ 56.754924][ T5082] ? _raw_spin_unlock_irq+0x2e/0x50
[ 56.760145][ T5082] ? ptrace_notify+0xfe/0x140
[ 56.764835][ T5082] do_syscall_64+0x39/0xb0
[ 56.769293][ T5082] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 56.775207][ T5082] RIP: 0033:0x7f1bf3baa9e9
[ 56.779617][ T5082] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 56.799231][ T5082] RSP: 002b:00007ffe1572a138 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 5082] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5082] exit_group(0) = ?
[pid 5082] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5082, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c63620 /* 4 entries */, 32768) = 112
umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./4/binderfs") = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555c6b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555c6b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./4/file0") = 0
getdents64(3, 0x555555c63620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./4") = 0
mkdir("./5", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c625d0) = 5083
./strace-static-x86_64: Process 5083 attached
[pid 5083] chdir("./5") = 0
[pid 5083] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5083] setpgid(0, 0) = 0
[pid 5083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5083] write(3, "1000", 4) = 4
[ 56.807676][ T5082] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f1bf3baa9e9
[ 56.815662][ T5082] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 56.823638][ T5082] RBP: 00007ffe1572a160 R08: 0000000000000001 R09: 00007ffe1572a170
[ 56.831604][ T5082] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 56.839566][ T5082] R13: 00007ffe1572a1a0 R14: 00007ffe1572a180 R15: 0000000000000004
[ 56.847567][ T5082]
[pid 5083] close(3) = 0
[pid 5083] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5083] memfd_create("syzkaller", 0) = 3
[pid 5083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1beb75d000
[pid 5083] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5083] munmap(0x7f1beb75d000, 32768) = 0
[pid 5083] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5083] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5083] close(3) = 0
[pid 5083] mkdir("./file0", 0777) = 0
[pid 5083] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5083] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5083] chdir("./file0") = 0
[pid 5083] ioctl(4, LOOP_CLR_FD) = 0
[pid 5083] close(4) = 0
[pid 5083] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5083] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5083] write(5, "9", 1) = 1
[ 56.902415][ T5083] loop0: detected capacity change from 0 to 64
[ 56.925020][ T5083] FAULT_INJECTION: forcing a failure.
[ 56.925020][ T5083] name failslab, interval 1, probability 0, space 0, times 0
[ 56.938772][ T5083] CPU: 0 PID: 5083 Comm: syz-executor348 Not tainted 6.2.0-rc2-next-20230105-syzkaller #0
[ 56.948682][ T5083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 56.958726][ T5083] Call Trace:
[ 56.961993][ T5083]
[ 56.964912][ T5083] dump_stack_lvl+0xd1/0x138
[ 56.969504][ T5083] should_fail_ex.cold+0x5/0xa
[ 56.974259][ T5083] should_failslab+0x9/0x20
[ 56.978755][ T5083] __kmem_cache_alloc_node+0x5b/0x330
[ 56.984118][ T5083] ? hfs_find_init+0x95/0x240
[ 56.988790][ T5083] ? hfs_find_init+0x95/0x240
[ 56.993464][ T5083] __kmalloc+0x4a/0xd0
[ 56.997559][ T5083] hfs_find_init+0x95/0x240
[ 57.002079][ T5083] hfs_ext_read_extent+0x18d/0xa20
[ 57.007209][ T5083] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 57.012765][ T5083] ? rcu_read_lock_sched_held+0x3e/0x70
[ 57.018323][ T5083] ? hfs_free_extents+0x2e0/0x2e0
[ 57.023372][ T5083] ? clean_bdev_aliases+0x4f9/0x600
[ 57.028586][ T5083] ? find_held_lock+0x2d/0x110
[ 57.033378][ T5083] hfs_extend_file+0x4b5/0xae0
[ 57.038163][ T5083] ? hfs_free_fork+0x920/0x920
[ 57.042950][ T5083] ? rcu_read_lock_sched_held+0x3e/0x70
[ 57.048506][ T5083] ? __mark_inode_dirty+0x32c/0x1250
[ 57.053810][ T5083] hfs_get_block+0x17f/0x820
[ 57.058430][ T5083] __block_write_begin_int+0x3bd/0x14b0
[ 57.064001][ T5083] ? hfs_extend_file+0xae0/0xae0
[ 57.068966][ T5083] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 57.074534][ T5083] ? PageHeadHuge+0x1a2/0x200
[ 57.079236][ T5083] ? hfs_extend_file+0xae0/0xae0
[ 57.084192][ T5083] block_write_begin+0xb9/0x4d0
[ 57.089067][ T5083] cont_write_begin+0x534/0x740
[ 57.093951][ T5083] ? hfs_extend_file+0xae0/0xae0
[ 57.098908][ T5083] ? block_write_begin+0x4d0/0x4d0
[ 57.104040][ T5083] ? fault_in_readable+0x179/0x290
[ 57.109170][ T5083] ? fault_in_subpage_writeable+0x20/0x20
[ 57.114912][ T5083] hfs_write_begin+0x87/0x150
[ 57.119610][ T5083] ? hfs_extend_file+0xae0/0xae0
[ 57.124571][ T5083] generic_perform_write+0x256/0x570
[ 57.129884][ T5083] ? folio_add_wait_queue+0x1c0/0x1c0
[ 57.135278][ T5083] ? new_inode+0x280/0x280
[ 57.139722][ T5083] ? generic_write_checks+0x2c0/0x400
[ 57.145123][ T5083] __generic_file_write_iter+0x2ae/0x500
[ 57.150783][ T5083] generic_file_write_iter+0xe3/0x350
[ 57.156180][ T5083] vfs_write+0x9ed/0xe10
[ 57.160444][ T5083] ? kernel_write+0x670/0x670
[ 57.165140][ T5083] ? find_held_lock+0x2d/0x110
[ 57.169943][ T5083] ? lock_downgrade+0x6e0/0x6e0
[ 57.174808][ T5083] ? __fget_light+0x20a/0x270
[ 57.179505][ T5083] ksys_write+0x12b/0x250
[ 57.183946][ T5083] ? __ia32_sys_read+0xb0/0xb0
[ 57.188726][ T5083] ? lockdep_hardirqs_on+0x7d/0x100
[ 57.193950][ T5083] ? _raw_spin_unlock_irq+0x2e/0x50
[ 57.199164][ T5083] ? ptrace_notify+0xfe/0x140
[ 57.203861][ T5083] do_syscall_64+0x39/0xb0
[ 57.208311][ T5083] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 57.214219][ T5083] RIP: 0033:0x7f1bf3baa9e9
[ 57.218643][ T5083] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 57.238261][ T5083] RSP: 002b:00007ffe1572a138 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 5083] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5083] exit_group(0) = ?
[pid 5083] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5083, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c63620 /* 4 entries */, 32768) = 112
umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./5/binderfs") = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555c6b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555c6b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./5/file0") = 0
getdents64(3, 0x555555c63620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./5") = 0
mkdir("./6", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 57.246699][ T5083] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f1bf3baa9e9
[ 57.254682][ T5083] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 57.262671][ T5083] RBP: 00007ffe1572a160 R08: 0000000000000001 R09: 00007ffe1572a170
[ 57.270653][ T5083] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 57.278635][ T5083] R13: 00007ffe1572a1a0 R14: 00007ffe1572a180 R15: 0000000000000005
[ 57.286641][ T5083]
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c625d0) = 5084
./strace-static-x86_64: Process 5084 attached
[pid 5084] chdir("./6") = 0
[pid 5084] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5084] setpgid(0, 0) = 0
[pid 5084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5084] write(3, "1000", 4) = 4
[pid 5084] close(3) = 0
[pid 5084] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5084] memfd_create("syzkaller", 0) = 3
[pid 5084] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1beb75d000
[pid 5084] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5084] munmap(0x7f1beb75d000, 32768) = 0
[pid 5084] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5084] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5084] close(3) = 0
[pid 5084] mkdir("./file0", 0777) = 0
[pid 5084] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5084] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5084] chdir("./file0") = 0
[pid 5084] ioctl(4, LOOP_CLR_FD) = 0
[pid 5084] close(4) = 0
[pid 5084] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5084] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5084] write(5, "9", 1) = 1
[pid 5084] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5084] exit_group(0) = ?
[pid 5084] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5084, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c63620 /* 4 entries */, 32768) = 112
umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./6/binderfs") = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555c6b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555c6b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./6/file0") = 0
getdents64(3, 0x555555c63620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./6") = 0
mkdir("./7", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c625d0) = 5085
./strace-static-x86_64: Process 5085 attached
[ 57.338508][ T5084] loop0: detected capacity change from 0 to 64
[ 57.340210][ T5078] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[pid 5085] chdir("./7") = 0
[pid 5085] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5085] setpgid(0, 0) = 0
[pid 5085] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5085] write(3, "1000", 4) = 4
[pid 5085] close(3) = 0
[pid 5085] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5085] memfd_create("syzkaller", 0) = 3
[pid 5085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1beb75d000
[pid 5085] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5085] munmap(0x7f1beb75d000, 32768) = 0
[pid 5085] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5085] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5085] close(3) = 0
[pid 5085] mkdir("./file0", 0777) = 0
[pid 5085] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5085] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5085] chdir("./file0") = 0
[pid 5085] ioctl(4, LOOP_CLR_FD) = 0
[pid 5085] close(4) = 0
[pid 5085] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5085] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5085] write(5, "9", 1) = 1
[pid 5085] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5085] exit_group(0) = ?
[pid 5085] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5085, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c63620 /* 4 entries */, 32768) = 112
umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./7/binderfs") = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555c6b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555c6b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./7/file0") = 0
[ 57.424155][ T5085] loop0: detected capacity change from 0 to 64
getdents64(3, 0x555555c63620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./7") = 0
mkdir("./8", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c625d0) = 5086
./strace-static-x86_64: Process 5086 attached
[pid 5086] chdir("./8") = 0
[pid 5086] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5086] setpgid(0, 0) = 0
[pid 5086] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5086] write(3, "1000", 4) = 4
[pid 5086] close(3) = 0
[pid 5086] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5086] memfd_create("syzkaller", 0) = 3
[pid 5086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1beb75d000
[pid 5086] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5086] munmap(0x7f1beb75d000, 32768) = 0
[pid 5086] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5086] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5086] close(3) = 0
[pid 5086] mkdir("./file0", 0777) = 0
[pid 5086] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5086] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5086] chdir("./file0") = 0
[pid 5086] ioctl(4, LOOP_CLR_FD) = 0
[pid 5086] close(4) = 0
[pid 5086] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5086] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5086] write(5, "9", 1) = 1
[ 57.520810][ T5086] loop0: detected capacity change from 0 to 64
[ 57.546022][ T5086] FAULT_INJECTION: forcing a failure.
[ 57.546022][ T5086] name failslab, interval 1, probability 0, space 0, times 0
[ 57.559529][ T5086] CPU: 0 PID: 5086 Comm: syz-executor348 Not tainted 6.2.0-rc2-next-20230105-syzkaller #0
[ 57.569448][ T5086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 57.579494][ T5086] Call Trace:
[ 57.582761][ T5086]
[ 57.585682][ T5086] dump_stack_lvl+0xd1/0x138
[ 57.590275][ T5086] should_fail_ex.cold+0x5/0xa
[ 57.595035][ T5086] should_failslab+0x9/0x20
[ 57.599536][ T5086] __kmem_cache_alloc_node+0x5b/0x330
[ 57.604903][ T5086] ? hfs_find_init+0x95/0x240
[ 57.609578][ T5086] ? hfs_find_init+0x95/0x240
[ 57.614244][ T5086] __kmalloc+0x4a/0xd0
[ 57.618310][ T5086] hfs_find_init+0x95/0x240
[ 57.622808][ T5086] hfs_ext_read_extent+0x18d/0xa20
[ 57.627920][ T5086] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 57.633456][ T5086] ? rcu_read_lock_sched_held+0x3e/0x70
[ 57.639002][ T5086] ? hfs_free_extents+0x2e0/0x2e0
[ 57.644040][ T5086] ? clean_bdev_aliases+0x4f9/0x600
[ 57.649227][ T5086] ? find_held_lock+0x2d/0x110
[ 57.653993][ T5086] hfs_extend_file+0x4b5/0xae0
[ 57.658752][ T5086] ? hfs_free_fork+0x920/0x920
[ 57.663510][ T5086] ? rcu_read_lock_sched_held+0x3e/0x70
[ 57.669050][ T5086] ? __mark_inode_dirty+0x32c/0x1250
[ 57.674358][ T5086] hfs_get_block+0x17f/0x820
[ 57.678990][ T5086] __block_write_begin_int+0x3bd/0x14b0
[ 57.684561][ T5086] ? hfs_extend_file+0xae0/0xae0
[ 57.689527][ T5086] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 57.695096][ T5086] ? PageHeadHuge+0x1a2/0x200
[ 57.699799][ T5086] ? hfs_extend_file+0xae0/0xae0
[ 57.704755][ T5086] block_write_begin+0xb9/0x4d0
[ 57.709629][ T5086] cont_write_begin+0x534/0x740
[ 57.714509][ T5086] ? hfs_extend_file+0xae0/0xae0
[ 57.719464][ T5086] ? block_write_begin+0x4d0/0x4d0
[ 57.724594][ T5086] ? fault_in_readable+0x179/0x290
[ 57.729726][ T5086] ? fault_in_subpage_writeable+0x20/0x20
[ 57.735468][ T5086] hfs_write_begin+0x87/0x150
[ 57.740166][ T5086] ? hfs_extend_file+0xae0/0xae0
[ 57.745141][ T5086] generic_perform_write+0x256/0x570
[ 57.750462][ T5086] ? folio_add_wait_queue+0x1c0/0x1c0
[ 57.755855][ T5086] ? new_inode+0x280/0x280
[ 57.760318][ T5086] ? generic_write_checks+0x2c0/0x400
[ 57.765728][ T5086] __generic_file_write_iter+0x2ae/0x500
[ 57.771404][ T5086] generic_file_write_iter+0xe3/0x350
[ 57.776809][ T5086] vfs_write+0x9ed/0xe10
[ 57.781089][ T5086] ? kernel_write+0x670/0x670
[ 57.785788][ T5086] ? find_held_lock+0x2d/0x110
[ 57.790588][ T5086] ? lock_downgrade+0x6e0/0x6e0
[ 57.795459][ T5086] ? __fget_light+0x20a/0x270
[ 57.800161][ T5086] ksys_write+0x12b/0x250
[ 57.804512][ T5086] ? __ia32_sys_read+0xb0/0xb0
[ 57.809296][ T5086] ? lockdep_hardirqs_on+0x7d/0x100
[ 57.814513][ T5086] ? _raw_spin_unlock_irq+0x2e/0x50
[ 57.819732][ T5086] ? ptrace_notify+0xfe/0x140
[ 57.824431][ T5086] do_syscall_64+0x39/0xb0
[ 57.828872][ T5086] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 57.834785][ T5086] RIP: 0033:0x7f1bf3baa9e9
[ 57.839211][ T5086] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 57.858832][ T5086] RSP: 002b:00007ffe1572a138 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 5086] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5086] exit_group(0) = ?
[pid 5086] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5086, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c63620 /* 4 entries */, 32768) = 112
umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./8/binderfs") = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555c6b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555c6b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./8/file0") = 0
getdents64(3, 0x555555c63620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./8") = 0
mkdir("./9", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c625d0) = 5087
./strace-static-x86_64: Process 5087 attached
[pid 5087] chdir("./9") = 0
[pid 5087] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5087] setpgid(0, 0) = 0
[pid 5087] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5087] write(3, "1000", 4) = 4
[pid 5087] close(3) = 0
[ 57.867259][ T5086] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f1bf3baa9e9
[ 57.875242][ T5086] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 57.883221][ T5086] RBP: 00007ffe1572a160 R08: 0000000000000001 R09: 00007ffe1572a170
[ 57.891200][ T5086] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 57.899177][ T5086] R13: 00007ffe1572a1a0 R14: 00007ffe1572a180 R15: 0000000000000008
[ 57.907177][ T5086]
[pid 5087] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5087] memfd_create("syzkaller", 0) = 3
[pid 5087] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1beb75d000
[pid 5087] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5087] munmap(0x7f1beb75d000, 32768) = 0
[pid 5087] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5087] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5087] close(3) = 0
[pid 5087] mkdir("./file0", 0777) = 0
[pid 5087] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5087] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5087] chdir("./file0") = 0
[pid 5087] ioctl(4, LOOP_CLR_FD) = 0
[pid 5087] close(4) = 0
[pid 5087] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5087] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5087] write(5, "9", 1) = 1
[ 57.960885][ T5087] loop0: detected capacity change from 0 to 64
[ 57.994503][ T5087] FAULT_INJECTION: forcing a failure.
[ 57.994503][ T5087] name failslab, interval 1, probability 0, space 0, times 0
[ 58.007936][ T5087] CPU: 0 PID: 5087 Comm: syz-executor348 Not tainted 6.2.0-rc2-next-20230105-syzkaller #0
[ 58.017853][ T5087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 58.027904][ T5087] Call Trace:
[ 58.031171][ T5087]
[ 58.034093][ T5087] dump_stack_lvl+0xd1/0x138
[ 58.038682][ T5087] should_fail_ex.cold+0x5/0xa
[ 58.043437][ T5087] should_failslab+0x9/0x20
[ 58.047934][ T5087] __kmem_cache_alloc_node+0x5b/0x330
[ 58.053296][ T5087] ? hfs_find_init+0x95/0x240
[ 58.057969][ T5087] ? hfs_find_init+0x95/0x240
[ 58.062637][ T5087] __kmalloc+0x4a/0xd0
[ 58.066704][ T5087] hfs_find_init+0x95/0x240
[ 58.071200][ T5087] hfs_ext_read_extent+0x18d/0xa20
[ 58.076308][ T5087] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 58.081843][ T5087] ? rcu_read_lock_sched_held+0x3e/0x70
[ 58.087381][ T5087] ? hfs_free_extents+0x2e0/0x2e0
[ 58.092403][ T5087] ? clean_bdev_aliases+0x4f9/0x600
[ 58.097592][ T5087] ? find_held_lock+0x2d/0x110
[ 58.102363][ T5087] hfs_extend_file+0x4b5/0xae0
[ 58.107121][ T5087] ? hfs_free_fork+0x920/0x920
[ 58.111883][ T5087] ? rcu_read_lock_sched_held+0x3e/0x70
[ 58.117428][ T5087] ? __mark_inode_dirty+0x32c/0x1250
[ 58.122716][ T5087] hfs_get_block+0x17f/0x820
[ 58.127321][ T5087] __block_write_begin_int+0x3bd/0x14b0
[ 58.132875][ T5087] ? hfs_extend_file+0xae0/0xae0
[ 58.137812][ T5087] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 58.143359][ T5087] ? PageHeadHuge+0x1a2/0x200
[ 58.148034][ T5087] ? hfs_extend_file+0xae0/0xae0
[ 58.152967][ T5087] block_write_begin+0xb9/0x4d0
[ 58.157813][ T5087] cont_write_begin+0x534/0x740
[ 58.162671][ T5087] ? hfs_extend_file+0xae0/0xae0
[ 58.167612][ T5087] ? block_write_begin+0x4d0/0x4d0
[ 58.172721][ T5087] ? fault_in_readable+0x179/0x290
[ 58.177835][ T5087] ? fault_in_subpage_writeable+0x20/0x20
[ 58.183556][ T5087] hfs_write_begin+0x87/0x150
[ 58.188227][ T5087] ? hfs_extend_file+0xae0/0xae0
[ 58.193163][ T5087] generic_perform_write+0x256/0x570
[ 58.198447][ T5087] ? folio_add_wait_queue+0x1c0/0x1c0
[ 58.203815][ T5087] ? new_inode+0x280/0x280
[ 58.208236][ T5087] ? generic_write_checks+0x2c0/0x400
[ 58.213609][ T5087] __generic_file_write_iter+0x2ae/0x500
[ 58.219247][ T5087] generic_file_write_iter+0xe3/0x350
[ 58.224614][ T5087] vfs_write+0x9ed/0xe10
[ 58.228856][ T5087] ? kernel_write+0x670/0x670
[ 58.233528][ T5087] ? find_held_lock+0x2d/0x110
[ 58.238297][ T5087] ? lock_downgrade+0x6e0/0x6e0
[ 58.243136][ T5087] ? __fget_light+0x20a/0x270
[ 58.247806][ T5087] ksys_write+0x12b/0x250
[ 58.252130][ T5087] ? __ia32_sys_read+0xb0/0xb0
[ 58.256883][ T5087] ? lockdep_hardirqs_on+0x7d/0x100
[ 58.262072][ T5087] ? _raw_spin_unlock_irq+0x2e/0x50
[ 58.267263][ T5087] ? ptrace_notify+0xfe/0x140
[ 58.271953][ T5087] do_syscall_64+0x39/0xb0
[ 58.276384][ T5087] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 58.282283][ T5087] RIP: 0033:0x7f1bf3baa9e9
[ 58.286694][ T5087] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid 5087] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5087] exit_group(0) = ?
[pid 5087] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5087, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c63620 /* 4 entries */, 32768) = 112
umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./9/binderfs") = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555c6b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555c6b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./9/file0") = 0
getdents64(3, 0x555555c63620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./9") = 0
mkdir("./10", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 58.306296][ T5087] RSP: 002b:00007ffe1572a138 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 58.314702][ T5087] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f1bf3baa9e9
[ 58.322663][ T5087] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 58.330624][ T5087] RBP: 00007ffe1572a160 R08: 0000000000000001 R09: 00007ffe1572a170
[ 58.338597][ T5087] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 58.346576][ T5087] R13: 00007ffe1572a1a0 R14: 00007ffe1572a180 R15: 0000000000000009
[ 58.354559][ T5087]
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c625d0) = 5088
./strace-static-x86_64: Process 5088 attached
[pid 5088] chdir("./10") = 0
[pid 5088] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5088] setpgid(0, 0) = 0
[pid 5088] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5088] write(3, "1000", 4) = 4
[pid 5088] close(3) = 0
[pid 5088] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5088] memfd_create("syzkaller", 0) = 3
[pid 5088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1beb75d000
[pid 5088] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5088] munmap(0x7f1beb75d000, 32768) = 0
[pid 5088] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5088] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5088] close(3) = 0
[pid 5088] mkdir("./file0", 0777) = 0
[pid 5088] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5088] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5088] chdir("./file0") = 0
[pid 5088] ioctl(4, LOOP_CLR_FD) = 0
[pid 5088] close(4) = 0
[pid 5088] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5088] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5088] write(5, "9", 1) = 1
[ 58.410594][ T5088] loop0: detected capacity change from 0 to 64
[ 58.434763][ T5088] FAULT_INJECTION: forcing a failure.
[ 58.434763][ T5088] name failslab, interval 1, probability 0, space 0, times 0
[ 58.455222][ T5088] CPU: 0 PID: 5088 Comm: syz-executor348 Not tainted 6.2.0-rc2-next-20230105-syzkaller #0
[ 58.465155][ T5088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 58.475200][ T5088] Call Trace:
[ 58.478468][ T5088]
[ 58.481392][ T5088] dump_stack_lvl+0xd1/0x138
[ 58.485983][ T5088] should_fail_ex.cold+0x5/0xa
[ 58.490741][ T5088] should_failslab+0x9/0x20
[ 58.495239][ T5088] __kmem_cache_alloc_node+0x5b/0x330
[ 58.500602][ T5088] ? hfs_find_init+0x95/0x240
[ 58.505272][ T5088] ? hfs_find_init+0x95/0x240
[ 58.509947][ T5088] __kmalloc+0x4a/0xd0
[ 58.514043][ T5088] hfs_find_init+0x95/0x240
[ 58.518563][ T5088] hfs_ext_read_extent+0x18d/0xa20
[ 58.523695][ T5088] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 58.529251][ T5088] ? rcu_read_lock_sched_held+0x3e/0x70
[ 58.534813][ T5088] ? hfs_free_extents+0x2e0/0x2e0
[ 58.539871][ T5088] ? clean_bdev_aliases+0x4f9/0x600
[ 58.545085][ T5088] ? find_held_lock+0x2d/0x110
[ 58.549885][ T5088] hfs_extend_file+0x4b5/0xae0
[ 58.554672][ T5088] ? hfs_free_fork+0x920/0x920
[ 58.559454][ T5088] ? rcu_read_lock_sched_held+0x3e/0x70
[ 58.565013][ T5088] ? __mark_inode_dirty+0x32c/0x1250
[ 58.570320][ T5088] hfs_get_block+0x17f/0x820
[ 58.574942][ T5088] __block_write_begin_int+0x3bd/0x14b0
[ 58.580509][ T5088] ? hfs_extend_file+0xae0/0xae0
[ 58.585473][ T5088] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 58.591038][ T5088] ? PageHeadHuge+0x1a2/0x200
[ 58.595739][ T5088] ? hfs_extend_file+0xae0/0xae0
[ 58.600693][ T5088] block_write_begin+0xb9/0x4d0
[ 58.605565][ T5088] cont_write_begin+0x534/0x740
[ 58.610444][ T5088] ? hfs_extend_file+0xae0/0xae0
[ 58.615398][ T5088] ? block_write_begin+0x4d0/0x4d0
[ 58.620526][ T5088] ? fault_in_readable+0x179/0x290
[ 58.625660][ T5088] ? fault_in_subpage_writeable+0x20/0x20
[ 58.631403][ T5088] hfs_write_begin+0x87/0x150
[ 58.636097][ T5088] ? hfs_extend_file+0xae0/0xae0
[ 58.641056][ T5088] generic_perform_write+0x256/0x570
[ 58.646368][ T5088] ? folio_add_wait_queue+0x1c0/0x1c0
[ 58.651758][ T5088] ? new_inode+0x280/0x280
[ 58.656204][ T5088] ? generic_write_checks+0x2c0/0x400
[ 58.661604][ T5088] __generic_file_write_iter+0x2ae/0x500
[ 58.667266][ T5088] generic_file_write_iter+0xe3/0x350
[ 58.672662][ T5088] vfs_write+0x9ed/0xe10
[ 58.676925][ T5088] ? kernel_write+0x670/0x670
[ 58.681623][ T5088] ? find_held_lock+0x2d/0x110
[ 58.686420][ T5088] ? lock_downgrade+0x6e0/0x6e0
[ 58.691285][ T5088] ? __fget_light+0x20a/0x270
[ 58.695983][ T5088] ksys_write+0x12b/0x250
[ 58.700330][ T5088] ? __ia32_sys_read+0xb0/0xb0
[ 58.705108][ T5088] ? lockdep_hardirqs_on+0x7d/0x100
[ 58.710321][ T5088] ? _raw_spin_unlock_irq+0x2e/0x50
[ 58.715535][ T5088] ? ptrace_notify+0xfe/0x140
[ 58.722068][ T5088] do_syscall_64+0x39/0xb0
[ 58.727815][ T5088] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 58.734997][ T5088] RIP: 0033:0x7f1bf3baa9e9
[ 58.739755][ T5088] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid 5088] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5088] exit_group(0) = ?
[pid 5088] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5088, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c63620 /* 4 entries */, 32768) = 112
umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./10/binderfs") = 0
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555c6b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555c6b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./10/file0") = 0
getdents64(3, 0x555555c63620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./10") = 0
mkdir("./11", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 58.759377][ T5088] RSP: 002b:00007ffe1572a138 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 58.767809][ T5088] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f1bf3baa9e9
[ 58.775793][ T5088] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 58.783778][ T5088] RBP: 00007ffe1572a160 R08: 0000000000000001 R09: 00007ffe1572a170
[ 58.791772][ T5088] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 58.799755][ T5088] R13: 00007ffe1572a1a0 R14: 00007ffe1572a180 R15: 000000000000000a
[ 58.808212][ T5088]
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c625d0) = 5089
./strace-static-x86_64: Process 5089 attached
[pid 5089] chdir("./11") = 0
[pid 5089] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5089] setpgid(0, 0) = 0
[pid 5089] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5089] write(3, "1000", 4) = 4
[pid 5089] close(3) = 0
[pid 5089] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5089] memfd_create("syzkaller", 0) = 3
[pid 5089] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1beb75d000
[pid 5089] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5089] munmap(0x7f1beb75d000, 32768) = 0
[pid 5089] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5089] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5089] close(3) = 0
[pid 5089] mkdir("./file0", 0777) = 0
[pid 5089] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5089] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5089] chdir("./file0") = 0
[pid 5089] ioctl(4, LOOP_CLR_FD) = 0
[pid 5089] close(4) = 0
[pid 5089] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5089] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5089] write(5, "9", 1) = 1
[ 58.865998][ T5089] loop0: detected capacity change from 0 to 64
[ 58.893170][ T5089] FAULT_INJECTION: forcing a failure.
[ 58.893170][ T5089] name failslab, interval 1, probability 0, space 0, times 0
[ 58.906284][ T5089] CPU: 1 PID: 5089 Comm: syz-executor348 Not tainted 6.2.0-rc2-next-20230105-syzkaller #0
[ 58.916210][ T5089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 58.926264][ T5089] Call Trace:
[ 58.929539][ T5089]
[ 58.932463][ T5089] dump_stack_lvl+0xd1/0x138
[ 58.937056][ T5089] should_fail_ex.cold+0x5/0xa
[ 58.941837][ T5089] should_failslab+0x9/0x20
[ 58.946383][ T5089] __kmem_cache_alloc_node+0x5b/0x330
[ 58.951773][ T5089] ? hfs_find_init+0x95/0x240
[ 58.956473][ T5089] ? hfs_find_init+0x95/0x240
[ 58.961181][ T5089] __kmalloc+0x4a/0xd0
[ 58.965266][ T5089] hfs_find_init+0x95/0x240
[ 58.969797][ T5089] hfs_ext_read_extent+0x18d/0xa20
[ 58.974909][ T5089] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 58.980449][ T5089] ? rcu_read_lock_sched_held+0x3e/0x70
[ 58.985993][ T5089] ? hfs_free_extents+0x2e0/0x2e0
[ 58.991039][ T5089] ? clean_bdev_aliases+0x4f9/0x600
[ 58.996240][ T5089] ? find_held_lock+0x2d/0x110
[ 59.001013][ T5089] hfs_extend_file+0x4b5/0xae0
[ 59.005779][ T5089] ? hfs_free_fork+0x920/0x920
[ 59.010557][ T5089] ? rcu_read_lock_sched_held+0x3e/0x70
[ 59.016123][ T5089] ? __mark_inode_dirty+0x32c/0x1250
[ 59.021407][ T5089] hfs_get_block+0x17f/0x820
[ 59.026004][ T5089] __block_write_begin_int+0x3bd/0x14b0
[ 59.031551][ T5089] ? hfs_extend_file+0xae0/0xae0
[ 59.036509][ T5089] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 59.042093][ T5089] ? PageHeadHuge+0x1a2/0x200
[ 59.046801][ T5089] ? hfs_extend_file+0xae0/0xae0
[ 59.051763][ T5089] block_write_begin+0xb9/0x4d0
[ 59.056618][ T5089] cont_write_begin+0x534/0x740
[ 59.061474][ T5089] ? hfs_extend_file+0xae0/0xae0
[ 59.066423][ T5089] ? block_write_begin+0x4d0/0x4d0
[ 59.071557][ T5089] ? fault_in_readable+0x179/0x290
[ 59.076668][ T5089] ? fault_in_subpage_writeable+0x20/0x20
[ 59.082389][ T5089] hfs_write_begin+0x87/0x150
[ 59.087063][ T5089] ? hfs_extend_file+0xae0/0xae0
[ 59.092026][ T5089] generic_perform_write+0x256/0x570
[ 59.097347][ T5089] ? folio_add_wait_queue+0x1c0/0x1c0
[ 59.102719][ T5089] ? new_inode+0x280/0x280
[ 59.107138][ T5089] ? generic_write_checks+0x2c0/0x400
[ 59.112519][ T5089] __generic_file_write_iter+0x2ae/0x500
[ 59.118161][ T5089] generic_file_write_iter+0xe3/0x350
[ 59.123537][ T5089] vfs_write+0x9ed/0xe10
[ 59.127784][ T5089] ? kernel_write+0x670/0x670
[ 59.132458][ T5089] ? find_held_lock+0x2d/0x110
[ 59.137229][ T5089] ? lock_downgrade+0x6e0/0x6e0
[ 59.142080][ T5089] ? __fget_light+0x20a/0x270
[ 59.146756][ T5089] ksys_write+0x12b/0x250
[ 59.151083][ T5089] ? __ia32_sys_read+0xb0/0xb0
[ 59.155845][ T5089] ? lockdep_hardirqs_on+0x7d/0x100
[ 59.161074][ T5089] ? _raw_spin_unlock_irq+0x2e/0x50
[ 59.166286][ T5089] ? ptrace_notify+0xfe/0x140
[ 59.170990][ T5089] do_syscall_64+0x39/0xb0
[ 59.175410][ T5089] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 59.181303][ T5089] RIP: 0033:0x7f1bf3baa9e9
[ 59.185716][ T5089] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 59.205317][ T5089] RSP: 002b:00007ffe1572a138 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 5089] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5089] exit_group(0) = ?
[pid 5089] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5089, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c63620 /* 4 entries */, 32768) = 112
umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./11/binderfs") = 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555c6b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555c6b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./11/file0") = 0
getdents64(3, 0x555555c63620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./11") = 0
mkdir("./12", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 59.213743][ T5089] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f1bf3baa9e9
[ 59.221723][ T5089] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 59.229716][ T5089] RBP: 00007ffe1572a160 R08: 0000000000000001 R09: 00007ffe1572a170
[ 59.237700][ T5089] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 59.245675][ T5089] R13: 00007ffe1572a1a0 R14: 00007ffe1572a180 R15: 000000000000000b
[ 59.253682][ T5089]
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c625d0) = 5090
./strace-static-x86_64: Process 5090 attached
[pid 5090] chdir("./12") = 0
[pid 5090] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5090] setpgid(0, 0) = 0
[pid 5090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5090] write(3, "1000", 4) = 4
[pid 5090] close(3) = 0
[pid 5090] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5090] memfd_create("syzkaller", 0) = 3
[pid 5090] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1beb75d000
[pid 5090] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5090] munmap(0x7f1beb75d000, 32768) = 0
[pid 5090] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5090] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5090] close(3) = 0
[pid 5090] mkdir("./file0", 0777) = 0
[pid 5090] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5090] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5090] chdir("./file0") = 0
[pid 5090] ioctl(4, LOOP_CLR_FD) = 0
[pid 5090] close(4) = 0
[pid 5090] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5090] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5090] write(5, "9", 1) = 1
[ 59.320232][ T5090] loop0: detected capacity change from 0 to 64
[ 59.344915][ T5090] FAULT_INJECTION: forcing a failure.
[ 59.344915][ T5090] name failslab, interval 1, probability 0, space 0, times 0
[ 59.358310][ T5090] CPU: 0 PID: 5090 Comm: syz-executor348 Not tainted 6.2.0-rc2-next-20230105-syzkaller #0
[ 59.368233][ T5090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 59.378298][ T5090] Call Trace:
[ 59.381587][ T5090]
[ 59.384512][ T5090] dump_stack_lvl+0xd1/0x138
[ 59.389109][ T5090] should_fail_ex.cold+0x5/0xa
[ 59.393874][ T5090] should_failslab+0x9/0x20
[ 59.398386][ T5090] __kmem_cache_alloc_node+0x5b/0x330
[ 59.403763][ T5090] ? hfs_find_init+0x95/0x240
[ 59.408446][ T5090] ? hfs_find_init+0x95/0x240
[ 59.413121][ T5090] __kmalloc+0x4a/0xd0
[ 59.417195][ T5090] hfs_find_init+0x95/0x240
[ 59.421699][ T5090] hfs_ext_read_extent+0x18d/0xa20
[ 59.426825][ T5090] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 59.432407][ T5090] ? rcu_read_lock_sched_held+0x3e/0x70
[ 59.437973][ T5090] ? hfs_free_extents+0x2e0/0x2e0
[ 59.443001][ T5090] ? clean_bdev_aliases+0x4f9/0x600
[ 59.448207][ T5090] ? find_held_lock+0x2d/0x110
[ 59.453007][ T5090] hfs_extend_file+0x4b5/0xae0
[ 59.457777][ T5090] ? hfs_free_fork+0x920/0x920
[ 59.462553][ T5090] ? rcu_read_lock_sched_held+0x3e/0x70
[ 59.468121][ T5090] ? __mark_inode_dirty+0x32c/0x1250
[ 59.473428][ T5090] hfs_get_block+0x17f/0x820
[ 59.478042][ T5090] __block_write_begin_int+0x3bd/0x14b0
[ 59.483633][ T5090] ? hfs_extend_file+0xae0/0xae0
[ 59.488599][ T5090] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 59.494145][ T5090] ? PageHeadHuge+0x1a2/0x200
[ 59.498824][ T5090] ? hfs_extend_file+0xae0/0xae0
[ 59.503769][ T5090] block_write_begin+0xb9/0x4d0
[ 59.508638][ T5090] cont_write_begin+0x534/0x740
[ 59.513518][ T5090] ? hfs_extend_file+0xae0/0xae0
[ 59.518486][ T5090] ? block_write_begin+0x4d0/0x4d0
[ 59.523614][ T5090] ? fault_in_readable+0x179/0x290
[ 59.528756][ T5090] ? fault_in_subpage_writeable+0x20/0x20
[ 59.534479][ T5090] hfs_write_begin+0x87/0x150
[ 59.539166][ T5090] ? hfs_extend_file+0xae0/0xae0
[ 59.544134][ T5090] generic_perform_write+0x256/0x570
[ 59.549425][ T5090] ? folio_add_wait_queue+0x1c0/0x1c0
[ 59.554814][ T5090] ? new_inode+0x280/0x280
[ 59.559277][ T5090] ? generic_write_checks+0x2c0/0x400
[ 59.564681][ T5090] __generic_file_write_iter+0x2ae/0x500
[ 59.570330][ T5090] generic_file_write_iter+0xe3/0x350
[ 59.575707][ T5090] vfs_write+0x9ed/0xe10
[ 59.579958][ T5090] ? kernel_write+0x670/0x670
[ 59.584646][ T5090] ? find_held_lock+0x2d/0x110
[ 59.589445][ T5090] ? lock_downgrade+0x6e0/0x6e0
[ 59.594292][ T5090] ? __fget_light+0x20a/0x270
[ 59.598983][ T5090] ksys_write+0x12b/0x250
[ 59.603349][ T5090] ? __ia32_sys_read+0xb0/0xb0
[ 59.608135][ T5090] ? lockdep_hardirqs_on+0x7d/0x100
[ 59.613341][ T5090] ? _raw_spin_unlock_irq+0x2e/0x50
[ 59.618564][ T5090] ? ptrace_notify+0xfe/0x140
[ 59.623254][ T5090] do_syscall_64+0x39/0xb0
[ 59.627715][ T5090] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 59.633614][ T5090] RIP: 0033:0x7f1bf3baa9e9
[ 59.638021][ T5090] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 59.657646][ T5090] RSP: 002b:00007ffe1572a138 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 5090] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5090] exit_group(0) = ?
[pid 5090] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5090, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c63620 /* 4 entries */, 32768) = 112
umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./12/binderfs") = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555c6b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555c6b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./12/file0") = 0
getdents64(3, 0x555555c63620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./12") = 0
mkdir("./13", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c625d0) = 5091
[ 59.666055][ T5090] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f1bf3baa9e9
[ 59.674020][ T5090] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 59.681984][ T5090] RBP: 00007ffe1572a160 R08: 0000000000000001 R09: 00007ffe1572a170
[ 59.689960][ T5090] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 59.697944][ T5090] R13: 00007ffe1572a1a0 R14: 00007ffe1572a180 R15: 000000000000000c
[ 59.705925][ T5090]
./strace-static-x86_64: Process 5091 attached
[pid 5091] chdir("./13") = 0
[pid 5091] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5091] setpgid(0, 0) = 0
[pid 5091] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5091] write(3, "1000", 4) = 4
[pid 5091] close(3) = 0
[pid 5091] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5091] memfd_create("syzkaller", 0) = 3
[pid 5091] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1beb75d000
[pid 5091] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5091] munmap(0x7f1beb75d000, 32768) = 0
[pid 5091] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5091] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5091] close(3) = 0
[pid 5091] mkdir("./file0", 0777) = 0
[pid 5091] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5091] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5091] chdir("./file0") = 0
[pid 5091] ioctl(4, LOOP_CLR_FD) = 0
[pid 5091] close(4) = 0
[pid 5091] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5091] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5091] write(5, "9", 1) = 1
[ 59.780435][ T5091] loop0: detected capacity change from 0 to 64
[ 59.802576][ T5091] FAULT_INJECTION: forcing a failure.
[ 59.802576][ T5091] name failslab, interval 1, probability 0, space 0, times 0
[ 59.817697][ T5091] CPU: 0 PID: 5091 Comm: syz-executor348 Not tainted 6.2.0-rc2-next-20230105-syzkaller #0
[ 59.827623][ T5091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 59.837678][ T5091] Call Trace:
[ 59.840953][ T5091]
[ 59.843880][ T5091] dump_stack_lvl+0xd1/0x138
[ 59.848472][ T5091] should_fail_ex.cold+0x5/0xa
[ 59.853234][ T5091] should_failslab+0x9/0x20
[ 59.857745][ T5091] __kmem_cache_alloc_node+0x5b/0x330
[ 59.863120][ T5091] ? hfs_find_init+0x95/0x240
[ 59.867804][ T5091] ? hfs_find_init+0x95/0x240
[ 59.872491][ T5091] __kmalloc+0x4a/0xd0
[ 59.876589][ T5091] hfs_find_init+0x95/0x240
[ 59.881089][ T5091] hfs_ext_read_extent+0x18d/0xa20
[ 59.886203][ T5091] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 59.891758][ T5091] ? rcu_read_lock_sched_held+0x3e/0x70
[ 59.897340][ T5091] ? hfs_free_extents+0x2e0/0x2e0
[ 59.902395][ T5091] ? clean_bdev_aliases+0x4f9/0x600
[ 59.907598][ T5091] ? find_held_lock+0x2d/0x110
[ 59.912370][ T5091] hfs_extend_file+0x4b5/0xae0
[ 59.917150][ T5091] ? hfs_free_fork+0x920/0x920
[ 59.921940][ T5091] ? rcu_read_lock_sched_held+0x3e/0x70
[ 59.927482][ T5091] ? __mark_inode_dirty+0x32c/0x1250
[ 59.932780][ T5091] hfs_get_block+0x17f/0x820
[ 59.937401][ T5091] __block_write_begin_int+0x3bd/0x14b0
[ 59.942968][ T5091] ? hfs_extend_file+0xae0/0xae0
[ 59.947937][ T5091] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 59.953489][ T5091] ? PageHeadHuge+0x1a2/0x200
[ 59.958171][ T5091] ? hfs_extend_file+0xae0/0xae0
[ 59.963134][ T5091] block_write_begin+0xb9/0x4d0
[ 59.968022][ T5091] cont_write_begin+0x534/0x740
[ 59.972901][ T5091] ? hfs_extend_file+0xae0/0xae0
[ 59.977866][ T5091] ? block_write_begin+0x4d0/0x4d0
[ 59.982991][ T5091] ? fault_in_readable+0x179/0x290
[ 59.988136][ T5091] ? fault_in_subpage_writeable+0x20/0x20
[ 59.993872][ T5091] hfs_write_begin+0x87/0x150
[ 59.998563][ T5091] ? hfs_extend_file+0xae0/0xae0
[ 60.003529][ T5091] generic_perform_write+0x256/0x570
[ 60.008826][ T5091] ? folio_add_wait_queue+0x1c0/0x1c0
[ 60.014217][ T5091] ? new_inode+0x280/0x280
[ 60.018671][ T5091] ? generic_write_checks+0x2c0/0x400
[ 60.024068][ T5091] __generic_file_write_iter+0x2ae/0x500
[ 60.029753][ T5091] generic_file_write_iter+0xe3/0x350
[ 60.035154][ T5091] vfs_write+0x9ed/0xe10
[ 60.039395][ T5091] ? kernel_write+0x670/0x670
[ 60.044086][ T5091] ? find_held_lock+0x2d/0x110
[ 60.048883][ T5091] ? lock_downgrade+0x6e0/0x6e0
[ 60.053742][ T5091] ? __fget_light+0x20a/0x270
[ 60.058442][ T5091] ksys_write+0x12b/0x250
[ 60.062782][ T5091] ? __ia32_sys_read+0xb0/0xb0
[ 60.067547][ T5091] ? lockdep_hardirqs_on+0x7d/0x100
[ 60.072743][ T5091] ? _raw_spin_unlock_irq+0x2e/0x50
[ 60.077942][ T5091] ? ptrace_notify+0xfe/0x140
[ 60.082643][ T5091] do_syscall_64+0x39/0xb0
[ 60.087062][ T5091] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 60.092956][ T5091] RIP: 0033:0x7f1bf3baa9e9
[ 60.097363][ T5091] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 60.116969][ T5091] RSP: 002b:00007ffe1572a138 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 5091] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5091] exit_group(0) = ?
[pid 5091] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5091, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c63620 /* 4 entries */, 32768) = 112
umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./13/binderfs") = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555c6b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555c6b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./13/file0") = 0
getdents64(3, 0x555555c63620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./13") = 0
mkdir("./14", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c625d0) = 5092
./strace-static-x86_64: Process 5092 attached
[ 60.125379][ T5091] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f1bf3baa9e9
[ 60.133357][ T5091] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 60.141343][ T5091] RBP: 00007ffe1572a160 R08: 0000000000000001 R09: 00007ffe1572a170
[ 60.149316][ T5091] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 60.157281][ T5091] R13: 00007ffe1572a1a0 R14: 00007ffe1572a180 R15: 000000000000000d
[ 60.165260][ T5091]
[pid 5092] chdir("./14") = 0
[pid 5092] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5092] setpgid(0, 0) = 0
[pid 5092] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5092] write(3, "1000", 4) = 4
[pid 5092] close(3) = 0
[pid 5092] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5092] memfd_create("syzkaller", 0) = 3
[pid 5092] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1beb75d000
[pid 5092] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5092] munmap(0x7f1beb75d000, 32768) = 0
[pid 5092] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5092] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5092] close(3) = 0
[pid 5092] mkdir("./file0", 0777) = 0
[pid 5092] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5092] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5092] chdir("./file0") = 0
[pid 5092] ioctl(4, LOOP_CLR_FD) = 0
[pid 5092] close(4) = 0
[pid 5092] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5092] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5092] write(5, "9", 1) = 1
[pid 5092] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5092] exit_group(0) = ?
[pid 5092] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5092, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c63620 /* 4 entries */, 32768) = 112
umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./14/binderfs") = 0
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555c6b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555c6b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./14/file0") = 0
getdents64(3, 0x555555c63620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./14") = 0
mkdir("./15", 0777) = 0
[ 60.230017][ T5092] loop0: detected capacity change from 0 to 64
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c625d0) = 5093
./strace-static-x86_64: Process 5093 attached
[pid 5093] chdir("./15") = 0
[pid 5093] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5093] setpgid(0, 0) = 0
[pid 5093] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5093] write(3, "1000", 4) = 4
[pid 5093] close(3) = 0
[pid 5093] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5093] memfd_create("syzkaller", 0) = 3
[pid 5093] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1beb75d000
[pid 5093] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5093] munmap(0x7f1beb75d000, 32768) = 0
[pid 5093] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5093] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5093] close(3) = 0
[pid 5093] mkdir("./file0", 0777) = 0
[pid 5093] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5093] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5093] chdir("./file0") = 0
[pid 5093] ioctl(4, LOOP_CLR_FD) = 0
[pid 5093] close(4) = 0
[pid 5093] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5093] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5093] write(5, "9", 1) = 1
[ 60.316379][ T5093] loop0: detected capacity change from 0 to 64
[ 60.344728][ T5093] FAULT_INJECTION: forcing a failure.
[ 60.344728][ T5093] name failslab, interval 1, probability 0, space 0, times 0
[ 60.357767][ T5093] CPU: 0 PID: 5093 Comm: syz-executor348 Not tainted 6.2.0-rc2-next-20230105-syzkaller #0
[ 60.367688][ T5093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 60.377745][ T5093] Call Trace:
[ 60.381029][ T5093]
[ 60.383963][ T5093] dump_stack_lvl+0xd1/0x138
[ 60.388568][ T5093] should_fail_ex.cold+0x5/0xa
[ 60.393372][ T5093] should_failslab+0x9/0x20
[ 60.397891][ T5093] __kmem_cache_alloc_node+0x5b/0x330
[ 60.403269][ T5093] ? hfs_find_init+0x95/0x240
[ 60.407986][ T5093] ? hfs_find_init+0x95/0x240
[ 60.412689][ T5093] __kmalloc+0x4a/0xd0
[ 60.416797][ T5093] hfs_find_init+0x95/0x240
[ 60.421321][ T5093] hfs_ext_read_extent+0x18d/0xa20
[ 60.426457][ T5093] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 60.432023][ T5093] ? rcu_read_lock_sched_held+0x3e/0x70
[ 60.437587][ T5093] ? hfs_free_extents+0x2e0/0x2e0
[ 60.442650][ T5093] ? clean_bdev_aliases+0x4f9/0x600
[ 60.447870][ T5093] ? find_held_lock+0x2d/0x110
[ 60.452670][ T5093] hfs_extend_file+0x4b5/0xae0
[ 60.457465][ T5093] ? hfs_free_fork+0x920/0x920
[ 60.462252][ T5093] ? rcu_read_lock_sched_held+0x3e/0x70
[ 60.467815][ T5093] ? __mark_inode_dirty+0x32c/0x1250
[ 60.473124][ T5093] hfs_get_block+0x17f/0x820
[ 60.477754][ T5093] __block_write_begin_int+0x3bd/0x14b0
[ 60.483326][ T5093] ? hfs_extend_file+0xae0/0xae0
[ 60.488293][ T5093] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 60.493860][ T5093] ? PageHeadHuge+0x1a2/0x200
[ 60.498561][ T5093] ? hfs_extend_file+0xae0/0xae0
[ 60.503522][ T5093] block_write_begin+0xb9/0x4d0
[ 60.508397][ T5093] cont_write_begin+0x534/0x740
[ 60.513280][ T5093] ? hfs_extend_file+0xae0/0xae0
[ 60.518241][ T5093] ? block_write_begin+0x4d0/0x4d0
[ 60.523371][ T5093] ? fault_in_readable+0x179/0x290
[ 60.528503][ T5093] ? fault_in_subpage_writeable+0x20/0x20
[ 60.534247][ T5093] hfs_write_begin+0x87/0x150
[ 60.538943][ T5093] ? hfs_extend_file+0xae0/0xae0
[ 60.543908][ T5093] generic_perform_write+0x256/0x570
[ 60.549223][ T5093] ? folio_add_wait_queue+0x1c0/0x1c0
[ 60.554614][ T5093] ? new_inode+0x280/0x280
[ 60.559062][ T5093] ? generic_write_checks+0x2c0/0x400
[ 60.564467][ T5093] __generic_file_write_iter+0x2ae/0x500
[ 60.570129][ T5093] generic_file_write_iter+0xe3/0x350
[ 60.575527][ T5093] vfs_write+0x9ed/0xe10
[ 60.579795][ T5093] ? kernel_write+0x670/0x670
[ 60.584493][ T5093] ? find_held_lock+0x2d/0x110
[ 60.589291][ T5093] ? lock_downgrade+0x6e0/0x6e0
[ 60.594157][ T5093] ? __fget_light+0x20a/0x270
[ 60.598859][ T5093] ksys_write+0x12b/0x250
[ 60.603206][ T5093] ? __ia32_sys_read+0xb0/0xb0
[ 60.607990][ T5093] ? lockdep_hardirqs_on+0x7d/0x100
[ 60.613205][ T5093] ? _raw_spin_unlock_irq+0x2e/0x50
[ 60.618421][ T5093] ? ptrace_notify+0xfe/0x140
[ 60.623119][ T5093] do_syscall_64+0x39/0xb0
[ 60.627560][ T5093] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 60.633471][ T5093] RIP: 0033:0x7f1bf3baa9e9
[ 60.637899][ T5093] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 60.657519][ T5093] RSP: 002b:00007ffe1572a138 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 5093] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5093] exit_group(0) = ?
[pid 5093] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5093, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c63620 /* 4 entries */, 32768) = 112
umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./15/binderfs") = 0
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555c6b660 /* 2 entries */, 32768) = 48
[ 60.665950][ T5093] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f1bf3baa9e9
[ 60.673934][ T5093] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 60.681916][ T5093] RBP: 00007ffe1572a160 R08: 0000000000000001 R09: 00007ffe1572a170
[ 60.689900][ T5093] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 60.697882][ T5093] R13: 00007ffe1572a1a0 R14: 00007ffe1572a180 R15: 000000000000000f
[ 60.705885][ T5093]
getdents64(4, 0x555555c6b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./15/file0") = 0
getdents64(3, 0x555555c63620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./15") = 0
mkdir("./16", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c625d0) = 5094
./strace-static-x86_64: Process 5094 attached
[pid 5094] chdir("./16") = 0
[pid 5094] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5094] setpgid(0, 0) = 0
[pid 5094] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5094] write(3, "1000", 4) = 4
[pid 5094] close(3) = 0
[pid 5094] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5094] memfd_create("syzkaller", 0) = 3
[pid 5094] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1beb75d000
[pid 5094] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5094] munmap(0x7f1beb75d000, 32768) = 0
[pid 5094] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5094] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5094] close(3) = 0
[pid 5094] mkdir("./file0", 0777) = 0
[pid 5094] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5094] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5094] chdir("./file0") = 0
[pid 5094] ioctl(4, LOOP_CLR_FD) = 0
[pid 5094] close(4) = 0
[pid 5094] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5094] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5094] write(5, "9", 1) = 1
[pid 5094] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5094] exit_group(0) = ?
[pid 5094] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5094, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c63620 /* 4 entries */, 32768) = 112
umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./16/binderfs") = 0
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 60.781215][ T5094] loop0: detected capacity change from 0 to 64
openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555c6b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555c6b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./16/file0") = 0
getdents64(3, 0x555555c63620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./16") = 0
mkdir("./17", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c625d0) = 5095
./strace-static-x86_64: Process 5095 attached
[pid 5095] chdir("./17") = 0
[pid 5095] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5095] setpgid(0, 0) = 0
[pid 5095] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5095] write(3, "1000", 4) = 4
[pid 5095] close(3) = 0
[pid 5095] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5095] memfd_create("syzkaller", 0) = 3
[pid 5095] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1beb75d000
[pid 5095] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5095] munmap(0x7f1beb75d000, 32768) = 0
[pid 5095] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5095] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5095] close(3) = 0
[pid 5095] mkdir("./file0", 0777) = 0
[pid 5095] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5095] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5095] chdir("./file0") = 0
[pid 5095] ioctl(4, LOOP_CLR_FD) = 0
[pid 5095] close(4) = 0
[pid 5095] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5095] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5095] write(5, "9", 1) = 1
[pid 5095] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5095] exit_group(0) = ?
[pid 5095] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5095, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c63620 /* 4 entries */, 32768) = 112
umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./17/binderfs") = 0
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555c6b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555c6b660 /* 0 entries */, 32768) = 0
close(4) = 0
[ 60.878631][ T5095] loop0: detected capacity change from 0 to 64
rmdir("./17/file0") = 0
getdents64(3, 0x555555c63620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./17") = 0
mkdir("./18", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c625d0) = 5096
./strace-static-x86_64: Process 5096 attached
[pid 5096] chdir("./18") = 0
[pid 5096] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5096] setpgid(0, 0) = 0
[pid 5096] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5096] write(3, "1000", 4) = 4
[pid 5096] close(3) = 0
[pid 5096] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5096] memfd_create("syzkaller", 0) = 3
[pid 5096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1beb75d000
[pid 5096] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5096] munmap(0x7f1beb75d000, 32768) = 0
[pid 5096] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5096] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5096] close(3) = 0
[pid 5096] mkdir("./file0", 0777) = 0
[pid 5096] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5096] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5096] chdir("./file0") = 0
[pid 5096] ioctl(4, LOOP_CLR_FD) = 0
[pid 5096] close(4) = 0
[pid 5096] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5096] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5096] write(5, "9", 1) = 1
[ 60.974311][ T5096] loop0: detected capacity change from 0 to 64
[ 61.000457][ T5096] FAULT_INJECTION: forcing a failure.
[ 61.000457][ T5096] name failslab, interval 1, probability 0, space 0, times 0
[ 61.013242][ T5096] CPU: 0 PID: 5096 Comm: syz-executor348 Not tainted 6.2.0-rc2-next-20230105-syzkaller #0
[ 61.023156][ T5096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 61.033219][ T5096] Call Trace:
[ 61.036490][ T5096]
[ 61.039414][ T5096] dump_stack_lvl+0xd1/0x138
[ 61.044005][ T5096] should_fail_ex.cold+0x5/0xa
[ 61.048766][ T5096] should_failslab+0x9/0x20
[ 61.053269][ T5096] __kmem_cache_alloc_node+0x5b/0x330
[ 61.058632][ T5096] ? hfs_find_init+0x95/0x240
[ 61.063309][ T5096] ? hfs_find_init+0x95/0x240
[ 61.067975][ T5096] __kmalloc+0x4a/0xd0
[ 61.072061][ T5096] hfs_find_init+0x95/0x240
[ 61.076602][ T5096] hfs_ext_read_extent+0x18d/0xa20
[ 61.081758][ T5096] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 61.087301][ T5096] ? hfs_free_extents+0x2e0/0x2e0
[ 61.092326][ T5096] ? clean_bdev_aliases+0x4f9/0x600
[ 61.097530][ T5096] hfs_extend_file+0x4b5/0xae0
[ 61.102295][ T5096] ? hfs_free_fork+0x920/0x920
[ 61.107056][ T5096] ? rcu_read_lock_sched_held+0x3e/0x70
[ 61.112594][ T5096] ? __mark_inode_dirty+0x32c/0x1250
[ 61.117877][ T5096] hfs_get_block+0x17f/0x820
[ 61.122474][ T5096] __block_write_begin_int+0x3bd/0x14b0
[ 61.128037][ T5096] ? hfs_extend_file+0xae0/0xae0
[ 61.133004][ T5096] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 61.138550][ T5096] ? PageHeadHuge+0x1a2/0x200
[ 61.143229][ T5096] ? hfs_extend_file+0xae0/0xae0
[ 61.148163][ T5096] block_write_begin+0xb9/0x4d0
[ 61.153016][ T5096] cont_write_begin+0x534/0x740
[ 61.157890][ T5096] ? hfs_extend_file+0xae0/0xae0
[ 61.162837][ T5096] ? block_write_begin+0x4d0/0x4d0
[ 61.167948][ T5096] ? fault_in_readable+0x179/0x290
[ 61.173058][ T5096] ? fault_in_subpage_writeable+0x20/0x20
[ 61.178782][ T5096] hfs_write_begin+0x87/0x150
[ 61.183472][ T5096] ? hfs_extend_file+0xae0/0xae0
[ 61.188456][ T5096] generic_perform_write+0x256/0x570
[ 61.193749][ T5096] ? folio_add_wait_queue+0x1c0/0x1c0
[ 61.199151][ T5096] ? new_inode+0x280/0x280
[ 61.203605][ T5096] ? generic_write_checks+0x2c0/0x400
[ 61.208997][ T5096] __generic_file_write_iter+0x2ae/0x500
[ 61.214672][ T5096] generic_file_write_iter+0xe3/0x350
[ 61.220064][ T5096] vfs_write+0x9ed/0xe10
[ 61.224309][ T5096] ? kernel_write+0x670/0x670
[ 61.228994][ T5096] ? find_held_lock+0x2d/0x110
[ 61.233795][ T5096] ? lock_downgrade+0x6e0/0x6e0
[ 61.238641][ T5096] ? __fget_light+0x20a/0x270
[ 61.243333][ T5096] ksys_write+0x12b/0x250
[ 61.247705][ T5096] ? __ia32_sys_read+0xb0/0xb0
[ 61.252491][ T5096] ? lockdep_hardirqs_on+0x7d/0x100
[ 61.257701][ T5096] ? _raw_spin_unlock_irq+0x2e/0x50
[ 61.262926][ T5096] ? ptrace_notify+0xfe/0x140
[ 61.267639][ T5096] do_syscall_64+0x39/0xb0
[ 61.272112][ T5096] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 61.278047][ T5096] RIP: 0033:0x7f1bf3baa9e9
[ 61.282481][ T5096] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 61.302099][ T5096] RSP: 002b:00007ffe1572a138 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 61.310513][ T5096] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f1bf3baa9e9
[pid 5096] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5096] exit_group(0) = ?
[pid 5096] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5096, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c63620 /* 4 entries */, 32768) = 112
umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./18/binderfs") = 0
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555c6b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555c6b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./18/file0") = 0
getdents64(3, 0x555555c63620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./18") = 0
mkdir("./19", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c625d0) = 5097
./strace-static-x86_64: Process 5097 attached
[pid 5097] chdir("./19") = 0
[pid 5097] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5097] setpgid(0, 0) = 0
[pid 5097] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5097] write(3, "1000", 4) = 4
[pid 5097] close(3) = 0
[pid 5097] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5097] memfd_create("syzkaller", 0) = 3
[pid 5097] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1beb75d000
[pid 5097] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5097] munmap(0x7f1beb75d000, 32768) = 0
[pid 5097] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 61.318479][ T5096] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 61.326455][ T5096] RBP: 00007ffe1572a160 R08: 0000000000000001 R09: 00007ffe1572a170
[ 61.334439][ T5096] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 61.342404][ T5096] R13: 00007ffe1572a1a0 R14: 00007ffe1572a180 R15: 0000000000000012
[ 61.350403][ T5096]
[pid 5097] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5097] close(3) = 0
[pid 5097] mkdir("./file0", 0777) = 0
[pid 5097] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5097] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5097] chdir("./file0") = 0
[pid 5097] ioctl(4, LOOP_CLR_FD) = 0
[pid 5097] close(4) = 0
[pid 5097] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5097] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5097] write(5, "9", 1) = 1
[ 61.405647][ T5097] loop0: detected capacity change from 0 to 64
[ 61.442462][ T5097] FAULT_INJECTION: forcing a failure.
[ 61.442462][ T5097] name failslab, interval 1, probability 0, space 0, times 0
[ 61.455317][ T5097] CPU: 0 PID: 5097 Comm: syz-executor348 Not tainted 6.2.0-rc2-next-20230105-syzkaller #0
[ 61.465254][ T5097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 61.475340][ T5097] Call Trace:
[ 61.478644][ T5097]
[ 61.481596][ T5097] dump_stack_lvl+0xd1/0x138
[ 61.486198][ T5097] should_fail_ex.cold+0x5/0xa
[ 61.490983][ T5097] should_failslab+0x9/0x20
[ 61.495489][ T5097] __kmem_cache_alloc_node+0x5b/0x330
[ 61.500867][ T5097] ? hfs_find_init+0x95/0x240
[ 61.505569][ T5097] ? hfs_find_init+0x95/0x240
[ 61.510267][ T5097] __kmalloc+0x4a/0xd0
[ 61.514364][ T5097] hfs_find_init+0x95/0x240
[ 61.518891][ T5097] hfs_ext_read_extent+0x18d/0xa20
[ 61.524025][ T5097] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 61.529590][ T5097] ? hfs_free_extents+0x2e0/0x2e0
[ 61.534678][ T5097] ? clean_bdev_aliases+0x4f9/0x600
[ 61.539906][ T5097] hfs_extend_file+0x4b5/0xae0
[ 61.544697][ T5097] ? hfs_free_fork+0x920/0x920
[ 61.549485][ T5097] ? rcu_read_lock_sched_held+0x3e/0x70
[ 61.555048][ T5097] ? __mark_inode_dirty+0x32c/0x1250
[ 61.560355][ T5097] hfs_get_block+0x17f/0x820
[ 61.564974][ T5097] __block_write_begin_int+0x3bd/0x14b0
[ 61.570546][ T5097] ? hfs_extend_file+0xae0/0xae0
[ 61.575513][ T5097] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 61.581081][ T5097] ? PageHeadHuge+0x1a2/0x200
[ 61.585784][ T5097] ? hfs_extend_file+0xae0/0xae0
[ 61.590740][ T5097] block_write_begin+0xb9/0x4d0
[ 61.595615][ T5097] cont_write_begin+0x534/0x740
[ 61.600503][ T5097] ? hfs_extend_file+0xae0/0xae0
[ 61.605462][ T5097] ? block_write_begin+0x4d0/0x4d0
[ 61.610592][ T5097] ? fault_in_readable+0x179/0x290
[ 61.615743][ T5097] ? fault_in_subpage_writeable+0x20/0x20
[ 61.621488][ T5097] hfs_write_begin+0x87/0x150
[ 61.626192][ T5097] ? hfs_extend_file+0xae0/0xae0
[ 61.631154][ T5097] generic_perform_write+0x256/0x570
[ 61.636470][ T5097] ? folio_add_wait_queue+0x1c0/0x1c0
[ 61.641860][ T5097] ? new_inode+0x280/0x280
[ 61.646306][ T5097] ? generic_write_checks+0x2c0/0x400
[ 61.651713][ T5097] __generic_file_write_iter+0x2ae/0x500
[ 61.657381][ T5097] generic_file_write_iter+0xe3/0x350
[ 61.662782][ T5097] vfs_write+0x9ed/0xe10
[ 61.667050][ T5097] ? kernel_write+0x670/0x670
[ 61.671752][ T5097] ? find_held_lock+0x2d/0x110
[ 61.676553][ T5097] ? lock_downgrade+0x6e0/0x6e0
[ 61.681432][ T5097] ? __fget_light+0x20a/0x270
[ 61.686138][ T5097] ksys_write+0x12b/0x250
[ 61.690487][ T5097] ? __ia32_sys_read+0xb0/0xb0
[ 61.695270][ T5097] ? lockdep_hardirqs_on+0x7d/0x100
[ 61.700486][ T5097] ? _raw_spin_unlock_irq+0x2e/0x50
[ 61.705708][ T5097] ? ptrace_notify+0xfe/0x140
[ 61.710413][ T5097] do_syscall_64+0x39/0xb0
[ 61.714855][ T5097] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 61.720767][ T5097] RIP: 0033:0x7f1bf3baa9e9
[ 61.725193][ T5097] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 61.744816][ T5097] RSP: 002b:00007ffe1572a138 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 5097] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5097] exit_group(0) = ?
[pid 5097] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5097, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c63620 /* 4 entries */, 32768) = 112
umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./19/binderfs") = 0
umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555c6b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555c6b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./19/file0") = 0
getdents64(3, 0x555555c63620 /* 0 entries */, 32768) = 0
close(3) = 0
[ 61.753251][ T5097] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f1bf3baa9e9
[ 61.761231][ T5097] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 61.769211][ T5097] RBP: 00007ffe1572a160 R08: 0000000000000001 R09: 00007ffe1572a170
[ 61.777199][ T5097] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 61.785179][ T5097] R13: 00007ffe1572a1a0 R14: 00007ffe1572a180 R15: 0000000000000013
[ 61.793179][ T5097]
rmdir("./19") = 0
mkdir("./20", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c625d0) = 5098
./strace-static-x86_64: Process 5098 attached
[pid 5098] chdir("./20") = 0
[pid 5098] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5098] setpgid(0, 0) = 0
[pid 5098] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5098] write(3, "1000", 4) = 4
[pid 5098] close(3) = 0
[pid 5098] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5098] memfd_create("syzkaller", 0) = 3
[pid 5098] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1beb75d000
[pid 5098] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5098] munmap(0x7f1beb75d000, 32768) = 0
[pid 5098] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5098] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5098] close(3) = 0
[pid 5098] mkdir("./file0", 0777) = 0
[pid 5098] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5098] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5098] chdir("./file0") = 0
[pid 5098] ioctl(4, LOOP_CLR_FD) = 0
[pid 5098] close(4) = 0
[pid 5098] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5098] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5098] write(5, "9", 1) = 1
[pid 5098] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5098] exit_group(0) = ?
[pid 5098] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5098, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} ---
umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c63620 /* 4 entries */, 32768) = 112
umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./20/binderfs") = 0
umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555c6b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555c6b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./20/file0") = 0
getdents64(3, 0x555555c63620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./20") = 0
mkdir("./21", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
[ 61.889667][ T5098] loop0: detected capacity change from 0 to 64
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c625d0) = 5099
./strace-static-x86_64: Process 5099 attached
[pid 5099] chdir("./21") = 0
[pid 5099] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5099] setpgid(0, 0) = 0
[pid 5099] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5099] write(3, "1000", 4) = 4
[pid 5099] close(3) = 0
[pid 5099] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5099] memfd_create("syzkaller", 0) = 3
[pid 5099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1beb75d000
[pid 5099] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5099] munmap(0x7f1beb75d000, 32768) = 0
[pid 5099] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5099] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5099] close(3) = 0
[pid 5099] mkdir("./file0", 0777) = 0
[pid 5099] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5099] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5099] chdir("./file0") = 0
[pid 5099] ioctl(4, LOOP_CLR_FD) = 0
[pid 5099] close(4) = 0
[pid 5099] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5099] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5099] write(5, "9", 1) = 1
[ 61.978275][ T5099] loop0: detected capacity change from 0 to 64
[ 61.980479][ T5078] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 62.018320][ T5099] FAULT_INJECTION: forcing a failure.
[ 62.018320][ T5099] name failslab, interval 1, probability 0, space 0, times 0
[ 62.039158][ T5099] CPU: 0 PID: 5099 Comm: syz-executor348 Not tainted 6.2.0-rc2-next-20230105-syzkaller #0
[ 62.049093][ T5099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 62.059177][ T5099] Call Trace:
[ 62.062468][ T5099]
[ 62.065392][ T5099] dump_stack_lvl+0xd1/0x138
[ 62.069999][ T5099] should_fail_ex.cold+0x5/0xa
[ 62.074784][ T5099] should_failslab+0x9/0x20
[ 62.079290][ T5099] __kmem_cache_alloc_node+0x5b/0x330
[ 62.084666][ T5099] ? hfs_find_init+0x95/0x240
[ 62.089374][ T5099] ? hfs_find_init+0x95/0x240
[ 62.094044][ T5099] __kmalloc+0x4a/0xd0
[ 62.098126][ T5099] hfs_find_init+0x95/0x240
[ 62.102631][ T5099] hfs_ext_read_extent+0x18d/0xa20
[ 62.107741][ T5099] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 62.113280][ T5099] ? rcu_read_lock_sched_held+0x3e/0x70
[ 62.118825][ T5099] ? hfs_free_extents+0x2e0/0x2e0
[ 62.123870][ T5099] ? clean_bdev_aliases+0x4f9/0x600
[ 62.129089][ T5099] ? find_held_lock+0x2d/0x110
[ 62.133885][ T5099] hfs_extend_file+0x4b5/0xae0
[ 62.138653][ T5099] ? hfs_free_fork+0x920/0x920
[ 62.143429][ T5099] ? rcu_read_lock_sched_held+0x3e/0x70
[ 62.149005][ T5099] ? __mark_inode_dirty+0x32c/0x1250
[ 62.154311][ T5099] hfs_get_block+0x17f/0x820
[ 62.158911][ T5099] __block_write_begin_int+0x3bd/0x14b0
[ 62.164456][ T5099] ? hfs_extend_file+0xae0/0xae0
[ 62.169400][ T5099] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 62.174959][ T5099] ? PageHeadHuge+0x1a2/0x200
[ 62.179665][ T5099] ? hfs_extend_file+0xae0/0xae0
[ 62.184612][ T5099] block_write_begin+0xb9/0x4d0
[ 62.189490][ T5099] cont_write_begin+0x534/0x740
[ 62.194344][ T5099] ? hfs_extend_file+0xae0/0xae0
[ 62.199293][ T5099] ? block_write_begin+0x4d0/0x4d0
[ 62.204414][ T5099] ? fault_in_readable+0x179/0x290
[ 62.209525][ T5099] ? fault_in_subpage_writeable+0x20/0x20
[ 62.215248][ T5099] hfs_write_begin+0x87/0x150
[ 62.219922][ T5099] ? hfs_extend_file+0xae0/0xae0
[ 62.224869][ T5099] generic_perform_write+0x256/0x570
[ 62.230167][ T5099] ? folio_add_wait_queue+0x1c0/0x1c0
[ 62.235564][ T5099] ? new_inode+0x280/0x280
[ 62.240000][ T5099] ? generic_write_checks+0x2c0/0x400
[ 62.245386][ T5099] __generic_file_write_iter+0x2ae/0x500
[ 62.251038][ T5099] generic_file_write_iter+0xe3/0x350
[ 62.256436][ T5099] vfs_write+0x9ed/0xe10
[ 62.260726][ T5099] ? kernel_write+0x670/0x670
[ 62.265426][ T5099] ? find_held_lock+0x2d/0x110
[ 62.270202][ T5099] ? lock_downgrade+0x6e0/0x6e0
[ 62.275062][ T5099] ? __fget_light+0x20a/0x270
[ 62.279749][ T5099] ksys_write+0x12b/0x250
[ 62.284077][ T5099] ? __ia32_sys_read+0xb0/0xb0
[ 62.288842][ T5099] ? lockdep_hardirqs_on+0x7d/0x100
[ 62.294039][ T5099] ? _raw_spin_unlock_irq+0x2e/0x50
[ 62.299252][ T5099] ? ptrace_notify+0xfe/0x140
[ 62.303954][ T5099] do_syscall_64+0x39/0xb0
[ 62.308374][ T5099] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 62.314265][ T5099] RIP: 0033:0x7f1bf3baa9e9
[ 62.318693][ T5099] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 62.338294][ T5099] RSP: 002b:00007ffe1572a138 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 62.346704][ T5099] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f1bf3baa9e9
[ 62.354686][ T5099] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 62.362685][ T5099] RBP: 00007ffe1572a160 R08: 0000000000000001 R09: 00007ffe1572a170
[ 62.370659][ T5099] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid 5099] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5099] exit_group(0) = ?
[pid 5099] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5099, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c63620 /* 4 entries */, 32768) = 112
umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./21/binderfs") = 0
umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555c6b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555c6b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./21/file0") = 0
getdents64(3, 0x555555c63620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./21") = 0
mkdir("./22", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5100 attached
, child_tidptr=0x555555c625d0) = 5100
[pid 5100] chdir("./22") = 0
[pid 5100] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5100] setpgid(0, 0) = 0
[pid 5100] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5100] write(3, "1000", 4) = 4
[pid 5100] close(3) = 0
[pid 5100] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5100] memfd_create("syzkaller", 0) = 3
[pid 5100] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1beb75d000
[pid 5100] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[ 62.378634][ T5099] R13: 00007ffe1572a1a0 R14: 00007ffe1572a180 R15: 0000000000000015
[ 62.386613][ T5099]
[pid 5100] munmap(0x7f1beb75d000, 32768) = 0
[pid 5100] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5100] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5100] close(3) = 0
[pid 5100] mkdir("./file0", 0777) = 0
[pid 5100] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5100] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5100] chdir("./file0") = 0
[pid 5100] ioctl(4, LOOP_CLR_FD) = 0
[pid 5100] close(4) = 0
[pid 5100] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5100] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5100] write(5, "9", 1) = 1
[ 62.442453][ T5100] loop0: detected capacity change from 0 to 64
[ 62.465854][ T5100] FAULT_INJECTION: forcing a failure.
[ 62.465854][ T5100] name failslab, interval 1, probability 0, space 0, times 0
[ 62.479380][ T5100] CPU: 1 PID: 5100 Comm: syz-executor348 Not tainted 6.2.0-rc2-next-20230105-syzkaller #0
[ 62.489303][ T5100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 62.499350][ T5100] Call Trace:
[ 62.502621][ T5100]
[ 62.505549][ T5100] dump_stack_lvl+0xd1/0x138
[ 62.510172][ T5100] should_fail_ex.cold+0x5/0xa
[ 62.514958][ T5100] should_failslab+0x9/0x20
[ 62.519462][ T5100] __kmem_cache_alloc_node+0x5b/0x330
[ 62.524831][ T5100] ? hfs_find_init+0x95/0x240
[ 62.529510][ T5100] ? hfs_find_init+0x95/0x240
[ 62.534195][ T5100] __kmalloc+0x4a/0xd0
[ 62.538296][ T5100] hfs_find_init+0x95/0x240
[ 62.542810][ T5100] hfs_ext_read_extent+0x18d/0xa20
[ 62.547947][ T5100] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 62.553487][ T5100] ? rcu_read_lock_sched_held+0x3e/0x70
[ 62.559043][ T5100] ? hfs_free_extents+0x2e0/0x2e0
[ 62.564087][ T5100] ? clean_bdev_aliases+0x4f9/0x600
[ 62.569306][ T5100] ? find_held_lock+0x2d/0x110
[ 62.574093][ T5100] hfs_extend_file+0x4b5/0xae0
[ 62.578887][ T5100] ? hfs_free_fork+0x920/0x920
[ 62.583656][ T5100] ? rcu_read_lock_sched_held+0x3e/0x70
[ 62.589225][ T5100] ? __mark_inode_dirty+0x32c/0x1250
[ 62.594512][ T5100] hfs_get_block+0x17f/0x820
[ 62.599120][ T5100] __block_write_begin_int+0x3bd/0x14b0
[ 62.604669][ T5100] ? hfs_extend_file+0xae0/0xae0
[ 62.609640][ T5100] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 62.615227][ T5100] ? PageHeadHuge+0x1a2/0x200
[ 62.619934][ T5100] ? hfs_extend_file+0xae0/0xae0
[ 62.624871][ T5100] block_write_begin+0xb9/0x4d0
[ 62.629755][ T5100] cont_write_begin+0x534/0x740
[ 62.634612][ T5100] ? hfs_extend_file+0xae0/0xae0
[ 62.639546][ T5100] ? block_write_begin+0x4d0/0x4d0
[ 62.644657][ T5100] ? fault_in_readable+0x179/0x290
[ 62.649769][ T5100] ? fault_in_subpage_writeable+0x20/0x20
[ 62.655492][ T5100] hfs_write_begin+0x87/0x150
[ 62.660171][ T5100] ? hfs_extend_file+0xae0/0xae0
[ 62.665114][ T5100] generic_perform_write+0x256/0x570
[ 62.670404][ T5100] ? folio_add_wait_queue+0x1c0/0x1c0
[ 62.675777][ T5100] ? new_inode+0x280/0x280
[ 62.680197][ T5100] ? generic_write_checks+0x2c0/0x400
[ 62.685575][ T5100] __generic_file_write_iter+0x2ae/0x500
[ 62.691214][ T5100] generic_file_write_iter+0xe3/0x350
[ 62.696589][ T5100] vfs_write+0x9ed/0xe10
[ 62.700836][ T5100] ? kernel_write+0x670/0x670
[ 62.705513][ T5100] ? asm_common_interrupt+0x26/0x40
[ 62.710728][ T5100] ? preempt_schedule_thunk+0x1a/0x20
[ 62.716144][ T5100] ? __fget_light+0x20a/0x270
[ 62.720857][ T5100] ksys_write+0x12b/0x250
[ 62.725185][ T5100] ? __ia32_sys_read+0xb0/0xb0
[ 62.729948][ T5100] ? _raw_spin_unlock_irq+0x40/0x50
[ 62.735153][ T5100] ? ptrace_notify+0xfe/0x140
[ 62.739834][ T5100] do_syscall_64+0x39/0xb0
[ 62.744344][ T5100] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 62.750234][ T5100] RIP: 0033:0x7f1bf3baa9e9
[ 62.754644][ T5100] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 62.774248][ T5100] RSP: 002b:00007ffe1572a138 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 62.782655][ T5100] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f1bf3baa9e9
[pid 5100] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5100] exit_group(0) = ?
[pid 5100] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5100, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c63620 /* 4 entries */, 32768) = 112
umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./22/binderfs") = 0
umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555c6b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555c6b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./22/file0") = 0
getdents64(3, 0x555555c63620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./22") = 0
mkdir("./23", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c625d0) = 5101
./strace-static-x86_64: Process 5101 attached
[pid 5101] chdir("./23") = 0
[pid 5101] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5101] setpgid(0, 0) = 0
[ 62.790635][ T5100] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 62.798622][ T5100] RBP: 00007ffe1572a160 R08: 0000000000000001 R09: 00007ffe1572a170
[ 62.806585][ T5100] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 62.814551][ T5100] R13: 00007ffe1572a1a0 R14: 00007ffe1572a180 R15: 0000000000000016
[ 62.822547][ T5100]
[pid 5101] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5101] write(3, "1000", 4) = 4
[pid 5101] close(3) = 0
[pid 5101] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5101] memfd_create("syzkaller", 0) = 3
[pid 5101] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1beb75d000
[pid 5101] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5101] munmap(0x7f1beb75d000, 32768) = 0
[pid 5101] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5101] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5101] close(3) = 0
[pid 5101] mkdir("./file0", 0777) = 0
[pid 5101] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5101] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5101] chdir("./file0") = 0
[pid 5101] ioctl(4, LOOP_CLR_FD) = 0
[pid 5101] close(4) = 0
[pid 5101] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5101] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5101] write(5, "9", 1) = 1
[pid 5101] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5101] exit_group(0) = ?
[pid 5101] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5101, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c63620 /* 4 entries */, 32768) = 112
umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./23/binderfs") = 0
umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555c6b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555c6b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./23/file0") = 0
getdents64(3, 0x555555c63620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./23") = 0
mkdir("./24", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
[ 62.888569][ T5101] loop0: detected capacity change from 0 to 64
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c625d0) = 5102
./strace-static-x86_64: Process 5102 attached
[pid 5102] chdir("./24") = 0
[pid 5102] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5102] setpgid(0, 0) = 0
[pid 5102] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5102] write(3, "1000", 4) = 4
[pid 5102] close(3) = 0
[pid 5102] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5102] memfd_create("syzkaller", 0) = 3
[pid 5102] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1beb75d000
[pid 5102] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5102] munmap(0x7f1beb75d000, 32768) = 0
[pid 5102] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5102] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5102] close(3) = 0
[pid 5102] mkdir("./file0", 0777) = 0
[pid 5102] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5102] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5102] chdir("./file0") = 0
[pid 5102] ioctl(4, LOOP_CLR_FD) = 0
[pid 5102] close(4) = 0
[pid 5102] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5102] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5102] write(5, "9", 1) = 1
[pid 5102] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5102] exit_group(0) = ?
[pid 5102] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5102, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c63620 /* 4 entries */, 32768) = 112
umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./24/binderfs") = 0
umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555c6b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555c6b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./24/file0") = 0
getdents64(3, 0x555555c63620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./24") = 0
mkdir("./25", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
[ 62.970339][ T5102] loop0: detected capacity change from 0 to 64
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c625d0) = 5103
./strace-static-x86_64: Process 5103 attached
[pid 5103] chdir("./25") = 0
[pid 5103] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5103] setpgid(0, 0) = 0
[pid 5103] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5103] write(3, "1000", 4) = 4
[pid 5103] close(3) = 0
[pid 5103] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5103] memfd_create("syzkaller", 0) = 3
[pid 5103] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1beb75d000
[pid 5103] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5103] munmap(0x7f1beb75d000, 32768) = 0
[pid 5103] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5103] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5103] close(3) = 0
[pid 5103] mkdir("./file0", 0777) = 0
[pid 5103] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5103] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5103] chdir("./file0") = 0
[pid 5103] ioctl(4, LOOP_CLR_FD) = 0
[pid 5103] close(4) = 0
[pid 5103] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5103] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5103] write(5, "9", 1) = 1
[ 63.047325][ T5103] loop0: detected capacity change from 0 to 64
[ 63.072546][ T5103] FAULT_INJECTION: forcing a failure.
[ 63.072546][ T5103] name failslab, interval 1, probability 0, space 0, times 0
[ 63.088171][ T5103] CPU: 0 PID: 5103 Comm: syz-executor348 Not tainted 6.2.0-rc2-next-20230105-syzkaller #0
[ 63.098087][ T5103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 63.108168][ T5103] Call Trace:
[ 63.111465][ T5103]
[ 63.114417][ T5103] dump_stack_lvl+0xd1/0x138
[ 63.119308][ T5103] should_fail_ex.cold+0x5/0xa
[ 63.124074][ T5103] should_failslab+0x9/0x20
[ 63.128577][ T5103] __kmem_cache_alloc_node+0x5b/0x330
[ 63.133946][ T5103] ? hfs_find_init+0x95/0x240
[ 63.138622][ T5103] ? hfs_find_init+0x95/0x240
[ 63.143294][ T5103] __kmalloc+0x4a/0xd0
[ 63.147368][ T5103] hfs_find_init+0x95/0x240
[ 63.151871][ T5103] hfs_ext_read_extent+0x18d/0xa20
[ 63.157001][ T5103] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 63.162588][ T5103] ? hfs_free_extents+0x2e0/0x2e0
[ 63.167642][ T5103] ? clean_bdev_aliases+0x4f9/0x600
[ 63.172868][ T5103] hfs_extend_file+0x4b5/0xae0
[ 63.177662][ T5103] ? hfs_free_fork+0x920/0x920
[ 63.182426][ T5103] ? rcu_read_lock_sched_held+0x3e/0x70
[ 63.187968][ T5103] ? __mark_inode_dirty+0x32c/0x1250
[ 63.193275][ T5103] hfs_get_block+0x17f/0x820
[ 63.197896][ T5103] __block_write_begin_int+0x3bd/0x14b0
[ 63.203471][ T5103] ? hfs_extend_file+0xae0/0xae0
[ 63.208441][ T5103] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 63.214017][ T5103] ? PageHeadHuge+0x1a2/0x200
[ 63.218722][ T5103] ? hfs_extend_file+0xae0/0xae0
[ 63.223682][ T5103] block_write_begin+0xb9/0x4d0
[ 63.228560][ T5103] cont_write_begin+0x534/0x740
[ 63.233443][ T5103] ? hfs_extend_file+0xae0/0xae0
[ 63.238406][ T5103] ? block_write_begin+0x4d0/0x4d0
[ 63.243540][ T5103] ? fault_in_readable+0x179/0x290
[ 63.248676][ T5103] ? fault_in_subpage_writeable+0x20/0x20
[ 63.254421][ T5103] hfs_write_begin+0x87/0x150
[ 63.259118][ T5103] ? hfs_extend_file+0xae0/0xae0
[ 63.264097][ T5103] generic_perform_write+0x256/0x570
[ 63.269426][ T5103] ? folio_add_wait_queue+0x1c0/0x1c0
[ 63.274820][ T5103] ? new_inode+0x280/0x280
[ 63.279265][ T5103] ? generic_write_checks+0x2c0/0x400
[ 63.284668][ T5103] __generic_file_write_iter+0x2ae/0x500
[ 63.290332][ T5103] generic_file_write_iter+0xe3/0x350
[ 63.295734][ T5103] vfs_write+0x9ed/0xe10
[ 63.300005][ T5103] ? kernel_write+0x670/0x670
[ 63.304706][ T5103] ? find_held_lock+0x2d/0x110
[ 63.309509][ T5103] ? lock_downgrade+0x6e0/0x6e0
[ 63.314386][ T5103] ? __fget_light+0x20a/0x270
[ 63.319092][ T5103] ksys_write+0x12b/0x250
[ 63.323452][ T5103] ? __ia32_sys_read+0xb0/0xb0
[ 63.328236][ T5103] ? lockdep_hardirqs_on+0x7d/0x100
[ 63.333453][ T5103] ? _raw_spin_unlock_irq+0x2e/0x50
[ 63.338672][ T5103] ? ptrace_notify+0xfe/0x140
[ 63.343376][ T5103] do_syscall_64+0x39/0xb0
[ 63.347821][ T5103] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 63.353785][ T5103] RIP: 0033:0x7f1bf3baa9e9
[ 63.358210][ T5103] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 63.377833][ T5103] RSP: 002b:00007ffe1572a138 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 63.386263][ T5103] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f1bf3baa9e9
[pid 5103] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5103] exit_group(0) = ?
[pid 5103] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5103, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c63620 /* 4 entries */, 32768) = 112
umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./25/binderfs") = 0
umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555c6b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555c6b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./25/file0") = 0
getdents64(3, 0x555555c63620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./25") = 0
mkdir("./26", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 63.394246][ T5103] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 63.402228][ T5103] RBP: 00007ffe1572a160 R08: 0000000000000001 R09: 00007ffe1572a170
[ 63.410209][ T5103] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 63.418187][ T5103] R13: 00007ffe1572a1a0 R14: 00007ffe1572a180 R15: 0000000000000019
[ 63.426186][ T5103]
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c625d0) = 5104
./strace-static-x86_64: Process 5104 attached
[pid 5104] chdir("./26") = 0
[pid 5104] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5104] setpgid(0, 0) = 0
[pid 5104] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5104] write(3, "1000", 4) = 4
[pid 5104] close(3) = 0
[pid 5104] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5104] memfd_create("syzkaller", 0) = 3
[pid 5104] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1beb75d000
[pid 5104] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5104] munmap(0x7f1beb75d000, 32768) = 0
[pid 5104] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5104] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5104] close(3) = 0
[pid 5104] mkdir("./file0", 0777) = 0
[pid 5104] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5104] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5104] chdir("./file0") = 0
[pid 5104] ioctl(4, LOOP_CLR_FD) = 0
[pid 5104] close(4) = 0
[pid 5104] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5104] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5104] write(5, "9", 1) = 1
[pid 5104] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5104] exit_group(0) = ?
[pid 5104] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5104, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c63620 /* 4 entries */, 32768) = 112
umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./26/binderfs") = 0
umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555c6b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555c6b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./26/file0") = 0
getdents64(3, 0x555555c63620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./26") = 0
[ 63.497588][ T5104] loop0: detected capacity change from 0 to 64
mkdir("./27", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c625d0) = 5105
./strace-static-x86_64: Process 5105 attached
[pid 5105] chdir("./27") = 0
[pid 5105] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5105] setpgid(0, 0) = 0
[pid 5105] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5105] write(3, "1000", 4) = 4
[pid 5105] close(3) = 0
[pid 5105] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5105] memfd_create("syzkaller", 0) = 3
[pid 5105] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1beb75d000
[pid 5105] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5105] munmap(0x7f1beb75d000, 32768) = 0
[pid 5105] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5105] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5105] close(3) = 0
[pid 5105] mkdir("./file0", 0777) = 0
[pid 5105] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5105] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5105] chdir("./file0") = 0
[pid 5105] ioctl(4, LOOP_CLR_FD) = 0
[pid 5105] close(4) = 0
[pid 5105] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5105] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5105] write(5, "9", 1) = 1
[pid 5105] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5105] exit_group(0) = ?
[pid 5105] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5105, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c63620 /* 4 entries */, 32768) = 112
umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./27/binderfs") = 0
umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555c6b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555c6b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./27/file0") = 0
[ 63.582397][ T5105] loop0: detected capacity change from 0 to 64
getdents64(3, 0x555555c63620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./27") = 0
mkdir("./28", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c625d0) = 5106
./strace-static-x86_64: Process 5106 attached
[pid 5106] chdir("./28") = 0
[pid 5106] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5106] setpgid(0, 0) = 0
[pid 5106] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5106] write(3, "1000", 4) = 4
[pid 5106] close(3) = 0
[pid 5106] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5106] memfd_create("syzkaller", 0) = 3
[pid 5106] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1beb75d000
[pid 5106] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5106] munmap(0x7f1beb75d000, 32768) = 0
[pid 5106] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5106] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5106] close(3) = 0
[pid 5106] mkdir("./file0", 0777) = 0
[pid 5106] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5106] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5106] chdir("./file0") = 0
[pid 5106] ioctl(4, LOOP_CLR_FD) = 0
[pid 5106] close(4) = 0
[pid 5106] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5106] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5106] write(5, "9", 1) = 1
[ 63.683517][ T5106] loop0: detected capacity change from 0 to 64
[ 63.703338][ T5106] FAULT_INJECTION: forcing a failure.
[ 63.703338][ T5106] name failslab, interval 1, probability 0, space 0, times 0
[ 63.716150][ T5106] CPU: 1 PID: 5106 Comm: syz-executor348 Not tainted 6.2.0-rc2-next-20230105-syzkaller #0
[ 63.726066][ T5106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 63.736124][ T5106] Call Trace:
[ 63.739413][ T5106]
[ 63.742337][ T5106] dump_stack_lvl+0xd1/0x138
[ 63.746931][ T5106] should_fail_ex.cold+0x5/0xa
[ 63.751699][ T5106] should_failslab+0x9/0x20
[ 63.756205][ T5106] __kmem_cache_alloc_node+0x5b/0x330
[ 63.761577][ T5106] ? hfs_find_init+0x95/0x240
[ 63.766256][ T5106] ? hfs_find_init+0x95/0x240
[ 63.770926][ T5106] __kmalloc+0x4a/0xd0
[ 63.775001][ T5106] hfs_find_init+0x95/0x240
[ 63.779508][ T5106] hfs_ext_read_extent+0x18d/0xa20
[ 63.784620][ T5106] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 63.790158][ T5106] ? rcu_read_lock_sched_held+0x3e/0x70
[ 63.795712][ T5106] ? hfs_free_extents+0x2e0/0x2e0
[ 63.800747][ T5106] ? clean_bdev_aliases+0x4f9/0x600
[ 63.805942][ T5106] ? find_held_lock+0x2d/0x110
[ 63.810715][ T5106] hfs_extend_file+0x4b5/0xae0
[ 63.815498][ T5106] ? hfs_free_fork+0x920/0x920
[ 63.820286][ T5106] ? rcu_read_lock_sched_held+0x3e/0x70
[ 63.825826][ T5106] ? __mark_inode_dirty+0x32c/0x1250
[ 63.831129][ T5106] hfs_get_block+0x17f/0x820
[ 63.835746][ T5106] __block_write_begin_int+0x3bd/0x14b0
[ 63.841293][ T5106] ? hfs_extend_file+0xae0/0xae0
[ 63.846236][ T5106] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 63.851791][ T5106] ? PageHeadHuge+0x1a2/0x200
[ 63.856499][ T5106] ? hfs_extend_file+0xae0/0xae0
[ 63.861466][ T5106] block_write_begin+0xb9/0x4d0
[ 63.866322][ T5106] cont_write_begin+0x534/0x740
[ 63.871180][ T5106] ? hfs_extend_file+0xae0/0xae0
[ 63.876115][ T5106] ? block_write_begin+0x4d0/0x4d0
[ 63.881233][ T5106] ? fault_in_readable+0x179/0x290
[ 63.886344][ T5106] ? fault_in_subpage_writeable+0x20/0x20
[ 63.892104][ T5106] hfs_write_begin+0x87/0x150
[ 63.896805][ T5106] ? hfs_extend_file+0xae0/0xae0
[ 63.901745][ T5106] generic_perform_write+0x256/0x570
[ 63.907035][ T5106] ? folio_add_wait_queue+0x1c0/0x1c0
[ 63.912405][ T5106] ? new_inode+0x280/0x280
[ 63.916826][ T5106] ? generic_write_checks+0x2c0/0x400
[ 63.922220][ T5106] __generic_file_write_iter+0x2ae/0x500
[ 63.927901][ T5106] generic_file_write_iter+0xe3/0x350
[ 63.933317][ T5106] vfs_write+0x9ed/0xe10
[ 63.937600][ T5106] ? kernel_write+0x670/0x670
[ 63.942316][ T5106] ? find_held_lock+0x2d/0x110
[ 63.947090][ T5106] ? lock_downgrade+0x6e0/0x6e0
[ 63.951947][ T5106] ? __fget_light+0x20a/0x270
[ 63.956647][ T5106] ksys_write+0x12b/0x250
[ 63.960974][ T5106] ? __ia32_sys_read+0xb0/0xb0
[ 63.965733][ T5106] ? lockdep_hardirqs_on+0x7d/0x100
[ 63.970939][ T5106] ? _raw_spin_unlock_irq+0x2e/0x50
[ 63.976150][ T5106] ? ptrace_notify+0xfe/0x140
[ 63.980867][ T5106] do_syscall_64+0x39/0xb0
[ 63.985292][ T5106] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 63.991182][ T5106] RIP: 0033:0x7f1bf3baa9e9
[ 63.995596][ T5106] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 64.015200][ T5106] RSP: 002b:00007ffe1572a138 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 64.023872][ T5106] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f1bf3baa9e9
[pid 5106] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5106] exit_group(0) = ?
[pid 5106] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5106, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c63620 /* 4 entries */, 32768) = 112
umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./28/binderfs") = 0
umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555c6b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555c6b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./28/file0") = 0
getdents64(3, 0x555555c63620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./28") = 0
mkdir("./29", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c625d0) = 5107
./strace-static-x86_64: Process 5107 attached
[ 64.031838][ T5106] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 64.039809][ T5106] RBP: 00007ffe1572a160 R08: 0000000000000001 R09: 00007ffe1572a170
[ 64.047786][ T5106] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 64.055769][ T5106] R13: 00007ffe1572a1a0 R14: 00007ffe1572a180 R15: 000000000000001c
[ 64.063750][ T5106]
[pid 5107] chdir("./29") = 0
[pid 5107] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5107] setpgid(0, 0) = 0
[pid 5107] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5107] write(3, "1000", 4) = 4
[pid 5107] close(3) = 0
[pid 5107] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5107] memfd_create("syzkaller", 0) = 3
[pid 5107] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1beb75d000
[pid 5107] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5107] munmap(0x7f1beb75d000, 32768) = 0
[pid 5107] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5107] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5107] close(3) = 0
[pid 5107] mkdir("./file0", 0777) = 0
[pid 5107] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5107] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5107] chdir("./file0") = 0
[pid 5107] ioctl(4, LOOP_CLR_FD) = 0
[pid 5107] close(4) = 0
[pid 5107] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5107] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5107] write(5, "9", 1) = 1
[ 64.139840][ T5107] loop0: detected capacity change from 0 to 64
[ 64.172103][ T5107] FAULT_INJECTION: forcing a failure.
[ 64.172103][ T5107] name failslab, interval 1, probability 0, space 0, times 0
[ 64.185004][ T5107] CPU: 0 PID: 5107 Comm: syz-executor348 Not tainted 6.2.0-rc2-next-20230105-syzkaller #0
[ 64.194940][ T5107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 64.205019][ T5107] Call Trace:
[ 64.208306][ T5107]
[ 64.211245][ T5107] dump_stack_lvl+0xd1/0x138
[ 64.215840][ T5107] should_fail_ex.cold+0x5/0xa
[ 64.220603][ T5107] should_failslab+0x9/0x20
[ 64.225106][ T5107] __kmem_cache_alloc_node+0x5b/0x330
[ 64.230474][ T5107] ? hfs_find_init+0x95/0x240
[ 64.235153][ T5107] ? hfs_find_init+0x95/0x240
[ 64.239825][ T5107] __kmalloc+0x4a/0xd0
[ 64.243900][ T5107] hfs_find_init+0x95/0x240
[ 64.248405][ T5107] hfs_ext_read_extent+0x18d/0xa20
[ 64.253517][ T5107] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 64.259070][ T5107] ? hfs_free_extents+0x2e0/0x2e0
[ 64.264114][ T5107] ? clean_bdev_aliases+0x4f9/0x600
[ 64.269314][ T5107] hfs_extend_file+0x4b5/0xae0
[ 64.274078][ T5107] ? hfs_free_fork+0x920/0x920
[ 64.278855][ T5107] ? rcu_read_lock_sched_held+0x3e/0x70
[ 64.284442][ T5107] ? __mark_inode_dirty+0x32c/0x1250
[ 64.289757][ T5107] hfs_get_block+0x17f/0x820
[ 64.294375][ T5107] __block_write_begin_int+0x3bd/0x14b0
[ 64.299961][ T5107] ? hfs_extend_file+0xae0/0xae0
[ 64.304941][ T5107] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 64.310497][ T5107] ? PageHeadHuge+0x1a2/0x200
[ 64.315180][ T5107] ? hfs_extend_file+0xae0/0xae0
[ 64.320292][ T5107] block_write_begin+0xb9/0x4d0
[ 64.325174][ T5107] cont_write_begin+0x534/0x740
[ 64.330049][ T5107] ? hfs_extend_file+0xae0/0xae0
[ 64.335013][ T5107] ? block_write_begin+0x4d0/0x4d0
[ 64.340133][ T5107] ? fault_in_readable+0x179/0x290
[ 64.345273][ T5107] ? fault_in_subpage_writeable+0x20/0x20
[ 64.350994][ T5107] hfs_write_begin+0x87/0x150
[ 64.355682][ T5107] ? hfs_extend_file+0xae0/0xae0
[ 64.360648][ T5107] generic_perform_write+0x256/0x570
[ 64.365961][ T5107] ? folio_add_wait_queue+0x1c0/0x1c0
[ 64.371354][ T5107] ? new_inode+0x280/0x280
[ 64.375843][ T5107] ? generic_write_checks+0x2c0/0x400
[ 64.381310][ T5107] __generic_file_write_iter+0x2ae/0x500
[ 64.386954][ T5107] generic_file_write_iter+0xe3/0x350
[ 64.392330][ T5107] vfs_write+0x9ed/0xe10
[ 64.396615][ T5107] ? kernel_write+0x670/0x670
[ 64.401301][ T5107] ? find_held_lock+0x2d/0x110
[ 64.406101][ T5107] ? lock_downgrade+0x6e0/0x6e0
[ 64.410947][ T5107] ? __fget_light+0x20a/0x270
[ 64.415641][ T5107] ksys_write+0x12b/0x250
[ 64.420009][ T5107] ? __ia32_sys_read+0xb0/0xb0
[ 64.424795][ T5107] ? lockdep_hardirqs_on+0x7d/0x100
[ 64.430002][ T5107] ? _raw_spin_unlock_irq+0x2e/0x50
[ 64.435223][ T5107] ? ptrace_notify+0xfe/0x140
[ 64.439914][ T5107] do_syscall_64+0x39/0xb0
[ 64.444359][ T5107] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 64.450251][ T5107] RIP: 0033:0x7f1bf3baa9e9
[ 64.454660][ T5107] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 64.474259][ T5107] RSP: 002b:00007ffe1572a138 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 64.482667][ T5107] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f1bf3baa9e9
[pid 5107] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5107] exit_group(0) = ?
[pid 5107] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5107, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c63620 /* 4 entries */, 32768) = 112
umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./29/binderfs") = 0
umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555c6b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555c6b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./29/file0") = 0
getdents64(3, 0x555555c63620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./29") = 0
mkdir("./30", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c625d0) = 5108
./strace-static-x86_64: Process 5108 attached
[pid 5108] chdir("./30") = 0
[pid 5108] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5108] setpgid(0, 0) = 0
[pid 5108] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5108] write(3, "1000", 4) = 4
[pid 5108] close(3) = 0
[pid 5108] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5108] memfd_create("syzkaller", 0) = 3
[pid 5108] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1beb75d000
[ 64.490649][ T5107] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 64.498634][ T5107] RBP: 00007ffe1572a160 R08: 0000000000000001 R09: 00007ffe1572a170
[ 64.506596][ T5107] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 64.514563][ T5107] R13: 00007ffe1572a1a0 R14: 00007ffe1572a180 R15: 000000000000001d
[ 64.522541][ T5107]
[pid 5108] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5108] munmap(0x7f1beb75d000, 32768) = 0
[pid 5108] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5108] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5108] close(3) = 0
[pid 5108] mkdir("./file0", 0777) = 0
[pid 5108] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5108] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5108] chdir("./file0") = 0
[pid 5108] ioctl(4, LOOP_CLR_FD) = 0
[pid 5108] close(4) = 0
[pid 5108] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5108] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5108] write(5, "9", 1) = 1
[ 64.581189][ T5108] loop0: detected capacity change from 0 to 64
[ 64.606156][ T5108] FAULT_INJECTION: forcing a failure.
[ 64.606156][ T5108] name failslab, interval 1, probability 0, space 0, times 0
[ 64.619303][ T5108] CPU: 0 PID: 5108 Comm: syz-executor348 Not tainted 6.2.0-rc2-next-20230105-syzkaller #0
[ 64.629222][ T5108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 64.639265][ T5108] Call Trace:
[ 64.642535][ T5108]
[ 64.645459][ T5108] dump_stack_lvl+0xd1/0x138
[ 64.650048][ T5108] should_fail_ex.cold+0x5/0xa
[ 64.654806][ T5108] should_failslab+0x9/0x20
[ 64.659307][ T5108] __kmem_cache_alloc_node+0x5b/0x330
[ 64.664673][ T5108] ? hfs_find_init+0x95/0x240
[ 64.669357][ T5108] ? hfs_find_init+0x95/0x240
[ 64.674058][ T5108] __kmalloc+0x4a/0xd0
[ 64.678175][ T5108] hfs_find_init+0x95/0x240
[ 64.682696][ T5108] hfs_ext_read_extent+0x18d/0xa20
[ 64.687830][ T5108] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 64.693395][ T5108] ? rcu_read_lock_sched_held+0x3e/0x70
[ 64.698960][ T5108] ? hfs_free_extents+0x2e0/0x2e0
[ 64.704016][ T5108] ? clean_bdev_aliases+0x4f9/0x600
[ 64.709231][ T5108] ? find_held_lock+0x2d/0x110
[ 64.714027][ T5108] hfs_extend_file+0x4b5/0xae0
[ 64.718825][ T5108] ? hfs_free_fork+0x920/0x920
[ 64.723612][ T5108] ? rcu_read_lock_sched_held+0x3e/0x70
[ 64.729175][ T5108] ? __mark_inode_dirty+0x32c/0x1250
[ 64.734483][ T5108] hfs_get_block+0x17f/0x820
[ 64.739104][ T5108] __block_write_begin_int+0x3bd/0x14b0
[ 64.744677][ T5108] ? hfs_extend_file+0xae0/0xae0
[ 64.749672][ T5108] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 64.755241][ T5108] ? PageHeadHuge+0x1a2/0x200
[ 64.759982][ T5108] ? hfs_extend_file+0xae0/0xae0
[ 64.764938][ T5108] block_write_begin+0xb9/0x4d0
[ 64.769816][ T5108] cont_write_begin+0x534/0x740
[ 64.774696][ T5108] ? hfs_extend_file+0xae0/0xae0
[ 64.779655][ T5108] ? block_write_begin+0x4d0/0x4d0
[ 64.784785][ T5108] ? fault_in_readable+0x179/0x290
[ 64.789920][ T5108] ? fault_in_subpage_writeable+0x20/0x20
[ 64.795668][ T5108] hfs_write_begin+0x87/0x150
[ 64.800362][ T5108] ? hfs_extend_file+0xae0/0xae0
[ 64.805335][ T5108] generic_perform_write+0x256/0x570
[ 64.810653][ T5108] ? folio_add_wait_queue+0x1c0/0x1c0
[ 64.816046][ T5108] ? new_inode+0x280/0x280
[ 64.820490][ T5108] ? generic_write_checks+0x2c0/0x400
[ 64.825901][ T5108] __generic_file_write_iter+0x2ae/0x500
[ 64.831568][ T5108] generic_file_write_iter+0xe3/0x350
[ 64.836965][ T5108] vfs_write+0x9ed/0xe10
[ 64.841231][ T5108] ? kernel_write+0x670/0x670
[ 64.845933][ T5108] ? find_held_lock+0x2d/0x110
[ 64.850734][ T5108] ? lock_downgrade+0x6e0/0x6e0
[ 64.855600][ T5108] ? __fget_light+0x20a/0x270
[ 64.860301][ T5108] ksys_write+0x12b/0x250
[ 64.864662][ T5108] ? __ia32_sys_read+0xb0/0xb0
[ 64.869446][ T5108] ? lockdep_hardirqs_on+0x7d/0x100
[ 64.874661][ T5108] ? _raw_spin_unlock_irq+0x2e/0x50
[ 64.879877][ T5108] ? ptrace_notify+0xfe/0x140
[ 64.884574][ T5108] do_syscall_64+0x39/0xb0
[ 64.889019][ T5108] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 64.894930][ T5108] RIP: 0033:0x7f1bf3baa9e9
[ 64.899356][ T5108] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 64.918984][ T5108] RSP: 002b:00007ffe1572a138 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 5108] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5108] exit_group(0) = ?
[pid 5108] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5108, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c63620 /* 4 entries */, 32768) = 112
umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./30/binderfs") = 0
umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555c6b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555c6b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./30/file0") = 0
getdents64(3, 0x555555c63620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./30") = 0
mkdir("./31", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c625d0) = 5109
./strace-static-x86_64: Process 5109 attached
[pid 5109] chdir("./31") = 0
[pid 5109] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5109] setpgid(0, 0) = 0
[pid 5109] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5109] write(3, "1000", 4) = 4
[pid 5109] close(3) = 0
[pid 5109] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5109] memfd_create("syzkaller", 0) = 3
[pid 5109] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1beb75d000
[pid 5109] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5109] munmap(0x7f1beb75d000, 32768) = 0
[pid 5109] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 64.927415][ T5108] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f1bf3baa9e9
[ 64.935397][ T5108] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 64.943384][ T5108] RBP: 00007ffe1572a160 R08: 0000000000000001 R09: 00007ffe1572a170
[ 64.951380][ T5108] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 64.959370][ T5108] R13: 00007ffe1572a1a0 R14: 00007ffe1572a180 R15: 000000000000001e
[ 64.967376][ T5108]
[pid 5109] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5109] close(3) = 0
[pid 5109] mkdir("./file0", 0777) = 0
[pid 5109] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5109] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5109] chdir("./file0") = 0
[pid 5109] ioctl(4, LOOP_CLR_FD) = 0
[pid 5109] close(4) = 0
[pid 5109] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5109] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5109] write(5, "9", 1) = 1
[ 65.009484][ T5109] loop0: detected capacity change from 0 to 64
[ 65.011877][ T5078] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 65.041062][ T5109] FAULT_INJECTION: forcing a failure.
[ 65.041062][ T5109] name failslab, interval 1, probability 0, space 0, times 0
[ 65.053960][ T5109] CPU: 1 PID: 5109 Comm: syz-executor348 Not tainted 6.2.0-rc2-next-20230105-syzkaller #0
[ 65.063886][ T5109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 65.073936][ T5109] Call Trace:
[ 65.077210][ T5109]
[ 65.080136][ T5109] dump_stack_lvl+0xd1/0x138
[ 65.084739][ T5109] should_fail_ex.cold+0x5/0xa
[ 65.089554][ T5109] should_failslab+0x9/0x20
[ 65.094058][ T5109] __kmem_cache_alloc_node+0x5b/0x330
[ 65.099438][ T5109] ? hfs_find_init+0x95/0x240
[ 65.104147][ T5109] ? hfs_find_init+0x95/0x240
[ 65.108819][ T5109] __kmalloc+0x4a/0xd0
[ 65.112896][ T5109] hfs_find_init+0x95/0x240
[ 65.117395][ T5109] hfs_ext_read_extent+0x18d/0xa20
[ 65.122510][ T5109] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 65.128049][ T5109] ? rcu_read_lock_sched_held+0x3e/0x70
[ 65.133610][ T5109] ? hfs_free_extents+0x2e0/0x2e0
[ 65.138662][ T5109] ? clean_bdev_aliases+0x4f9/0x600
[ 65.143859][ T5109] ? find_held_lock+0x2d/0x110
[ 65.148629][ T5109] hfs_extend_file+0x4b5/0xae0
[ 65.153408][ T5109] ? hfs_free_fork+0x920/0x920
[ 65.158196][ T5109] ? rcu_read_lock_sched_held+0x3e/0x70
[ 65.163737][ T5109] ? __mark_inode_dirty+0x32c/0x1250
[ 65.169044][ T5109] hfs_get_block+0x17f/0x820
[ 65.173673][ T5109] __block_write_begin_int+0x3bd/0x14b0
[ 65.179236][ T5109] ? hfs_extend_file+0xae0/0xae0
[ 65.184208][ T5109] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 65.189754][ T5109] ? PageHeadHuge+0x1a2/0x200
[ 65.194433][ T5109] ? hfs_extend_file+0xae0/0xae0
[ 65.199383][ T5109] block_write_begin+0xb9/0x4d0
[ 65.204261][ T5109] cont_write_begin+0x534/0x740
[ 65.209134][ T5109] ? hfs_extend_file+0xae0/0xae0
[ 65.214099][ T5109] ? block_write_begin+0x4d0/0x4d0
[ 65.219219][ T5109] ? fault_in_readable+0x179/0x290
[ 65.224359][ T5109] ? fault_in_subpage_writeable+0x20/0x20
[ 65.230097][ T5109] hfs_write_begin+0x87/0x150
[ 65.234797][ T5109] ? hfs_extend_file+0xae0/0xae0
[ 65.239749][ T5109] generic_perform_write+0x256/0x570
[ 65.245061][ T5109] ? folio_add_wait_queue+0x1c0/0x1c0
[ 65.250465][ T5109] ? new_inode+0x280/0x280
[ 65.254888][ T5109] ? generic_write_checks+0x2c0/0x400
[ 65.260275][ T5109] __generic_file_write_iter+0x2ae/0x500
[ 65.265913][ T5109] generic_file_write_iter+0xe3/0x350
[ 65.271290][ T5109] vfs_write+0x9ed/0xe10
[ 65.275534][ T5109] ? kernel_write+0x670/0x670
[ 65.280211][ T5109] ? find_held_lock+0x2d/0x110
[ 65.284998][ T5109] ? lock_downgrade+0x6e0/0x6e0
[ 65.289890][ T5109] ? __fget_light+0x20a/0x270
[ 65.294607][ T5109] ksys_write+0x12b/0x250
[ 65.298948][ T5109] ? __ia32_sys_read+0xb0/0xb0
[ 65.303726][ T5109] ? lockdep_hardirqs_on+0x7d/0x100
[ 65.308924][ T5109] ? _raw_spin_unlock_irq+0x2e/0x50
[ 65.314132][ T5109] ? ptrace_notify+0xfe/0x140
[ 65.318832][ T5109] do_syscall_64+0x39/0xb0
[ 65.323251][ T5109] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 65.329141][ T5109] RIP: 0033:0x7f1bf3baa9e9
[ 65.333552][ T5109] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid 5109] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5109] exit_group(0) = ?
[pid 5109] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5109, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c63620 /* 4 entries */, 32768) = 112
umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./31/binderfs") = 0
umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555c6b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555c6b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./31/file0") = 0
getdents64(3, 0x555555c63620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./31") = 0
[ 65.353154][ T5109] RSP: 002b:00007ffe1572a138 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 65.361560][ T5109] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f1bf3baa9e9
[ 65.369545][ T5109] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 65.377533][ T5109] RBP: 00007ffe1572a160 R08: 0000000000000001 R09: 00007ffe1572a170
[ 65.385515][ T5109] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 65.393500][ T5109] R13: 00007ffe1572a1a0 R14: 00007ffe1572a180 R15: 000000000000001f
[ 65.401486][ T5109]
mkdir("./32", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c625d0) = 5110
./strace-static-x86_64: Process 5110 attached
[pid 5110] chdir("./32") = 0
[pid 5110] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5110] setpgid(0, 0) = 0
[pid 5110] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5110] write(3, "1000", 4) = 4
[pid 5110] close(3) = 0
[pid 5110] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5110] memfd_create("syzkaller", 0) = 3
[pid 5110] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1beb75d000
[pid 5110] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5110] munmap(0x7f1beb75d000, 32768) = 0
[pid 5110] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5110] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5110] close(3) = 0
[pid 5110] mkdir("./file0", 0777) = 0
[pid 5110] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5110] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5110] chdir("./file0") = 0
[pid 5110] ioctl(4, LOOP_CLR_FD) = 0
[pid 5110] close(4) = 0
[pid 5110] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5110] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5110] write(5, "9", 1) = 1
[pid 5110] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5110] exit_group(0) = ?
[pid 5110] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5110, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c63620 /* 4 entries */, 32768) = 112
umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./32/binderfs") = 0
umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555c6b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555c6b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./32/file0") = 0
getdents64(3, 0x555555c63620 /* 0 entries */, 32768) = 0
close(3) = 0
[ 65.466364][ T5110] loop0: detected capacity change from 0 to 64
rmdir("./32") = 0
mkdir("./33", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c625d0) = 5111
./strace-static-x86_64: Process 5111 attached
[pid 5111] chdir("./33") = 0
[pid 5111] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5111] setpgid(0, 0) = 0
[pid 5111] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5111] write(3, "1000", 4) = 4
[pid 5111] close(3) = 0
[pid 5111] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5111] memfd_create("syzkaller", 0) = 3
[pid 5111] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1beb75d000
[pid 5111] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5111] munmap(0x7f1beb75d000, 32768) = 0
[pid 5111] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5111] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5111] close(3) = 0
[pid 5111] mkdir("./file0", 0777) = 0
[pid 5111] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5111] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5111] chdir("./file0") = 0
[pid 5111] ioctl(4, LOOP_CLR_FD) = 0
[pid 5111] close(4) = 0
[pid 5111] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5111] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5111] write(5, "9", 1) = 1
[pid 5111] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5111] exit_group(0) = ?
[pid 5111] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5111, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c63620 /* 4 entries */, 32768) = 112
umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./33/binderfs") = 0
umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555c6b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555c6b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./33/file0") = 0
getdents64(3, 0x555555c63620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./33") = 0
mkdir("./34", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 65.551110][ T5111] loop0: detected capacity change from 0 to 64
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5112 attached
[pid 5112] chdir("./34"
[pid 5076] <... clone resumed>, child_tidptr=0x555555c625d0) = 5112
[pid 5112] <... chdir resumed>) = 0
[pid 5112] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5112] setpgid(0, 0) = 0
[pid 5112] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5112] write(3, "1000", 4) = 4
[pid 5112] close(3) = 0
[pid 5112] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5112] memfd_create("syzkaller", 0) = 3
[pid 5112] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1beb75d000
[pid 5112] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5112] munmap(0x7f1beb75d000, 32768) = 0
[pid 5112] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5112] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5112] close(3) = 0
[pid 5112] mkdir("./file0", 0777) = 0
[pid 5112] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5112] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5112] chdir("./file0") = 0
[pid 5112] ioctl(4, LOOP_CLR_FD) = 0
[pid 5112] close(4) = 0
[pid 5112] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5112] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5112] write(5, "9", 1) = 1
[ 65.637122][ T5112] loop0: detected capacity change from 0 to 64
[ 65.655914][ T5112] FAULT_INJECTION: forcing a failure.
[ 65.655914][ T5112] name failslab, interval 1, probability 0, space 0, times 0
[ 65.669130][ T5112] CPU: 1 PID: 5112 Comm: syz-executor348 Not tainted 6.2.0-rc2-next-20230105-syzkaller #0
[ 65.679068][ T5112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 65.689143][ T5112] Call Trace:
[ 65.692430][ T5112]
[ 65.695353][ T5112] dump_stack_lvl+0xd1/0x138
[ 65.699963][ T5112] should_fail_ex.cold+0x5/0xa
[ 65.704755][ T5112] should_failslab+0x9/0x20
[ 65.709275][ T5112] __kmem_cache_alloc_node+0x5b/0x330
[ 65.714654][ T5112] ? hfs_find_init+0x95/0x240
[ 65.719376][ T5112] ? hfs_find_init+0x95/0x240
[ 65.724073][ T5112] __kmalloc+0x4a/0xd0
[ 65.728164][ T5112] hfs_find_init+0x95/0x240
[ 65.732689][ T5112] hfs_ext_read_extent+0x18d/0xa20
[ 65.737832][ T5112] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 65.743376][ T5112] ? rcu_read_lock_sched_held+0x3e/0x70
[ 65.748920][ T5112] ? hfs_free_extents+0x2e0/0x2e0
[ 65.753964][ T5112] ? clean_bdev_aliases+0x4f9/0x600
[ 65.759204][ T5112] ? find_held_lock+0x2d/0x110
[ 65.763990][ T5112] hfs_extend_file+0x4b5/0xae0
[ 65.768788][ T5112] ? hfs_free_fork+0x920/0x920
[ 65.773547][ T5112] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 65.779719][ T5112] ? lockdep_hardirqs_on+0x7d/0x100
[ 65.784920][ T5112] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 65.791100][ T5112] hfs_get_block+0x17f/0x820
[ 65.795694][ T5112] __block_write_begin_int+0x3bd/0x14b0
[ 65.801242][ T5112] ? hfs_extend_file+0xae0/0xae0
[ 65.806186][ T5112] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 65.811740][ T5112] ? PageHeadHuge+0x1a2/0x200
[ 65.816858][ T5112] ? hfs_extend_file+0xae0/0xae0
[ 65.821794][ T5112] block_write_begin+0xb9/0x4d0
[ 65.826647][ T5112] cont_write_begin+0x534/0x740
[ 65.831501][ T5112] ? hfs_extend_file+0xae0/0xae0
[ 65.836452][ T5112] ? block_write_begin+0x4d0/0x4d0
[ 65.841585][ T5112] ? fault_in_readable+0x179/0x290
[ 65.846696][ T5112] ? fault_in_subpage_writeable+0x20/0x20
[ 65.852415][ T5112] hfs_write_begin+0x87/0x150
[ 65.857093][ T5112] ? hfs_extend_file+0xae0/0xae0
[ 65.862046][ T5112] generic_perform_write+0x256/0x570
[ 65.867363][ T5112] ? folio_add_wait_queue+0x1c0/0x1c0
[ 65.872733][ T5112] ? new_inode+0x280/0x280
[ 65.877153][ T5112] ? generic_write_checks+0x2c0/0x400
[ 65.882528][ T5112] __generic_file_write_iter+0x2ae/0x500
[ 65.888164][ T5112] generic_file_write_iter+0xe3/0x350
[ 65.893551][ T5112] vfs_write+0x9ed/0xe10
[ 65.897836][ T5112] ? kernel_write+0x670/0x670
[ 65.902547][ T5112] ? find_held_lock+0x2d/0x110
[ 65.907320][ T5112] ? lock_downgrade+0x6e0/0x6e0
[ 65.912182][ T5112] ? __fget_light+0x20a/0x270
[ 65.916882][ T5112] ksys_write+0x12b/0x250
[ 65.921212][ T5112] ? __ia32_sys_read+0xb0/0xb0
[ 65.925971][ T5112] ? lockdep_hardirqs_on+0x7d/0x100
[ 65.931170][ T5112] ? _raw_spin_unlock_irq+0x2e/0x50
[ 65.936376][ T5112] ? ptrace_notify+0xfe/0x140
[ 65.941080][ T5112] do_syscall_64+0x39/0xb0
[ 65.945497][ T5112] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 65.951388][ T5112] RIP: 0033:0x7f1bf3baa9e9
[ 65.955797][ T5112] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 65.975432][ T5112] RSP: 002b:00007ffe1572a138 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 5112] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5112] exit_group(0) = ?
[pid 5112] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5112, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c63620 /* 4 entries */, 32768) = 112
umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./34/binderfs") = 0
umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555c6b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555c6b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./34/file0") = 0
getdents64(3, 0x555555c63620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./34") = 0
mkdir("./35", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
[ 65.983843][ T5112] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f1bf3baa9e9
[ 65.991807][ T5112] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 65.999782][ T5112] RBP: 00007ffe1572a160 R08: 0000000000000001 R09: 00007ffe1572a170
[ 66.007760][ T5112] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 66.015743][ T5112] R13: 00007ffe1572a1a0 R14: 00007ffe1572a180 R15: 0000000000000022
[ 66.023718][ T5112]
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5113 attached
, child_tidptr=0x555555c625d0) = 5113
[pid 5113] chdir("./35") = 0
[pid 5113] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5113] setpgid(0, 0) = 0
[pid 5113] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5113] write(3, "1000", 4) = 4
[pid 5113] close(3) = 0
[pid 5113] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5113] memfd_create("syzkaller", 0) = 3
[pid 5113] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1beb75d000
[pid 5113] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5113] munmap(0x7f1beb75d000, 32768) = 0
[pid 5113] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5113] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5113] close(3) = 0
[pid 5113] mkdir("./file0", 0777) = 0
[pid 5113] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5113] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5113] chdir("./file0") = 0
[pid 5113] ioctl(4, LOOP_CLR_FD) = 0
[pid 5113] close(4) = 0
[pid 5113] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5113] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5113] write(5, "9", 1) = 1
[ 66.085186][ T5113] loop0: detected capacity change from 0 to 64
[ 66.115484][ T5113] FAULT_INJECTION: forcing a failure.
[ 66.115484][ T5113] name failslab, interval 1, probability 0, space 0, times 0
[ 66.128221][ T5113] CPU: 1 PID: 5113 Comm: syz-executor348 Not tainted 6.2.0-rc2-next-20230105-syzkaller #0
[ 66.138138][ T5113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 66.148204][ T5113] Call Trace:
[ 66.151489][ T5113]
[ 66.154428][ T5113] dump_stack_lvl+0xd1/0x138
[ 66.159049][ T5113] should_fail_ex.cold+0x5/0xa
[ 66.163835][ T5113] should_failslab+0x9/0x20
[ 66.168380][ T5113] __kmem_cache_alloc_node+0x5b/0x330
[ 66.173771][ T5113] ? hfs_find_init+0x95/0x240
[ 66.178470][ T5113] ? hfs_find_init+0x95/0x240
[ 66.183166][ T5113] __kmalloc+0x4a/0xd0
[ 66.187261][ T5113] hfs_find_init+0x95/0x240
[ 66.191784][ T5113] hfs_ext_read_extent+0x18d/0xa20
[ 66.196917][ T5113] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 66.202484][ T5113] ? hfs_free_extents+0x2e0/0x2e0
[ 66.207553][ T5113] ? clean_bdev_aliases+0x4f9/0x600
[ 66.212785][ T5113] hfs_extend_file+0x4b5/0xae0
[ 66.217586][ T5113] ? hfs_free_fork+0x920/0x920
[ 66.222381][ T5113] ? rcu_read_lock_sched_held+0x3e/0x70
[ 66.227946][ T5113] ? __mark_inode_dirty+0x32c/0x1250
[ 66.233256][ T5113] hfs_get_block+0x17f/0x820
[ 66.237883][ T5113] __block_write_begin_int+0x3bd/0x14b0
[ 66.243461][ T5113] ? hfs_extend_file+0xae0/0xae0
[ 66.248435][ T5113] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 66.254005][ T5113] ? PageHeadHuge+0x1a2/0x200
[ 66.258715][ T5113] ? hfs_extend_file+0xae0/0xae0
[ 66.263675][ T5113] block_write_begin+0xb9/0x4d0
[ 66.268582][ T5113] cont_write_begin+0x534/0x740
[ 66.273482][ T5113] ? hfs_extend_file+0xae0/0xae0
[ 66.278448][ T5113] ? block_write_begin+0x4d0/0x4d0
[ 66.283583][ T5113] ? fault_in_readable+0x179/0x290
[ 66.288730][ T5113] ? fault_in_subpage_writeable+0x20/0x20
[ 66.294483][ T5113] hfs_write_begin+0x87/0x150
[ 66.299194][ T5113] ? hfs_extend_file+0xae0/0xae0
[ 66.304166][ T5113] generic_perform_write+0x256/0x570
[ 66.309487][ T5113] ? folio_add_wait_queue+0x1c0/0x1c0
[ 66.314883][ T5113] ? new_inode+0x280/0x280
[ 66.319333][ T5113] ? generic_write_checks+0x2c0/0x400
[ 66.324740][ T5113] __generic_file_write_iter+0x2ae/0x500
[ 66.330408][ T5113] generic_file_write_iter+0xe3/0x350
[ 66.335817][ T5113] vfs_write+0x9ed/0xe10
[ 66.340087][ T5113] ? kernel_write+0x670/0x670
[ 66.344795][ T5113] ? find_held_lock+0x2d/0x110
[ 66.349604][ T5113] ? lock_downgrade+0x6e0/0x6e0
[ 66.354489][ T5113] ? __fget_light+0x20a/0x270
[ 66.359192][ T5113] ksys_write+0x12b/0x250
[ 66.363542][ T5113] ? __ia32_sys_read+0xb0/0xb0
[ 66.368327][ T5113] ? lockdep_hardirqs_on+0x7d/0x100
[ 66.373547][ T5113] ? _raw_spin_unlock_irq+0x2e/0x50
[ 66.378769][ T5113] ? ptrace_notify+0xfe/0x140
[ 66.383466][ T5113] do_syscall_64+0x39/0xb0
[ 66.387907][ T5113] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 66.393823][ T5113] RIP: 0033:0x7f1bf3baa9e9
[ 66.398253][ T5113] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 66.417879][ T5113] RSP: 002b:00007ffe1572a138 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 66.426308][ T5113] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f1bf3baa9e9
[pid 5113] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5113] exit_group(0) = ?
[pid 5113] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5113, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c63620 /* 4 entries */, 32768) = 112
umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./35/binderfs") = 0
umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555c6b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555c6b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./35/file0") = 0
getdents64(3, 0x555555c63620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./35") = 0
mkdir("./36", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c625d0) = 5114
./strace-static-x86_64: Process 5114 attached
[pid 5114] chdir("./36") = 0
[pid 5114] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5114] setpgid(0, 0) = 0
[pid 5114] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5114] write(3, "1000", 4) = 4
[pid 5114] close(3) = 0
[pid 5114] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5114] memfd_create("syzkaller", 0) = 3
[ 66.434291][ T5113] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 66.442276][ T5113] RBP: 00007ffe1572a160 R08: 0000000000000001 R09: 00007ffe1572a170
[ 66.450270][ T5113] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 66.458252][ T5113] R13: 00007ffe1572a1a0 R14: 00007ffe1572a180 R15: 0000000000000023
[ 66.466263][ T5113]
[pid 5114] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1beb75d000
[pid 5114] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5114] munmap(0x7f1beb75d000, 32768) = 0
[pid 5114] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5114] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5114] close(3) = 0
[pid 5114] mkdir("./file0", 0777) = 0
[pid 5114] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5114] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5114] chdir("./file0") = 0
[pid 5114] ioctl(4, LOOP_CLR_FD) = 0
[pid 5114] close(4) = 0
[pid 5114] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5114] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5114] write(5, "9", 1) = 1
[ 66.520589][ T5114] loop0: detected capacity change from 0 to 64
[ 66.552426][ T5114] FAULT_INJECTION: forcing a failure.
[ 66.552426][ T5114] name failslab, interval 1, probability 0, space 0, times 0
[ 66.565194][ T5114] CPU: 1 PID: 5114 Comm: syz-executor348 Not tainted 6.2.0-rc2-next-20230105-syzkaller #0
[ 66.575112][ T5114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 66.585160][ T5114] Call Trace:
[ 66.588444][ T5114]
[ 66.591406][ T5114] dump_stack_lvl+0xd1/0x138
[ 66.596040][ T5114] should_fail_ex.cold+0x5/0xa
[ 66.600834][ T5114] should_failslab+0x9/0x20
[ 66.605339][ T5114] __kmem_cache_alloc_node+0x5b/0x330
[ 66.610723][ T5114] ? hfs_find_init+0x95/0x240
[ 66.615426][ T5114] ? hfs_find_init+0x95/0x240
[ 66.620098][ T5114] __kmalloc+0x4a/0xd0
[ 66.624172][ T5114] hfs_find_init+0x95/0x240
[ 66.628671][ T5114] hfs_ext_read_extent+0x18d/0xa20
[ 66.633793][ T5114] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 66.639367][ T5114] ? rcu_read_lock_sched_held+0x3e/0x70
[ 66.644950][ T5114] ? hfs_free_extents+0x2e0/0x2e0
[ 66.650005][ T5114] ? clean_bdev_aliases+0x4f9/0x600
[ 66.655215][ T5114] ? find_held_lock+0x2d/0x110
[ 66.659996][ T5114] hfs_extend_file+0x4b5/0xae0
[ 66.664767][ T5114] ? hfs_free_fork+0x920/0x920
[ 66.669537][ T5114] ? rcu_read_lock_sched_held+0x3e/0x70
[ 66.675095][ T5114] ? __mark_inode_dirty+0x32c/0x1250
[ 66.680405][ T5114] hfs_get_block+0x17f/0x820
[ 66.685021][ T5114] __block_write_begin_int+0x3bd/0x14b0
[ 66.690618][ T5114] ? hfs_extend_file+0xae0/0xae0
[ 66.695588][ T5114] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 66.701137][ T5114] ? PageHeadHuge+0x1a2/0x200
[ 66.705823][ T5114] ? hfs_extend_file+0xae0/0xae0
[ 66.710773][ T5114] block_write_begin+0xb9/0x4d0
[ 66.715662][ T5114] cont_write_begin+0x534/0x740
[ 66.720522][ T5114] ? hfs_extend_file+0xae0/0xae0
[ 66.725458][ T5114] ? block_write_begin+0x4d0/0x4d0
[ 66.730570][ T5114] ? fault_in_readable+0x179/0x290
[ 66.735681][ T5114] ? fault_in_subpage_writeable+0x20/0x20
[ 66.741404][ T5114] hfs_write_begin+0x87/0x150
[ 66.746085][ T5114] ? hfs_extend_file+0xae0/0xae0
[ 66.751027][ T5114] generic_perform_write+0x256/0x570
[ 66.756339][ T5114] ? folio_add_wait_queue+0x1c0/0x1c0
[ 66.761740][ T5114] ? new_inode+0x280/0x280
[ 66.766162][ T5114] ? generic_write_checks+0x2c0/0x400
[ 66.771562][ T5114] __generic_file_write_iter+0x2ae/0x500
[ 66.777200][ T5114] generic_file_write_iter+0xe3/0x350
[ 66.782630][ T5114] vfs_write+0x9ed/0xe10
[ 66.786874][ T5114] ? kernel_write+0x670/0x670
[ 66.791552][ T5114] ? find_held_lock+0x2d/0x110
[ 66.796342][ T5114] ? lock_downgrade+0x6e0/0x6e0
[ 66.801213][ T5114] ? __fget_light+0x20a/0x270
[ 66.805892][ T5114] ksys_write+0x12b/0x250
[ 66.810218][ T5114] ? __ia32_sys_read+0xb0/0xb0
[ 66.814995][ T5114] ? lockdep_hardirqs_on+0x7d/0x100
[ 66.820217][ T5114] ? _raw_spin_unlock_irq+0x2e/0x50
[ 66.825416][ T5114] ? ptrace_notify+0xfe/0x140
[ 66.830095][ T5114] do_syscall_64+0x39/0xb0
[ 66.834548][ T5114] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 66.840448][ T5114] RIP: 0033:0x7f1bf3baa9e9
[ 66.844887][ T5114] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid 5114] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5114] exit_group(0) = ?
[pid 5114] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5114, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c63620 /* 4 entries */, 32768) = 112
umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./36/binderfs") = 0
umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555c6b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555c6b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./36/file0") = 0
getdents64(3, 0x555555c63620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./36") = 0
mkdir("./37", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 66.864511][ T5114] RSP: 002b:00007ffe1572a138 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 66.872920][ T5114] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f1bf3baa9e9
[ 66.880884][ T5114] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 66.888857][ T5114] RBP: 00007ffe1572a160 R08: 0000000000000001 R09: 00007ffe1572a170
[ 66.896842][ T5114] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 66.904828][ T5114] R13: 00007ffe1572a1a0 R14: 00007ffe1572a180 R15: 0000000000000024
[ 66.912941][ T5114]
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c625d0) = 5115
./strace-static-x86_64: Process 5115 attached
[pid 5115] chdir("./37") = 0
[pid 5115] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5115] setpgid(0, 0) = 0
[pid 5115] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5115] write(3, "1000", 4) = 4
[pid 5115] close(3) = 0
[pid 5115] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5115] memfd_create("syzkaller", 0) = 3
[pid 5115] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1beb75d000
[pid 5115] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5115] munmap(0x7f1beb75d000, 32768) = 0
[pid 5115] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5115] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5115] close(3) = 0
[pid 5115] mkdir("./file0", 0777) = 0
[pid 5115] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5115] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5115] chdir("./file0") = 0
[pid 5115] ioctl(4, LOOP_CLR_FD) = 0
[pid 5115] close(4) = 0
[pid 5115] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5115] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5115] write(5, "9", 1) = 1
[ 66.985763][ T5115] loop0: detected capacity change from 0 to 64
[ 67.013820][ T5115] FAULT_INJECTION: forcing a failure.
[ 67.013820][ T5115] name failslab, interval 1, probability 0, space 0, times 0
[ 67.026986][ T5115] CPU: 1 PID: 5115 Comm: syz-executor348 Not tainted 6.2.0-rc2-next-20230105-syzkaller #0
[ 67.036917][ T5115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 67.046986][ T5115] Call Trace:
[ 67.050272][ T5115]
[ 67.053216][ T5115] dump_stack_lvl+0xd1/0x138
[ 67.057836][ T5115] should_fail_ex.cold+0x5/0xa
[ 67.062622][ T5115] should_failslab+0x9/0x20
[ 67.067151][ T5115] __kmem_cache_alloc_node+0x5b/0x330
[ 67.072545][ T5115] ? hfs_find_init+0x95/0x240
[ 67.077245][ T5115] ? hfs_find_init+0x95/0x240
[ 67.081936][ T5115] __kmalloc+0x4a/0xd0
[ 67.086034][ T5115] hfs_find_init+0x95/0x240
[ 67.090557][ T5115] hfs_ext_read_extent+0x18d/0xa20
[ 67.095690][ T5115] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 67.101262][ T5115] ? rcu_read_lock_sched_held+0x3e/0x70
[ 67.106840][ T5115] ? hfs_free_extents+0x2e0/0x2e0
[ 67.111900][ T5115] ? clean_bdev_aliases+0x4f9/0x600
[ 67.117123][ T5115] ? find_held_lock+0x2d/0x110
[ 67.121935][ T5115] hfs_extend_file+0x4b5/0xae0
[ 67.126732][ T5115] ? hfs_free_fork+0x920/0x920
[ 67.131520][ T5115] ? rcu_read_lock_sched_held+0x3e/0x70
[ 67.137080][ T5115] ? __mark_inode_dirty+0x32c/0x1250
[ 67.142399][ T5115] hfs_get_block+0x17f/0x820
[ 67.147024][ T5115] __block_write_begin_int+0x3bd/0x14b0
[ 67.152599][ T5115] ? hfs_extend_file+0xae0/0xae0
[ 67.157569][ T5115] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 67.163138][ T5115] ? PageHeadHuge+0x1a2/0x200
[ 67.167853][ T5115] ? hfs_extend_file+0xae0/0xae0
[ 67.172817][ T5115] block_write_begin+0xb9/0x4d0
[ 67.177711][ T5115] cont_write_begin+0x534/0x740
[ 67.182600][ T5115] ? hfs_extend_file+0xae0/0xae0
[ 67.187562][ T5115] ? block_write_begin+0x4d0/0x4d0
[ 67.192714][ T5115] ? fault_in_readable+0x179/0x290
[ 67.197864][ T5115] ? fault_in_subpage_writeable+0x20/0x20
[ 67.203613][ T5115] hfs_write_begin+0x87/0x150
[ 67.208312][ T5115] ? hfs_extend_file+0xae0/0xae0
[ 67.213287][ T5115] generic_perform_write+0x256/0x570
[ 67.218605][ T5115] ? folio_add_wait_queue+0x1c0/0x1c0
[ 67.223999][ T5115] ? new_inode+0x280/0x280
[ 67.228463][ T5115] ? generic_write_checks+0x2c0/0x400
[ 67.233882][ T5115] __generic_file_write_iter+0x2ae/0x500
[ 67.239557][ T5115] generic_file_write_iter+0xe3/0x350
[ 67.244958][ T5115] vfs_write+0x9ed/0xe10
[ 67.249230][ T5115] ? kernel_write+0x670/0x670
[ 67.253933][ T5115] ? find_held_lock+0x2d/0x110
[ 67.258734][ T5115] ? lock_downgrade+0x6e0/0x6e0
[ 67.263600][ T5115] ? __fget_light+0x20a/0x270
[ 67.268301][ T5115] ksys_write+0x12b/0x250
[ 67.272651][ T5115] ? __ia32_sys_read+0xb0/0xb0
[ 67.277436][ T5115] ? lockdep_hardirqs_on+0x7d/0x100
[ 67.282662][ T5115] ? _raw_spin_unlock_irq+0x2e/0x50
[ 67.287898][ T5115] ? ptrace_notify+0xfe/0x140
[ 67.292598][ T5115] do_syscall_64+0x39/0xb0
[ 67.297042][ T5115] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 67.302956][ T5115] RIP: 0033:0x7f1bf3baa9e9
[ 67.307385][ T5115] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 67.327016][ T5115] RSP: 002b:00007ffe1572a138 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 5115] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5115] exit_group(0) = ?
[pid 5115] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5115, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c63620 /* 4 entries */, 32768) = 112
umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./37/binderfs") = 0
umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[ 67.335449][ T5115] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f1bf3baa9e9
[ 67.343431][ T5115] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 67.351413][ T5115] RBP: 00007ffe1572a160 R08: 0000000000000001 R09: 00007ffe1572a170
[ 67.359396][ T5115] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 67.367380][ T5115] R13: 00007ffe1572a1a0 R14: 00007ffe1572a180 R15: 0000000000000025
[ 67.375386][ T5115]
getdents64(4, 0x555555c6b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555c6b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./37/file0") = 0
getdents64(3, 0x555555c63620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./37") = 0
mkdir("./38", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5116 attached
[pid 5116] chdir("./38") = 0
[pid 5116] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5116] setpgid(0, 0
[pid 5076] <... clone resumed>, child_tidptr=0x555555c625d0) = 5116
[pid 5116] <... setpgid resumed>) = 0
[pid 5116] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5116] write(3, "1000", 4) = 4
[pid 5116] close(3) = 0
[pid 5116] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5116] memfd_create("syzkaller", 0) = 3
[pid 5116] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1beb75d000
[pid 5116] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5116] munmap(0x7f1beb75d000, 32768) = 0
[pid 5116] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5116] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5116] close(3) = 0
[pid 5116] mkdir("./file0", 0777) = 0
[pid 5116] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5116] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5116] chdir("./file0") = 0
[pid 5116] ioctl(4, LOOP_CLR_FD) = 0
[pid 5116] close(4) = 0
[pid 5116] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5116] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5116] write(5, "9", 1) = 1
[pid 5116] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5116] exit_group(0) = ?
[pid 5116] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5116, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} ---
[ 67.455673][ T5116] loop0: detected capacity change from 0 to 64
umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c63620 /* 4 entries */, 32768) = 112
umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./38/binderfs") = 0
umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555c6b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555c6b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./38/file0") = 0
getdents64(3, 0x555555c63620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./38") = 0
mkdir("./39", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c625d0) = 5117
./strace-static-x86_64: Process 5117 attached
[pid 5117] chdir("./39") = 0
[pid 5117] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5117] setpgid(0, 0) = 0
[pid 5117] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5117] write(3, "1000", 4) = 4
[pid 5117] close(3) = 0
[pid 5117] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5117] memfd_create("syzkaller", 0) = 3
[pid 5117] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1beb75d000
[pid 5117] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5117] munmap(0x7f1beb75d000, 32768) = 0
[pid 5117] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5117] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5117] close(3) = 0
[pid 5117] mkdir("./file0", 0777) = 0
[pid 5117] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5117] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5117] chdir("./file0") = 0
[pid 5117] ioctl(4, LOOP_CLR_FD) = 0
[pid 5117] close(4) = 0
[pid 5117] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5117] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5117] write(5, "9", 1) = 1
[ 67.557267][ T5117] loop0: detected capacity change from 0 to 64
[ 67.588814][ T5117] FAULT_INJECTION: forcing a failure.
[ 67.588814][ T5117] name failslab, interval 1, probability 0, space 0, times 0
[ 67.601883][ T5117] CPU: 0 PID: 5117 Comm: syz-executor348 Not tainted 6.2.0-rc2-next-20230105-syzkaller #0
[ 67.611809][ T5117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 67.621857][ T5117] Call Trace:
[ 67.625127][ T5117]
[ 67.628050][ T5117] dump_stack_lvl+0xd1/0x138
[ 67.632642][ T5117] should_fail_ex.cold+0x5/0xa
[ 67.637401][ T5117] should_failslab+0x9/0x20
[ 67.641903][ T5117] __kmem_cache_alloc_node+0x5b/0x330
[ 67.647270][ T5117] ? hfs_find_init+0x95/0x240
[ 67.651942][ T5117] ? hfs_find_init+0x95/0x240
[ 67.656611][ T5117] __kmalloc+0x4a/0xd0
[ 67.660698][ T5117] hfs_find_init+0x95/0x240
[ 67.665242][ T5117] hfs_ext_read_extent+0x18d/0xa20
[ 67.670379][ T5117] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 67.675921][ T5117] ? hfs_free_extents+0x2e0/0x2e0
[ 67.680950][ T5117] ? clean_bdev_aliases+0x4f9/0x600
[ 67.686148][ T5117] hfs_extend_file+0x4b5/0xae0
[ 67.690919][ T5117] ? hfs_free_fork+0x920/0x920
[ 67.695686][ T5117] ? rcu_read_lock_sched_held+0x3e/0x70
[ 67.701256][ T5117] ? __mark_inode_dirty+0x32c/0x1250
[ 67.706559][ T5117] hfs_get_block+0x17f/0x820
[ 67.711191][ T5117] __block_write_begin_int+0x3bd/0x14b0
[ 67.716774][ T5117] ? hfs_extend_file+0xae0/0xae0
[ 67.721746][ T5117] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 67.727326][ T5117] ? PageHeadHuge+0x1a2/0x200
[ 67.732039][ T5117] ? hfs_extend_file+0xae0/0xae0
[ 67.737004][ T5117] block_write_begin+0xb9/0x4d0
[ 67.741883][ T5117] cont_write_begin+0x534/0x740
[ 67.746763][ T5117] ? hfs_extend_file+0xae0/0xae0
[ 67.751736][ T5117] ? block_write_begin+0x4d0/0x4d0
[ 67.756874][ T5117] ? fault_in_readable+0x179/0x290
[ 67.762011][ T5117] ? fault_in_subpage_writeable+0x20/0x20
[ 67.767761][ T5117] hfs_write_begin+0x87/0x150
[ 67.772468][ T5117] ? hfs_extend_file+0xae0/0xae0
[ 67.777437][ T5117] generic_perform_write+0x256/0x570
[ 67.782755][ T5117] ? folio_add_wait_queue+0x1c0/0x1c0
[ 67.788155][ T5117] ? new_inode+0x280/0x280
[ 67.792599][ T5117] ? generic_write_checks+0x2c0/0x400
[ 67.798003][ T5117] __generic_file_write_iter+0x2ae/0x500
[ 67.803671][ T5117] generic_file_write_iter+0xe3/0x350
[ 67.809076][ T5117] vfs_write+0x9ed/0xe10
[ 67.813345][ T5117] ? kernel_write+0x670/0x670
[ 67.818413][ T5117] ? find_held_lock+0x2d/0x110
[ 67.823220][ T5117] ? lock_downgrade+0x6e0/0x6e0
[ 67.828090][ T5117] ? __fget_light+0x20a/0x270
[ 67.832797][ T5117] ksys_write+0x12b/0x250
[ 67.837150][ T5117] ? __ia32_sys_read+0xb0/0xb0
[ 67.841932][ T5117] ? lockdep_hardirqs_on+0x7d/0x100
[ 67.847155][ T5117] ? _raw_spin_unlock_irq+0x2e/0x50
[ 67.852375][ T5117] ? ptrace_notify+0xfe/0x140
[ 67.857071][ T5117] do_syscall_64+0x39/0xb0
[ 67.861520][ T5117] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 67.867433][ T5117] RIP: 0033:0x7f1bf3baa9e9
[ 67.871869][ T5117] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 67.891503][ T5117] RSP: 002b:00007ffe1572a138 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 67.899973][ T5117] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f1bf3baa9e9
[pid 5117] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5117] exit_group(0) = ?
[pid 5117] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5117, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c63620 /* 4 entries */, 32768) = 112
umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./39/binderfs") = 0
umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555c6b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555c6b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./39/file0") = 0
getdents64(3, 0x555555c63620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./39") = 0
mkdir("./40", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c625d0) = 5118
./strace-static-x86_64: Process 5118 attached
[ 67.907959][ T5117] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 67.915940][ T5117] RBP: 00007ffe1572a160 R08: 0000000000000001 R09: 00007ffe1572a170
[ 67.923921][ T5117] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 67.931901][ T5117] R13: 00007ffe1572a1a0 R14: 00007ffe1572a180 R15: 0000000000000027
[ 67.939904][ T5117]
[pid 5118] chdir("./40") = 0
[pid 5118] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5118] setpgid(0, 0) = 0
[pid 5118] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5118] write(3, "1000", 4) = 4
[pid 5118] close(3) = 0
[pid 5118] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5118] memfd_create("syzkaller", 0) = 3
[pid 5118] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1beb75d000
[pid 5118] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5118] munmap(0x7f1beb75d000, 32768) = 0
[pid 5118] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5118] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5118] close(3) = 0
[pid 5118] mkdir("./file0", 0777) = 0
[pid 5118] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5118] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5118] chdir("./file0") = 0
[pid 5118] ioctl(4, LOOP_CLR_FD) = 0
[pid 5118] close(4) = 0
[pid 5118] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5118] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5118] write(5, "9", 1) = 1
[ 68.011225][ T5118] loop0: detected capacity change from 0 to 64
[ 68.039646][ T5118] FAULT_INJECTION: forcing a failure.
[ 68.039646][ T5118] name failslab, interval 1, probability 0, space 0, times 0
[ 68.052900][ T5118] CPU: 0 PID: 5118 Comm: syz-executor348 Not tainted 6.2.0-rc2-next-20230105-syzkaller #0
[ 68.062796][ T5118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 68.072840][ T5118] Call Trace:
[ 68.076107][ T5118]
[ 68.079045][ T5118] dump_stack_lvl+0xd1/0x138
[ 68.083649][ T5118] should_fail_ex.cold+0x5/0xa
[ 68.088412][ T5118] should_failslab+0x9/0x20
[ 68.092913][ T5118] __kmem_cache_alloc_node+0x5b/0x330
[ 68.098278][ T5118] ? hfs_find_init+0x95/0x240
[ 68.102952][ T5118] ? hfs_find_init+0x95/0x240
[ 68.107624][ T5118] __kmalloc+0x4a/0xd0
[ 68.111695][ T5118] hfs_find_init+0x95/0x240
[ 68.116193][ T5118] hfs_ext_read_extent+0x18d/0xa20
[ 68.121299][ T5118] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 68.126839][ T5118] ? hfs_free_extents+0x2e0/0x2e0
[ 68.131867][ T5118] ? clean_bdev_aliases+0x4f9/0x600
[ 68.137080][ T5118] hfs_extend_file+0x4b5/0xae0
[ 68.141855][ T5118] ? hfs_free_fork+0x920/0x920
[ 68.146620][ T5118] ? rcu_read_lock_sched_held+0x3e/0x70
[ 68.152164][ T5118] ? __mark_inode_dirty+0x32c/0x1250
[ 68.157447][ T5118] hfs_get_block+0x17f/0x820
[ 68.162051][ T5118] __block_write_begin_int+0x3bd/0x14b0
[ 68.167625][ T5118] ? hfs_extend_file+0xae0/0xae0
[ 68.172603][ T5118] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 68.178174][ T5118] ? PageHeadHuge+0x1a2/0x200
[ 68.182883][ T5118] ? hfs_extend_file+0xae0/0xae0
[ 68.187843][ T5118] block_write_begin+0xb9/0x4d0
[ 68.192724][ T5118] cont_write_begin+0x534/0x740
[ 68.197607][ T5118] ? hfs_extend_file+0xae0/0xae0
[ 68.202572][ T5118] ? block_write_begin+0x4d0/0x4d0
[ 68.207703][ T5118] ? fault_in_readable+0x179/0x290
[ 68.212860][ T5118] ? fault_in_subpage_writeable+0x20/0x20
[ 68.218615][ T5118] hfs_write_begin+0x87/0x150
[ 68.223322][ T5118] ? hfs_extend_file+0xae0/0xae0
[ 68.228295][ T5118] generic_perform_write+0x256/0x570
[ 68.233617][ T5118] ? folio_add_wait_queue+0x1c0/0x1c0
[ 68.239016][ T5118] ? new_inode+0x280/0x280
[ 68.243469][ T5118] ? generic_write_checks+0x2c0/0x400
[ 68.248876][ T5118] __generic_file_write_iter+0x2ae/0x500
[ 68.254540][ T5118] generic_file_write_iter+0xe3/0x350
[ 68.259942][ T5118] vfs_write+0x9ed/0xe10
[ 68.264209][ T5118] ? kernel_write+0x670/0x670
[ 68.268913][ T5118] ? find_held_lock+0x2d/0x110
[ 68.273714][ T5118] ? lock_downgrade+0x6e0/0x6e0
[ 68.278581][ T5118] ? __fget_light+0x20a/0x270
[ 68.283285][ T5118] ksys_write+0x12b/0x250
[ 68.287636][ T5118] ? __ia32_sys_read+0xb0/0xb0
[ 68.292416][ T5118] ? lockdep_hardirqs_on+0x7d/0x100
[ 68.297631][ T5118] ? _raw_spin_unlock_irq+0x2e/0x50
[ 68.302849][ T5118] ? ptrace_notify+0xfe/0x140
[ 68.307546][ T5118] do_syscall_64+0x39/0xb0
[ 68.311986][ T5118] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 68.317894][ T5118] RIP: 0033:0x7f1bf3baa9e9
[ 68.322319][ T5118] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 68.341939][ T5118] RSP: 002b:00007ffe1572a138 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 68.350369][ T5118] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f1bf3baa9e9
[pid 5118] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5118] exit_group(0) = ?
[pid 5118] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5118, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c63620 /* 4 entries */, 32768) = 112
umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./40/binderfs") = 0
umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555c6b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555c6b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./40/file0") = 0
getdents64(3, 0x555555c63620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./40") = 0
mkdir("./41", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c625d0) = 5119
./strace-static-x86_64: Process 5119 attached
[pid 5119] chdir("./41") = 0
[ 68.358354][ T5118] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 68.366344][ T5118] RBP: 00007ffe1572a160 R08: 0000000000000001 R09: 00007ffe1572a170
[ 68.374332][ T5118] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 68.382318][ T5118] R13: 00007ffe1572a1a0 R14: 00007ffe1572a180 R15: 0000000000000028
[ 68.390319][ T5118]
[pid 5119] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5119] setpgid(0, 0) = 0
[pid 5119] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5119] write(3, "1000", 4) = 4
[pid 5119] close(3) = 0
[pid 5119] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5119] memfd_create("syzkaller", 0) = 3
[pid 5119] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1beb75d000
[pid 5119] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5119] munmap(0x7f1beb75d000, 32768) = 0
[pid 5119] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5119] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5119] close(3) = 0
[pid 5119] mkdir("./file0", 0777) = 0
[pid 5119] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5119] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5119] chdir("./file0") = 0
[pid 5119] ioctl(4, LOOP_CLR_FD) = 0
[pid 5119] close(4) = 0
[pid 5119] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5119] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5119] write(5, "9", 1) = 1
[ 68.454838][ T5119] loop0: detected capacity change from 0 to 64
[ 68.476688][ T5119] FAULT_INJECTION: forcing a failure.
[ 68.476688][ T5119] name failslab, interval 1, probability 0, space 0, times 0
[ 68.490643][ T5119] CPU: 0 PID: 5119 Comm: syz-executor348 Not tainted 6.2.0-rc2-next-20230105-syzkaller #0
[ 68.500573][ T5119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 68.510642][ T5119] Call Trace:
[ 68.513914][ T5119]
[ 68.516835][ T5119] dump_stack_lvl+0xd1/0x138
[ 68.521426][ T5119] should_fail_ex.cold+0x5/0xa
[ 68.526186][ T5119] should_failslab+0x9/0x20
[ 68.530692][ T5119] __kmem_cache_alloc_node+0x5b/0x330
[ 68.536056][ T5119] ? hfs_find_init+0x95/0x240
[ 68.540737][ T5119] ? hfs_find_init+0x95/0x240
[ 68.545405][ T5119] __kmalloc+0x4a/0xd0
[ 68.549475][ T5119] hfs_find_init+0x95/0x240
[ 68.553976][ T5119] hfs_ext_read_extent+0x18d/0xa20
[ 68.559081][ T5119] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 68.564617][ T5119] ? rcu_read_lock_sched_held+0x3e/0x70
[ 68.570152][ T5119] ? hfs_free_extents+0x2e0/0x2e0
[ 68.575176][ T5119] ? clean_bdev_aliases+0x4f9/0x600
[ 68.580366][ T5119] ? find_held_lock+0x2d/0x110
[ 68.585133][ T5119] hfs_extend_file+0x4b5/0xae0
[ 68.589893][ T5119] ? hfs_free_fork+0x920/0x920
[ 68.594653][ T5119] ? rcu_read_lock_sched_held+0x3e/0x70
[ 68.600189][ T5119] ? __mark_inode_dirty+0x32c/0x1250
[ 68.605474][ T5119] hfs_get_block+0x17f/0x820
[ 68.610064][ T5119] __block_write_begin_int+0x3bd/0x14b0
[ 68.615606][ T5119] ? hfs_extend_file+0xae0/0xae0
[ 68.620545][ T5119] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 68.626085][ T5119] ? PageHeadHuge+0x1a2/0x200
[ 68.630762][ T5119] ? hfs_extend_file+0xae0/0xae0
[ 68.635691][ T5119] block_write_begin+0xb9/0x4d0
[ 68.640538][ T5119] cont_write_begin+0x534/0x740
[ 68.645416][ T5119] ? hfs_extend_file+0xae0/0xae0
[ 68.650349][ T5119] ? block_write_begin+0x4d0/0x4d0
[ 68.655452][ T5119] ? fault_in_readable+0x179/0x290
[ 68.660559][ T5119] ? fault_in_subpage_writeable+0x20/0x20
[ 68.666276][ T5119] hfs_write_begin+0x87/0x150
[ 68.670947][ T5119] ? hfs_extend_file+0xae0/0xae0
[ 68.675914][ T5119] generic_perform_write+0x256/0x570
[ 68.681202][ T5119] ? folio_add_wait_queue+0x1c0/0x1c0
[ 68.686571][ T5119] ? new_inode+0x280/0x280
[ 68.690988][ T5119] ? generic_write_checks+0x2c0/0x400
[ 68.696359][ T5119] __generic_file_write_iter+0x2ae/0x500
[ 68.701994][ T5119] generic_file_write_iter+0xe3/0x350
[ 68.707365][ T5119] vfs_write+0x9ed/0xe10
[ 68.711605][ T5119] ? kernel_write+0x670/0x670
[ 68.716277][ T5119] ? find_held_lock+0x2d/0x110
[ 68.721043][ T5119] ? lock_downgrade+0x6e0/0x6e0
[ 68.725888][ T5119] ? __fget_light+0x20a/0x270
[ 68.730561][ T5119] ksys_write+0x12b/0x250
[ 68.734890][ T5119] ? __ia32_sys_read+0xb0/0xb0
[ 68.739645][ T5119] ? lockdep_hardirqs_on+0x7d/0x100
[ 68.744837][ T5119] ? _raw_spin_unlock_irq+0x2e/0x50
[ 68.750031][ T5119] ? ptrace_notify+0xfe/0x140
[ 68.754703][ T5119] do_syscall_64+0x39/0xb0
[ 68.759122][ T5119] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 68.765006][ T5119] RIP: 0033:0x7f1bf3baa9e9
[ 68.769414][ T5119] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 68.789020][ T5119] RSP: 002b:00007ffe1572a138 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 68.797426][ T5119] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f1bf3baa9e9
[pid 5119] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5119] exit_group(0) = ?
[pid 5119] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5119, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c63620 /* 4 entries */, 32768) = 112
umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./41/binderfs") = 0
umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555c6b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555c6b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./41/file0") = 0
getdents64(3, 0x555555c63620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./41") = 0
mkdir("./42", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c625d0) = 5120
./strace-static-x86_64: Process 5120 attached
[pid 5120] chdir("./42") = 0
[pid 5120] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5120] setpgid(0, 0) = 0
[pid 5120] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5120] write(3, "1000", 4) = 4
[pid 5120] close(3) = 0
[pid 5120] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5120] memfd_create("syzkaller", 0) = 3
[pid 5120] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1beb75d000
[pid 5120] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5120] munmap(0x7f1beb75d000, 32768) = 0
[ 68.805387][ T5119] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 68.813353][ T5119] RBP: 00007ffe1572a160 R08: 0000000000000001 R09: 00007ffe1572a170
[ 68.821313][ T5119] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 68.829272][ T5119] R13: 00007ffe1572a1a0 R14: 00007ffe1572a180 R15: 0000000000000029
[ 68.837244][ T5119]
[pid 5120] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5120] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5120] close(3) = 0
[pid 5120] mkdir("./file0", 0777) = 0
[pid 5120] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5120] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5120] chdir("./file0") = 0
[pid 5120] ioctl(4, LOOP_CLR_FD) = 0
[pid 5120] close(4) = 0
[pid 5120] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5120] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5120] write(5, "9", 1) = 1
[pid 5120] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5120] exit_group(0) = ?
[pid 5120] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5120, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c63620 /* 4 entries */, 32768) = 112
umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./42/binderfs") = 0
umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555c6b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555c6b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./42/file0") = 0
getdents64(3, 0x555555c63620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./42") = 0
mkdir("./43", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c625d0) = 5121
./strace-static-x86_64: Process 5121 attached
[pid 5121] chdir("./43") = 0
[pid 5121] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5121] setpgid(0, 0) = 0
[pid 5121] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5121] write(3, "1000", 4) = 4
[pid 5121] close(3) = 0
[pid 5121] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5121] memfd_create("syzkaller", 0) = 3
[pid 5121] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1beb75d000
[pid 5121] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5121] munmap(0x7f1beb75d000, 32768) = 0
[pid 5121] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 68.888556][ T5120] loop0: detected capacity change from 0 to 64
[pid 5121] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5121] close(3) = 0
[pid 5121] mkdir("./file0", 0777) = 0
[pid 5121] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5121] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5121] chdir("./file0") = 0
[pid 5121] ioctl(4, LOOP_CLR_FD) = 0
[pid 5121] close(4) = 0
[pid 5121] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5121] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5121] write(5, "9", 1) = 1
[pid 5121] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5121] exit_group(0) = ?
[pid 5121] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5121, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c63620 /* 4 entries */, 32768) = 112
umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./43/binderfs") = 0
umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555c6b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555c6b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./43/file0") = 0
getdents64(3, 0x555555c63620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./43") = 0
[ 68.945577][ T5121] loop0: detected capacity change from 0 to 64
[ 68.948492][ T5078] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
mkdir("./44", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c625d0) = 5122
./strace-static-x86_64: Process 5122 attached
[pid 5122] chdir("./44") = 0
[pid 5122] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5122] setpgid(0, 0) = 0
[pid 5122] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5122] write(3, "1000", 4) = 4
[pid 5122] close(3) = 0
[pid 5122] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5122] memfd_create("syzkaller", 0) = 3
[pid 5122] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1beb75d000
[pid 5122] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5122] munmap(0x7f1beb75d000, 32768) = 0
[pid 5122] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5122] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5122] close(3) = 0
[pid 5122] mkdir("./file0", 0777) = 0
[pid 5122] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5122] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5122] chdir("./file0") = 0
[pid 5122] ioctl(4, LOOP_CLR_FD) = 0
[pid 5122] close(4) = 0
[pid 5122] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5122] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5122] write(5, "9", 1) = 1
[ 69.020421][ T5122] loop0: detected capacity change from 0 to 64
[ 69.043615][ T5122] FAULT_INJECTION: forcing a failure.
[ 69.043615][ T5122] name failslab, interval 1, probability 0, space 0, times 0
[ 69.056402][ T5122] CPU: 1 PID: 5122 Comm: syz-executor348 Not tainted 6.2.0-rc2-next-20230105-syzkaller #0
[ 69.066333][ T5122] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 69.076410][ T5122] Call Trace:
[ 69.079702][ T5122]
[ 69.082639][ T5122] dump_stack_lvl+0xd1/0x138
[ 69.087265][ T5122] should_fail_ex.cold+0x5/0xa
[ 69.092050][ T5122] should_failslab+0x9/0x20
[ 69.096578][ T5122] __kmem_cache_alloc_node+0x5b/0x330
[ 69.101965][ T5122] ? hfs_find_init+0x95/0x240
[ 69.106663][ T5122] ? hfs_find_init+0x95/0x240
[ 69.111363][ T5122] __kmalloc+0x4a/0xd0
[ 69.115460][ T5122] hfs_find_init+0x95/0x240
[ 69.119985][ T5122] hfs_ext_read_extent+0x18d/0xa20
[ 69.125122][ T5122] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 69.130699][ T5122] ? hfs_free_extents+0x2e0/0x2e0
[ 69.135755][ T5122] ? clean_bdev_aliases+0x4f9/0x600
[ 69.140979][ T5122] hfs_extend_file+0x4b5/0xae0
[ 69.145767][ T5122] ? hfs_free_fork+0x920/0x920
[ 69.150554][ T5122] ? rcu_read_lock_sched_held+0x3e/0x70
[ 69.156113][ T5122] ? __mark_inode_dirty+0x32c/0x1250
[ 69.161422][ T5122] hfs_get_block+0x17f/0x820
[ 69.166041][ T5122] __block_write_begin_int+0x3bd/0x14b0
[ 69.171613][ T5122] ? hfs_extend_file+0xae0/0xae0
[ 69.176583][ T5122] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 69.182157][ T5122] ? PageHeadHuge+0x1a2/0x200
[ 69.186861][ T5122] ? hfs_extend_file+0xae0/0xae0
[ 69.191821][ T5122] block_write_begin+0xb9/0x4d0
[ 69.196703][ T5122] cont_write_begin+0x534/0x740
[ 69.201583][ T5122] ? hfs_extend_file+0xae0/0xae0
[ 69.206541][ T5122] ? block_write_begin+0x4d0/0x4d0
[ 69.211671][ T5122] ? fault_in_readable+0x179/0x290
[ 69.216818][ T5122] ? fault_in_subpage_writeable+0x20/0x20
[ 69.222565][ T5122] hfs_write_begin+0x87/0x150
[ 69.227264][ T5122] ? hfs_extend_file+0xae0/0xae0
[ 69.232227][ T5122] generic_perform_write+0x256/0x570
[ 69.237543][ T5122] ? folio_add_wait_queue+0x1c0/0x1c0
[ 69.242935][ T5122] ? new_inode+0x280/0x280
[ 69.247382][ T5122] ? generic_write_checks+0x2c0/0x400
[ 69.252785][ T5122] __generic_file_write_iter+0x2ae/0x500
[ 69.258449][ T5122] generic_file_write_iter+0xe3/0x350
[ 69.263854][ T5122] vfs_write+0x9ed/0xe10
[ 69.268120][ T5122] ? kernel_write+0x670/0x670
[ 69.272821][ T5122] ? find_held_lock+0x2d/0x110
[ 69.277622][ T5122] ? lock_downgrade+0x6e0/0x6e0
[ 69.282495][ T5122] ? __fget_light+0x20a/0x270
[ 69.287196][ T5122] ksys_write+0x12b/0x250
[ 69.291547][ T5122] ? __ia32_sys_read+0xb0/0xb0
[ 69.296334][ T5122] ? lockdep_hardirqs_on+0x7d/0x100
[ 69.301551][ T5122] ? _raw_spin_unlock_irq+0x2e/0x50
[ 69.306771][ T5122] ? ptrace_notify+0xfe/0x140
[ 69.311479][ T5122] do_syscall_64+0x39/0xb0
[ 69.315919][ T5122] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 69.321828][ T5122] RIP: 0033:0x7f1bf3baa9e9
[ 69.326255][ T5122] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 69.345884][ T5122] RSP: 002b:00007ffe1572a138 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 69.354320][ T5122] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f1bf3baa9e9
[ 69.362303][ T5122] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid 5122] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5122] exit_group(0) = ?
[pid 5122] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5122, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c63620 /* 4 entries */, 32768) = 112
umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./44/binderfs") = 0
umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555c6b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555c6b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./44/file0") = 0
getdents64(3, 0x555555c63620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./44") = 0
mkdir("./45", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c625d0) = 5123
./strace-static-x86_64: Process 5123 attached
[pid 5123] chdir("./45") = 0
[pid 5123] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5123] setpgid(0, 0) = 0
[pid 5123] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5123] write(3, "1000", 4) = 4
[pid 5123] close(3) = 0
[pid 5123] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5123] memfd_create("syzkaller", 0) = 3
[pid 5123] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1beb75d000
[pid 5123] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5123] munmap(0x7f1beb75d000, 32768) = 0
[pid 5123] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 69.370283][ T5122] RBP: 00007ffe1572a160 R08: 0000000000000001 R09: 00007ffe1572a170
[ 69.378262][ T5122] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 69.386242][ T5122] R13: 00007ffe1572a1a0 R14: 00007ffe1572a180 R15: 000000000000002c
[ 69.394274][ T5122]
[pid 5123] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5123] close(3) = 0
[pid 5123] mkdir("./file0", 0777) = 0
[pid 5123] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5123] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5123] chdir("./file0") = 0
[pid 5123] ioctl(4, LOOP_CLR_FD) = 0
[pid 5123] close(4) = 0
[pid 5123] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5123] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5123] write(5, "9", 1) = 1
[ 69.450382][ T5123] loop0: detected capacity change from 0 to 64
[ 69.476555][ T5123] FAULT_INJECTION: forcing a failure.
[ 69.476555][ T5123] name failslab, interval 1, probability 0, space 0, times 0
[ 69.489515][ T5123] CPU: 0 PID: 5123 Comm: syz-executor348 Not tainted 6.2.0-rc2-next-20230105-syzkaller #0
[ 69.499432][ T5123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 69.509490][ T5123] Call Trace:
[ 69.512775][ T5123]
[ 69.515700][ T5123] dump_stack_lvl+0xd1/0x138
[ 69.520293][ T5123] should_fail_ex.cold+0x5/0xa
[ 69.525057][ T5123] should_failslab+0x9/0x20
[ 69.529562][ T5123] __kmem_cache_alloc_node+0x5b/0x330
[ 69.534932][ T5123] ? hfs_find_init+0x95/0x240
[ 69.539608][ T5123] ? hfs_find_init+0x95/0x240
[ 69.544282][ T5123] __kmalloc+0x4a/0xd0
[ 69.548372][ T5123] hfs_find_init+0x95/0x240
[ 69.552872][ T5123] hfs_ext_read_extent+0x18d/0xa20
[ 69.557980][ T5123] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 69.563521][ T5123] ? rcu_read_lock_sched_held+0x3e/0x70
[ 69.569074][ T5123] ? hfs_free_extents+0x2e0/0x2e0
[ 69.574127][ T5123] ? clean_bdev_aliases+0x4f9/0x600
[ 69.579323][ T5123] ? find_held_lock+0x2d/0x110
[ 69.584093][ T5123] hfs_extend_file+0x4b5/0xae0
[ 69.588873][ T5123] ? hfs_free_fork+0x920/0x920
[ 69.593660][ T5123] ? rcu_read_lock_sched_held+0x3e/0x70
[ 69.599201][ T5123] ? __mark_inode_dirty+0x32c/0x1250
[ 69.604499][ T5123] hfs_get_block+0x17f/0x820
[ 69.609119][ T5123] __block_write_begin_int+0x3bd/0x14b0
[ 69.614687][ T5123] ? hfs_extend_file+0xae0/0xae0
[ 69.619650][ T5123] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 69.625200][ T5123] ? PageHeadHuge+0x1a2/0x200
[ 69.629879][ T5123] ? hfs_extend_file+0xae0/0xae0
[ 69.634824][ T5123] block_write_begin+0xb9/0x4d0
[ 69.639677][ T5123] cont_write_begin+0x534/0x740
[ 69.644535][ T5123] ? hfs_extend_file+0xae0/0xae0
[ 69.649471][ T5123] ? block_write_begin+0x4d0/0x4d0
[ 69.654579][ T5123] ? fault_in_readable+0x179/0x290
[ 69.659702][ T5123] ? fault_in_subpage_writeable+0x20/0x20
[ 69.665464][ T5123] hfs_write_begin+0x87/0x150
[ 69.670166][ T5123] ? hfs_extend_file+0xae0/0xae0
[ 69.675103][ T5123] generic_perform_write+0x256/0x570
[ 69.680397][ T5123] ? folio_add_wait_queue+0x1c0/0x1c0
[ 69.685766][ T5123] ? new_inode+0x280/0x280
[ 69.690185][ T5123] ? generic_write_checks+0x2c0/0x400
[ 69.695559][ T5123] __generic_file_write_iter+0x2ae/0x500
[ 69.701195][ T5123] generic_file_write_iter+0xe3/0x350
[ 69.706588][ T5123] vfs_write+0x9ed/0xe10
[ 69.710870][ T5123] ? kernel_write+0x670/0x670
[ 69.715570][ T5123] ? find_held_lock+0x2d/0x110
[ 69.720338][ T5123] ? lock_downgrade+0x6e0/0x6e0
[ 69.725198][ T5123] ? __fget_light+0x20a/0x270
[ 69.729889][ T5123] ksys_write+0x12b/0x250
[ 69.734214][ T5123] ? __ia32_sys_read+0xb0/0xb0
[ 69.738977][ T5123] ? lockdep_hardirqs_on+0x7d/0x100
[ 69.744195][ T5123] ? _raw_spin_unlock_irq+0x2e/0x50
[ 69.749400][ T5123] ? ptrace_notify+0xfe/0x140
[ 69.754076][ T5123] do_syscall_64+0x39/0xb0
[ 69.758493][ T5123] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 69.764384][ T5123] RIP: 0033:0x7f1bf3baa9e9
[ 69.768792][ T5123] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 69.788393][ T5123] RSP: 002b:00007ffe1572a138 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 5123] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5123] exit_group(0) = ?
[pid 5123] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5123, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c63620 /* 4 entries */, 32768) = 112
umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./45/binderfs") = 0
umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555c6b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555c6b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./45/file0") = 0
getdents64(3, 0x555555c63620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./45") = 0
mkdir("./46", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c625d0) = 5124
./strace-static-x86_64: Process 5124 attached
[ 69.796805][ T5123] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f1bf3baa9e9
[ 69.804781][ T5123] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 69.812766][ T5123] RBP: 00007ffe1572a160 R08: 0000000000000001 R09: 00007ffe1572a170
[ 69.820905][ T5123] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 69.828880][ T5123] R13: 00007ffe1572a1a0 R14: 00007ffe1572a180 R15: 000000000000002d
[ 69.836876][ T5123]
[pid 5124] chdir("./46") = 0
[pid 5124] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5124] setpgid(0, 0) = 0
[pid 5124] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5124] write(3, "1000", 4) = 4
[pid 5124] close(3) = 0
[pid 5124] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5124] memfd_create("syzkaller", 0) = 3
[pid 5124] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1beb75d000
[pid 5124] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5124] munmap(0x7f1beb75d000, 32768) = 0
[pid 5124] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5124] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5124] close(3) = 0
[pid 5124] mkdir("./file0", 0777) = 0
[pid 5124] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5124] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5124] chdir("./file0") = 0
[pid 5124] ioctl(4, LOOP_CLR_FD) = 0
[pid 5124] close(4) = 0
[pid 5124] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5124] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5124] write(5, "9", 1) = 1
[ 69.892763][ T5124] loop0: detected capacity change from 0 to 64
[ 69.922852][ T5124] FAULT_INJECTION: forcing a failure.
[ 69.922852][ T5124] name failslab, interval 1, probability 0, space 0, times 0
[ 69.935668][ T5124] CPU: 0 PID: 5124 Comm: syz-executor348 Not tainted 6.2.0-rc2-next-20230105-syzkaller #0
[ 69.945584][ T5124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 69.955631][ T5124] Call Trace:
[ 69.958900][ T5124]
[ 69.961823][ T5124] dump_stack_lvl+0xd1/0x138
[ 69.966430][ T5124] should_fail_ex.cold+0x5/0xa
[ 69.971192][ T5124] should_failslab+0x9/0x20
[ 69.975695][ T5124] __kmem_cache_alloc_node+0x5b/0x330
[ 69.981061][ T5124] ? hfs_find_init+0x95/0x240
[ 69.985733][ T5124] ? hfs_find_init+0x95/0x240
[ 69.990402][ T5124] __kmalloc+0x4a/0xd0
[ 69.994469][ T5124] hfs_find_init+0x95/0x240
[ 69.998965][ T5124] hfs_ext_read_extent+0x18d/0xa20
[ 70.004094][ T5124] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 70.009639][ T5124] ? rcu_read_lock_sched_held+0x3e/0x70
[ 70.015204][ T5124] ? hfs_free_extents+0x2e0/0x2e0
[ 70.020228][ T5124] ? clean_bdev_aliases+0x4f9/0x600
[ 70.025417][ T5124] ? find_held_lock+0x2d/0x110
[ 70.030186][ T5124] hfs_extend_file+0x4b5/0xae0
[ 70.034947][ T5124] ? hfs_free_fork+0x920/0x920
[ 70.039712][ T5124] ? rcu_read_lock_sched_held+0x3e/0x70
[ 70.045249][ T5124] ? __mark_inode_dirty+0x32c/0x1250
[ 70.050530][ T5124] hfs_get_block+0x17f/0x820
[ 70.055126][ T5124] __block_write_begin_int+0x3bd/0x14b0
[ 70.060671][ T5124] ? hfs_extend_file+0xae0/0xae0
[ 70.065611][ T5124] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 70.071152][ T5124] ? PageHeadHuge+0x1a2/0x200
[ 70.075826][ T5124] ? hfs_extend_file+0xae0/0xae0
[ 70.080758][ T5124] block_write_begin+0xb9/0x4d0
[ 70.085612][ T5124] cont_write_begin+0x534/0x740
[ 70.090463][ T5124] ? hfs_extend_file+0xae0/0xae0
[ 70.095393][ T5124] ? block_write_begin+0x4d0/0x4d0
[ 70.100499][ T5124] ? fault_in_readable+0x179/0x290
[ 70.105605][ T5124] ? fault_in_subpage_writeable+0x20/0x20
[ 70.111329][ T5124] hfs_write_begin+0x87/0x150
[ 70.116011][ T5124] ? hfs_extend_file+0xae0/0xae0
[ 70.121123][ T5124] generic_perform_write+0x256/0x570
[ 70.126410][ T5124] ? folio_add_wait_queue+0x1c0/0x1c0
[ 70.131777][ T5124] ? new_inode+0x280/0x280
[ 70.136193][ T5124] ? generic_write_checks+0x2c0/0x400
[ 70.141585][ T5124] __generic_file_write_iter+0x2ae/0x500
[ 70.147220][ T5124] generic_file_write_iter+0xe3/0x350
[ 70.152589][ T5124] vfs_write+0x9ed/0xe10
[ 70.156827][ T5124] ? kernel_write+0x670/0x670
[ 70.161499][ T5124] ? find_held_lock+0x2d/0x110
[ 70.166270][ T5124] ? lock_downgrade+0x6e0/0x6e0
[ 70.171120][ T5124] ? __fget_light+0x20a/0x270
[ 70.175822][ T5124] ksys_write+0x12b/0x250
[ 70.180148][ T5124] ? __ia32_sys_read+0xb0/0xb0
[ 70.184903][ T5124] ? lockdep_hardirqs_on+0x7d/0x100
[ 70.190095][ T5124] ? _raw_spin_unlock_irq+0x2e/0x50
[ 70.195291][ T5124] ? ptrace_notify+0xfe/0x140
[ 70.199966][ T5124] do_syscall_64+0x39/0xb0
[ 70.204378][ T5124] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 70.210265][ T5124] RIP: 0033:0x7f1bf3baa9e9
[ 70.214671][ T5124] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 70.234271][ T5124] RSP: 002b:00007ffe1572a138 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 5124] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5124] exit_group(0) = ?
[pid 5124] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5124, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c63620 /* 4 entries */, 32768) = 112
umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./46/binderfs") = 0
umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555c6b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555c6b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./46/file0") = 0
getdents64(3, 0x555555c63620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./46") = 0
mkdir("./47", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c625d0) = 5125
./strace-static-x86_64: Process 5125 attached
[pid 5125] chdir("./47") = 0
[pid 5125] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5125] setpgid(0, 0) = 0
[ 70.242688][ T5124] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f1bf3baa9e9
[ 70.250652][ T5124] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 70.258613][ T5124] RBP: 00007ffe1572a160 R08: 0000000000000001 R09: 00007ffe1572a170
[ 70.266590][ T5124] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 70.274553][ T5124] R13: 00007ffe1572a1a0 R14: 00007ffe1572a180 R15: 000000000000002e
[ 70.282531][ T5124]
[pid 5125] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5125] write(3, "1000", 4) = 4
[pid 5125] close(3) = 0
[pid 5125] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5125] memfd_create("syzkaller", 0) = 3
[pid 5125] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1beb75d000
[pid 5125] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5125] munmap(0x7f1beb75d000, 32768) = 0
[pid 5125] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5125] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5125] close(3) = 0
[pid 5125] mkdir("./file0", 0777) = 0
[pid 5125] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5125] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5125] chdir("./file0") = 0
[pid 5125] ioctl(4, LOOP_CLR_FD) = 0
[pid 5125] close(4) = 0
[pid 5125] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5125] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5125] write(5, "9", 1) = 1
[ 70.334027][ T5125] loop0: detected capacity change from 0 to 64
[ 70.362894][ T5125] FAULT_INJECTION: forcing a failure.
[ 70.362894][ T5125] name failslab, interval 1, probability 0, space 0, times 0
[ 70.375763][ T5125] CPU: 0 PID: 5125 Comm: syz-executor348 Not tainted 6.2.0-rc2-next-20230105-syzkaller #0
[ 70.385689][ T5125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 70.395737][ T5125] Call Trace:
[ 70.399018][ T5125]
[ 70.401970][ T5125] dump_stack_lvl+0xd1/0x138
[ 70.406592][ T5125] should_fail_ex.cold+0x5/0xa
[ 70.411358][ T5125] should_failslab+0x9/0x20
[ 70.415862][ T5125] __kmem_cache_alloc_node+0x5b/0x330
[ 70.421229][ T5125] ? hfs_find_init+0x95/0x240
[ 70.425906][ T5125] ? hfs_find_init+0x95/0x240
[ 70.430593][ T5125] __kmalloc+0x4a/0xd0
[ 70.434707][ T5125] hfs_find_init+0x95/0x240
[ 70.439250][ T5125] hfs_ext_read_extent+0x18d/0xa20
[ 70.444388][ T5125] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 70.449930][ T5125] ? rcu_read_lock_sched_held+0x3e/0x70
[ 70.455471][ T5125] ? hfs_free_extents+0x2e0/0x2e0
[ 70.460522][ T5125] ? clean_bdev_aliases+0x4f9/0x600
[ 70.465741][ T5125] ? find_held_lock+0x2d/0x110
[ 70.470527][ T5125] hfs_extend_file+0x4b5/0xae0
[ 70.475321][ T5125] ? hfs_free_fork+0x920/0x920
[ 70.480086][ T5125] ? rcu_read_lock_sched_held+0x3e/0x70
[ 70.485626][ T5125] ? __mark_inode_dirty+0x32c/0x1250
[ 70.490910][ T5125] hfs_get_block+0x17f/0x820
[ 70.495506][ T5125] __block_write_begin_int+0x3bd/0x14b0
[ 70.501057][ T5125] ? hfs_extend_file+0xae0/0xae0
[ 70.506018][ T5125] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 70.511610][ T5125] ? PageHeadHuge+0x1a2/0x200
[ 70.516315][ T5125] ? hfs_extend_file+0xae0/0xae0
[ 70.521255][ T5125] block_write_begin+0xb9/0x4d0
[ 70.526110][ T5125] cont_write_begin+0x534/0x740
[ 70.530988][ T5125] ? hfs_extend_file+0xae0/0xae0
[ 70.535960][ T5125] ? block_write_begin+0x4d0/0x4d0
[ 70.541072][ T5125] ? fault_in_readable+0x179/0x290
[ 70.546183][ T5125] ? fault_in_subpage_writeable+0x20/0x20
[ 70.551904][ T5125] hfs_write_begin+0x87/0x150
[ 70.556590][ T5125] ? hfs_extend_file+0xae0/0xae0
[ 70.561555][ T5125] generic_perform_write+0x256/0x570
[ 70.566842][ T5125] ? folio_add_wait_queue+0x1c0/0x1c0
[ 70.572228][ T5125] ? new_inode+0x280/0x280
[ 70.576692][ T5125] ? generic_write_checks+0x2c0/0x400
[ 70.582092][ T5125] __generic_file_write_iter+0x2ae/0x500
[ 70.587783][ T5125] generic_file_write_iter+0xe3/0x350
[ 70.593186][ T5125] vfs_write+0x9ed/0xe10
[ 70.597430][ T5125] ? kernel_write+0x670/0x670
[ 70.602120][ T5125] ? find_held_lock+0x2d/0x110
[ 70.606957][ T5125] ? lock_downgrade+0x6e0/0x6e0
[ 70.611816][ T5125] ? __fget_light+0x20a/0x270
[ 70.616519][ T5125] ksys_write+0x12b/0x250
[ 70.620848][ T5125] ? __ia32_sys_read+0xb0/0xb0
[ 70.625613][ T5125] ? lockdep_hardirqs_on+0x7d/0x100
[ 70.630809][ T5125] ? _raw_spin_unlock_irq+0x2e/0x50
[ 70.636016][ T5125] ? ptrace_notify+0xfe/0x140
[ 70.640714][ T5125] do_syscall_64+0x39/0xb0
[ 70.645146][ T5125] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 70.651042][ T5125] RIP: 0033:0x7f1bf3baa9e9
[ 70.655449][ T5125] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 70.675052][ T5125] RSP: 002b:00007ffe1572a138 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 5125] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5125] exit_group(0) = ?
[pid 5125] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5125, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c63620 /* 4 entries */, 32768) = 112
umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./47/binderfs") = 0
umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555c6b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555c6b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./47/file0") = 0
getdents64(3, 0x555555c63620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./47") = 0
mkdir("./48", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c625d0) = 5126
./strace-static-x86_64: Process 5126 attached
[ 70.683460][ T5125] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f1bf3baa9e9
[ 70.691461][ T5125] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 70.699424][ T5125] RBP: 00007ffe1572a160 R08: 0000000000000001 R09: 00007ffe1572a170
[ 70.707404][ T5125] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 70.715388][ T5125] R13: 00007ffe1572a1a0 R14: 00007ffe1572a180 R15: 000000000000002f
[ 70.723371][ T5125]
[pid 5126] chdir("./48") = 0
[pid 5126] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5126] setpgid(0, 0) = 0
[pid 5126] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5126] write(3, "1000", 4) = 4
[pid 5126] close(3) = 0
[pid 5126] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5126] memfd_create("syzkaller", 0) = 3
[pid 5126] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1beb75d000
[pid 5126] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5126] munmap(0x7f1beb75d000, 32768) = 0
[pid 5126] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5126] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5126] close(3) = 0
[pid 5126] mkdir("./file0", 0777) = 0
[pid 5126] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5126] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5126] chdir("./file0") = 0
[pid 5126] ioctl(4, LOOP_CLR_FD) = 0
[pid 5126] close(4) = 0
[pid 5126] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5126] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5126] write(5, "9", 1) = 1
[ 70.787821][ T5126] loop0: detected capacity change from 0 to 64
[ 70.817643][ T5126] FAULT_INJECTION: forcing a failure.
[ 70.817643][ T5126] name failslab, interval 1, probability 0, space 0, times 0
[ 70.837376][ T5126] CPU: 0 PID: 5126 Comm: syz-executor348 Not tainted 6.2.0-rc2-next-20230105-syzkaller #0
[ 70.847275][ T5126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 70.857320][ T5126] Call Trace:
[ 70.860591][ T5126]
[ 70.863513][ T5126] dump_stack_lvl+0xd1/0x138
[ 70.868107][ T5126] should_fail_ex.cold+0x5/0xa
[ 70.872866][ T5126] should_failslab+0x9/0x20
[ 70.877369][ T5126] __kmem_cache_alloc_node+0x5b/0x330
[ 70.882733][ T5126] ? hfs_find_init+0x95/0x240
[ 70.887407][ T5126] ? hfs_find_init+0x95/0x240
[ 70.892082][ T5126] __kmalloc+0x4a/0xd0
[ 70.896154][ T5126] hfs_find_init+0x95/0x240
[ 70.900653][ T5126] hfs_ext_read_extent+0x18d/0xa20
[ 70.905761][ T5126] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 70.911295][ T5126] ? rcu_read_lock_sched_held+0x3e/0x70
[ 70.917093][ T5126] ? hfs_free_extents+0x2e0/0x2e0
[ 70.922118][ T5126] ? clean_bdev_aliases+0x4f9/0x600
[ 70.927312][ T5126] ? find_held_lock+0x2d/0x110
[ 70.932081][ T5126] hfs_extend_file+0x4b5/0xae0
[ 70.936841][ T5126] ? hfs_free_fork+0x920/0x920
[ 70.941609][ T5126] ? rcu_read_lock_sched_held+0x3e/0x70
[ 70.947171][ T5126] ? __mark_inode_dirty+0x32c/0x1250
[ 70.952478][ T5126] hfs_get_block+0x17f/0x820
[ 70.957101][ T5126] __block_write_begin_int+0x3bd/0x14b0
[ 70.962671][ T5126] ? hfs_extend_file+0xae0/0xae0
[ 70.967641][ T5126] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 70.973211][ T5126] ? PageHeadHuge+0x1a2/0x200
[ 70.977915][ T5126] ? hfs_extend_file+0xae0/0xae0
[ 70.982870][ T5126] block_write_begin+0xb9/0x4d0
[ 70.987745][ T5126] cont_write_begin+0x534/0x740
[ 70.992625][ T5126] ? hfs_extend_file+0xae0/0xae0
[ 70.997582][ T5126] ? block_write_begin+0x4d0/0x4d0
[ 71.002711][ T5126] ? fault_in_readable+0x179/0x290
[ 71.007847][ T5126] ? fault_in_subpage_writeable+0x20/0x20
[ 71.013594][ T5126] hfs_write_begin+0x87/0x150
[ 71.018288][ T5126] ? hfs_extend_file+0xae0/0xae0
[ 71.023252][ T5126] generic_perform_write+0x256/0x570
[ 71.028567][ T5126] ? folio_add_wait_queue+0x1c0/0x1c0
[ 71.033962][ T5126] ? new_inode+0x280/0x280
[ 71.038409][ T5126] ? generic_write_checks+0x2c0/0x400
[ 71.043815][ T5126] __generic_file_write_iter+0x2ae/0x500
[ 71.049481][ T5126] generic_file_write_iter+0xe3/0x350
[ 71.054882][ T5126] vfs_write+0x9ed/0xe10
[ 71.059147][ T5126] ? kernel_write+0x670/0x670
[ 71.063850][ T5126] ? find_held_lock+0x2d/0x110
[ 71.068649][ T5126] ? lock_downgrade+0x6e0/0x6e0
[ 71.073516][ T5126] ? __fget_light+0x20a/0x270
[ 71.078216][ T5126] ksys_write+0x12b/0x250
[ 71.082564][ T5126] ? __ia32_sys_read+0xb0/0xb0
[ 71.087345][ T5126] ? lockdep_hardirqs_on+0x7d/0x100
[ 71.092562][ T5126] ? _raw_spin_unlock_irq+0x2e/0x50
[ 71.097784][ T5126] ? ptrace_notify+0xfe/0x140
[ 71.102481][ T5126] do_syscall_64+0x39/0xb0
[ 71.106922][ T5126] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 71.112833][ T5126] RIP: 0033:0x7f1bf3baa9e9
[ 71.117617][ T5126] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid 5126] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5126] exit_group(0) = ?
[pid 5126] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5126, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c63620 /* 4 entries */, 32768) = 112
umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./48/binderfs") = 0
umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 71.137257][ T5126] RSP: 002b:00007ffe1572a138 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 71.145698][ T5126] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f1bf3baa9e9
[ 71.153684][ T5126] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 71.161666][ T5126] RBP: 00007ffe1572a160 R08: 0000000000000001 R09: 00007ffe1572a170
[ 71.169649][ T5126] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 71.177630][ T5126] R13: 00007ffe1572a1a0 R14: 00007ffe1572a180 R15: 0000000000000030
[ 71.185632][ T5126]
openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555c6b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555c6b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./48/file0") = 0
getdents64(3, 0x555555c63620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./48") = 0
mkdir("./49", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c625d0) = 5127
./strace-static-x86_64: Process 5127 attached
[pid 5127] chdir("./49") = 0
[pid 5127] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5127] setpgid(0, 0) = 0
[pid 5127] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5127] write(3, "1000", 4) = 4
[pid 5127] close(3) = 0
[pid 5127] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5127] memfd_create("syzkaller", 0) = 3
[pid 5127] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1beb75d000
[pid 5127] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5127] munmap(0x7f1beb75d000, 32768) = 0
[pid 5127] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5127] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5127] close(3) = 0
[pid 5127] mkdir("./file0", 0777) = 0
[pid 5127] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5127] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5127] chdir("./file0") = 0
[pid 5127] ioctl(4, LOOP_CLR_FD) = 0
[pid 5127] close(4) = 0
[pid 5127] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5127] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5127] write(5, "9", 1) = 1
[ 71.251247][ T5127] loop0: detected capacity change from 0 to 64
[ 71.284351][ T5127] FAULT_INJECTION: forcing a failure.
[ 71.284351][ T5127] name failslab, interval 1, probability 0, space 0, times 0
[ 71.297117][ T5127] CPU: 1 PID: 5127 Comm: syz-executor348 Not tainted 6.2.0-rc2-next-20230105-syzkaller #0
[ 71.307039][ T5127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 71.317100][ T5127] Call Trace:
[ 71.320374][ T5127]
[ 71.323301][ T5127] dump_stack_lvl+0xd1/0x138
[ 71.327898][ T5127] should_fail_ex.cold+0x5/0xa
[ 71.332677][ T5127] should_failslab+0x9/0x20
[ 71.337224][ T5127] __kmem_cache_alloc_node+0x5b/0x330
[ 71.342632][ T5127] ? hfs_find_init+0x95/0x240
[ 71.347324][ T5127] ? hfs_find_init+0x95/0x240
[ 71.352029][ T5127] __kmalloc+0x4a/0xd0
[ 71.356119][ T5127] hfs_find_init+0x95/0x240
[ 71.360651][ T5127] hfs_ext_read_extent+0x18d/0xa20
[ 71.365762][ T5127] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 71.371304][ T5127] ? hfs_free_extents+0x2e0/0x2e0
[ 71.376354][ T5127] ? clean_bdev_aliases+0x4f9/0x600
[ 71.381574][ T5127] hfs_extend_file+0x4b5/0xae0
[ 71.386365][ T5127] ? hfs_free_fork+0x920/0x920
[ 71.391156][ T5127] ? rcu_read_lock_sched_held+0x3e/0x70
[ 71.396697][ T5127] ? __mark_inode_dirty+0x32c/0x1250
[ 71.401999][ T5127] hfs_get_block+0x17f/0x820
[ 71.406621][ T5127] __block_write_begin_int+0x3bd/0x14b0
[ 71.412187][ T5127] ? hfs_extend_file+0xae0/0xae0
[ 71.417169][ T5127] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 71.422715][ T5127] ? PageHeadHuge+0x1a2/0x200
[ 71.427394][ T5127] ? hfs_extend_file+0xae0/0xae0
[ 71.432329][ T5127] block_write_begin+0xb9/0x4d0
[ 71.437184][ T5127] cont_write_begin+0x534/0x740
[ 71.442057][ T5127] ? hfs_extend_file+0xae0/0xae0
[ 71.447023][ T5127] ? block_write_begin+0x4d0/0x4d0
[ 71.452144][ T5127] ? fault_in_readable+0x179/0x290
[ 71.457265][ T5127] ? fault_in_subpage_writeable+0x20/0x20
[ 71.462985][ T5127] hfs_write_begin+0x87/0x150
[ 71.467673][ T5127] ? hfs_extend_file+0xae0/0xae0
[ 71.472638][ T5127] generic_perform_write+0x256/0x570
[ 71.477928][ T5127] ? folio_add_wait_queue+0x1c0/0x1c0
[ 71.483310][ T5127] ? new_inode+0x280/0x280
[ 71.487787][ T5127] ? generic_write_checks+0x2c0/0x400
[ 71.493204][ T5127] __generic_file_write_iter+0x2ae/0x500
[ 71.498891][ T5127] generic_file_write_iter+0xe3/0x350
[ 71.504294][ T5127] vfs_write+0x9ed/0xe10
[ 71.508538][ T5127] ? kernel_write+0x670/0x670
[ 71.513231][ T5127] ? find_held_lock+0x2d/0x110
[ 71.518240][ T5127] ? lock_downgrade+0x6e0/0x6e0
[ 71.523086][ T5127] ? __fget_light+0x20a/0x270
[ 71.527789][ T5127] ksys_write+0x12b/0x250
[ 71.532130][ T5127] ? __ia32_sys_read+0xb0/0xb0
[ 71.536920][ T5127] ? lockdep_hardirqs_on+0x7d/0x100
[ 71.542128][ T5127] ? _raw_spin_unlock_irq+0x2e/0x50
[ 71.547350][ T5127] ? ptrace_notify+0xfe/0x140
[ 71.552028][ T5127] do_syscall_64+0x39/0xb0
[ 71.556463][ T5127] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 71.562393][ T5127] RIP: 0033:0x7f1bf3baa9e9
[ 71.566823][ T5127] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 71.586436][ T5127] RSP: 002b:00007ffe1572a138 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 71.594887][ T5127] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f1bf3baa9e9
[pid 5127] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5127] exit_group(0) = ?
[pid 5127] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5127, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c63620 /* 4 entries */, 32768) = 112
umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./49/binderfs") = 0
umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555c6b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555c6b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./49/file0") = 0
getdents64(3, 0x555555c63620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./49") = 0
mkdir("./50", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c625d0) = 5128
./strace-static-x86_64: Process 5128 attached
[ 71.602876][ T5127] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 71.610843][ T5127] RBP: 00007ffe1572a160 R08: 0000000000000001 R09: 00007ffe1572a170
[ 71.619087][ T5127] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 71.627074][ T5127] R13: 00007ffe1572a1a0 R14: 00007ffe1572a180 R15: 0000000000000031
[ 71.635063][ T5127]
[pid 5128] chdir("./50") = 0
[pid 5128] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5128] setpgid(0, 0) = 0
[pid 5128] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5128] write(3, "1000", 4) = 4
[pid 5128] close(3) = 0
[pid 5128] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5128] memfd_create("syzkaller", 0) = 3
[pid 5128] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1beb75d000
[pid 5128] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5128] munmap(0x7f1beb75d000, 32768) = 0
[pid 5128] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5128] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5128] close(3) = 0
[pid 5128] mkdir("./file0", 0777) = 0
[pid 5128] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5128] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5128] chdir("./file0") = 0
[pid 5128] ioctl(4, LOOP_CLR_FD) = 0
[pid 5128] close(4) = 0
[pid 5128] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5128] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5128] write(5, "9", 1) = 1
[ 71.695242][ T5128] loop0: detected capacity change from 0 to 64
[ 71.722507][ T5128] FAULT_INJECTION: forcing a failure.
[ 71.722507][ T5128] name failslab, interval 1, probability 0, space 0, times 0
[ 71.735565][ T5128] CPU: 0 PID: 5128 Comm: syz-executor348 Not tainted 6.2.0-rc2-next-20230105-syzkaller #0
[ 71.745483][ T5128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 71.755536][ T5128] Call Trace:
[ 71.758813][ T5128]
[ 71.761740][ T5128] dump_stack_lvl+0xd1/0x138
[ 71.766334][ T5128] should_fail_ex.cold+0x5/0xa
[ 71.771120][ T5128] should_failslab+0x9/0x20
[ 71.775673][ T5128] __kmem_cache_alloc_node+0x5b/0x330
[ 71.781072][ T5128] ? hfs_find_init+0x95/0x240
[ 71.785749][ T5128] ? hfs_find_init+0x95/0x240
[ 71.790440][ T5128] __kmalloc+0x4a/0xd0
[ 71.794543][ T5128] hfs_find_init+0x95/0x240
[ 71.799062][ T5128] hfs_ext_read_extent+0x18d/0xa20
[ 71.804198][ T5128] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 71.809741][ T5128] ? hfs_free_extents+0x2e0/0x2e0
[ 71.814768][ T5128] ? clean_bdev_aliases+0x4f9/0x600
[ 71.819971][ T5128] hfs_extend_file+0x4b5/0xae0
[ 71.824737][ T5128] ? hfs_free_fork+0x920/0x920
[ 71.829515][ T5128] ? rcu_read_lock_sched_held+0x3e/0x70
[ 71.835074][ T5128] ? __mark_inode_dirty+0x32c/0x1250
[ 71.840389][ T5128] hfs_get_block+0x17f/0x820
[ 71.845007][ T5128] __block_write_begin_int+0x3bd/0x14b0
[ 71.850604][ T5128] ? hfs_extend_file+0xae0/0xae0
[ 71.855574][ T5128] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 71.861154][ T5128] ? PageHeadHuge+0x1a2/0x200
[ 71.865838][ T5128] ? hfs_extend_file+0xae0/0xae0
[ 71.870787][ T5128] block_write_begin+0xb9/0x4d0
[ 71.875666][ T5128] cont_write_begin+0x534/0x740
[ 71.880541][ T5128] ? hfs_extend_file+0xae0/0xae0
[ 71.885505][ T5128] ? block_write_begin+0x4d0/0x4d0
[ 71.890623][ T5128] ? fault_in_readable+0x179/0x290
[ 71.895761][ T5128] ? fault_in_subpage_writeable+0x20/0x20
[ 71.901483][ T5128] hfs_write_begin+0x87/0x150
[ 71.906168][ T5128] ? hfs_extend_file+0xae0/0xae0
[ 71.911132][ T5128] generic_perform_write+0x256/0x570
[ 71.916442][ T5128] ? folio_add_wait_queue+0x1c0/0x1c0
[ 71.921840][ T5128] ? new_inode+0x280/0x280
[ 71.926287][ T5128] ? generic_write_checks+0x2c0/0x400
[ 71.931700][ T5128] __generic_file_write_iter+0x2ae/0x500
[ 71.937341][ T5128] generic_file_write_iter+0xe3/0x350
[ 71.942736][ T5128] vfs_write+0x9ed/0xe10
[ 71.946981][ T5128] ? kernel_write+0x670/0x670
[ 71.951666][ T5128] ? find_held_lock+0x2d/0x110
[ 71.956456][ T5128] ? lock_downgrade+0x6e0/0x6e0
[ 71.961326][ T5128] ? __fget_light+0x20a/0x270
[ 71.966004][ T5128] ksys_write+0x12b/0x250
[ 71.970342][ T5128] ? __ia32_sys_read+0xb0/0xb0
[ 71.975124][ T5128] ? lockdep_hardirqs_on+0x7d/0x100
[ 71.980356][ T5128] ? _raw_spin_unlock_irq+0x2e/0x50
[ 71.985557][ T5128] ? ptrace_notify+0xfe/0x140
[ 71.990239][ T5128] do_syscall_64+0x39/0xb0
[ 71.994658][ T5128] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 72.000560][ T5128] RIP: 0033:0x7f1bf3baa9e9
[ 72.005000][ T5128] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 72.024628][ T5128] RSP: 002b:00007ffe1572a138 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 72.033039][ T5128] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f1bf3baa9e9
[pid 5128] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5128] exit_group(0) = ?
[pid 5128] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5128, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c63620 /* 4 entries */, 32768) = 112
umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./50/binderfs") = 0
umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555c6b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555c6b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./50/file0") = 0
getdents64(3, 0x555555c63620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./50") = 0
mkdir("./51", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c625d0) = 5129
./strace-static-x86_64: Process 5129 attached
[pid 5129] chdir("./51") = 0
[pid 5129] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5129] setpgid(0, 0) = 0
[pid 5129] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5129] write(3, "1000", 4) = 4
[pid 5129] close(3) = 0
[pid 5129] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5129] memfd_create("syzkaller", 0) = 3
[pid 5129] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1beb75d000
[pid 5129] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5129] munmap(0x7f1beb75d000, 32768) = 0
[ 72.041004][ T5128] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 72.048978][ T5128] RBP: 00007ffe1572a160 R08: 0000000000000001 R09: 00007ffe1572a170
[ 72.056970][ T5128] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 72.064952][ T5128] R13: 00007ffe1572a1a0 R14: 00007ffe1572a180 R15: 0000000000000032
[ 72.072952][ T5128]
[pid 5129] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5129] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5129] close(3) = 0
[pid 5129] mkdir("./file0", 0777) = 0
[pid 5129] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5129] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5129] chdir("./file0") = 0
[pid 5129] ioctl(4, LOOP_CLR_FD) = 0
[pid 5129] close(4) = 0
[pid 5129] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5129] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5129] write(5, "9", 1) = 1
[pid 5129] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5129] exit_group(0) = ?
[pid 5129] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5129, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c63620 /* 4 entries */, 32768) = 112
umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./51/binderfs") = 0
umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555c6b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555c6b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./51/file0") = 0
getdents64(3, 0x555555c63620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./51") = 0
mkdir("./52", 0777) = 0
[ 72.115329][ T5129] loop0: detected capacity change from 0 to 64
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c625d0) = 5130
./strace-static-x86_64: Process 5130 attached
[pid 5130] chdir("./52") = 0
[pid 5130] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5130] setpgid(0, 0) = 0
[pid 5130] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5130] write(3, "1000", 4) = 4
[pid 5130] close(3) = 0
[pid 5130] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5130] memfd_create("syzkaller", 0) = 3
[pid 5130] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1beb75d000
[pid 5130] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5130] munmap(0x7f1beb75d000, 32768) = 0
[pid 5130] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5130] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5130] close(3) = 0
[pid 5130] mkdir("./file0", 0777) = 0
[pid 5130] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5130] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5130] chdir("./file0") = 0
[pid 5130] ioctl(4, LOOP_CLR_FD) = 0
[pid 5130] close(4) = 0
[pid 5130] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5130] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5130] write(5, "9", 1) = 1
[ 72.188154][ T5130] loop0: detected capacity change from 0 to 64
[ 72.219485][ T5130] FAULT_INJECTION: forcing a failure.
[ 72.219485][ T5130] name failslab, interval 1, probability 0, space 0, times 0
[ 72.232476][ T5130] CPU: 1 PID: 5130 Comm: syz-executor348 Not tainted 6.2.0-rc2-next-20230105-syzkaller #0
[ 72.242403][ T5130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 72.252479][ T5130] Call Trace:
[ 72.255765][ T5130]
[ 72.258688][ T5130] dump_stack_lvl+0xd1/0x138
[ 72.263282][ T5130] should_fail_ex.cold+0x5/0xa
[ 72.268060][ T5130] should_failslab+0x9/0x20
[ 72.272592][ T5130] __kmem_cache_alloc_node+0x5b/0x330
[ 72.277972][ T5130] ? __hfs_bnode_create+0x107/0x800
[ 72.283200][ T5130] ? __hfs_bnode_create+0x107/0x800
[ 72.288402][ T5130] __kmalloc+0x4a/0xd0
[ 72.292493][ T5130] __hfs_bnode_create+0x107/0x800
[ 72.297592][ T5130] ? memcpy_to_page+0x80/0x80
[ 72.302280][ T5130] ? lock_downgrade+0x6e0/0x6e0
[ 72.307157][ T5130] ? do_raw_spin_lock+0x124/0x2b0
[ 72.312184][ T5130] ? rwlock_bug.part.0+0x90/0x90
[ 72.317142][ T5130] ? lock_acquire+0x32/0xc0
[ 72.321637][ T5130] ? hfs_bnode_find+0x9b/0xc50
[ 72.326406][ T5130] hfs_bnode_find+0x40f/0xc50
[ 72.331114][ T5130] ? is_bpf_text_address+0x9d/0x1b0
[ 72.336319][ T5130] ? kernel_text_address+0x3d/0x80
[ 72.341440][ T5130] ? hfs_bnode_put.part.0+0x280/0x280
[ 72.346811][ T5130] ? __lock_acquire+0x166e/0x56d0
[ 72.351848][ T5130] ? hfs_bmap_reserve+0x2b9/0x380
[ 72.356888][ T5130] hfs_bmap_alloc+0x102/0x5b0
[ 72.361570][ T5130] ? hfs_bmap_reserve+0x380/0x380
[ 72.366625][ T5130] hfs_btree_inc_height.isra.0+0xe6/0x950
[ 72.372376][ T5130] ? hfs_bnode_split+0xda0/0xda0
[ 72.377318][ T5130] ? rcu_read_lock_sched_held+0x3e/0x70
[ 72.382873][ T5130] ? trace_contention_end+0x173/0x1e0
[ 72.388251][ T5130] hfs_brec_insert+0x983/0xbb0
[ 72.393015][ T5130] ? hfs_find_init+0x182/0x240
[ 72.397793][ T5130] ? hfs_brec_find+0x3df/0x4e0
[ 72.402580][ T5130] ? hfs_brec_keylen+0x390/0x390
[ 72.407531][ T5130] ? hfs_bmap_reserve+0x2b9/0x380
[ 72.412587][ T5130] __hfs_ext_write_extent+0x3ec/0x510
[ 72.417960][ T5130] hfs_ext_read_extent+0x81c/0xa20
[ 72.423073][ T5130] ? hfs_free_extents+0x2e0/0x2e0
[ 72.428101][ T5130] ? clean_bdev_aliases+0x4f9/0x600
[ 72.433327][ T5130] hfs_extend_file+0x4b5/0xae0
[ 72.438120][ T5130] ? hfs_free_fork+0x920/0x920
[ 72.442888][ T5130] ? rcu_read_lock_sched_held+0x3e/0x70
[ 72.448433][ T5130] ? __mark_inode_dirty+0x32c/0x1250
[ 72.453718][ T5130] hfs_get_block+0x17f/0x820
[ 72.458311][ T5130] __block_write_begin_int+0x3bd/0x14b0
[ 72.463863][ T5130] ? hfs_extend_file+0xae0/0xae0
[ 72.468806][ T5130] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 72.474375][ T5130] ? PageHeadHuge+0x1a2/0x200
[ 72.479075][ T5130] ? hfs_extend_file+0xae0/0xae0
[ 72.484037][ T5130] block_write_begin+0xb9/0x4d0
[ 72.488907][ T5130] cont_write_begin+0x534/0x740
[ 72.493788][ T5130] ? hfs_extend_file+0xae0/0xae0
[ 72.498725][ T5130] ? block_write_begin+0x4d0/0x4d0
[ 72.503860][ T5130] ? fault_in_readable+0x179/0x290
[ 72.508990][ T5130] ? fault_in_subpage_writeable+0x20/0x20
[ 72.514756][ T5130] hfs_write_begin+0x87/0x150
[ 72.519458][ T5130] ? hfs_extend_file+0xae0/0xae0
[ 72.524399][ T5130] generic_perform_write+0x256/0x570
[ 72.529689][ T5130] ? folio_add_wait_queue+0x1c0/0x1c0
[ 72.535064][ T5130] ? new_inode+0x280/0x280
[ 72.539486][ T5130] ? generic_write_checks+0x2c0/0x400
[ 72.544882][ T5130] __generic_file_write_iter+0x2ae/0x500
[ 72.550545][ T5130] generic_file_write_iter+0xe3/0x350
[ 72.555984][ T5130] vfs_write+0x9ed/0xe10
[ 72.560269][ T5130] ? kernel_write+0x670/0x670
[ 72.564979][ T5130] ? find_held_lock+0x2d/0x110
[ 72.569752][ T5130] ? lock_downgrade+0x6e0/0x6e0
[ 72.574611][ T5130] ? __fget_light+0x20a/0x270
[ 72.579318][ T5130] ksys_write+0x12b/0x250
[ 72.583646][ T5130] ? __ia32_sys_read+0xb0/0xb0
[ 72.588405][ T5130] ? lockdep_hardirqs_on+0x7d/0x100
[ 72.593601][ T5130] ? _raw_spin_unlock_irq+0x2e/0x50
[ 72.598813][ T5130] ? ptrace_notify+0xfe/0x140
[ 72.603515][ T5130] do_syscall_64+0x39/0xb0
[ 72.607935][ T5130] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 72.613845][ T5130] RIP: 0033:0x7f1bf3baa9e9
[ 72.618255][ T5130] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 72.637856][ T5130] RSP: 002b:00007ffe1572a138 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 72.646266][ T5130] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f1bf3baa9e9
[ 72.654238][ T5130] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 72.662244][ T5130] RBP: 00007ffe1572a160 R08: 0000000000000001 R09: 00007ffe1572a170
[ 72.670209][ T5130] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 72.678184][ T5130] R13: 00007ffe1572a1a0 R14: 00007ffe1572a180 R15: 0000000000000034
[ 72.686184][ T5130]
[ 72.689828][ T5130] hfs: new node 0 already hashed?
[ 72.695196][ T5130] ------------[ cut here ]------------
[ 72.700833][ T5130] WARNING: CPU: 1 PID: 5130 at fs/hfs/bnode.c:422 hfs_bnode_create.cold+0x1c/0x44
[ 72.710197][ T5130] Modules linked in:
[ 72.714108][ T5130] CPU: 1 PID: 5130 Comm: syz-executor348 Not tainted 6.2.0-rc2-next-20230105-syzkaller #0
[ 72.724068][ T5130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 72.734485][ T5130] RIP: 0010:hfs_bnode_create.cold+0x1c/0x44
[ 72.740479][ T5130] Code: e0 86 66 8a e8 ec e5 fb ff e9 f9 f0 87 f8 e8 9b ea bf f7 4c 89 f7 e8 83 39 45 00 44 89 ee 48 c7 c7 20 87 66 8a e8 cb e5 fb ff <0f> 0b e9 06 f8 87 f8 e8 78 ea bf f7 44 89 ee 48 c7 c7 60 85 66 8a
[ 72.760161][ T5130] RSP: 0018:ffffc90003bbf358 EFLAGS: 00010282
[ 72.766241][ T5130] RAX: 000000000000001f RBX: dffffc0000000000 RCX: 0000000000000000
[ 72.774277][ T5130] RDX: ffff888018b58000 RSI: ffffffff81668bec RDI: fffff52000777e5d
[ 72.782302][ T5130] RBP: ffff88802acec000 R08: 000000000000001f R09: 0000000000000000
[ 72.790322][ T5130] R10: 0000000080000000 R11: 0000000000000000 R12: ffff88801d2ac700
[ 72.798352][ T5130] R13: 0000000000000000 R14: ffff88802acec0e0 R15: 0000000000000000
[ 72.806396][ T5130] FS: 0000555555c62300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[ 72.815412][ T5130] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 72.822079][ T5130] CR2: 0000000020008000 CR3: 000000002a82e000 CR4: 00000000003506e0
[ 72.830130][ T5130] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 72.838122][ T5130] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 72.846178][ T5130] Call Trace:
[ 72.849515][ T5130]
[ 72.852480][ T5130] hfs_bmap_alloc+0x51b/0x5b0
[ 72.857190][ T5130] ? hfs_bmap_reserve+0x380/0x380
[ 72.862670][ T5130] ? hfs_bnode_put.part.0+0x1e0/0x280
[ 72.868082][ T5130] ? lock_downgrade+0x6e0/0x6e0
[ 72.873028][ T5130] hfs_btree_inc_height.isra.0+0xe6/0x950
[ 72.878792][ T5130] ? hfs_bnode_split+0xda0/0xda0
[ 72.883797][ T5130] ? do_raw_spin_unlock+0x175/0x230
[ 72.889066][ T5130] ? _raw_spin_unlock+0x28/0x40
[ 72.893923][ T5130] ? hfs_bnode_put.part.0+0x1e0/0x280
[ 72.899354][ T5130] hfs_brec_insert+0x851/0xbb0
[ 72.904175][ T5130] ? hfs_brec_keylen+0x390/0x390
[ 72.909193][ T5130] ? hfs_bmap_reserve+0x2b9/0x380
[ 72.914267][ T5130] __hfs_ext_write_extent+0x3ec/0x510
[ 72.919745][ T5130] hfs_ext_read_extent+0x81c/0xa20
[ 72.924891][ T5130] ? hfs_free_extents+0x2e0/0x2e0
[ 72.929991][ T5130] ? clean_bdev_aliases+0x4f9/0x600
[ 72.935222][ T5130] hfs_extend_file+0x4b5/0xae0
[ 72.940051][ T5130] ? hfs_free_fork+0x920/0x920
[ 72.944863][ T5130] ? rcu_read_lock_sched_held+0x3e/0x70
[ 72.950502][ T5130] ? __mark_inode_dirty+0x32c/0x1250
[ 72.955817][ T5130] hfs_get_block+0x17f/0x820
[ 72.960467][ T5130] __block_write_begin_int+0x3bd/0x14b0
[ 72.966047][ T5130] ? hfs_extend_file+0xae0/0xae0
[ 72.971069][ T5130] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 72.976662][ T5130] ? PageHeadHuge+0x1a2/0x200
[ 72.981422][ T5130] ? hfs_extend_file+0xae0/0xae0
[ 72.986423][ T5130] block_write_begin+0xb9/0x4d0
[ 72.991347][ T5130] cont_write_begin+0x534/0x740
[ 72.996233][ T5130] ? hfs_extend_file+0xae0/0xae0
[ 73.001243][ T5130] ? block_write_begin+0x4d0/0x4d0
[ 73.006390][ T5130] ? fault_in_readable+0x179/0x290
[ 73.011592][ T5130] ? fault_in_subpage_writeable+0x20/0x20
[ 73.017343][ T5130] hfs_write_begin+0x87/0x150
[ 73.022073][ T5130] ? hfs_extend_file+0xae0/0xae0
[ 73.027058][ T5130] generic_perform_write+0x256/0x570
[ 73.032423][ T5130] ? folio_add_wait_queue+0x1c0/0x1c0
[ 73.037825][ T5130] ? new_inode+0x280/0x280
[ 73.042307][ T5130] ? generic_write_checks+0x2c0/0x400
[ 73.047714][ T5130] __generic_file_write_iter+0x2ae/0x500
[ 73.053429][ T5130] generic_file_write_iter+0xe3/0x350
[ 73.058848][ T5130] vfs_write+0x9ed/0xe10
[ 73.063158][ T5130] ? kernel_write+0x670/0x670
[ 73.067864][ T5130] ? find_held_lock+0x2d/0x110
[ 73.072712][ T5130] ? lock_downgrade+0x6e0/0x6e0
[ 73.077589][ T5130] ? __fget_light+0x20a/0x270
[ 73.082324][ T5130] ksys_write+0x12b/0x250
[ 73.086681][ T5130] ? __ia32_sys_read+0xb0/0xb0
[ 73.091516][ T5130] ? lockdep_hardirqs_on+0x7d/0x100
[ 73.096751][ T5130] ? _raw_spin_unlock_irq+0x2e/0x50
[ 73.102046][ T5130] ? ptrace_notify+0xfe/0x140
[ 73.106782][ T5130] do_syscall_64+0x39/0xb0
[ 73.111309][ T5130] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 73.117227][ T5130] RIP: 0033:0x7f1bf3baa9e9
[ 73.121701][ T5130] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 73.141386][ T5130] RSP: 002b:00007ffe1572a138 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 73.149873][ T5130] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f1bf3baa9e9
[ 73.157862][ T5130] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 73.165882][ T5130] RBP: 00007ffe1572a160 R08: 0000000000000001 R09: 00007ffe1572a170
[ 73.173913][ T5130] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 73.181939][ T5130] R13: 00007ffe1572a1a0 R14: 00007ffe1572a180 R15: 0000000000000034
[ 73.189991][ T5130]
[ 73.193012][ T5130] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 73.200285][ T5130] CPU: 1 PID: 5130 Comm: syz-executor348 Not tainted 6.2.0-rc2-next-20230105-syzkaller #0
[ 73.210178][ T5130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 73.220255][ T5130] Call Trace:
[ 73.223548][ T5130]
[ 73.226470][ T5130] dump_stack_lvl+0xd1/0x138
[ 73.231062][ T5130] panic+0x2cc/0x626
[ 73.234969][ T5130] ? panic_print_sys_info.part.0+0x110/0x110
[ 73.240991][ T5130] ? hfs_bnode_create.cold+0x1c/0x44
[ 73.246292][ T5130] check_panic_on_warn.cold+0x19/0x35
[ 73.251708][ T5130] __warn+0xf2/0x1a0
[ 73.255629][ T5130] ? hfs_bnode_create.cold+0x1c/0x44
[ 73.260936][ T5130] report_bug+0x1c0/0x210
[ 73.265291][ T5130] handle_bug+0x3c/0x70
[ 73.269471][ T5130] exc_invalid_op+0x18/0x50
[ 73.274002][ T5130] asm_exc_invalid_op+0x1a/0x20
[ 73.278872][ T5130] RIP: 0010:hfs_bnode_create.cold+0x1c/0x44
[ 73.284790][ T5130] Code: e0 86 66 8a e8 ec e5 fb ff e9 f9 f0 87 f8 e8 9b ea bf f7 4c 89 f7 e8 83 39 45 00 44 89 ee 48 c7 c7 20 87 66 8a e8 cb e5 fb ff <0f> 0b e9 06 f8 87 f8 e8 78 ea bf f7 44 89 ee 48 c7 c7 60 85 66 8a
[ 73.304413][ T5130] RSP: 0018:ffffc90003bbf358 EFLAGS: 00010282
[ 73.310497][ T5130] RAX: 000000000000001f RBX: dffffc0000000000 RCX: 0000000000000000
[ 73.318481][ T5130] RDX: ffff888018b58000 RSI: ffffffff81668bec RDI: fffff52000777e5d
[ 73.326465][ T5130] RBP: ffff88802acec000 R08: 000000000000001f R09: 0000000000000000
[ 73.334447][ T5130] R10: 0000000080000000 R11: 0000000000000000 R12: ffff88801d2ac700
[ 73.342428][ T5130] R13: 0000000000000000 R14: ffff88802acec0e0 R15: 0000000000000000
[ 73.350427][ T5130] ? vprintk+0x8c/0xa0
[ 73.354526][ T5130] ? hfs_bnode_create.cold+0x1c/0x44
[ 73.359838][ T5130] hfs_bmap_alloc+0x51b/0x5b0
[ 73.364545][ T5130] ? hfs_bmap_reserve+0x380/0x380
[ 73.369604][ T5130] ? hfs_bnode_put.part.0+0x1e0/0x280
[ 73.375004][ T5130] ? lock_downgrade+0x6e0/0x6e0
[ 73.379878][ T5130] hfs_btree_inc_height.isra.0+0xe6/0x950
[ 73.385621][ T5130] ? hfs_bnode_split+0xda0/0xda0
[ 73.390590][ T5130] ? do_raw_spin_unlock+0x175/0x230
[ 73.395807][ T5130] ? _raw_spin_unlock+0x28/0x40
[ 73.400676][ T5130] ? hfs_bnode_put.part.0+0x1e0/0x280
[ 73.406074][ T5130] hfs_brec_insert+0x851/0xbb0
[ 73.410870][ T5130] ? hfs_brec_keylen+0x390/0x390
[ 73.415825][ T5130] ? hfs_bmap_reserve+0x2b9/0x380
[ 73.420877][ T5130] __hfs_ext_write_extent+0x3ec/0x510
[ 73.426276][ T5130] hfs_ext_read_extent+0x81c/0xa20
[ 73.431414][ T5130] ? hfs_free_extents+0x2e0/0x2e0
[ 73.436465][ T5130] ? clean_bdev_aliases+0x4f9/0x600
[ 73.441697][ T5130] hfs_extend_file+0x4b5/0xae0
[ 73.446485][ T5130] ? hfs_free_fork+0x920/0x920
[ 73.451272][ T5130] ? rcu_read_lock_sched_held+0x3e/0x70
[ 73.456834][ T5130] ? __mark_inode_dirty+0x32c/0x1250
[ 73.462142][ T5130] hfs_get_block+0x17f/0x820
[ 73.466761][ T5130] __block_write_begin_int+0x3bd/0x14b0
[ 73.472338][ T5130] ? hfs_extend_file+0xae0/0xae0
[ 73.477306][ T5130] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 73.482874][ T5130] ? PageHeadHuge+0x1a2/0x200
[ 73.487577][ T5130] ? hfs_extend_file+0xae0/0xae0
[ 73.492556][ T5130] block_write_begin+0xb9/0x4d0
[ 73.497444][ T5130] cont_write_begin+0x534/0x740
[ 73.502337][ T5130] ? hfs_extend_file+0xae0/0xae0
[ 73.507305][ T5130] ? block_write_begin+0x4d0/0x4d0
[ 73.512446][ T5130] ? fault_in_readable+0x179/0x290
[ 73.517592][ T5130] ? fault_in_subpage_writeable+0x20/0x20
[ 73.523342][ T5130] hfs_write_begin+0x87/0x150
[ 73.528044][ T5130] ? hfs_extend_file+0xae0/0xae0
[ 73.533011][ T5130] generic_perform_write+0x256/0x570
[ 73.538326][ T5130] ? folio_add_wait_queue+0x1c0/0x1c0
[ 73.543719][ T5130] ? new_inode+0x280/0x280
[ 73.548166][ T5130] ? generic_write_checks+0x2c0/0x400
[ 73.553569][ T5130] __generic_file_write_iter+0x2ae/0x500
[ 73.559239][ T5130] generic_file_write_iter+0xe3/0x350
[ 73.564640][ T5130] vfs_write+0x9ed/0xe10
[ 73.568908][ T5130] ? kernel_write+0x670/0x670
[ 73.573609][ T5130] ? find_held_lock+0x2d/0x110
[ 73.578408][ T5130] ? lock_downgrade+0x6e0/0x6e0
[ 73.583275][ T5130] ? __fget_light+0x20a/0x270
[ 73.587974][ T5130] ksys_write+0x12b/0x250
[ 73.592337][ T5130] ? __ia32_sys_read+0xb0/0xb0
[ 73.597126][ T5130] ? lockdep_hardirqs_on+0x7d/0x100
[ 73.602346][ T5130] ? _raw_spin_unlock_irq+0x2e/0x50
[ 73.607577][ T5130] ? ptrace_notify+0xfe/0x140
[ 73.612290][ T5130] do_syscall_64+0x39/0xb0
[ 73.616751][ T5130] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 73.622667][ T5130] RIP: 0033:0x7f1bf3baa9e9
[ 73.627099][ T5130] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 73.646726][ T5130] RSP: 002b:00007ffe1572a138 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 73.655156][ T5130] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f1bf3baa9e9
[ 73.663138][ T5130] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 73.671120][ T5130] RBP: 00007ffe1572a160 R08: 0000000000000001 R09: 00007ffe1572a170
[ 73.679104][ T5130] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 73.687086][ T5130] R13: 00007ffe1572a1a0 R14: 00007ffe1572a180 R15: 0000000000000034
[ 73.695088][ T5130]
[ 73.698306][ T5130] Kernel Offset: disabled
[ 73.702704][ T5130] Rebooting in 86400 seconds..