./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2542490559

<...>
Warning: Permanently added '10.128.1.17' (ECDSA) to the list of known hosts.
execve("./syz-executor2542490559", ["./syz-executor2542490559"], 0x7ffecf271150 /* 10 vars */) = 0
brk(NULL)                               = 0x555556efd000
brk(0x555556efdc40)                     = 0x555556efdc40
arch_prctl(ARCH_SET_FS, 0x555556efd300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
set_tid_address(0x555556efd5d0)         = 374
set_robust_list(0x555556efd5e0, 24)     = 0
rt_sigaction(SIGRTMIN, {sa_handler=0x7fa0f8113bb0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7fa0f8114280}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=0x7fa0f8113c50, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa0f8114280}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor2542490559", 4096) = 28
brk(0x555556f1ec40)                     = 0x555556f1ec40
brk(0x555556f1f000)                     = 0x555556f1f000
mprotect(0x7fa0f81d5000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
getpid()                                = 374
openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3
write(3, "10000000000", 11)             = 11
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3
write(3, "20", 2)                       = 2
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
fstat(1, {st_mode=S_IFIFO|0600, st_size=0, ...}) = 0
openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
write(3, "100", 3)                      = 3
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3
write(3, "7 4 1 3", 7)                  = 7
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3
write(3, "374", 3)                      = 3
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556efd5d0) = 375
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556efd5d0) = 376
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556efd5d0) = 377
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556efd5d0) = 378
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556efd5d0) = 379
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556efd5d0) = 380
./strace-static-x86_64: Process 380 attached
[pid   380] set_robust_list(0x555556efd5e0, 24) = 0
[pid   380] getpid()                    = 380
[pid   380] mkdir("./syzkaller.CdVCrV", 0700) = 0
./strace-static-x86_64: Process 378 attached
[pid   378] set_robust_list(0x555556efd5e0, 24) = 0
[pid   378] getpid()                    = 378
[pid   378] mkdir("./syzkaller.97ndIK", 0700) = 0
[pid   380] chmod("./syzkaller.CdVCrV", 0777) = 0
[pid   380] chdir("./syzkaller.CdVCrV") = 0
[pid   380] mkdir("./0", 0777 <unfinished ...>
[pid   378] chmod("./syzkaller.97ndIK", 0777) = 0
[pid   380] <... mkdir resumed>)        = 0
[pid   378] chdir("./syzkaller.97ndIK") = 0
[pid   378] mkdir("./0", 0777)          = 0
[pid   380] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3
[pid   378] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3
[pid   378] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
./strace-static-x86_64: Process 375 attached
[pid   378] close(3 <unfinished ...>
[pid   375] set_robust_list(0x555556efd5e0, 24 <unfinished ...>
[pid   378] <... close resumed>)        = 0
[pid   378] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   375] <... set_robust_list resumed>) = 0
[pid   375] getpid( <unfinished ...>
[pid   380] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   380] close(3)                    = 0
[pid   380] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   375] <... getpid resumed>)       = 375
[pid   375] mkdir("./syzkaller.2ugA2z", 0700) = 0
[pid   378] <... clone resumed>, child_tidptr=0x555556efd5d0) = 381
[pid   380] <... clone resumed>, child_tidptr=0x555556efd5d0) = 382
[pid   375] chmod("./syzkaller.2ugA2z", 0777) = 0
[pid   375] chdir("./syzkaller.2ugA2z") = 0
[pid   375] mkdir("./0", 0777)          = 0
[pid   375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid   375] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   375] close(3)                    = 0
[pid   375] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556efd5d0) = 383
./strace-static-x86_64: Process 382 attached
[pid   382] set_robust_list(0x555556efd5e0, 24) = 0
[pid   382] chdir("./0")                = 0
[pid   382] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   382] setpgid(0, 0)               = 0
[pid   382] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 383 attached
) = 3
[pid   383] set_robust_list(0x555556efd5e0, 24) = 0
[pid   383] chdir("./0")                = 0
[pid   383] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   383] setpgid(0, 0)               = 0
[pid   383] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   382] write(3, "1000", 4)         = 4
[pid   382] close(3)                    = 0
[pid   382] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid   383] write(3, "1000", 4 <unfinished ...>
[pid   382] <... symlink resumed>)      = 0
[pid   383] <... write resumed>)        = 4
[pid   383] close(3)                    = 0
[pid   383] symlink("/dev/binderfs", "./binderfs") = 0
[pid   383] futex(0x7fa0f81db48c, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   383] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa0f80e3000
[pid   383] mprotect(0x7fa0f80e4000, 131072, PROT_READ|PROT_WRITE) = 0
[pid   383] clone(child_stack=0x7fa0f81033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID <unfinished ...>
[pid   382] futex(0x7fa0f81db48c, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   382] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa0f80e3000
[pid   382] mprotect(0x7fa0f80e4000, 131072, PROT_READ|PROT_WRITE) = 0
[pid   382] clone(child_stack=0x7fa0f81033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID <unfinished ...>
[pid   383] <... clone resumed>, parent_tid=[384], tls=0x7fa0f8103700, child_tidptr=0x7fa0f81039d0) = 384
[pid   383] futex(0x7fa0f81db488, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   383] futex(0x7fa0f81db48c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid   382] <... clone resumed>, parent_tid=[385], tls=0x7fa0f8103700, child_tidptr=0x7fa0f81039d0) = 385
[pid   382] futex(0x7fa0f81db488, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   382] futex(0x7fa0f81db48c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 385 attached
 <unfinished ...>
[pid   385] set_robust_list(0x7fa0f81039e0, 24) = 0
[pid   385] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3
[pid   385] write(3, "83", 2)           = 2
[pid   385] memfd_create("syzkaller", 0) = 4
[pid   385] ftruncate(4, 8192)          = 0
[pid   385] pwrite64(4, "\xe2\xe1\xf5\xe0\x23\x0f\xf4\xf2\x03\x00\x00\x00\x0c\x00\x24\x00\x07\x00\x00\x00\x00\x00\x00\x00\xe8\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x10\xd8\x67\x50\x9b\x47\x14\x8a\xd8\x10\x42\xe6\xb0\xcb\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2112, 1024) = 2112
[pid   385] pwrite64(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x01\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x32\x50\x00\x00\x00\x00\x00", 64, 8128) = 64
[pid   385] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 5
[pid   385] ioctl(5, LOOP_SET_FD, 4)    = 0
[pid   385] mkdir("./file0", 0777)      = 0
[   24.428983][   T26] audit: type=1400 audit(1665079845.590:73): avc:  denied  { execmem } for  pid=374 comm="syz-executor254" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   24.448808][   T26] audit: type=1400 audit(1665079845.600:74): avc:  denied  { integrity } for  pid=374 comm="syz-executor254" lockdown_reason="debugfs access" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=lockdown permissive=1
[   24.468178][  T385] loop5: detected capacity change from 0 to 16
[pid   385] mount("/dev/loop5", "./file0", "erofs", 0, ""./strace-static-x86_64: Process 384 attached
./strace-static-x86_64: Process 381 attached
./strace-static-x86_64: Process 379 attached
./strace-static-x86_64: Process 377 attached
./strace-static-x86_64: Process 376 attached
 <unfinished ...>
[pid   381] set_robust_list(0x555556efd5e0, 24 <unfinished ...>
[pid   379] set_robust_list(0x555556efd5e0, 24) = 0
[pid   381] <... set_robust_list resumed>) = 0
[pid   379] getpid( <unfinished ...>
[pid   381] chdir("./0")                = 0
[   24.479530][  T385] FAULT_INJECTION: forcing a failure.
[   24.479530][  T385] name failslab, interval 1, probability 0, space 0, times 1
[   24.494882][  T385] CPU: 1 PID: 385 Comm: syz-executor254 Not tainted 5.15.72-syzkaller-04310-g43eb03f7ce81 #0
[   24.497672][   T26] audit: type=1400 audit(1665079845.620:75): avc:  denied  { read write } for  pid=380 comm="syz-executor254" name="loop5" dev="devtmpfs" ino=120 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[pid   381] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid   384] set_robust_list(0x7fa0f81039e0, 24 <unfinished ...>
[pid   381] <... prctl resumed>)        = 0
[pid   379] <... getpid resumed>)       = 379
[pid   377] set_robust_list(0x555556efd5e0, 24 <unfinished ...>
[pid   376] set_robust_list(0x555556efd5e0, 24 <unfinished ...>
[pid   384] <... set_robust_list resumed>) = 0
[pid   381] setpgid(0, 0 <unfinished ...>
[pid   379] mkdir("./syzkaller.JBOZ3Q", 0700 <unfinished ...>
[pid   377] <... set_robust_list resumed>) = 0
[pid   376] <... set_robust_list resumed>) = 0
[pid   384] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR <unfinished ...>
[pid   381] <... setpgid resumed>)      = 0
[pid   379] <... mkdir resumed>)        = 0
[pid   377] getpid( <unfinished ...>
[pid   376] getpid( <unfinished ...>
[pid   384] <... openat resumed>)       = 3
[pid   381] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   379] chmod("./syzkaller.JBOZ3Q", 0777 <unfinished ...>
[pid   377] <... getpid resumed>)       = 377
[pid   376] <... getpid resumed>)       = 376
[pid   384] write(3, "83", 2 <unfinished ...>
[pid   381] <... openat resumed>)       = 3
[pid   379] <... chmod resumed>)        = 0
[pid   377] mkdir("./syzkaller.FSmbRI", 0700 <unfinished ...>
[pid   376] mkdir("./syzkaller.aNvxwF", 0700 <unfinished ...>
[pid   384] <... write resumed>)        = 2
[pid   381] write(3, "1000", 4 <unfinished ...>
[pid   379] chdir("./syzkaller.JBOZ3Q" <unfinished ...>
[pid   377] <... mkdir resumed>)        = 0
[pid   376] <... mkdir resumed>)        = 0
[pid   384] memfd_create("syzkaller", 0 <unfinished ...>
[pid   381] <... write resumed>)        = 4
[pid   379] <... chdir resumed>)        = 0
[pid   377] chmod("./syzkaller.FSmbRI", 0777 <unfinished ...>
[pid   376] chmod("./syzkaller.aNvxwF", 0777 <unfinished ...>
[pid   384] <... memfd_create resumed>) = 4
[pid   381] close(3 <unfinished ...>
[pid   379] mkdir("./0", 0777 <unfinished ...>
[pid   377] <... chmod resumed>)        = 0
[pid   376] <... chmod resumed>)        = 0
[pid   384] ftruncate(4, 8192 <unfinished ...>
[pid   381] <... close resumed>)        = 0
[pid   379] <... mkdir resumed>)        = 0
[pid   377] chdir("./syzkaller.FSmbRI" <unfinished ...>
[pid   376] chdir("./syzkaller.aNvxwF" <unfinished ...>
[pid   384] <... ftruncate resumed>)    = 0
[pid   381] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid   379] openat(AT_FDCWD, "/dev/loop4", O_RDWR <unfinished ...>
[pid   377] <... chdir resumed>)        = 0
[pid   376] <... chdir resumed>)        = 0
[pid   384] pwrite64(4, "\xe2\xe1\xf5\xe0\x23\x0f\xf4\xf2\x03\x00\x00\x00\x0c\x00\x24\x00\x07\x00\x00\x00\x00\x00\x00\x00\xe8\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x10\xd8\x67\x50\x9b\x47\x14\x8a\xd8\x10\x42\xe6\xb0\xcb\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2112, 1024 <unfinished ...>
[pid   381] <... symlink resumed>)      = 0
[pid   379] <... openat resumed>)       = 3
[pid   377] mkdir("./0", 0777 <unfinished ...>
[pid   376] mkdir("./0", 0777 <unfinished ...>
[pid   384] <... pwrite64 resumed>)     = 2112
[pid   381] futex(0x7fa0f81db48c, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   379] ioctl(3, LOOP_CLR_FD <unfinished ...>
[pid   377] <... mkdir resumed>)        = 0
[pid   376] <... mkdir resumed>)        = 0
[pid   384] pwrite64(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x01\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x32\x50\x00\x00\x00\x00\x00", 64, 8128 <unfinished ...>
[pid   381] <... futex resumed>)        = 0
[pid   379] <... ioctl resumed>)        = -1 ENXIO (No such device or address)
[pid   377] openat(AT_FDCWD, "/dev/loop2", O_RDWR <unfinished ...>
[pid   376] openat(AT_FDCWD, "/dev/loop1", O_RDWR <unfinished ...>
[pid   384] <... pwrite64 resumed>)     = 64
[pid   381] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 <unfinished ...>
[pid   379] close(3 <unfinished ...>
[pid   377] <... openat resumed>)       = 3
[pid   376] <... openat resumed>)       = 3
[pid   384] openat(AT_FDCWD, "/dev/loop0", O_RDWR <unfinished ...>
[pid   381] <... mmap resumed>)         = 0x7fa0f80e3000
[pid   379] <... close resumed>)        = 0
[pid   377] ioctl(3, LOOP_CLR_FD <unfinished ...>
[pid   376] ioctl(3, LOOP_CLR_FD <unfinished ...>
[pid   384] <... openat resumed>)       = 5
[pid   381] mprotect(0x7fa0f80e4000, 131072, PROT_READ|PROT_WRITE <unfinished ...>
[pid   379] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   377] <... ioctl resumed>)        = -1 ENXIO (No such device or address)
[pid   376] <... ioctl resumed>)        = -1 ENXIO (No such device or address)
[   24.505142][  T385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[   24.505156][  T385] Call Trace:
[   24.505161][  T385]  <TASK>
[   24.505167][  T385]  dump_stack_lvl+0x151/0x1b7
[   24.505190][  T385]  ? bfq_pos_tree_add_move+0x43e/0x43e
[   24.505205][  T385]  dump_stack+0x15/0x17
[   24.505217][  T385]  should_fail+0x3c0/0x510
[pid   384] ioctl(5, LOOP_SET_FD, 4 <unfinished ...>
[pid   381] <... mprotect resumed>)     = 0
[pid   377] close(3 <unfinished ...>
[pid   376] close(3 <unfinished ...>
[pid   381] clone(child_stack=0x7fa0f81033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID <unfinished ...>
[pid   379] <... clone resumed>, child_tidptr=0x555556efd5d0) = 389
[pid   377] <... close resumed>)        = 0
[pid   376] <... close resumed>)        = 0
[pid   381] <... clone resumed>, parent_tid=[390], tls=0x7fa0f8103700, child_tidptr=0x7fa0f81039d0) = 390
[pid   377] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   376] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   381] futex(0x7fa0f81db488, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   381] futex(0x7fa0f81db48c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid   377] <... clone resumed>, child_tidptr=0x555556efd5d0) = 392
[pid   376] <... clone resumed>, child_tidptr=0x555556efd5d0) = 391
./strace-static-x86_64: Process 392 attached
[pid   392] set_robust_list(0x555556efd5e0, 24) = 0
[pid   392] chdir("./0")                = 0
[pid   392] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   392] setpgid(0, 0)               = 0
[pid   392] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   392] write(3, "1000", 4)         = 4
[pid   392] close(3)                    = 0
[pid   392] symlink("/dev/binderfs", "./binderfs") = 0
[pid   392] futex(0x7fa0f81db48c, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   392] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa0f80e3000
[pid   392] mprotect(0x7fa0f80e4000, 131072, PROT_READ|PROT_WRITE) = 0
[pid   392] clone(child_stack=0x7fa0f81033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[393], tls=0x7fa0f8103700, child_tidptr=0x7fa0f81039d0) = 393
[pid   392] futex(0x7fa0f81db488, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   392] futex(0x7fa0f81db48c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 393 attached
 <unfinished ...>
[pid   393] set_robust_list(0x7fa0f81039e0, 24) = 0
[pid   393] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3
[pid   393] write(3, "83", 2)           = 2
[pid   393] memfd_create("syzkaller", 0) = 4
[pid   393] ftruncate(4, 8192)          = 0
[pid   393] pwrite64(4, "\xe2\xe1\xf5\xe0\x23\x0f\xf4\xf2\x03\x00\x00\x00\x0c\x00\x24\x00\x07\x00\x00\x00\x00\x00\x00\x00\xe8\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x10\xd8\x67\x50\x9b\x47\x14\x8a\xd8\x10\x42\xe6\xb0\xcb\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2112, 1024) = 2112
[pid   393] pwrite64(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x01\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x32\x50\x00\x00\x00\x00\x00", 64, 8128) = 64
[pid   393] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 5
[   24.529984][   T26] audit: type=1400 audit(1665079845.620:76): avc:  denied  { open } for  pid=380 comm="syz-executor254" path="/dev/loop5" dev="devtmpfs" ino=120 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   24.539364][  T385]  ? kvmalloc_node+0x82/0x130
[   24.539385][  T385]  __should_failslab+0x9f/0xe0
[   24.539402][  T385]  should_failslab+0x9/0x20
[   24.539414][  T385]  __kmalloc+0x6d/0x350
[pid   393] ioctl(5, LOOP_SET_FD, 4 <unfinished ...>
[pid   384] <... ioctl resumed>)        = 0
[pid   384] mkdir("./file0", 0777)      = 0
[pid   384] mount("/dev/loop0", "./file0", "erofs", 0, "" <unfinished ...>
[pid   393] <... ioctl resumed>)        = 0
[pid   393] mkdir("./file0", 0777)      = 0
[pid   393] mount("/dev/loop2", "./file0", "erofs", 0, "" <unfinished ...>
[pid   381] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid   381] futex(0x7fa0f81db48c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out)
[pid   381] futex(0x7fa0f81db48c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out)
[   24.543121][   T26] audit: type=1400 audit(1665079845.620:77): avc:  denied  { ioctl } for  pid=378 comm="syz-executor254" path="/dev/loop3" dev="devtmpfs" ino=118 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   24.545684][  T385]  ? __kasan_kmalloc+0x9/0x10
[   24.550542][   T26] audit: type=1400 audit(1665079845.640:78): avc:  denied  { mounton } for  pid=382 comm="syz-executor254" path="/root/syzkaller.CdVCrV/0/file0" dev="sda1" ino=1146 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[   24.555817][  T385]  kvmalloc_node+0x82/0x130
[   24.578458][  T384] loop0: detected capacity change from 0 to 16
[   24.588360][  T385]  __list_lru_init+0x1d6/0x5a0
[pid   392] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[   24.588387][  T385]  alloc_super+0x696/0x7d0
[   24.588400][  T385]  ? get_tree_bdev+0x640/0x640
[   24.626339][  T393] loop2: detected capacity change from 0 to 16
[   24.632638][  T385]  sget_fc+0x236/0x640
[   24.632661][  T385]  ? test_bdev_super_fc+0x70/0x70
[   24.632677][  T385]  get_tree_bdev+0x28a/0x640
[   24.645697][  T384] FAULT_INJECTION: forcing a failure.
[   24.645697][  T384] name failslab, interval 1, probability 0, space 0, times 1
[   24.662044][  T385]  ? erofs_release_device_info+0x90/0x90
[   24.662070][  T385]  erofs_fc_get_tree+0x1c/0x20
[   24.662082][  T385]  vfs_get_tree+0x88/0x290
[   24.662095][  T385]  do_new_mount+0x289/0xad0
[   24.738908][  T385]  ? do_move_mount_old+0x160/0x160
[   24.744032][  T385]  ? security_capable+0xb2/0xd0
[   24.748894][  T385]  ? ns_capable+0x8a/0xf0
[   24.753281][  T385]  path_mount+0x60b/0x1050
[   24.757806][  T385]  __se_sys_mount+0x2d2/0x3c0
[   24.762509][  T385]  ? __x64_sys_mount+0xd0/0xd0
[   24.767311][  T385]  ? vfs_mkdir+0x580/0x580
[   24.771751][  T385]  __x64_sys_mount+0xbf/0xd0
[   24.776359][  T385]  do_syscall_64+0x44/0xd0
[pid   381] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory
) = 89
[pid   381] exit_group(0)               = ?
[   24.780783][  T385]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   24.786703][  T385] RIP: 0033:0x7fa0f815fc9a
[   24.791123][  T385] Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 98 03 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   24.810748][  T385] RSP: 002b:00007fa0f8103158 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[   24.819252][  T385] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fa0f815fc9a
[pid   392] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory
) = 89
[pid   392] exit_group(0)               = ?
[pid   383] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid   382] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
./strace-static-x86_64: Process 391 attached
./strace-static-x86_64: Process 390 attached
./strace-static-x86_64: Process 389 attached
[pid   385] <... mount resumed>)        = -1 ENOMEM (Cannot allocate memory)
[pid   391] set_robust_list(0x555556efd5e0, 24 <unfinished ...>
[pid   390] +++ exited with 0 +++
[pid   389] set_robust_list(0x555556efd5e0, 24 <unfinished ...>
[pid   381] +++ exited with 0 +++
[pid   391] <... set_robust_list resumed>) = 0
[pid   389] <... set_robust_list resumed>) = 0
[pid   391] chdir("./0" <unfinished ...>
[pid   389] chdir("./0" <unfinished ...>
[pid   378] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=381, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid   391] <... chdir resumed>)        = 0
[pid   389] <... chdir resumed>)        = 0
[pid   378] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW <unfinished ...>
[pid   391] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid   389] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid   378] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   391] <... prctl resumed>)        = 0
[pid   389] <... prctl resumed>)        = 0
[pid   378] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   391] setpgid(0, 0 <unfinished ...>
[pid   389] setpgid(0, 0 <unfinished ...>
[pid   378] <... openat resumed>)       = 3
[pid   391] <... setpgid resumed>)      = 0
[pid   389] <... setpgid resumed>)      = 0
[pid   378] fstat(3,  <unfinished ...>
[pid   391] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   389] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   378] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid   391] <... openat resumed>)       = 3
[pid   389] <... openat resumed>)       = 3
[pid   378] getdents64(3,  <unfinished ...>
[pid   391] write(3, "1000", 4 <unfinished ...>
[pid   389] write(3, "1000", 4 <unfinished ...>
[pid   378] <... getdents64 resumed>0x555556eff630 /* 3 entries */, 32768) = 80
[pid   391] <... write resumed>)        = 4
[pid   389] <... write resumed>)        = 4
[pid   378] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW <unfinished ...>
[pid   391] close(3 <unfinished ...>
[pid   389] close(3 <unfinished ...>
[pid   378] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   391] <... close resumed>)        = 0
[pid   389] <... close resumed>)        = 0
[pid   378] lstat("./0/binderfs",  <unfinished ...>
[pid   391] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid   389] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid   378] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
[pid   391] <... symlink resumed>)      = 0
[pid   389] <... symlink resumed>)      = 0
[pid   378] unlink("./0/binderfs" <unfinished ...>
[pid   391] futex(0x7fa0f81db48c, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   389] futex(0x7fa0f81db48c, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   378] <... unlink resumed>)       = 0
[pid   391] <... futex resumed>)        = 0
[pid   389] <... futex resumed>)        = 0
[pid   391] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 <unfinished ...>
[pid   389] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 <unfinished ...>
[pid   378] getdents64(3,  <unfinished ...>
[pid   391] <... mmap resumed>)         = 0x7fa0f80e3000
[pid   389] <... mmap resumed>)         = 0x7fa0f80e3000
[pid   378] <... getdents64 resumed>0x555556eff630 /* 0 entries */, 32768) = 0
[pid   391] mprotect(0x7fa0f80e4000, 131072, PROT_READ|PROT_WRITE <unfinished ...>
[pid   389] mprotect(0x7fa0f80e4000, 131072, PROT_READ|PROT_WRITE <unfinished ...>
[pid   378] close(3 <unfinished ...>
[pid   391] <... mprotect resumed>)     = 0
[pid   389] <... mprotect resumed>)     = 0
[pid   378] <... close resumed>)        = 0
[pid   391] clone(child_stack=0x7fa0f81033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID <unfinished ...>
[pid   389] clone(child_stack=0x7fa0f81033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID <unfinished ...>
[pid   378] rmdir("./0")                = 0
[pid   391] <... clone resumed>, parent_tid=[394], tls=0x7fa0f8103700, child_tidptr=0x7fa0f81039d0) = 394
[pid   389] <... clone resumed>, parent_tid=[395], tls=0x7fa0f8103700, child_tidptr=0x7fa0f81039d0) = 395
[pid   391] futex(0x7fa0f81db488, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   389] futex(0x7fa0f81db488, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   378] mkdir("./1", 0777 <unfinished ...>
[pid   391] <... futex resumed>)        = 0
[pid   389] <... futex resumed>)        = 0
[pid   378] <... mkdir resumed>)        = 0
[pid   391] futex(0x7fa0f81db48c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid   389] futex(0x7fa0f81db48c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid   378] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3
[pid   378] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid   378] close(3)                    = 0
[pid   378] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556efd5d0) = 396
[pid   385] ioctl(5, LOOP_CLR_FD./strace-static-x86_64: Process 394 attached
 <unfinished ...>
[pid   394] set_robust_list(0x7fa0f81039e0, 24) = 0
[pid   394] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3
[pid   394] write(3, "83", 2)           = 2
[pid   394] memfd_create("syzkaller", 0) = 4
[pid   394] ftruncate(4, 8192)          = 0
[   24.827225][  T385] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fa0f8103170
[   24.835256][  T385] RBP: 0000000000000005 R08: 00007fa0f81031b0 R09: 00007fa0f81036b8
[   24.843361][  T385] R10: 0000000000000000 R11: 0000000000000286 R12: 00007fa0f81031b0
[   24.851436][  T385] R13: 0000000000000002 R14: 00007fa0f8103170 R15: 0000000020000230
[   24.859424][  T385]  </TASK>
[   24.864314][  T384] CPU: 0 PID: 384 Comm: syz-executor254 Not tainted 5.15.72-syzkaller-04310-g43eb03f7ce81 #0
[pid   394] pwrite64(4, "\xe2\xe1\xf5\xe0\x23\x0f\xf4\xf2\x03\x00\x00\x00\x0c\x00\x24\x00\x07\x00\x00\x00\x00\x00\x00\x00\xe8\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x10\xd8\x67\x50\x9b\x47\x14\x8a\xd8\x10\x42\xe6\xb0\xcb\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2112, 1024) = 2112
[pid   394] pwrite64(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x01\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x32\x50\x00\x00\x00\x00\x00", 64, 8128) = 64
[pid   394] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 5
[pid   394] ioctl(5, LOOP_SET_FD, 4./strace-static-x86_64: Process 396 attached
./strace-static-x86_64: Process 395 attached
 <unfinished ...>
[pid   395] set_robust_list(0x7fa0f81039e0, 24) = 0
[pid   396] set_robust_list(0x555556efd5e0, 24 <unfinished ...>
[pid   395] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3
[pid   396] <... set_robust_list resumed>) = 0
[   24.874489][  T384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[   24.884541][  T384] Call Trace:
[   24.887808][  T384]  <TASK>
[   24.890718][  T384]  dump_stack_lvl+0x151/0x1b7
[   24.893801][  T394] loop1: detected capacity change from 0 to 16
[   24.895379][  T384]  ? bfq_pos_tree_add_move+0x43e/0x43e
[   24.895402][  T384]  ? vmap_pages_range_noflush+0x7a8/0x7e0
[   24.908771][  T395] loop4: detected capacity change from 0 to 16
[   24.912797][  T384]  dump_stack+0x15/0x17
[   24.912820][  T384]  should_fail+0x3c0/0x510
[   24.912836][  T384]  ? erofs_pcpubuf_growsize+0x1c2/0x8a0
[   24.912852][  T384]  __should_failslab+0x9f/0xe0
[   24.937853][  T384]  should_failslab+0x9/0x20
[   24.941414][  T397] loop3: detected capacity change from 0 to 16
[   24.942538][  T384]  __kmalloc+0x6d/0x350
[   24.942561][  T384]  erofs_pcpubuf_growsize+0x1c2/0x8a0
[   24.958170][  T384]  ? kasan_quarantine_put+0x34/0x1b0
[   24.963450][  T384]  ? erofs_put_pcpubuf+0xb0/0xb0
[   24.968387][  T384]  ? slab_free_freelist_hook+0xc9/0x1a0
[   24.973922][  T384]  z_erofs_load_lz4_config+0x278/0x3b0
[   24.979459][  T384]  erofs_fc_fill_super+0xd6a/0x1180
[   24.984805][  T384]  get_tree_bdev+0x417/0x640
[   24.989399][  T384]  ? erofs_release_device_info+0x90/0x90
[   24.995035][  T384]  erofs_fc_get_tree+0x1c/0x20
[   24.999894][  T384]  vfs_get_tree+0x88/0x290
[   25.004308][  T384]  do_new_mount+0x289/0xad0
[   25.009098][  T384]  ? do_move_mount_old+0x160/0x160
[   25.014210][  T384]  ? security_capable+0xb2/0xd0
[   25.019064][  T384]  ? ns_capable+0x8a/0xf0
[   25.023509][  T384]  path_mount+0x60b/0x1050
[   25.027926][  T384]  __se_sys_mount+0x2d2/0x3c0
[   25.032626][  T384]  ? __x64_sys_mount+0xd0/0xd0
[   25.037562][  T384]  ? vfs_mkdir+0x580/0x580
[   25.042023][  T384]  __x64_sys_mount+0xbf/0xd0
[   25.046799][  T384]  do_syscall_64+0x44/0xd0
[   25.051216][  T384]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   25.057101][  T384] RIP: 0033:0x7fa0f815fc9a
[   25.061496][  T384] Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 98 03 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[pid   396] chdir("./1")                = 0
[pid   396] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   395] write(3, "83", 2 <unfinished ...>
[pid   396] setpgid(0, 0)               = 0
[pid   396] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   395] <... write resumed>)        = 2
[pid   395] memfd_create("syzkaller", 0) = 4
[pid   396] <... openat resumed>)       = 3
[pid   395] ftruncate(4, 8192 <unfinished ...>
[pid   396] write(3, "1000", 4 <unfinished ...>
[pid   395] <... ftruncate resumed>)    = 0
[pid   396] <... write resumed>)        = 4
[pid   396] close(3 <unfinished ...>
[pid   395] pwrite64(4, "\xe2\xe1\xf5\xe0\x23\x0f\xf4\xf2\x03\x00\x00\x00\x0c\x00\x24\x00\x07\x00\x00\x00\x00\x00\x00\x00\xe8\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x10\xd8\x67\x50\x9b\x47\x14\x8a\xd8\x10\x42\xe6\xb0\xcb\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2112, 1024 <unfinished ...>
[pid   396] <... close resumed>)        = 0
[pid   395] <... pwrite64 resumed>)     = 2112
[pid   396] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid   395] pwrite64(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x01\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x32\x50\x00\x00\x00\x00\x00", 64, 8128 <unfinished ...>
[pid   396] <... symlink resumed>)      = 0
[pid   395] <... pwrite64 resumed>)     = 64
[pid   396] futex(0x7fa0f81db48c, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   395] openat(AT_FDCWD, "/dev/loop4", O_RDWR <unfinished ...>
[pid   396] <... futex resumed>)        = 0
[pid   395] <... openat resumed>)       = 5
[pid   396] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 <unfinished ...>
[pid   395] ioctl(5, LOOP_SET_FD, 4 <unfinished ...>
[pid   396] <... mmap resumed>)         = 0x7fa0f80e3000
[pid   396] mprotect(0x7fa0f80e4000, 131072, PROT_READ|PROT_WRITE) = 0
[pid   396] clone(child_stack=0x7fa0f81033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[397], tls=0x7fa0f8103700, child_tidptr=0x7fa0f81039d0) = 397
[pid   396] futex(0x7fa0f81db488, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   396] futex(0x7fa0f81db48c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid   395] <... ioctl resumed>)        = 0
[pid   395] mkdir("./file0", 0777)      = 0
[pid   395] mount("/dev/loop4", "./file0", "erofs", 0, "" <unfinished ...>
[pid   394] <... ioctl resumed>)        = 0
[pid   394] mkdir("./file0", 0777)      = 0
[pid   394] mount("/dev/loop1", "./file0", "erofs", 0, ""./strace-static-x86_64: Process 397 attached
 <unfinished ...>
[pid   397] set_robust_list(0x7fa0f81039e0, 24) = 0
[pid   397] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3
[pid   397] write(3, "83", 2)           = 2
[pid   397] memfd_create("syzkaller", 0) = 4
[pid   397] ftruncate(4, 8192)          = 0
[pid   397] pwrite64(4, "\xe2\xe1\xf5\xe0\x23\x0f\xf4\xf2\x03\x00\x00\x00\x0c\x00\x24\x00\x07\x00\x00\x00\x00\x00\x00\x00\xe8\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x10\xd8\x67\x50\x9b\x47\x14\x8a\xd8\x10\x42\xe6\xb0\xcb\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2112, 1024) = 2112
[pid   397] pwrite64(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x01\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x32\x50\x00\x00\x00\x00\x00", 64, 8128) = 64
[pid   397] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 5
[pid   397] ioctl(5, LOOP_SET_FD, 4)    = 0
[pid   397] mkdir("./file0", 0777)      = 0
[pid   397] mount("/dev/loop3", "./file0", "erofs", 0, "" <unfinished ...>
[pid   391] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid   389] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid   396] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid   396] futex(0x7fa0f81db48c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out)
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory
[pid   383] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89
[pid   382] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89 <unfinished ...>
[pid   383] exit_group(0 <unfinished ...>
[pid   382] <... write resumed>)        = 89
[pid   383] <... exit_group resumed>)   = ?
[pid   382] exit_group(0)               = ?
[pid   391] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89 <unfinished ...>
[pid   389] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89 <unfinished ...>
[pid   391] <... write resumed>)        = 89
[pid   389] <... write resumed>)        = 89
[pid   391] exit_group(0 <unfinished ...>
[pid   389] exit_group(0 <unfinished ...>
[pid   391] <... exit_group resumed>)   = ?
[pid   389] <... exit_group resumed>)   = ?
[   25.081085][  T384] RSP: 002b:00007fa0f8103158 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[   25.089503][  T384] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fa0f815fc9a
[   25.097569][  T384] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fa0f8103170
[   25.105554][  T384] RBP: 0000000000000005 R08: 00007fa0f81031b0 R09: 00007fa0f81036b8
[   25.113591][  T384] R10: 0000000000000000 R11: 0000000000000286 R12: 00007fa0f81031b0
[   25.121584][  T384] R13: 0000000000000002 R14: 00007fa0f8103170 R15: 0000000020000230
[   25.129548][  T384]  </TASK>
[   25.133854][  T393] FAULT_INJECTION: forcing a failure.
[   25.133854][  T393] name failslab, interval 1, probability 0, space 0, times 0
[   25.133903][  T395] FAULT_INJECTION: forcing a failure.
[   25.133903][  T395] name failslab, interval 1, probability 0, space 0, times 0
[   25.146588][  T393] CPU: 0 PID: 393 Comm: syz-executor254 Not tainted 5.15.72-syzkaller-04310-g43eb03f7ce81 #0
[   25.159272][  T394] erofs: (device loop1): mounted with root inode @ nid 36.
[   25.169228][  T393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[   25.169245][  T393] Call Trace:
[   25.169251][  T393]  <TASK>
[   25.169256][  T393]  dump_stack_lvl+0x151/0x1b7
[   25.169279][  T393]  ? bfq_pos_tree_add_move+0x43e/0x43e
[   25.169292][  T393]  ? make_kgid+0x215/0x710
[   25.169309][  T393]  ? from_kuid_munged+0x7b0/0x7b0
[   25.169324][  T393]  dump_stack+0x15/0x17
[   25.169337][  T393]  should_fail+0x3c0/0x510
[   25.169356][  T393]  __should_failslab+0x9f/0xe0
[   25.169371][  T393]  should_failslab+0x9/0x20
[   25.176760][  T397] FAULT_INJECTION: forcing a failure.
[   25.176760][  T397] name failslab, interval 1, probability 0, space 0, times 0
[   25.186585][  T393]  kmem_cache_alloc+0x4f/0x2f0
[   25.186612][  T393]  ? __d_alloc+0x2d/0x6b0
[   25.186627][  T393]  __d_alloc+0x2d/0x6b0
[   25.255917][  T393]  ? erofs_inode_init_once+0x20/0x20
[   25.261199][  T393]  d_make_root+0x4a/0xe0
[   25.265429][  T393]  erofs_fc_fill_super+0x809/0x1180
[   25.270620][  T393]  get_tree_bdev+0x417/0x640
[   25.275208][  T393]  ? erofs_release_device_info+0x90/0x90
[   25.280827][  T393]  erofs_fc_get_tree+0x1c/0x20
[   25.285578][  T393]  vfs_get_tree+0x88/0x290
[   25.289981][  T393]  do_new_mount+0x289/0xad0
[   25.294472][  T393]  ? do_move_mount_old+0x160/0x160
[   25.299592][  T393]  ? security_capable+0xb2/0xd0
[   25.304427][  T393]  ? ns_capable+0x8a/0xf0
[   25.308740][  T393]  path_mount+0x60b/0x1050
[   25.313144][  T393]  __se_sys_mount+0x2d2/0x3c0
[   25.317807][  T393]  ? __x64_sys_mount+0xd0/0xd0
[   25.322645][  T393]  ? vfs_mkdir+0x580/0x580
[   25.327044][  T393]  __x64_sys_mount+0xbf/0xd0
[   25.331620][  T393]  do_syscall_64+0x44/0xd0
[   25.336023][  T393]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   25.341899][  T393] RIP: 0033:0x7fa0f815fc9a
[   25.346299][  T393] Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 98 03 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   25.365885][  T393] RSP: 002b:00007fa0f8103158 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[   25.374291][  T393] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fa0f815fc9a
[   25.382261][  T393] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fa0f8103170
[   25.390233][  T393] RBP: 0000000000000005 R08: 00007fa0f81031b0 R09: 00007fa0f81036b8
[   25.398187][  T393] R10: 0000000000000000 R11: 0000000000000286 R12: 00007fa0f81031b0
[   25.406143][  T393] R13: 0000000000000002 R14: 00007fa0f8103170 R15: 0000000020000230
[   25.414109][  T393]  </TASK>
[   25.417188][  T397] CPU: 1 PID: 397 Comm: syz-executor254 Not tainted 5.15.72-syzkaller-04310-g43eb03f7ce81 #0
[   25.427338][  T397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[   25.437376][  T397] Call Trace:
[   25.440637][  T397]  <TASK>
[   25.443553][  T397]  dump_stack_lvl+0x151/0x1b7
[   25.448217][  T397]  ? bfq_pos_tree_add_move+0x43e/0x43e
[   25.453667][  T397]  ? _raw_spin_lock+0xa3/0x1b0
[   25.458443][  T397]  dump_stack+0x15/0x17
[   25.462583][  T397]  should_fail+0x3c0/0x510
[   25.467070][  T397]  __should_failslab+0x9f/0xe0
[   25.471818][  T397]  should_failslab+0x9/0x20
[   25.476343][  T397]  kmem_cache_alloc+0x4f/0x2f0
[   25.481088][  T397]  ? erofs_alloc_inode+0x1b/0x50
[   25.486034][  T397]  ? __kasan_check_write+0x14/0x20
[   25.491328][  T397]  ? _erofs_info+0x190/0x190
[   25.495922][  T397]  erofs_alloc_inode+0x1b/0x50
[   25.500670][  T397]  ? _erofs_info+0x190/0x190
[   25.505244][  T397]  new_inode_pseudo+0x64/0x220
[   25.509998][  T397]  new_inode+0x28/0x1c0
[   25.514243][  T397]  ? _raw_spin_unlock+0x4d/0x70
[   25.519115][  T397]  ? erofs_shrinker_register+0xfb/0x110
[   25.524658][  T397]  erofs_fc_fill_super+0x867/0x1180
[   25.529838][  T397]  get_tree_bdev+0x417/0x640
[   25.534419][  T397]  ? erofs_release_device_info+0x90/0x90
[   25.540034][  T397]  erofs_fc_get_tree+0x1c/0x20
[   25.544786][  T397]  vfs_get_tree+0x88/0x290
[   25.549204][  T397]  do_new_mount+0x289/0xad0
[   25.553829][  T397]  ? do_move_mount_old+0x160/0x160
[   25.558962][  T397]  ? security_capable+0xb2/0xd0
[   25.563812][  T397]  ? ns_capable+0x8a/0xf0
[   25.568127][  T397]  path_mount+0x60b/0x1050
[   25.572531][  T397]  __se_sys_mount+0x2d2/0x3c0
[   25.577191][  T397]  ? __x64_sys_mount+0xd0/0xd0
[   25.582011][  T397]  ? vfs_mkdir+0x580/0x580
[   25.586422][  T397]  __x64_sys_mount+0xbf/0xd0
[   25.591015][  T397]  do_syscall_64+0x44/0xd0
[   25.595430][  T397]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   25.601327][  T397] RIP: 0033:0x7fa0f815fc9a
[   25.605733][  T397] Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 98 03 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   25.625330][  T397] RSP: 002b:00007fa0f8103158 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[pid   393] <... mount resumed>)        = ?
[pid   384] <... mount resumed>)        = ?
[   25.633801][  T397] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fa0f815fc9a
[   25.641869][  T397] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fa0f8103170
[   25.649838][  T397] RBP: 0000000000000005 R08: 00007fa0f81031b0 R09: 00007fa0f81036b8
[   25.657824][  T397] R10: 0000000000000000 R11: 0000000000000286 R12: 00007fa0f81031b0
[   25.665831][  T397] R13: 0000000000000002 R14: 00007fa0f8103170 R15: 0000000020000230
[   25.673815][  T397]  </TASK>
[   25.677940][  T394] FAULT_INJECTION: forcing a failure.
[   25.677940][  T394] name failslab, interval 1, probability 0, space 0, times 0
[   25.680601][  T395] CPU: 0 PID: 395 Comm: syz-executor254 Not tainted 5.15.72-syzkaller-04310-g43eb03f7ce81 #0
[   25.700759][  T395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[   25.710806][  T395] Call Trace:
[   25.714076][  T395]  <TASK>
[   25.717006][  T395]  dump_stack_lvl+0x151/0x1b7
[   25.721676][  T395]  ? bfq_pos_tree_add_move+0x43e/0x43e
[   25.727137][  T395]  dump_stack+0x15/0x17
[   25.731338][  T395]  should_fail+0x3c0/0x510
[   25.735790][  T395]  __should_failslab+0x9f/0xe0
[   25.740561][  T395]  should_failslab+0x9/0x20
[   25.745196][  T395]  kmem_cache_alloc+0x4f/0x2f0
[   25.749962][  T395]  ? from_kuid_munged+0x7b0/0x7b0
[   25.755004][  T395]  ? security_inode_alloc+0x29/0x140
[   25.760292][  T395]  security_inode_alloc+0x29/0x140
[   25.765660][  T395]  inode_init_always+0x3e4/0x990
[   25.770583][  T395]  ? _erofs_info+0x190/0x190
[   25.775162][  T395]  new_inode_pseudo+0x93/0x220
[   25.779910][  T395]  new_inode+0x28/0x1c0
[   25.784068][  T395]  ? _raw_spin_unlock+0x4d/0x70
[   25.788943][  T395]  ? erofs_shrinker_register+0xfb/0x110
[   25.794492][  T395]  erofs_fc_fill_super+0x867/0x1180
[   25.799687][  T395]  get_tree_bdev+0x417/0x640
[   25.804284][  T395]  ? erofs_release_device_info+0x90/0x90
[   25.809920][  T395]  erofs_fc_get_tree+0x1c/0x20
[   25.814811][  T395]  vfs_get_tree+0x88/0x290
[   25.819232][  T395]  do_new_mount+0x289/0xad0
[   25.823745][  T395]  ? do_move_mount_old+0x160/0x160
[   25.828872][  T395]  ? security_capable+0xb2/0xd0
[   25.833811][  T395]  ? ns_capable+0x8a/0xf0
[   25.838144][  T395]  path_mount+0x60b/0x1050
[   25.842556][  T395]  __se_sys_mount+0x2d2/0x3c0
[   25.847483][  T395]  ? __x64_sys_mount+0xd0/0xd0
[   25.853200][  T395]  ? vfs_mkdir+0x580/0x580
[   25.857642][  T395]  __x64_sys_mount+0xbf/0xd0
[   25.862237][  T395]  do_syscall_64+0x44/0xd0
[   25.866653][  T395]  ? irqentry_exit+0x12/0x40
[   25.871928][  T395]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   25.877904][  T395] RIP: 0033:0x7fa0f815fc9a
[   25.882483][  T395] Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 98 03 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   25.902166][  T395] RSP: 002b:00007fa0f8103158 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[   25.910766][  T395] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fa0f815fc9a
[   25.919070][  T395] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fa0f8103170
[   25.927580][  T395] RBP: 0000000000000005 R08: 00007fa0f81031b0 R09: 00007fa0f81036b8
[pid   385] <... ioctl resumed>)        = ?
[   25.929186][  T397] ------------[ cut here ]------------
[   25.935545][  T395] R10: 0000000000000000 R11: 0000000000000286 R12: 00007fa0f81031b0
[   25.949030][  T395] R13: 0000000000000002 R14: 00007fa0f8103170 R15: 0000000020000230
[   25.957008][  T395]  </TASK>
[   25.959094][  T397] kobject: '(null)' (ffff888107bfdce8): is not initialized, yet kobject_put() is being called.
[   25.961114][  T395] ------------[ cut here ]------------
[   25.971987][  T394] CPU: 1 PID: 394 Comm: syz-executor254 Not tainted 5.15.72-syzkaller-04310-g43eb03f7ce81 #0
[   25.981969][  T395] kobject: '(null)' (ffff8881079a54e8): is not initialized, yet kobject_put() is being called.
[   25.986420][  T394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[   25.986434][  T394] Call Trace:
[   25.986439][  T394]  <TASK>
[   25.986445][  T394]  dump_stack_lvl+0x151/0x1b7
[   25.986468][  T394]  ? bfq_pos_tree_add_move+0x43e/0x43e
[   25.997705][  T395] WARNING: CPU: 0 PID: 395 at lib/kobject.c:752 kobject_put+0x7f/0x240
[   26.006983][  T394]  dump_stack+0x15/0x17
[   26.007016][  T394]  should_fail+0x3c0/0x510
[   26.007040][  T394]  __should_failslab+0x9f/0xe0
[   26.011003][  T395] Modules linked in:
[   26.013267][  T394]  should_failslab+0x9/0x20
[   26.013288][  T394]  kmem_cache_alloc+0x4f/0x2f0
[   26.018295][  T395] 
[   26.023821][  T394]  ? avc_insert+0xb9/0x600
[   26.023847][  T394]  ? __rcu_read_unlock+0x7c/0xd0
[   26.023862][  T394]  avc_insert+0xb9/0x600
[   26.023877][  T394]  avc_compute_av+0xd0/0xe0
[   26.023890][  T394]  avc_has_perm_noaudit+0x2a9/0x450
[   26.032980][  T395] CPU: 0 PID: 395 Comm: syz-executor254 Not tainted 5.15.72-syzkaller-04310-g43eb03f7ce81 #0
[   26.036337][  T394]  ? avc_denied+0x1b0/0x1b0
[   26.036357][  T394]  ? sb_finish_set_opts+0x96d/0xad0
[   26.042113][  T395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[   26.046301][  T394]  ? mutex_unlock+0xa2/0x110
[   26.046324][  T394]  ? __mutex_lock_slowpath+0x10/0x10
[   26.050892][  T395] RIP: 0010:kobject_put+0x7f/0x240
[   26.054848][  T394]  ? _erofs_info+0x143/0x190
[pid   385] +++ exited with 0 +++
[pid   382] +++ exited with 0 +++
[pid   380] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=382, si_uid=0, si_status=0, si_utime=0, si_stime=25} ---
[   26.054867][  T394]  avc_has_perm+0xd2/0x260
[   26.060119][  T395] Code: 4c 89 f0 48 c1 e8 03 42 80 3c 38 00 74 08 4c 89 f7 e8 35 ce 36 ff 49 8b 36 48 c7 c7 40 20 68 85 4c 89 f2 31 c0 e8 e1 0e cb fe <0f> 0b eb 0f e8 d8 40 f9 fe e9 58 01 00 00 e8 ce 40 f9 fe 4d 8d 6e
[   26.061912][  T394]  ? avc_has_perm_noaudit+0x450/0x450
[   26.061932][  T394]  selinux_sb_kern_mount+0x195/0x230
[   26.066721][  T395] RSP: 0018:ffffc90000ae7a58 EFLAGS: 00010246
[   26.071243][  T394]  ? selinux_sb_remount+0xd20/0xd20
[pid   380] restart_syscall(<... resuming interrupted clone ...>) = 0
[   26.071265][  T394]  ? erofs_release_device_info+0x90/0x90
[   26.071280][  T394]  ? security_sb_set_mnt_opts+0xc4/0xe0
[   26.076320][  T395] 
[   26.079993][  T394]  security_sb_kern_mount+0x50/0xb0
[   26.080020][  T394]  do_new_mount+0x35a/0xad0
[   26.080037][  T394]  ? do_move_mount_old+0x160/0x160
[   26.085998][  T395] RAX: 12ffa64da8c05700 RBX: 0000000000000000 RCX: ffff88810678bb40
[   26.095597][  T394]  ? security_capable+0xb2/0xd0
[   26.095620][  T394]  ? ns_capable+0x8a/0xf0
[   26.095634][  T394]  path_mount+0x60b/0x1050
[pid   380] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   380] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[   26.100895][  T395] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[   26.105670][  T394]  __se_sys_mount+0x2d2/0x3c0
[   26.105701][  T394]  ? __x64_sys_mount+0xd0/0xd0
[   26.105718][  T394]  ? vfs_mkdir+0x580/0x580
[   26.116496][  T395] RBP: ffffc90000ae7a88 R08: ffffffff81572d19 R09: ffffed103ee065d0
[   26.120491][  T394]  __x64_sys_mount+0xbf/0xd0
[   26.120532][  T394]  do_syscall_64+0x44/0xd0
[   26.120548][  T394]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   26.120573][  T394] RIP: 0033:0x7fa0f815fc9a
[pid   380] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[   26.126837][  T395] R10: ffffed103ee065d0 R11: 1ffff1103ee065cf R12: ffff8881079a5400
[   26.131262][  T394] Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 98 03 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   26.131278][  T394] RSP: 002b:00007fa0f8103158 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[   26.131294][  T394] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fa0f815fc9a
[   26.131305][  T394] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fa0f8103170
[pid   380] getdents64(3,  <unfinished ...>
[pid   396] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89 <unfinished ...>
[pid   380] <... getdents64 resumed>0x555556eff630 /* 4 entries */, 32768) = 112
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory
[pid   396] <... write resumed>)        = 89
[pid   380] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW <unfinished ...>
[pid   396] exit_group(0 <unfinished ...>
[pid   380] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   396] <... exit_group resumed>)   = ?
[pid   384] +++ exited with 0 +++
[pid   383] +++ exited with 0 +++
[pid   380] lstat("./0/binderfs",  <unfinished ...>
[pid   394] <... mount resumed>)        = ?
[pid   394] +++ exited with 0 +++
[pid   391] +++ exited with 0 +++
[pid   376] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=391, si_uid=0, si_status=0, si_utime=0, si_stime=30} ---
[   26.136603][  T395] R13: dffffc0000000000 R14: ffff8881079a54e8 R15: dffffc0000000000
[   26.140258][  T394] RBP: 0000000000000005 R08: 00007fa0f81031b0 R09: 00007fa0f81036b8
[   26.140271][  T394] R10: 0000000000000000 R11: 0000000000000286 R12: 00007fa0f81031b0
[   26.140280][  T394] R13: 0000000000000002 R14: 00007fa0f8103170 R15: 0000000020000230
[   26.140292][  T394]  </TASK>
[   26.140751][  T397] WARNING: CPU: 1 PID: 397 at lib/kobject.c:752 kobject_put+0x7f/0x240
[   26.161224][  T395] FS:  00007fa0f8103700(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[pid   376] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid   393] +++ exited with 0 +++
[pid   392] +++ exited with 0 +++
[pid   380] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
[pid   376] <... restart_syscall resumed>) = 0
[pid   377] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=392, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
[pid   376] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW <unfinished ...>
[pid   377] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW <unfinished ...>
[pid   376] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   377] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   376] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   377] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   376] <... openat resumed>)       = 3
[pid   377] <... openat resumed>)       = 3
[pid   376] fstat(3,  <unfinished ...>
[pid   377] fstat(3,  <unfinished ...>
[pid   376] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid   377] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid   376] getdents64(3,  <unfinished ...>
[pid   377] getdents64(3,  <unfinished ...>
[pid   376] <... getdents64 resumed>0x555556eff630 /* 4 entries */, 32768) = 112
[pid   377] <... getdents64 resumed>0x555556eff630 /* 4 entries */, 32768) = 112
[pid   376] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW <unfinished ...>
[pid   377] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW <unfinished ...>
[pid   376] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   377] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   376] lstat("./0/binderfs",  <unfinished ...>
[pid   377] lstat("./0/binderfs",  <unfinished ...>
[pid   376] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
[pid   377] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
[pid   376] unlink("./0/binderfs" <unfinished ...>
[pid   377] unlink("./0/binderfs" <unfinished ...>
[pid   376] <... unlink resumed>)       = 0
[pid   377] <... unlink resumed>)       = 0
[pid   376] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW <unfinished ...>
[pid   380] unlink("./0/binderfs" <unfinished ...>
[pid   377] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW <unfinished ...>
[pid   375] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=383, si_uid=0, si_status=0, si_utime=0, si_stime=19} ---
[pid   377] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   377] lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid   377] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid   377] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   377] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid   377] getdents64(4, 0x555556f07670 /* 2 entries */, 32768) = 48
[pid   377] getdents64(4, 0x555556f07670 /* 0 entries */, 32768) = 0
[pid   377] close(4)                    = 0
[pid   377] rmdir("./0/file0")          = 0
[pid   377] getdents64(3, 0x555556eff630 /* 0 entries */, 32768) = 0
[pid   377] close(3)                    = 0
[pid   377] rmdir("./0")                = 0
[pid   377] mkdir("./1", 0777)          = 0
[pid   377] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3
[   26.165774][  T397] Modules linked in:
[   26.171659][  T395] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   26.178418][  T397] 
[   26.184086][  T395] CR2: 00007fa0f81a7f78 CR3: 000000010118d000 CR4: 00000000003506b0
[   26.189410][  T397] CPU: 1 PID: 397 Comm: syz-executor254 Not tainted 5.15.72-syzkaller-04310-g43eb03f7ce81 #0
[   26.195478][  T395] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   26.197326][  T397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[pid   377] ioctl(3, LOOP_CLR_FD <unfinished ...>
[pid   380] <... unlink resumed>)       = 0
[pid   380] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW <unfinished ...>
[pid   377] <... ioctl resumed>)        = 0
[pid   377] close(3 <unfinished ...>
[pid   380] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   377] <... close resumed>)        = 0
[pid   375] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW <unfinished ...>
[pid   380] lstat("./0/file0",  <unfinished ...>
[pid   375] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   380] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid   375] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   380] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW <unfinished ...>
[pid   375] <... openat resumed>)       = 3
[pid   380] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   375] fstat(3,  <unfinished ...>
[pid   380] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   375] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid   380] <... openat resumed>)       = 4
[pid   375] getdents64(3,  <unfinished ...>
[pid   380] fstat(4,  <unfinished ...>
[pid   375] <... getdents64 resumed>0x555556eff630 /* 4 entries */, 32768) = 112
[pid   380] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid   375] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW <unfinished ...>
[pid   380] getdents64(4,  <unfinished ...>
[pid   375] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   380] <... getdents64 resumed>0x555556f07670 /* 2 entries */, 32768) = 48
[pid   375] lstat("./0/binderfs",  <unfinished ...>
[pid   380] getdents64(4,  <unfinished ...>
[pid   375] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
[pid   380] <... getdents64 resumed>0x555556f07670 /* 0 entries */, 32768) = 0
[pid   375] unlink("./0/binderfs" <unfinished ...>
[pid   380] close(4 <unfinished ...>
[pid   375] <... unlink resumed>)       = 0
[pid   380] <... close resumed>)        = 0
[pid   375] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW <unfinished ...>
[pid   380] rmdir("./0/file0" <unfinished ...>
[pid   375] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   380] <... rmdir resumed>)        = 0
[pid   375] lstat("./0/file0",  <unfinished ...>
[pid   380] getdents64(3,  <unfinished ...>
[pid   375] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid   380] <... getdents64 resumed>0x555556eff630 /* 0 entries */, 32768) = 0
[pid   375] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW <unfinished ...>
[pid   380] close(3 <unfinished ...>
[pid   375] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   380] <... close resumed>)        = 0
[pid   375] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid   380] rmdir("./0" <unfinished ...>
[pid   375] <... openat resumed>)       = 4
[pid   380] <... rmdir resumed>)        = 0
[pid   375] fstat(4,  <unfinished ...>
[pid   380] mkdir("./1", 0777 <unfinished ...>
[pid   375] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid   380] <... mkdir resumed>)        = 0
[pid   375] getdents64(4,  <unfinished ...>
[pid   380] openat(AT_FDCWD, "/dev/loop5", O_RDWR <unfinished ...>
[pid   375] <... getdents64 resumed>0x555556f07670 /* 2 entries */, 32768) = 48
[pid   380] <... openat resumed>)       = 3
[pid   375] getdents64(4,  <unfinished ...>
[pid   380] ioctl(3, LOOP_CLR_FD <unfinished ...>
[pid   375] <... getdents64 resumed>0x555556f07670 /* 0 entries */, 32768) = 0
[pid   380] <... ioctl resumed>)        = -1 ENXIO (No such device or address)
[pid   375] close(4 <unfinished ...>
[pid   380] close(3 <unfinished ...>
[pid   375] <... close resumed>)        = 0
[pid   380] <... close resumed>)        = 0
[pid   375] rmdir("./0/file0" <unfinished ...>
[pid   380] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   375] <... rmdir resumed>)        = 0
[pid   375] getdents64(3,  <unfinished ...>
[pid   380] <... clone resumed>, child_tidptr=0x555556efd5d0) = 399
[pid   375] <... getdents64 resumed>0x555556eff630 /* 0 entries */, 32768) = 0
[pid   375] close(3)                    = 0
[pid   375] rmdir("./0")                = 0
[pid   375] mkdir("./1", 0777)          = 0
[pid   375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[   26.203102][  T395] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   26.207221][  T397] RIP: 0010:kobject_put+0x7f/0x240
[   26.212935][  T395] Call Trace:
[   26.220662][  T397] Code: 4c 89 f0 48 c1 e8 03 42 80 3c 38 00 74 08 4c 89 f7 e8 35 ce 36 ff 49 8b 36 48 c7 c7 40 20 68 85 4c 89 f2 31 c0 e8 e1 0e cb fe <0f> 0b eb 0f e8 d8 40 f9 fe e9 58 01 00 00 e8 ce 40 f9 fe 4d 8d 6e
[   26.226114][  T395]  <TASK>
[   26.230292][  T397] RSP: 0018:ffffc90000b17a58 EFLAGS: 00010246
[   26.235619][  T395]  ? kobject_put+0x88/0x240
[pid   375] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 399 attached
 <unfinished ...>
[pid   377] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid   376] <... umount2 resumed>)      = 0
[pid   399] set_robust_list(0x555556efd5e0, 24 <unfinished ...>
[pid   376] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 400 attached
 <unfinished ...>
[pid   400] set_robust_list(0x555556efd5e0, 24) = 0
[pid   400] chdir("./1")                = 0
[pid   400] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   400] setpgid(0, 0)               = 0
[pid   400] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   400] write(3, "1000", 4)         = 4
[pid   400] close(3)                    = 0
[pid   400] symlink("/dev/binderfs", "./binderfs") = 0
[pid   400] futex(0x7fa0f81db48c, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   400] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa0f80e3000
[pid   400] mprotect(0x7fa0f80e4000, 131072, PROT_READ|PROT_WRITE) = 0
[pid   400] clone(child_stack=0x7fa0f81033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[401], tls=0x7fa0f8103700, child_tidptr=0x7fa0f81039d0) = 401
[pid   400] futex(0x7fa0f81db488, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   400] futex(0x7fa0f81db48c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 401 attached
 <unfinished ...>
[pid   399] <... set_robust_list resumed>) = 0
[pid   377] <... clone resumed>, child_tidptr=0x555556efd5d0) = 400
[pid   376] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   375] <... ioctl resumed>)        = 0
[pid   375] close(3)                    = 0
[pid   375] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556efd5d0) = 402
[pid   401] set_robust_list(0x7fa0f81039e0, 24 <unfinished ...>
[pid   399] chdir("./1" <unfinished ...>
[pid   376] lstat("./0/file0", ./strace-static-x86_64: Process 402 attached
 <unfinished ...>
[pid   402] set_robust_list(0x555556efd5e0, 24) = 0
[pid   402] chdir("./1")                = 0
[pid   402] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   402] setpgid(0, 0)               = 0
[pid   402] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   402] write(3, "1000", 4)         = 4
[pid   402] close(3)                    = 0
[pid   402] symlink("/dev/binderfs", "./binderfs") = 0
[pid   402] futex(0x7fa0f81db48c, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   402] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa0f80e3000
[pid   402] mprotect(0x7fa0f80e4000, 131072, PROT_READ|PROT_WRITE) = 0
[pid   402] clone(child_stack=0x7fa0f81033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[403], tls=0x7fa0f8103700, child_tidptr=0x7fa0f81039d0) = 403
[pid   402] futex(0x7fa0f81db488, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   402] futex(0x7fa0f81db48c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 403 attached
 <unfinished ...>
[pid   403] set_robust_list(0x7fa0f81039e0, 24) = 0
[pid   403] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3
[pid   403] write(3, "83", 2)           = 2
[pid   403] memfd_create("syzkaller", 0) = 4
[pid   403] ftruncate(4, 8192)          = 0
[pid   403] pwrite64(4, "\xe2\xe1\xf5\xe0\x23\x0f\xf4\xf2\x03\x00\x00\x00\x0c\x00\x24\x00\x07\x00\x00\x00\x00\x00\x00\x00\xe8\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x10\xd8\x67\x50\x9b\x47\x14\x8a\xd8\x10\x42\xe6\xb0\xcb\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2112, 1024) = 2112
[pid   403] pwrite64(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x01\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x32\x50\x00\x00\x00\x00\x00", 64, 8128) = 64
[pid   403] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5
[   26.243182][  T397] 
[   26.257154][  T395]  erofs_unregister_sysfs+0x4f/0x70
[   26.265298][  T397] RAX: 8c94764b666ede00 RBX: 0000000000000000 RCX: ffff88810678cf00
[   26.270330][  T395]  ? erofs_free_inode+0xb0/0xb0
[   26.274262][  T397] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[   26.280608][  T395]  erofs_put_super+0x46/0xa0
[   26.284558][  T397] RBP: ffffc90000b17a88 R08: ffffffff81572d19 R09: 0000000000000003
[   26.292968][  T395]  ? erofs_free_inode+0xb0/0xb0
[pid   403] ioctl(5, LOOP_SET_FD, 4 <unfinished ...>
[pid   401] <... set_robust_list resumed>) = 0
[pid   399] <... chdir resumed>)        = 0
[pid   376] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[   26.312436][  T397] R10: fffff52000162eb9 R11: 1ffff92000162eb8 R12: ffff888107bfdc00
[   26.321344][  T395]  generic_shutdown_super+0x14f/0x2d0
[   26.329081][  T397] R13: dffffc0000000000 R14: ffff888107bfdce8 R15: dffffc0000000000
[   26.337670][  T395]  kill_block_super+0x80/0xe0
[   26.345453][  T397] FS:  00007fa0f8103700(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[   26.353545][  T395]  erofs_kill_sb+0x66/0x130
[   26.361526][  T397] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[pid   401] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR <unfinished ...>
[pid   399] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid   376] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW <unfinished ...>
[pid   403] <... ioctl resumed>)        = 0
[pid   403] mkdir("./file0", 0777)      = 0
[pid   403] mount("/dev/loop0", "./file0", "erofs", 0, "" <unfinished ...>
[pid   401] <... openat resumed>)       = 3
[pid   400] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid   399] <... prctl resumed>)        = 0
[pid   376] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid   376] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid   376] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid   376] getdents64(4, 0x555556f07670 /* 2 entries */, 32768) = 48
[pid   376] getdents64(4, 0x555556f07670 /* 0 entries */, 32768) = 0
[pid   376] close(4)                    = 0
[pid   376] rmdir("./0/file0")          = 0
[pid   376] getdents64(3, 0x555556eff630 /* 0 entries */, 32768) = 0
[pid   376] close(3)                    = 0
[pid   376] rmdir("./0")                = 0
[pid   376] mkdir("./1", 0777)          = 0
[   26.369604][   T26] audit: type=1400 audit(1665079847.530:79): avc:  denied  { mount } for  pid=391 comm="syz-executor254" name="/" dev="loop1" ino=36 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[   26.372453][  T397] CR2: 00007fa0f81a7f78 CR3: 000000011c34e000 CR4: 00000000003506a0
[   26.381811][  T395]  deactivate_locked_super+0xb0/0x100
[   26.389966][  T397] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   26.395683][   T26] audit: type=1400 audit(1665079847.560:80): avc:  denied  { unmount } for  pid=376 comm="syz-executor254" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[   26.400101][  T397] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   26.404919][  T395]  get_tree_bdev+0x437/0x640
[   26.410523][  T397] Call Trace:
[   26.428760][  T395]  ? erofs_release_device_info+0x90/0x90
[   26.440792][  T397]  <TASK>
[   26.448837][  T395]  erofs_fc_get_tree+0x1c/0x20
[   26.457651][  T397]  ? kobject_put+0x88/0x240
[   26.475097][  T395]  vfs_get_tree+0x88/0x290
[   26.484396][  T397]  erofs_unregister_sysfs+0x4f/0x70
[   26.489288][  T395]  do_new_mount+0x289/0xad0
[   26.491708][  T397]  ? erofs_free_inode+0xb0/0xb0
[   26.496960][  T395]  ? do_move_mount_old+0x160/0x160
[   26.506976][  T397]  erofs_put_super+0x46/0xa0
[   26.509483][  T395]  ? security_capable+0xb2/0xd0
[   26.518953][  T397]  ? erofs_free_inode+0xb0/0xb0
[   26.522339][  T395]  ? ns_capable+0x8a/0xf0
[   26.534221][  T403] loop0: detected capacity change from 0 to 16
[   26.535118][  T395]  path_mount+0x60b/0x1050
[   26.549499][  T397]  generic_shutdown_super+0x14f/0x2d0
[   26.557009][  T395]  __se_sys_mount+0x2d2/0x3c0
[   26.586627][  T403] FAULT_INJECTION: forcing a failure.
[   26.586627][  T403] name failslab, interval 1, probability 0, space 0, times 0
[   26.604953][  T397]  kill_block_super+0x80/0xe0
[   26.622445][  T403] CPU: 1 PID: 403 Comm: syz-executor254 Not tainted 5.15.72-syzkaller-04310-g43eb03f7ce81 #0
[   26.626260][  T397]  erofs_kill_sb+0x66/0x130
[   26.646253][  T403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[   26.646269][  T403] Call Trace:
[   26.646275][  T403]  <TASK>
[   26.646281][  T403]  dump_stack_lvl+0x151/0x1b7
[   26.646304][  T403]  ? bfq_pos_tree_add_move+0x43e/0x43e
[   26.646318][  T403]  ? get_tree_bdev+0x417/0x640
[   26.646331][  T403]  ? vfs_get_tree+0x88/0x290
[   26.654376][  T397]  deactivate_locked_super+0xb0/0x100
[   26.658869][  T403]  ? do_new_mount+0x289/0xad0
[   26.662146][  T397]  get_tree_bdev+0x437/0x640
[   26.667731][  T403]  ? path_mount+0x60b/0x1050
[   26.670657][  T397]  ? erofs_release_device_info+0x90/0x90
[   26.675377][  T403]  ? __x64_sys_mount+0xbf/0xd0
[   26.679867][  T397]  erofs_fc_get_tree+0x1c/0x20
[   26.684264][  T403]  ? do_syscall_64+0x44/0xd0
[   26.689454][  T397]  vfs_get_tree+0x88/0x290
[   26.693935][  T403]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   26.698793][  T397]  do_new_mount+0x289/0xad0
[   26.703875][  T403]  dump_stack+0x15/0x17
[   26.703892][  T403]  should_fail+0x3c0/0x510
[   26.708453][  T397]  ? do_move_mount_old+0x160/0x160
[   26.713369][  T403]  ? kvasprintf_const+0x139/0x180
[   26.713391][  T403]  __should_failslab+0x9f/0xe0
[   26.718206][  T397]  ? security_capable+0xb2/0xd0
[   26.722506][  T403]  should_failslab+0x9/0x20
[   26.722522][  T403]  __kmalloc_track_caller+0x6c/0x350
[   26.728641][  T397]  ? ns_capable+0x8a/0xf0
[   26.733027][  T403]  kstrdup_const+0x55/0x90
[   26.733046][  T403]  kvasprintf_const+0x139/0x180
[   26.738401][  T397]  path_mount+0x60b/0x1050
[   26.743064][  T403]  kobject_set_name_vargs+0x61/0x120
[   26.755814][  T397]  __se_sys_mount+0x2d2/0x3c0
[   26.760794][  T403]  kobject_init_and_add+0xdb/0x190
[   26.770956][  T397]  ? __x64_sys_mount+0xd0/0xd0
[pid   376] openat(AT_FDCWD, "/dev/loop1", O_RDWR <unfinished ...>
[pid   401] write(3, "83", 2 <unfinished ...>
[pid   399] setpgid(0, 0 <unfinished ...>
[pid   402] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[   26.775422][  T403]  ? __kasan_check_write+0x14/0x20
[   26.785539][  T397]  ? vfs_mkdir+0x580/0x580
[   26.788782][  T403]  ? kobject_add+0x210/0x210
[   26.791704][  T397]  __x64_sys_mount+0xbf/0xd0
[   26.796339][  T403]  ? inode_init_always+0x709/0x990
[   26.801871][  T397]  do_syscall_64+0x44/0xd0
[   26.806591][  T403]  ? _raw_spin_unlock+0x4d/0x70
[   26.811168][  T397]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   26.816496][  T403]  ? _raw_spin_unlock+0x4d/0x70
[   26.821160][  T397] RIP: 0033:0x7fa0f815fc9a
[pid   401] <... write resumed>)        = 2
[pid   399] <... setpgid resumed>)      = 0
[pid   376] <... openat resumed>)       = 3
[pid   376] ioctl(3, LOOP_CLR_FD <unfinished ...>
[pid   401] memfd_create("syzkaller", 0 <unfinished ...>
[pid   399] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   401] <... memfd_create resumed>) = 4
[pid   399] <... openat resumed>)       = 3
[pid   401] ftruncate(4, 8192 <unfinished ...>
[   26.825733][  T403]  erofs_register_sysfs+0xd1/0x130
[   26.830308][  T397] Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 98 03 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   26.835919][  T403]  erofs_fc_fill_super+0x95c/0x1180
[   26.840665][  T397] RSP: 002b:00007fa0f8103158 EFLAGS: 00000286
[   26.845391][  T403]  get_tree_bdev+0x417/0x640
[   26.850087][  T397]  ORIG_RAX: 00000000000000a5
[   26.854459][  T403]  ? erofs_release_device_info+0x90/0x90
[pid   399] write(3, "1000", 4 <unfinished ...>
[pid   401] <... ftruncate resumed>)    = 0
[pid   399] <... write resumed>)        = 4
[pid   401] pwrite64(4, "\xe2\xe1\xf5\xe0\x23\x0f\xf4\xf2\x03\x00\x00\x00\x0c\x00\x24\x00\x07\x00\x00\x00\x00\x00\x00\x00\xe8\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x10\xd8\x67\x50\x9b\x47\x14\x8a\xd8\x10\x42\xe6\xb0\xcb\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2112, 1024 <unfinished ...>
[pid   399] close(3 <unfinished ...>
[pid   376] <... ioctl resumed>)        = 0
[pid   376] close(3)                    = 0
[pid   376] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556efd5d0) = 404
./strace-static-x86_64: Process 404 attached
[pid   404] set_robust_list(0x555556efd5e0, 24) = 0
[pid   404] chdir("./1")                = 0
[pid   404] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   404] setpgid(0, 0)               = 0
[pid   404] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   404] write(3, "1000", 4)         = 4
[pid   404] close(3)                    = 0
[pid   404] symlink("/dev/binderfs", "./binderfs") = 0
[pid   404] futex(0x7fa0f81db48c, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   404] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa0f80e3000
[pid   404] mprotect(0x7fa0f80e4000, 131072, PROT_READ|PROT_WRITE) = 0
[pid   404] clone(child_stack=0x7fa0f81033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[405], tls=0x7fa0f8103700, child_tidptr=0x7fa0f81039d0) = 405
[pid   404] futex(0x7fa0f81db488, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   26.860542][  T397] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fa0f815fc9a
[   26.864990][  T403]  erofs_fc_get_tree+0x1c/0x20
[   26.869173][  T397] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fa0f8103170
[   26.873550][  T403]  vfs_get_tree+0x88/0x290
[   26.878643][  T397] RBP: 0000000000000005 R08: 00007fa0f81031b0 R09: 00007fa0f81036b8
[   26.883645][  T403]  do_new_mount+0x289/0xad0
[   26.883668][  T403]  ? do_move_mount_old+0x160/0x160
[   26.883684][  T403]  ? security_capable+0xb2/0xd0
[pid   404] futex(0x7fa0f81db48c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 405 attached
 <unfinished ...>
[pid   401] <... pwrite64 resumed>)     = 2112
[pid   399] <... close resumed>)        = 0
[pid   405] set_robust_list(0x7fa0f81039e0, 24 <unfinished ...>
[pid   401] pwrite64(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x01\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x32\x50\x00\x00\x00\x00\x00", 64, 8128 <unfinished ...>
[pid   399] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid   405] <... set_robust_list resumed>) = 0
[pid   401] <... pwrite64 resumed>)     = 64
[pid   399] <... symlink resumed>)      = 0
[pid   405] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR <unfinished ...>
[pid   401] openat(AT_FDCWD, "/dev/loop2", O_RDWR <unfinished ...>
[pid   399] futex(0x7fa0f81db48c, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   405] <... openat resumed>)       = 3
[pid   401] <... openat resumed>)       = 5
[pid   399] <... futex resumed>)        = 0
[pid   405] write(3, "83", 2 <unfinished ...>
[pid   401] ioctl(5, LOOP_SET_FD, 4 <unfinished ...>
[pid   399] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 <unfinished ...>
[pid   405] <... write resumed>)        = 2
[pid   405] memfd_create("syzkaller", 0) = 4
[pid   405] ftruncate(4, 8192)          = 0
[pid   405] pwrite64(4, "\xe2\xe1\xf5\xe0\x23\x0f\xf4\xf2\x03\x00\x00\x00\x0c\x00\x24\x00\x07\x00\x00\x00\x00\x00\x00\x00\xe8\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x10\xd8\x67\x50\x9b\x47\x14\x8a\xd8\x10\x42\xe6\xb0\xcb\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2112, 1024) = 2112
[pid   405] pwrite64(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x01\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x32\x50\x00\x00\x00\x00\x00", 64, 8128) = 64
[pid   405] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 5
[   26.888420][  T397] R10: 0000000000000000 R11: 0000000000000286 R12: 00007fa0f81031b0
[   26.893255][  T403]  ? ns_capable+0x8a/0xf0
[   26.893284][  T403]  path_mount+0x60b/0x1050
[   26.897772][  T397] R13: 0000000000000002 R14: 00007fa0f8103170 R15: 0000000020000230
[   26.903030][  T403]  __se_sys_mount+0x2d2/0x3c0
[   26.907355][  T397]  </TASK>
[   26.911743][  T403]  ? __x64_sys_mount+0xd0/0xd0
[   26.916575][  T397] ---[ end trace 11fa2bc6d8c1068f ]---
[   26.920963][  T403]  ? vfs_mkdir+0x580/0x580
[   26.920982][  T403]  __x64_sys_mount+0xbf/0xd0
[pid   405] ioctl(5, LOOP_SET_FD, 4 <unfinished ...>
[pid   399] <... mmap resumed>)         = 0x7fa0f80e3000
[pid   405] <... ioctl resumed>)        = 0
[pid   405] mkdir("./file0", 0777)      = 0
[pid   405] mount("/dev/loop1", "./file0", "erofs", 0, "" <unfinished ...>
[   26.926237][  T397] ------------[ cut here ]------------
[   26.930883][  T403]  do_syscall_64+0x44/0xd0
[   26.930904][  T403]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   26.936081][  T397] refcount_t: underflow; use-after-free.
[   26.936188][  T397] WARNING: CPU: 0 PID: 397 at lib/refcount.c:28 refcount_warn_saturate+0x165/0x1b0
[   26.940840][  T403] RIP: 0033:0x7fa0f815fc9a
[pid   399] mprotect(0x7fa0f80e4000, 131072, PROT_READ|PROT_WRITE <unfinished ...>
[pid   404] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid   399] <... mprotect resumed>)     = 0
[   26.940867][  T403] Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 98 03 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   26.940879][  T403] RSP: 002b:00007fa0f8103158 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[   26.945978][  T397] Modules linked in:
[   26.950406][  T403] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fa0f815fc9a
[   26.950422][  T403] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fa0f8103170
[   26.950432][  T403] RBP: 0000000000000005 R08: 00007fa0f81031b0 R09: 00007fa0f81036b8
[   26.950441][  T403] R10: 0000000000000000 R11: 0000000000000286 R12: 00007fa0f81031b0
[   26.950451][  T403] R13: 0000000000000002 R14: 00007fa0f8103170 R15: 0000000020000230
[   26.955006][  T397] CPU: 0 PID: 397 Comm: syz-executor254 Tainted: G        W         5.15.72-syzkaller-04310-g43eb03f7ce81 #0
[   26.959571][  T403]  </TASK>
[   26.964836][  T395]  ? __x64_sys_mount+0xd0/0xd0
[   26.974243][  T397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[   26.990106][  T395]  ? vfs_mkdir+0x580/0x580
[   26.994909][  T397] RIP: 0010:refcount_warn_saturate+0x165/0x1b0
[   27.014532][  T395]  __x64_sys_mount+0xbf/0xd0
[   27.019885][  T397] Code: c7 20 a5 66 85 31 c0 e8 59 c2 ec fe 0f 0b eb 83 e8 50 f4 1a ff c6 05 c9 7b 8a 04 01 48 c7 c7 80 a5 66 85 31 c0 e8 3b c2 ec fe <0f> 0b e9 62 ff ff ff e8 2f f4 1a ff c6 05 a9 7b 8a 04 01 48 c7 c7
[   27.025553][  T395]  do_syscall_64+0x44/0xd0
[   27.030634][  T397] RSP: 0018:ffffc90000b17a38 EFLAGS: 00010246
[   27.034963][  T395]  ? irqentry_exit+0x12/0x40
[   27.040982][  T397] 
[   27.048605][  T395]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   27.053612][  T403] kobject: can not set name properly!
[   27.085221][  T397] RAX: 8c94764b666ede00 RBX: 0000000000000003 RCX: ffff88810678cf00
[   27.088612][  T395] RIP: 0033:0x7fa0f815fc9a
[   27.096767][  T397] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[   27.100862][  T395] Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 98 03 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   27.105662][  T397] RBP: ffffc90000b17a48 R08: ffffffff81572d19 R09: 0000000000000003
[   27.113736][  T395] RSP: 002b:00007fa0f8103158 EFLAGS: 00000286
[   27.117844][  T397] R10: fffff52000162ef9 R11: 1ffff92000162ef8 R12: ffff888107bfdc00
[   27.121399][  T395]  ORIG_RAX: 00000000000000a5
[   27.125953][  T397] R13: ffff888107bfdd20 R14: 0000000000000003 R15: dffffc0000000000
[   27.131675][  T395] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fa0f815fc9a
[   27.135520][  T397] FS:  00007fa0f8103700(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[   27.140204][  T395] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fa0f8103170
[   27.147917][  T405] loop1: detected capacity change from 0 to 16
[   27.150482][  T395] RBP: 0000000000000005 R08: 00007fa0f81031b0 R09: 00007fa0f81036b8
[   27.162491][  T405] FAULT_INJECTION: forcing a failure.
[   27.162491][  T405] name failslab, interval 1, probability 0, space 0, times 0
[   27.171057][  T395] R10: 0000000000000000 R11: 0000000000000286 R12: 00007fa0f81031b0
[   27.176354][  T401] loop2: detected capacity change from 0 to 16
[   27.195163][  T395] R13: 0000000000000002 R14: 00007fa0f8103170 R15: 0000000020000230
[   27.203885][  T397] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   27.207547][  T395]  </TASK>
[   27.216125][  T405] CPU: 1 PID: 405 Comm: syz-executor254 Tainted: G        W         5.15.72-syzkaller-04310-g43eb03f7ce81 #0
[   27.223597][  T395] ---[ end trace 11fa2bc6d8c10690 ]---
[   27.231285][  T405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[   27.231297][  T405] Call Trace:
[   27.231301][  T405]  <TASK>
[   27.231305][  T405]  dump_stack_lvl+0x151/0x1b7
[   27.231328][  T405]  ? bfq_pos_tree_add_move+0x43e/0x43e
[   27.239298][  T395] list_add corruption. prev is NULL.
[   27.247229][  T405]  ? get_tree_bdev+0x417/0x640
[   27.258833][  T395] ------------[ cut here ]------------
[   27.261746][  T405]  ? vfs_get_tree+0x88/0x290
[   27.266478][  T395] kernel BUG at lib/list_debug.c:24!
[   27.276507][  T405]  ? do_new_mount+0x289/0xad0
[   27.280905][  T395] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[   27.287026][  T405]  ? path_mount+0x60b/0x1050
[   27.291601][  T395] CPU: 0 PID: 395 Comm: syz-executor254 Tainted: G        W         5.15.72-syzkaller-04310-g43eb03f7ce81 #0
[   27.311186][  T405]  ? __x64_sys_mount+0xbf/0xd0
[   27.315595][  T395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[   27.321633][  T405]  ? do_syscall_64+0x44/0xd0
[   27.326196][  T395] RIP: 0010:__list_add_valid+0xbc/0x100
[   27.328496][  T405]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   27.334379][  T395] Code: c0 74 ed 48 c7 c7 a0 c6 66 85 4c 89 fe 4c 89 e2 4c 89 f1 31 c0 e8 41 22 57 02 0f 0b 48 c7 c7 a0 c4 66 85 31 c0 e8 31 22 57 02 <0f> 0b 48 c7 c7 40 c5 66 85 31 c0 e8 21 22 57 02 0f 0b 48 c7 c7 a0
[   27.339728][  T405]  dump_stack+0x15/0x17
[   27.347691][  T395] RSP: 0018:ffffc90000ae78e0 EFLAGS: 00010046
[   27.352165][  T405]  should_fail+0x3c0/0x510
[   27.360111][  T395] 
[   27.360116][  T395] RAX: 0000000000000022 RBX: 1ffff9200015cf3d RCX: 12ffa64da8c05700
[   27.379688][  T405]  ? kvasprintf_const+0x139/0x180
[   27.387635][  T395] RDX: 0000000000000000 RSI: 0000000080000001 RDI: 0000000000000000
[   27.393672][  T405]  __should_failslab+0x9f/0xe0
[   27.401621][  T395] RBP: ffffc90000ae7908 R08: ffffffff81572d19 R09: 0000000000000003
[   27.406358][  T405]  should_failslab+0x9/0x20
[   27.414421][  T395] R10: fffff5200015ce89 R11: 1ffff9200015ce88 R12: ffffc90000ae79e8
[   27.422518][  T405]  __kmalloc_track_caller+0x6c/0x350
[   27.431452][  T395] R13: 1ffff11020f34aac R14: ffffc90000ae79e0 R15: ffff8881079a5560
[   27.439496][  T405]  kstrdup_const+0x55/0x90
[   27.445636][  T395] FS:  00007fa0f8103700(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[   27.453675][  T405]  kvasprintf_const+0x139/0x180
[   27.466397][  T395] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   27.474344][  T405]  kobject_set_name_vargs+0x61/0x120
[   27.480467][  T395] CR2: 0000555556eff5f8 CR3: 000000010118d000 CR4: 00000000003506b0
[   27.488419][  T405]  kobject_init_and_add+0xdb/0x190
[   27.495069][  T395] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   27.498066][  T405]  ? __kasan_check_write+0x14/0x20
[   27.509658][  T395] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   27.515088][  T405]  ? kobject_add+0x210/0x210
[   27.525203][  T395] Call Trace:
[   27.525210][  T395]  <TASK>
[   27.528460][  T405]  ? inode_init_always+0x709/0x990
[   27.531402][  T395]  __prepare_to_swait+0xad/0x140
[   27.536138][  T405]  ? _raw_spin_unlock+0x4d/0x70
[   27.541597][  T395]  wait_for_common+0x257/0x430
[   27.546867][  T405]  ? _raw_spin_unlock+0x4d/0x70
[   27.551601][  T395]  ? handle_bug+0x41/0x70
[   27.557137][  T405]  erofs_register_sysfs+0xd1/0x130
[   27.561711][  T395]  ? wait_for_completion+0x20/0x20
[   27.566973][  T405]  erofs_fc_fill_super+0x95c/0x1180
[   27.571621][  T395]  ? refcount_warn_saturate+0xba/0x1b0
[   27.577657][  T405]  get_tree_bdev+0x417/0x640
[   27.582217][  T395]  wait_for_completion+0x18/0x20
[   27.593899][  T405]  ? erofs_release_device_info+0x90/0x90
[   27.598634][  T395]  erofs_unregister_sysfs+0x5e/0x70
[   27.608665][  T405]  erofs_fc_get_tree+0x1c/0x20
[   27.614009][  T395]  ? erofs_free_inode+0xb0/0xb0
[   27.619647][  T405]  vfs_get_tree+0x88/0x290
[   27.625700][  T395]  erofs_put_super+0x46/0xa0
[   27.645388][  T405]  do_new_mount+0x289/0xad0
[   27.649606][  T395]  ? erofs_free_inode+0xb0/0xb0
[   27.655648][  T405]  ? do_move_mount_old+0x160/0x160
[   27.661435][  T395]  generic_shutdown_super+0x14f/0x2d0
[   27.663740][  T405]  ? security_capable+0xb2/0xd0
[   27.671685][  T395]  kill_block_super+0x80/0xe0
[   27.676766][  T405]  ? ns_capable+0x8a/0xf0
[   27.684734][  T395]  erofs_kill_sb+0x66/0x130
[   27.689555][  T405]  path_mount+0x60b/0x1050
[   27.697507][  T395]  deactivate_locked_super+0xb0/0x100
[   27.701986][  T405]  __se_sys_mount+0x2d2/0x3c0
[   27.710095][  T395]  get_tree_bdev+0x437/0x640
[   27.715384][  T405]  ? __x64_sys_mount+0xd0/0xd0
[   27.723332][  T395]  ? erofs_release_device_info+0x90/0x90
[   27.727718][  T405]  ? vfs_mkdir+0x580/0x580
[   27.736620][  T395]  erofs_fc_get_tree+0x1c/0x20
[   27.741440][  T405]  __x64_sys_mount+0xbf/0xd0
[   27.748089][  T395]  vfs_get_tree+0x88/0x290
[   27.753349][  T405]  do_syscall_64+0x44/0xd0
[   27.761501][  T395]  do_new_mount+0x289/0xad0
[   27.766588][  T405]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   27.774546][  T395]  ? do_move_mount_old+0x160/0x160
[   27.779633][  T405] RIP: 0033:0x7fa0f815fc9a
[   27.787698][  T395]  ? security_capable+0xb2/0xd0
[   27.792277][  T405] Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 98 03 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   27.795532][  T395]  ? ns_capable+0x8a/0xf0
[   27.798529][  T405] RSP: 002b:00007fa0f8103158 EFLAGS: 00000286
[   27.803607][  T395]  path_mount+0x60b/0x1050
[   27.808515][  T405]  ORIG_RAX: 00000000000000a5
[   27.813346][  T395]  __se_sys_mount+0x2d2/0x3c0
[   27.818092][  T405] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fa0f815fc9a
[   27.822917][  T395]  ? __x64_sys_mount+0xd0/0xd0
[   27.827218][  T405] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fa0f8103170
[   27.832297][  T395]  ? vfs_mkdir+0x580/0x580
[   27.837388][  T405] RBP: 0000000000000005 R08: 00007fa0f81031b0 R09: 00007fa0f81036b8
[   27.842555][  T395]  __x64_sys_mount+0xbf/0xd0
[   27.847990][  T405] R10: 0000000000000000 R11: 0000000000000286 R12: 00007fa0f81031b0
[   27.852559][  T395]  do_syscall_64+0x44/0xd0
[   27.857484][  T405] R13: 0000000000000002 R14: 00007fa0f8103170 R15: 0000000020000230
[   27.863109][  T395]  ? irqentry_exit+0x12/0x40
[   27.868281][  T405]  </TASK>
[   27.873099][  T395]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   28.117170][  T395] RIP: 0033:0x7fa0f815fc9a
[   28.121606][  T395] Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 98 03 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   28.141338][  T395] RSP: 002b:00007fa0f8103158 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[   28.149930][  T395] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fa0f815fc9a
[   28.157911][  T395] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fa0f8103170
[   28.165878][  T395] RBP: 0000000000000005 R08: 00007fa0f81031b0 R09: 00007fa0f81036b8
[   28.173930][  T395] R10: 0000000000000000 R11: 0000000000000286 R12: 00007fa0f81031b0
[   28.181915][  T395] R13: 0000000000000002 R14: 00007fa0f8103170 R15: 0000000020000230
[   28.189987][  T395]  </TASK>
[   28.192999][  T395] Modules linked in:
[   28.196888][  T395] ---[ end trace 11fa2bc6d8c10691 ]---
[   28.202345][  T395] RIP: 0010:__list_add_valid+0xbc/0x100
[   28.207901][  T395] Code: c0 74 ed 48 c7 c7 a0 c6 66 85 4c 89 fe 4c 89 e2 4c 89 f1 31 c0 e8 41 22 57 02 0f 0b 48 c7 c7 a0 c4 66 85 31 c0 e8 31 22 57 02 <0f> 0b 48 c7 c7 40 c5 66 85 31 c0 e8 21 22 57 02 0f 0b 48 c7 c7 a0
[   28.227639][  T395] RSP: 0018:ffffc90000ae78e0 EFLAGS: 00010046
[   28.233698][  T395] RAX: 0000000000000022 RBX: 1ffff9200015cf3d RCX: 12ffa64da8c05700
[   28.241659][  T395] RDX: 0000000000000000 RSI: 0000000080000001 RDI: 0000000000000000
[   28.249617][  T395] RBP: ffffc90000ae7908 R08: ffffffff81572d19 R09: 0000000000000003
[   28.257612][  T395] R10: fffff5200015ce89 R11: 1ffff9200015ce88 R12: ffffc90000ae79e8
[   28.265586][  T395] R13: 1ffff11020f34aac R14: ffffc90000ae79e0 R15: ffff8881079a5560
[   28.273543][  T395] FS:  00007fa0f8103700(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[   28.282464][  T395] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   28.289044][  T395] CR2: 0000555556eff5f8 CR3: 000000010118d000 CR4: 00000000003506b0
[   28.297020][  T395] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   28.304974][  T395] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   28.313017][  T395] Kernel panic - not syncing: Fatal exception
[   28.319205][  T395] Kernel Offset: disabled
[   28.323514][  T395] Rebooting in 86400 seconds..