./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2635824154

<...>
forked to background, child pid 4695
[   53.158029][ T4696] 8021q: adding VLAN 0 to HW filter on device bond0
[   53.179799][ T4696] eql: remember to turn off Van-Jacobson compression on your slave devices
[   53.664827][ T4773] ssh-keygen (4773) used greatest stack depth: 18160 bytes left
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.1.3' (ED25519) to the list of known hosts.
execve("./syz-executor2635824154", ["./syz-executor2635824154"], 0x7ffceb1a9d20 /* 10 vars */) = 0
brk(NULL)                               = 0x5555571c2000
brk(0x5555571c2d00)                     = 0x5555571c2d00
arch_prctl(ARCH_SET_FS, 0x5555571c2380) = 0
set_tid_address(0x5555571c2650)         = 5031
set_robust_list(0x5555571c2660, 24)     = 0
rseq(0x5555571c2ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor2635824154", 4096) = 28
getrandom("\x3f\x8c\x03\x1f\x88\x72\x42\xef", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x5555571c2d00
brk(0x5555571e3d00)                     = 0x5555571e3d00
brk(0x5555571e4000)                     = 0x5555571e4000
mprotect(0x7f1a519fc000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
mkdir("./syzkaller.9MeSMD", 0700)       = 0
chmod("./syzkaller.9MeSMD", 0777)       = 0
chdir("./syzkaller.9MeSMD")             = 0
mkdir("./0", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571c2650) = 5032
./strace-static-x86_64: Process 5032 attached
[pid  5032] set_robust_list(0x5555571c2660, 24) = 0
[pid  5032] chdir("./0")                = 0
[pid  5032] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5032] setpgid(0, 0)               = 0
[pid  5032] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5032] write(3, "1000", 4)         = 4
[pid  5032] close(3)                    = 0
[pid  5032] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5032] memfd_create("syzkaller", 0) = 3
[pid  5032] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1a49548000
[pid  5032] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid  5032] munmap(0x7f1a49548000, 138412032) = 0
[pid  5032] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
syzkaller login: [   79.835562][ T5032] syz-executor263[5032]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[pid  5032] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5032] close(3)                    = 0
[pid  5032] mkdir("./file1", 0777)      = 0
[   79.888715][ T5032] loop0: detected capacity change from 0 to 4096
[   79.909355][ T5032] NILFS (loop0): invalid segment: Checksum error in segment payload
[   79.918001][ T5032] NILFS (loop0): trying rollback from an earlier position
[pid  5032] mount("/dev/loop0", "./file1", "nilfs2", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_LAZYTIME, "") = 0
[pid  5032] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid  5032] chdir("./file1")            = 0
[pid  5032] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5032] close(4)                    = 0
[pid  5032] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid  5032] write(4, "19", 2)           = 2
[   79.939479][ T5032] NILFS (loop0): recovery complete
[   79.947294][ T5034] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   79.974240][ T5032] FAULT_INJECTION: forcing a failure.
[   79.974240][ T5032] name failslab, interval 1, probability 0, space 0, times 1
[   79.987675][ T5032] CPU: 1 PID: 5032 Comm: syz-executor263 Not tainted 6.6.0-rc5-syzkaller-00157-ge8c127b05766 #0
[   79.998136][ T5032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[   80.008225][ T5032] Call Trace:
[   80.011546][ T5032]  <TASK>
[   80.014529][ T5032]  dump_stack_lvl+0x1e7/0x2d0
[   80.019251][ T5032]  ? nf_tcp_handle_invalid+0x650/0x650
[   80.024737][ T5032]  ? panic+0x770/0x770
[   80.028862][ T5032]  ? __might_sleep+0xc0/0xc0
[   80.033506][ T5032]  should_fail_ex+0x3aa/0x4e0
[   80.038241][ T5032]  should_failslab+0x9/0x20
[   80.042769][ T5032]  slab_pre_alloc_hook+0x59/0x310
[   80.047842][ T5032]  ? read_lock_is_recursive+0x20/0x20
[   80.053253][ T5032]  kmem_cache_alloc_lru+0x4e/0x300
[   80.058375][ T5032]  ? nilfs_alloc_inode+0x2e/0xe0
[   80.063356][ T5032]  nilfs_alloc_inode+0x2e/0xe0
[   80.068141][ T5032]  ? __nilfs_error+0x720/0x720
[   80.072923][ T5032]  new_inode_pseudo+0x65/0x1d0
[   80.077720][ T5032]  new_inode+0x22/0x1d0
[   80.081911][ T5032]  ? down_read+0x829/0xa40
[   80.086343][ T5032]  nilfs_new_inode+0x13c/0xa30
[   80.091148][ T5032]  ? nilfs_direct_IO+0x120/0x120
[   80.096118][ T5032]  ? rcu_read_lock_any_held+0xb7/0x160
[   80.101689][ T5032]  ? rcu_is_watching+0x15/0xb0
[   80.106530][ T5032]  ? trace_nilfs2_transaction_transition+0x9a/0x1f0
[   80.113185][ T5032]  ? nilfs_transaction_begin+0x4fc/0x6e0
[   80.118860][ T5032]  nilfs_symlink+0x169/0x380
[   80.123517][ T5032]  ? nilfs_unlink+0x1d0/0x1d0
[   80.128265][ T5032]  ? bpf_lsm_inode_symlink+0x9/0x10
[   80.133496][ T5032]  ? security_inode_symlink+0xb3/0x100
[   80.138976][ T5032]  vfs_symlink+0x12f/0x2a0
[   80.143412][ T5032]  do_symlinkat+0x201/0x610
[   80.147948][ T5032]  ? vfs_symlink+0x2a0/0x2a0
[   80.152579][ T5032]  ? getname_flags+0x1f0/0x4e0
[   80.157356][ T5032]  __x64_sys_symlinkat+0x99/0xb0
[   80.162322][ T5032]  do_syscall_64+0x41/0xc0
[   80.166755][ T5032]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   80.172675][ T5032] RIP: 0033:0x7f1a51987169
[   80.177121][ T5032] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   80.196751][ T5032] RSP: 002b:00007ffd3852d1f8 EFLAGS: 00000246 ORIG_RAX: 000000000000010a
[   80.205211][ T5032] RAX: ffffffffffffffda RBX: 00007ffd3852d220 RCX: 00007f1a51987169
[   80.213196][ T5032] RDX: 0000000020000200 RSI: 00000000ffffff9c RDI: 00000000200001c0
[   80.221192][ T5032] RBP: 0000000000000002 R08: 00007ffd3852cf96 R09: 0000000002004c10
[   80.229192][ T5032] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffd3852d250
[pid  5032] symlinkat("./file2", AT_FDCWD, "./file6") = -1 ENOMEM (Cannot allocate memory)
[pid  5032] exit_group(0)               = ?
[pid  5032] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5032, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} ---
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571c36f0 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/binderfs")                  = 0
umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555571cb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571cb730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./0/file1")                      = 0
getdents64(3, 0x5555571c36f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./0")                            = 0
mkdir("./1", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5035 attached
, child_tidptr=0x5555571c2650) = 5035
[   80.237291][ T5032] R13: 00007ffd3852d290 R14: 0000000000200000 R15: 0000000000000003
[   80.245309][ T5032]  </TASK>
[pid  5035] set_robust_list(0x5555571c2660, 24) = 0
[pid  5035] chdir("./1")                = 0
[pid  5035] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5035] setpgid(0, 0)               = 0
[pid  5035] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5035] write(3, "1000", 4)         = 4
[pid  5035] close(3)                    = 0
[pid  5035] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5035] memfd_create("syzkaller", 0) = 3
[pid  5035] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1a49548000
[pid  5035] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid  5035] munmap(0x7f1a49548000, 138412032) = 0
[pid  5035] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5035] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5035] close(3)                    = 0
[pid  5035] mkdir("./file1", 0777)      = 0
[   80.350106][ T5035] loop0: detected capacity change from 0 to 4096
[   80.366629][ T5035] NILFS (loop0): invalid segment: Checksum error in segment payload
[   80.374934][ T5035] NILFS (loop0): trying rollback from an earlier position
[   80.391167][ T5035] NILFS (loop0): recovery complete
[pid  5035] mount("/dev/loop0", "./file1", "nilfs2", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_LAZYTIME, "") = 0
[pid  5035] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid  5035] chdir("./file1")            = 0
[pid  5035] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5035] close(4)                    = 0
[pid  5035] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid  5035] write(4, "19", 2)           = 2
[pid  5035] symlinkat("./file2", AT_FDCWD, "./file6") = 0
[pid  5035] exit_group(0)               = ?
[pid  5035] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5035, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571c36f0 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/binderfs")                  = 0
[   80.398158][ T5036] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555571cb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571cb730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./1/file1")                      = 0
getdents64(3, 0x5555571c36f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./1")                            = 0
mkdir("./2", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5037 attached
 <unfinished ...>
[pid  5037] set_robust_list(0x5555571c2660, 24) = 0
[pid  5037] chdir("./2" <unfinished ...>
[pid  5031] <... clone resumed>, child_tidptr=0x5555571c2650) = 5037
[pid  5037] <... chdir resumed>)        = 0
[pid  5037] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5037] setpgid(0, 0)               = 0
[pid  5037] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5037] write(3, "1000", 4)         = 4
[pid  5037] close(3)                    = 0
[pid  5037] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5037] memfd_create("syzkaller", 0) = 3
[pid  5037] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1a49548000
[pid  5037] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid  5037] munmap(0x7f1a49548000, 138412032) = 0
[pid  5037] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5037] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5037] close(3)                    = 0
[pid  5037] mkdir("./file1", 0777)      = 0
[   80.560464][ T5037] loop0: detected capacity change from 0 to 4096
[   80.579569][ T5037] NILFS (loop0): invalid segment: Checksum error in segment payload
[   80.587620][ T5037] NILFS (loop0): trying rollback from an earlier position
[   80.604393][ T5037] NILFS (loop0): recovery complete
[pid  5037] mount("/dev/loop0", "./file1", "nilfs2", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_LAZYTIME, "") = 0
[pid  5037] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid  5037] chdir("./file1")            = 0
[pid  5037] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5037] close(4)                    = 0
[pid  5037] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid  5037] write(4, "19", 2)           = 2
[   80.610869][ T5038] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   80.626151][ T5037] FAULT_INJECTION: forcing a failure.
[   80.626151][ T5037] name failslab, interval 1, probability 0, space 0, times 0
[   80.639157][ T5037] CPU: 1 PID: 5037 Comm: syz-executor263 Not tainted 6.6.0-rc5-syzkaller-00157-ge8c127b05766 #0
[   80.649626][ T5037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[   80.659899][ T5037] Call Trace:
[   80.663215][ T5037]  <TASK>
[   80.666163][ T5037]  dump_stack_lvl+0x1e7/0x2d0
[   80.670864][ T5037]  ? nf_tcp_handle_invalid+0x650/0x650
[   80.676353][ T5037]  ? panic+0x770/0x770
[   80.680470][ T5037]  ? __might_sleep+0xc0/0xc0
[   80.685090][ T5037]  should_fail_ex+0x3aa/0x4e0
[   80.689802][ T5037]  should_failslab+0x9/0x20
[   80.694334][ T5037]  slab_pre_alloc_hook+0x59/0x310
[   80.699440][ T5037]  ? lockdep_softirqs_off+0x420/0x420
[   80.704930][ T5037]  kmem_cache_alloc+0x52/0x300
[   80.709755][ T5037]  ? security_inode_alloc+0x28/0x120
[   80.715097][ T5037]  security_inode_alloc+0x28/0x120
[   80.720240][ T5037]  inode_init_always+0x8e3/0xc00
[   80.725200][ T5037]  ? __nilfs_error+0x720/0x720
[   80.729997][ T5037]  new_inode_pseudo+0x98/0x1d0
[   80.734821][ T5037]  new_inode+0x22/0x1d0
[   80.739015][ T5037]  ? down_read+0x829/0xa40
[   80.743486][ T5037]  nilfs_new_inode+0x13c/0xa30
[   80.748299][ T5037]  ? nilfs_direct_IO+0x120/0x120
[   80.753314][ T5037]  ? rcu_read_lock_any_held+0xb7/0x160
[   80.758809][ T5037]  ? rcu_is_watching+0x15/0xb0
[   80.763637][ T5037]  ? trace_nilfs2_transaction_transition+0x9a/0x1f0
[   80.770312][ T5037]  ? nilfs_transaction_begin+0x4fc/0x6e0
[   80.775987][ T5037]  nilfs_symlink+0x169/0x380
[   80.780627][ T5037]  ? nilfs_unlink+0x1d0/0x1d0
[   80.785339][ T5037]  ? bpf_lsm_inode_symlink+0x9/0x10
[   80.790655][ T5037]  ? security_inode_symlink+0xb3/0x100
[   80.796157][ T5037]  vfs_symlink+0x12f/0x2a0
[   80.800603][ T5037]  do_symlinkat+0x201/0x610
[   80.805175][ T5037]  ? vfs_symlink+0x2a0/0x2a0
[   80.809819][ T5037]  ? getname_flags+0x1f0/0x4e0
[   80.814617][ T5037]  __x64_sys_symlinkat+0x99/0xb0
[   80.819599][ T5037]  do_syscall_64+0x41/0xc0
[   80.824062][ T5037]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   80.829977][ T5037] RIP: 0033:0x7f1a51987169
[   80.834418][ T5037] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[pid  5037] symlinkat("./file2", AT_FDCWD, "./file6") = -1 ENOMEM (Cannot allocate memory)
[pid  5037] exit_group(0)               = ?
[pid  5037] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5037, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571c36f0 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/binderfs")                  = 0
umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
[   80.854045][ T5037] RSP: 002b:00007ffd3852d1f8 EFLAGS: 00000246 ORIG_RAX: 000000000000010a
[   80.862511][ T5037] RAX: ffffffffffffffda RBX: 00007ffd3852d220 RCX: 00007f1a51987169
[   80.870521][ T5037] RDX: 0000000020000200 RSI: 00000000ffffff9c RDI: 00000000200001c0
[   80.878537][ T5037] RBP: 0000000000000002 R08: 00007ffd3852cf96 R09: 0000000002004c10
[   80.886542][ T5037] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffd3852d250
[   80.894565][ T5037] R13: 00007ffd3852d290 R14: 0000000000200000 R15: 0000000000000003
[   80.902586][ T5037]  </TASK>
umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555571cb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571cb730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./2/file1")                      = 0
getdents64(3, 0x5555571c36f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./2")                            = 0
mkdir("./3", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5039 attached
, child_tidptr=0x5555571c2650) = 5039
[pid  5039] set_robust_list(0x5555571c2660, 24) = 0
[pid  5039] chdir("./3")                = 0
[pid  5039] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5039] setpgid(0, 0)               = 0
[pid  5039] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5039] write(3, "1000", 4)         = 4
[pid  5039] close(3)                    = 0
[pid  5039] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5039] memfd_create("syzkaller", 0) = 3
[pid  5039] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1a49548000
[pid  5039] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid  5039] munmap(0x7f1a49548000, 138412032) = 0
[pid  5039] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5039] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5039] close(3)                    = 0
[pid  5039] mkdir("./file1", 0777)      = 0
[   81.035397][ T5039] loop0: detected capacity change from 0 to 4096
[   81.052954][ T5039] NILFS (loop0): invalid segment: Checksum error in segment payload
[   81.061141][ T5039] NILFS (loop0): trying rollback from an earlier position
[   81.077298][ T5039] NILFS (loop0): recovery complete
[pid  5039] mount("/dev/loop0", "./file1", "nilfs2", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_LAZYTIME, "") = 0
[pid  5039] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid  5039] chdir("./file1")            = 0
[pid  5039] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5039] close(4)                    = 0
[pid  5039] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid  5039] write(4, "19", 2)           = 2
[pid  5039] symlinkat("./file2", AT_FDCWD, "./file6") = 0
[pid  5039] exit_group(0)               = ?
[pid  5039] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5039, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} ---
umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571c36f0 /* 4 entries */, 32768) = 112
umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/binderfs")                  = 0
[   81.083749][ T5040] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555571cb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571cb730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./3/file1")                      = 0
getdents64(3, 0x5555571c36f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./3")                            = 0
mkdir("./4", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571c2650) = 5041
./strace-static-x86_64: Process 5041 attached
[pid  5041] set_robust_list(0x5555571c2660, 24) = 0
[pid  5041] chdir("./4")                = 0
[pid  5041] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5041] setpgid(0, 0)               = 0
[pid  5041] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5041] write(3, "1000", 4)         = 4
[pid  5041] close(3)                    = 0
[pid  5041] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5041] memfd_create("syzkaller", 0) = 3
[pid  5041] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1a49548000
[pid  5041] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid  5041] munmap(0x7f1a49548000, 138412032) = 0
[pid  5041] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5041] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5041] close(3)                    = 0
[pid  5041] mkdir("./file1", 0777)      = 0
[   81.216569][ T5041] loop0: detected capacity change from 0 to 4096
[   81.234625][ T5041] NILFS (loop0): invalid segment: Checksum error in segment payload
[   81.242895][ T5041] NILFS (loop0): trying rollback from an earlier position
[   81.258566][ T5041] NILFS (loop0): recovery complete
[pid  5041] mount("/dev/loop0", "./file1", "nilfs2", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_LAZYTIME, "") = 0
[pid  5041] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid  5041] chdir("./file1")            = 0
[pid  5041] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5041] close(4)                    = 0
[pid  5041] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid  5041] write(4, "19", 2)           = 2
[   81.264649][ T5042] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   81.279073][ T5041] FAULT_INJECTION: forcing a failure.
[   81.279073][ T5041] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[   81.293474][ T5041] CPU: 0 PID: 5041 Comm: syz-executor263 Not tainted 6.6.0-rc5-syzkaller-00157-ge8c127b05766 #0
[   81.303943][ T5041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[   81.314139][ T5041] Call Trace:
[   81.317423][ T5041]  <TASK>
[   81.320355][ T5041]  dump_stack_lvl+0x1e7/0x2d0
[   81.325040][ T5041]  ? nf_tcp_handle_invalid+0x650/0x650
[   81.331370][ T5041]  ? panic+0x770/0x770
[   81.335456][ T5041]  should_fail_ex+0x3aa/0x4e0
[   81.340158][ T5041]  prepare_alloc_pages+0x1d9/0x5b0
[   81.345285][ T5041]  __alloc_pages+0x165/0x670
[   81.349910][ T5041]  ? zone_statistics+0x170/0x170
[   81.354906][ T5041]  ? xas_load+0x11e/0x140
[   81.359270][ T5041]  folio_alloc+0x1e/0x60
[   81.363530][ T5041]  filemap_alloc_folio+0xde/0x500
[   81.368584][ T5041]  ? filemap_add_folio+0x570/0x570
[   81.373729][ T5041]  ? __lock_acquire+0x1345/0x7f70
[   81.378774][ T5041]  __filemap_get_folio+0x431/0xbb0
[   81.383933][ T5041]  ? look_up_lock_class+0x77/0x140
[   81.389279][ T5041]  pagecache_get_page+0x2f/0x590
[   81.394309][ T5041]  nilfs_grab_buffer+0xb1/0x540
[   81.399240][ T5041]  nilfs_mdt_submit_block+0xdc/0x790
[   81.404554][ T5041]  ? nilfs_mdt_clear_shadow_map+0x290/0x290
[   81.410481][ T5041]  nilfs_mdt_read_block+0xeb/0x430
[   81.415619][ T5041]  ? nilfs_mdt_get_block+0xb60/0xb60
[   81.420929][ T5041]  ? nilfs_palloc_prepare_alloc_entry+0xf20/0x1150
[   81.427460][ T5041]  nilfs_mdt_get_block+0x11f/0xb60
[   81.432610][ T5041]  ? nilfs_palloc_get_block+0x162/0x290
[   81.438166][ T5041]  ? do_raw_spin_lock+0x14d/0x3a0
[   81.443214][ T5041]  ? PageUptodate+0x290/0x290
[   81.447920][ T5041]  ? do_raw_spin_unlock+0x13b/0x8b0
[   81.453141][ T5041]  nilfs_palloc_get_block+0x181/0x290
[   81.458536][ T5041]  nilfs_palloc_get_entry_block+0x8e/0xa0
[   81.464350][ T5041]  nilfs_dat_prepare_alloc+0x67/0x100
[   81.469740][ T5041]  nilfs_direct_insert+0x1bd/0x510
[   81.474894][ T5041]  ? nilfs_direct_lookup_contig+0x3d0/0x3d0
[   81.480834][ T5041]  nilfs_bmap_insert+0x251/0x3b0
[   81.485789][ T5041]  ? nilfs_bmap_lookup_contig+0x160/0x160
[   81.491524][ T5041]  ? __up_read+0x2bd/0x690
[   81.495981][ T5041]  ? nilfs_transaction_begin+0x4fc/0x6e0
[   81.501653][ T5041]  nilfs_get_block+0x428/0x8e0
[   81.506438][ T5041]  ? folio_create_buffers+0x132/0x250
[   81.511835][ T5041]  ? nilfs_inode_sub_blocks+0xe0/0xe0
[   81.517224][ T5041]  ? do_raw_spin_unlock+0x13b/0x8b0
[   81.522456][ T5041]  ? _raw_spin_unlock+0x28/0x40
[   81.527330][ T5041]  ? folio_create_buffers+0x132/0x250
[   81.532718][ T5041]  __block_write_begin_int+0x54d/0x1ac0
[   81.538278][ T5041]  ? folio_add_lru+0x27b/0x9d0
[   81.543073][ T5041]  ? nilfs_inode_sub_blocks+0xe0/0xe0
[   81.548462][ T5041]  ? folio_zero_new_buffers+0x530/0x530
[   81.554028][ T5041]  ? pagecache_get_page+0x243/0x590
[   81.559249][ T5041]  ? nilfs_inode_sub_blocks+0xe0/0xe0
[   81.564641][ T5041]  block_write_begin+0x9b/0x1e0
[   81.569513][ T5041]  nilfs_write_begin+0xa0/0x110
[   81.574394][ T5041]  page_symlink+0x2c5/0x4e0
[   81.578970][ T5041]  ? page_readlink+0x1d0/0x1d0
[   81.583810][ T5041]  ? trace_nilfs2_transaction_transition+0x9a/0x1f0
[   81.590425][ T5041]  ? nilfs_transaction_begin+0x4fc/0x6e0
[   81.596083][ T5041]  nilfs_symlink+0x236/0x380
[   81.600706][ T5041]  ? nilfs_unlink+0x1d0/0x1d0
[   81.605407][ T5041]  ? bpf_lsm_inode_symlink+0x9/0x10
[   81.610619][ T5041]  ? security_inode_symlink+0xb3/0x100
[   81.616115][ T5041]  vfs_symlink+0x12f/0x2a0
[   81.620549][ T5041]  do_symlinkat+0x201/0x610
[   81.625073][ T5041]  ? vfs_symlink+0x2a0/0x2a0
[   81.629685][ T5041]  ? getname_flags+0x1f0/0x4e0
[   81.634479][ T5041]  __x64_sys_symlinkat+0x99/0xb0
[   81.639442][ T5041]  do_syscall_64+0x41/0xc0
[   81.643873][ T5041]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   81.649780][ T5041] RIP: 0033:0x7f1a51987169
[   81.654205][ T5041] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   81.673820][ T5041] RSP: 002b:00007ffd3852d1f8 EFLAGS: 00000246 ORIG_RAX: 000000000000010a
[   81.682251][ T5041] RAX: ffffffffffffffda RBX: 00007ffd3852d220 RCX: 00007f1a51987169
[   81.690232][ T5041] RDX: 0000000020000200 RSI: 00000000ffffff9c RDI: 00000000200001c0
[   81.698215][ T5041] RBP: 0000000000000002 R08: 00007ffd3852cf96 R09: 0000000002004c10
[   81.706214][ T5041] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffd3852d250
[pid  5041] symlinkat("./file2", AT_FDCWD, "./file6") = -1 ENOMEM (Cannot allocate memory)
[pid  5041] exit_group(0)               = ?
[pid  5041] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5041, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571c36f0 /* 4 entries */, 32768) = 112
umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/binderfs")                  = 0
umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555571cb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571cb730 /* 0 entries */, 32768) = 0
[   81.714197][ T5041] R13: 00007ffd3852d290 R14: 0000000000200000 R15: 0000000000000003
[   81.722195][ T5041]  </TASK>
close(4)                                = 0
rmdir("./4/file1")                      = 0
getdents64(3, 0x5555571c36f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./4")                            = 0
mkdir("./5", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5043 attached
, child_tidptr=0x5555571c2650) = 5043
[pid  5043] set_robust_list(0x5555571c2660, 24) = 0
[pid  5043] chdir("./5")                = 0
[pid  5043] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5043] setpgid(0, 0)               = 0
[pid  5043] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5043] write(3, "1000", 4)         = 4
[pid  5043] close(3)                    = 0
[pid  5043] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5043] memfd_create("syzkaller", 0) = 3
[pid  5043] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1a49548000
[pid  5043] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid  5043] munmap(0x7f1a49548000, 138412032) = 0
[pid  5043] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5043] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5043] close(3)                    = 0
[pid  5043] mkdir("./file1", 0777)      = 0
[   81.848349][ T5043] loop0: detected capacity change from 0 to 4096
[   81.868217][ T5043] NILFS (loop0): invalid segment: Checksum error in segment payload
[   81.876242][ T5043] NILFS (loop0): trying rollback from an earlier position
[   81.893350][ T5043] NILFS (loop0): recovery complete
[pid  5043] mount("/dev/loop0", "./file1", "nilfs2", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_LAZYTIME, "") = 0
[pid  5043] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid  5043] chdir("./file1")            = 0
[pid  5043] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5043] close(4)                    = 0
[pid  5043] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid  5043] write(4, "19", 2)           = 2
[   81.899589][ T5044] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   81.919401][ T5043] FAULT_INJECTION: forcing a failure.
[   81.919401][ T5043] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   81.933016][ T5043] CPU: 0 PID: 5043 Comm: syz-executor263 Not tainted 6.6.0-rc5-syzkaller-00157-ge8c127b05766 #0
[   81.943474][ T5043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[   81.953544][ T5043] Call Trace:
[   81.956839][ T5043]  <TASK>
[   81.959782][ T5043]  dump_stack_lvl+0x1e7/0x2d0
[   81.964492][ T5043]  ? nf_tcp_handle_invalid+0x650/0x650
[   81.969987][ T5043]  ? panic+0x770/0x770
[   81.974079][ T5043]  ? ktime_get+0x83/0x270
[   81.978424][ T5043]  should_fail_ex+0x3aa/0x4e0
[   81.983123][ T5043]  prepare_alloc_pages+0x1d9/0x5b0
[   81.988272][ T5043]  __alloc_pages+0x165/0x670
[   81.992908][ T5043]  ? zone_statistics+0x170/0x170
[   81.997894][ T5043]  ? xas_load+0x11e/0x140
[   82.002251][ T5043]  folio_alloc+0x1e/0x60
[   82.006518][ T5043]  filemap_alloc_folio+0xde/0x500
[   82.011573][ T5043]  ? filemap_add_folio+0x570/0x570
[   82.016736][ T5043]  ? __lock_acquire+0x1345/0x7f70
[   82.021814][ T5043]  __filemap_get_folio+0x431/0xbb0
[   82.026942][ T5043]  ? look_up_lock_class+0x77/0x140
[   82.032070][ T5043]  pagecache_get_page+0x2f/0x590
[   82.037048][ T5043]  nilfs_grab_buffer+0xb1/0x540
[   82.041929][ T5043]  nilfs_mdt_submit_block+0xdc/0x790
[   82.047251][ T5043]  ? nilfs_mdt_clear_shadow_map+0x290/0x290
[   82.053201][ T5043]  nilfs_mdt_read_block+0xeb/0x430
[   82.058381][ T5043]  ? nilfs_mdt_get_block+0xb60/0xb60
[   82.063690][ T5043]  ? nilfs_palloc_prepare_alloc_entry+0xf20/0x1150
[   82.070218][ T5043]  nilfs_mdt_get_block+0x11f/0xb60
[   82.075375][ T5043]  ? nilfs_palloc_get_block+0x162/0x290
[   82.080940][ T5043]  ? do_raw_spin_lock+0x14d/0x3a0
[   82.086002][ T5043]  ? PageUptodate+0x290/0x290
[   82.090699][ T5043]  ? do_raw_spin_unlock+0x13b/0x8b0
[   82.095919][ T5043]  nilfs_palloc_get_block+0x181/0x290
[   82.101348][ T5043]  nilfs_palloc_get_entry_block+0x8e/0xa0
[   82.107113][ T5043]  nilfs_dat_prepare_alloc+0x67/0x100
[   82.112539][ T5043]  nilfs_direct_insert+0x1bd/0x510
[   82.117691][ T5043]  ? nilfs_direct_lookup_contig+0x3d0/0x3d0
[   82.123614][ T5043]  nilfs_bmap_insert+0x251/0x3b0
[   82.128757][ T5043]  ? nilfs_bmap_lookup_contig+0x160/0x160
[   82.134511][ T5043]  ? __up_read+0x2bd/0x690
[   82.138992][ T5043]  ? nilfs_transaction_begin+0x4fc/0x6e0
[   82.144656][ T5043]  nilfs_get_block+0x428/0x8e0
[   82.149439][ T5043]  ? folio_create_buffers+0x132/0x250
[   82.154839][ T5043]  ? nilfs_inode_sub_blocks+0xe0/0xe0
[   82.160228][ T5043]  ? do_raw_spin_unlock+0x13b/0x8b0
[   82.165455][ T5043]  ? _raw_spin_unlock+0x28/0x40
[   82.170323][ T5043]  ? folio_create_buffers+0x132/0x250
[   82.175719][ T5043]  __block_write_begin_int+0x54d/0x1ac0
[   82.181277][ T5043]  ? folio_add_lru+0x27b/0x9d0
[   82.186073][ T5043]  ? nilfs_inode_sub_blocks+0xe0/0xe0
[   82.191461][ T5043]  ? folio_zero_new_buffers+0x530/0x530
[   82.197033][ T5043]  ? pagecache_get_page+0x243/0x590
[   82.202252][ T5043]  ? nilfs_inode_sub_blocks+0xe0/0xe0
[   82.207638][ T5043]  block_write_begin+0x9b/0x1e0
[   82.212511][ T5043]  nilfs_write_begin+0xa0/0x110
[   82.217408][ T5043]  page_symlink+0x2c5/0x4e0
[   82.221939][ T5043]  ? page_readlink+0x1d0/0x1d0
[   82.226720][ T5043]  ? trace_nilfs2_transaction_transition+0x9a/0x1f0
[   82.233337][ T5043]  ? nilfs_transaction_begin+0x4fc/0x6e0
[   82.238995][ T5043]  nilfs_symlink+0x236/0x380
[   82.243629][ T5043]  ? nilfs_unlink+0x1d0/0x1d0
[   82.248420][ T5043]  ? bpf_lsm_inode_symlink+0x9/0x10
[   82.253633][ T5043]  ? security_inode_symlink+0xb3/0x100
[   82.259112][ T5043]  vfs_symlink+0x12f/0x2a0
[   82.263550][ T5043]  do_symlinkat+0x201/0x610
[   82.269396][ T5043]  ? vfs_symlink+0x2a0/0x2a0
[   82.274003][ T5043]  ? getname_flags+0x1f0/0x4e0
[   82.278782][ T5043]  __x64_sys_symlinkat+0x99/0xb0
[   82.283743][ T5043]  do_syscall_64+0x41/0xc0
[   82.288176][ T5043]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   82.294082][ T5043] RIP: 0033:0x7f1a51987169
[   82.298509][ T5043] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   82.318211][ T5043] RSP: 002b:00007ffd3852d1f8 EFLAGS: 00000246 ORIG_RAX: 000000000000010a
[   82.326641][ T5043] RAX: ffffffffffffffda RBX: 00007ffd3852d220 RCX: 00007f1a51987169
[   82.334625][ T5043] RDX: 0000000020000200 RSI: 00000000ffffff9c RDI: 00000000200001c0
[   82.342609][ T5043] RBP: 0000000000000002 R08: 00007ffd3852cf96 R09: 0000000002004c10
[pid  5043] symlinkat("./file2", AT_FDCWD, "./file6") = -1 ENOMEM (Cannot allocate memory)
[pid  5043] exit_group(0)               = ?
[pid  5043] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5043, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571c36f0 /* 4 entries */, 32768) = 112
umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/binderfs")                  = 0
[   82.350590][ T5043] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffd3852d250
[   82.358570][ T5043] R13: 00007ffd3852d290 R14: 0000000000200000 R15: 0000000000000003
[   82.366569][ T5043]  </TASK>
umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555571cb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571cb730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./5/file1")                      = 0
getdents64(3, 0x5555571c36f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./5")                            = 0
mkdir("./6", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5045 attached
, child_tidptr=0x5555571c2650) = 5045
[pid  5045] set_robust_list(0x5555571c2660, 24) = 0
[pid  5045] chdir("./6")                = 0
[pid  5045] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5045] setpgid(0, 0)               = 0
[pid  5045] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5045] write(3, "1000", 4)         = 4
[pid  5045] close(3)                    = 0
[pid  5045] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5045] memfd_create("syzkaller", 0) = 3
[pid  5045] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1a49548000
[pid  5045] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid  5045] munmap(0x7f1a49548000, 138412032) = 0
[pid  5045] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5045] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5045] close(3)                    = 0
[pid  5045] mkdir("./file1", 0777)      = 0
[   82.498218][ T5045] loop0: detected capacity change from 0 to 4096
[   82.515974][ T5045] NILFS (loop0): invalid segment: Checksum error in segment payload
[   82.524074][ T5045] NILFS (loop0): trying rollback from an earlier position
[   82.540610][ T5045] NILFS (loop0): recovery complete
[pid  5045] mount("/dev/loop0", "./file1", "nilfs2", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_LAZYTIME, "") = 0
[pid  5045] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid  5045] chdir("./file1")            = 0
[pid  5045] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5045] close(4)                    = 0
[pid  5045] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid  5045] write(4, "19", 2)           = 2
[pid  5045] symlinkat("./file2", AT_FDCWD, "./file6") = 0
[pid  5045] exit_group(0)               = ?
[pid  5045] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5045, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571c36f0 /* 4 entries */, 32768) = 112
umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/binderfs")                  = 0
umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[   82.547419][ T5046] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555571cb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571cb730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./6/file1")                      = 0
getdents64(3, 0x5555571c36f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./6")                            = 0
mkdir("./7", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571c2650) = 5047
./strace-static-x86_64: Process 5047 attached
[pid  5047] set_robust_list(0x5555571c2660, 24) = 0
[pid  5047] chdir("./7")                = 0
[pid  5047] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5047] setpgid(0, 0)               = 0
[pid  5047] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5047] write(3, "1000", 4)         = 4
[pid  5047] close(3)                    = 0
[pid  5047] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5047] memfd_create("syzkaller", 0) = 3
[pid  5047] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1a49548000
[pid  5047] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid  5047] munmap(0x7f1a49548000, 138412032) = 0
[pid  5047] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5047] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5047] close(3)                    = 0
[pid  5047] mkdir("./file1", 0777)      = 0
[pid  5047] mount("/dev/loop0", "./file1", "nilfs2", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_LAZYTIME, "") = 0
[   82.689814][ T5047] loop0: detected capacity change from 0 to 4096
[   82.707428][ T5047] NILFS (loop0): invalid segment: Checksum error in segment payload
[   82.715657][ T5047] NILFS (loop0): trying rollback from an earlier position
[   82.730491][ T5047] NILFS (loop0): recovery complete
[pid  5047] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid  5047] chdir("./file1")            = 0
[pid  5047] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5047] close(4)                    = 0
[pid  5047] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid  5047] write(4, "19", 2)           = 2
[pid  5047] symlinkat("./file2", AT_FDCWD, "./file6") = 0
[pid  5047] exit_group(0)               = ?
[pid  5047] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5047, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571c36f0 /* 4 entries */, 32768) = 112
umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/binderfs")                  = 0
umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555571cb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571cb730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./7/file1")                      = 0
getdents64(3, 0x5555571c36f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./7")                            = 0
mkdir("./8", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
[   82.737442][ T5048] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571c2650) = 5049
./strace-static-x86_64: Process 5049 attached
[pid  5049] set_robust_list(0x5555571c2660, 24) = 0
[pid  5049] chdir("./8")                = 0
[pid  5049] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5049] setpgid(0, 0)               = 0
[pid  5049] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5049] write(3, "1000", 4)         = 4
[pid  5049] close(3)                    = 0
[pid  5049] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5049] memfd_create("syzkaller", 0) = 3
[pid  5049] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1a49548000
[pid  5049] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid  5049] munmap(0x7f1a49548000, 138412032) = 0
[pid  5049] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5049] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5049] close(3)                    = 0
[pid  5049] mkdir("./file1", 0777)      = 0
[   82.868382][ T5049] loop0: detected capacity change from 0 to 4096
[   82.883212][ T5049] NILFS (loop0): invalid segment: Checksum error in segment payload
[   82.891512][ T5049] NILFS (loop0): trying rollback from an earlier position
[   82.908167][ T5049] NILFS (loop0): recovery complete
[pid  5049] mount("/dev/loop0", "./file1", "nilfs2", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_LAZYTIME, "") = 0
[pid  5049] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid  5049] chdir("./file1")            = 0
[pid  5049] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5049] close(4)                    = 0
[pid  5049] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid  5049] write(4, "19", 2)           = 2
[   82.914350][ T5050] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   82.929773][ T5049] FAULT_INJECTION: forcing a failure.
[   82.929773][ T5049] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   82.943236][ T5049] CPU: 0 PID: 5049 Comm: syz-executor263 Not tainted 6.6.0-rc5-syzkaller-00157-ge8c127b05766 #0
[   82.953697][ T5049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[   82.963835][ T5049] Call Trace:
[   82.967124][ T5049]  <TASK>
[   82.970066][ T5049]  dump_stack_lvl+0x1e7/0x2d0
[   82.974774][ T5049]  ? nf_tcp_handle_invalid+0x650/0x650
[   82.980265][ T5049]  ? panic+0x770/0x770
[   82.984359][ T5049]  should_fail_ex+0x3aa/0x4e0
[   82.989057][ T5049]  prepare_alloc_pages+0x1d9/0x5b0
[   82.994205][ T5049]  __alloc_pages+0x165/0x670
[   82.998842][ T5049]  ? zone_statistics+0x170/0x170
[   83.003850][ T5049]  ? xas_load+0x11e/0x140
[   83.008224][ T5049]  folio_alloc+0x1e/0x60
[   83.012520][ T5049]  filemap_alloc_folio+0xde/0x500
[   83.017594][ T5049]  ? filemap_add_folio+0x570/0x570
[   83.022750][ T5049]  ? __lock_acquire+0x1345/0x7f70
[   83.027813][ T5049]  __filemap_get_folio+0x431/0xbb0
[   83.032960][ T5049]  ? look_up_lock_class+0x77/0x140
[   83.038112][ T5049]  pagecache_get_page+0x2f/0x590
[   83.043081][ T5049]  nilfs_grab_buffer+0xb1/0x540
[   83.047971][ T5049]  nilfs_mdt_submit_block+0xdc/0x790
[   83.053290][ T5049]  ? nilfs_mdt_clear_shadow_map+0x290/0x290
[   83.060516][ T5049]  nilfs_mdt_read_block+0xeb/0x430
[   83.065660][ T5049]  ? nilfs_mdt_get_block+0xb60/0xb60
[   83.070970][ T5049]  ? nilfs_palloc_prepare_alloc_entry+0xf20/0x1150
[   83.077494][ T5049]  nilfs_mdt_get_block+0x11f/0xb60
[   83.082660][ T5049]  ? nilfs_palloc_get_block+0x162/0x290
[   83.088219][ T5049]  ? do_raw_spin_lock+0x14d/0x3a0
[   83.093263][ T5049]  ? PageUptodate+0x290/0x290
[   83.097992][ T5049]  ? do_raw_spin_unlock+0x13b/0x8b0
[   83.103224][ T5049]  nilfs_palloc_get_block+0x181/0x290
[   83.108616][ T5049]  nilfs_palloc_get_entry_block+0x8e/0xa0
[   83.114355][ T5049]  nilfs_dat_prepare_alloc+0x67/0x100
[   83.119746][ T5049]  nilfs_direct_insert+0x1bd/0x510
[   83.124877][ T5049]  ? nilfs_direct_lookup_contig+0x3d0/0x3d0
[   83.130800][ T5049]  nilfs_bmap_insert+0x251/0x3b0
[   83.135752][ T5049]  ? nilfs_bmap_lookup_contig+0x160/0x160
[   83.141481][ T5049]  ? __up_read+0x2bd/0x690
[   83.145930][ T5049]  ? nilfs_transaction_begin+0x4fc/0x6e0
[   83.151595][ T5049]  nilfs_get_block+0x428/0x8e0
[   83.156377][ T5049]  ? folio_create_buffers+0x132/0x250
[   83.161771][ T5049]  ? nilfs_inode_sub_blocks+0xe0/0xe0
[   83.167156][ T5049]  ? do_raw_spin_unlock+0x13b/0x8b0
[   83.172400][ T5049]  ? _raw_spin_unlock+0x28/0x40
[   83.177269][ T5049]  ? folio_create_buffers+0x132/0x250
[   83.182657][ T5049]  __block_write_begin_int+0x54d/0x1ac0
[   83.188216][ T5049]  ? folio_add_lru+0x27b/0x9d0
[   83.193013][ T5049]  ? nilfs_inode_sub_blocks+0xe0/0xe0
[   83.198402][ T5049]  ? folio_zero_new_buffers+0x530/0x530
[   83.203977][ T5049]  ? pagecache_get_page+0x243/0x590
[   83.209197][ T5049]  ? nilfs_inode_sub_blocks+0xe0/0xe0
[   83.214587][ T5049]  block_write_begin+0x9b/0x1e0
[   83.219453][ T5049]  nilfs_write_begin+0xa0/0x110
[   83.224326][ T5049]  page_symlink+0x2c5/0x4e0
[   83.228861][ T5049]  ? page_readlink+0x1d0/0x1d0
[   83.233660][ T5049]  ? trace_nilfs2_transaction_transition+0x9a/0x1f0
[   83.240274][ T5049]  ? nilfs_transaction_begin+0x4fc/0x6e0
[   83.245934][ T5049]  nilfs_symlink+0x236/0x380
[   83.250553][ T5049]  ? nilfs_unlink+0x1d0/0x1d0
[   83.255257][ T5049]  ? bpf_lsm_inode_symlink+0x9/0x10
[   83.260465][ T5049]  ? security_inode_symlink+0xb3/0x100
[   83.265947][ T5049]  vfs_symlink+0x12f/0x2a0
[   83.270384][ T5049]  do_symlinkat+0x201/0x610
[   83.274911][ T5049]  ? vfs_symlink+0x2a0/0x2a0
[   83.279546][ T5049]  ? getname_flags+0x1f0/0x4e0
[   83.284328][ T5049]  __x64_sys_symlinkat+0x99/0xb0
[   83.289282][ T5049]  do_syscall_64+0x41/0xc0
[   83.293714][ T5049]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   83.299629][ T5049] RIP: 0033:0x7f1a51987169
[   83.304063][ T5049] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   83.323680][ T5049] RSP: 002b:00007ffd3852d1f8 EFLAGS: 00000246 ORIG_RAX: 000000000000010a
[   83.332108][ T5049] RAX: ffffffffffffffda RBX: 00007ffd3852d220 RCX: 00007f1a51987169
[   83.340179][ T5049] RDX: 0000000020000200 RSI: 00000000ffffff9c RDI: 00000000200001c0
[   83.348160][ T5049] RBP: 0000000000000002 R08: 00007ffd3852cf96 R09: 0000000002004c10
[   83.356142][ T5049] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffd3852d250
[pid  5049] symlinkat("./file2", AT_FDCWD, "./file6") = -1 ENOMEM (Cannot allocate memory)
[pid  5049] exit_group(0)               = ?
[pid  5049] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5049, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} ---
umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571c36f0 /* 4 entries */, 32768) = 112
umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/binderfs")                  = 0
[   83.364122][ T5049] R13: 00007ffd3852d290 R14: 0000000000200000 R15: 0000000000000003
[   83.372147][ T5049]  </TASK>
umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555571cb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571cb730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./8/file1")                      = 0
getdents64(3, 0x5555571c36f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./8")                            = 0
mkdir("./9", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571c2650) = 5051
./strace-static-x86_64: Process 5051 attached
[pid  5051] set_robust_list(0x5555571c2660, 24) = 0
[pid  5051] chdir("./9")                = 0
[pid  5051] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5051] setpgid(0, 0)               = 0
[pid  5051] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5051] write(3, "1000", 4)         = 4
[pid  5051] close(3)                    = 0
[pid  5051] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5051] memfd_create("syzkaller", 0) = 3
[pid  5051] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1a49548000
[pid  5051] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid  5051] munmap(0x7f1a49548000, 138412032) = 0
[pid  5051] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5051] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5051] close(3)                    = 0
[pid  5051] mkdir("./file1", 0777)      = 0
[pid  5051] mount("/dev/loop0", "./file1", "nilfs2", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_LAZYTIME, "") = 0
[   83.490068][ T5051] loop0: detected capacity change from 0 to 4096
[   83.506313][ T5051] NILFS (loop0): invalid segment: Checksum error in segment payload
[   83.514433][ T5051] NILFS (loop0): trying rollback from an earlier position
[   83.530423][ T5051] NILFS (loop0): recovery complete
[pid  5051] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid  5051] chdir("./file1")            = 0
[pid  5051] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5051] close(4)                    = 0
[pid  5051] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid  5051] write(4, "19", 2)           = 2
[   83.537701][ T5052] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   83.554688][ T5051] FAULT_INJECTION: forcing a failure.
[   83.554688][ T5051] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   83.572273][ T5051] CPU: 0 PID: 5051 Comm: syz-executor263 Not tainted 6.6.0-rc5-syzkaller-00157-ge8c127b05766 #0
[   83.582759][ T5051] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[   83.592850][ T5051] Call Trace:
[   83.596136][ T5051]  <TASK>
[   83.599070][ T5051]  dump_stack_lvl+0x1e7/0x2d0
[   83.603763][ T5051]  ? nf_tcp_handle_invalid+0x650/0x650
[   83.609234][ T5051]  ? panic+0x770/0x770
[   83.613320][ T5051]  ? ktime_get+0x83/0x270
[   83.617665][ T5051]  should_fail_ex+0x3aa/0x4e0
[   83.622380][ T5051]  prepare_alloc_pages+0x1d9/0x5b0
[   83.627905][ T5051]  __alloc_pages+0x165/0x670
[   83.632572][ T5051]  ? zone_statistics+0x170/0x170
[   83.637559][ T5051]  ? xas_load+0x11e/0x140
[   83.641901][ T5051]  folio_alloc+0x1e/0x60
[   83.646156][ T5051]  filemap_alloc_folio+0xde/0x500
[   83.651220][ T5051]  ? filemap_add_folio+0x570/0x570
[   83.656612][ T5051]  ? __lock_acquire+0x1345/0x7f70
[   83.661649][ T5051]  __filemap_get_folio+0x431/0xbb0
[   83.668242][ T5051]  ? look_up_lock_class+0x77/0x140
[   83.673373][ T5051]  pagecache_get_page+0x2f/0x590
[   83.678329][ T5051]  nilfs_grab_buffer+0xb1/0x540
[   83.683196][ T5051]  nilfs_mdt_submit_block+0xdc/0x790
[   83.688490][ T5051]  ? nilfs_mdt_clear_shadow_map+0x290/0x290
[   83.694413][ T5051]  nilfs_mdt_read_block+0xeb/0x430
[   83.699542][ T5051]  ? nilfs_mdt_get_block+0xb60/0xb60
[   83.704837][ T5051]  ? nilfs_palloc_prepare_alloc_entry+0xf20/0x1150
[   83.711356][ T5051]  nilfs_mdt_get_block+0x11f/0xb60
[   83.716510][ T5051]  ? nilfs_palloc_get_block+0x162/0x290
[   83.722082][ T5051]  ? do_raw_spin_lock+0x14d/0x3a0
[   83.727138][ T5051]  ? PageUptodate+0x290/0x290
[   83.731844][ T5051]  ? do_raw_spin_unlock+0x13b/0x8b0
[   83.737057][ T5051]  nilfs_palloc_get_block+0x181/0x290
[   83.742443][ T5051]  nilfs_palloc_get_entry_block+0x8e/0xa0
[   83.748180][ T5051]  nilfs_dat_prepare_alloc+0x67/0x100
[   83.753565][ T5051]  nilfs_direct_insert+0x1bd/0x510
[   83.758707][ T5051]  ? nilfs_direct_lookup_contig+0x3d0/0x3d0
[   83.764616][ T5051]  nilfs_bmap_insert+0x251/0x3b0
[   83.769562][ T5051]  ? nilfs_bmap_lookup_contig+0x160/0x160
[   83.775285][ T5051]  ? __up_read+0x2bd/0x690
[   83.779738][ T5051]  ? nilfs_transaction_begin+0x4fc/0x6e0
[   83.785384][ T5051]  nilfs_get_block+0x428/0x8e0
[   83.790168][ T5051]  ? folio_create_buffers+0x132/0x250
[   83.795575][ T5051]  ? nilfs_inode_sub_blocks+0xe0/0xe0
[   83.800954][ T5051]  ? do_raw_spin_unlock+0x13b/0x8b0
[   83.806161][ T5051]  ? _raw_spin_unlock+0x28/0x40
[   83.811034][ T5051]  ? folio_create_buffers+0x132/0x250
[   83.816438][ T5051]  __block_write_begin_int+0x54d/0x1ac0
[   83.822170][ T5051]  ? folio_add_lru+0x27b/0x9d0
[   83.826970][ T5051]  ? nilfs_inode_sub_blocks+0xe0/0xe0
[   83.832354][ T5051]  ? folio_zero_new_buffers+0x530/0x530
[   83.837920][ T5051]  ? pagecache_get_page+0x243/0x590
[   83.843130][ T5051]  ? nilfs_inode_sub_blocks+0xe0/0xe0
[   83.848505][ T5051]  block_write_begin+0x9b/0x1e0
[   83.853360][ T5051]  nilfs_write_begin+0xa0/0x110
[   83.858219][ T5051]  page_symlink+0x2c5/0x4e0
[   83.862740][ T5051]  ? page_readlink+0x1d0/0x1d0
[   83.867511][ T5051]  ? trace_nilfs2_transaction_transition+0x9a/0x1f0
[   83.874114][ T5051]  ? nilfs_transaction_begin+0x4fc/0x6e0
[   83.879757][ T5051]  nilfs_symlink+0x236/0x380
[   83.884361][ T5051]  ? nilfs_unlink+0x1d0/0x1d0
[   83.889058][ T5051]  ? bpf_lsm_inode_symlink+0x9/0x10
[   83.894270][ T5051]  ? security_inode_symlink+0xb3/0x100
[   83.899752][ T5051]  vfs_symlink+0x12f/0x2a0
[   83.904176][ T5051]  do_symlinkat+0x201/0x610
[   83.908703][ T5051]  ? vfs_symlink+0x2a0/0x2a0
[   83.913300][ T5051]  ? getname_flags+0x1f0/0x4e0
[   83.918071][ T5051]  __x64_sys_symlinkat+0x99/0xb0
[   83.923017][ T5051]  do_syscall_64+0x41/0xc0
[   83.927435][ T5051]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   83.933346][ T5051] RIP: 0033:0x7f1a51987169
[   83.937761][ T5051] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   83.957382][ T5051] RSP: 002b:00007ffd3852d1f8 EFLAGS: 00000246 ORIG_RAX: 000000000000010a
[   83.965798][ T5051] RAX: ffffffffffffffda RBX: 00007ffd3852d220 RCX: 00007f1a51987169
[   83.973775][ T5051] RDX: 0000000020000200 RSI: 00000000ffffff9c RDI: 00000000200001c0
[   83.981746][ T5051] RBP: 0000000000000002 R08: 00007ffd3852cf96 R09: 0000000002004c10
[pid  5051] symlinkat("./file2", AT_FDCWD, "./file6") = -1 ENOMEM (Cannot allocate memory)
[pid  5051] exit_group(0)               = ?
[pid  5051] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5051, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} ---
umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571c36f0 /* 4 entries */, 32768) = 112
umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/binderfs")                  = 0
umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[   83.989733][ T5051] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffd3852d250
[   83.997740][ T5051] R13: 00007ffd3852d290 R14: 0000000000200000 R15: 0000000000000003
[   84.005735][ T5051]  </TASK>
openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555571cb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571cb730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./9/file1")                      = 0
getdents64(3, 0x5555571c36f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./9")                            = 0
mkdir("./10", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5053 attached
 <unfinished ...>
[pid  5053] set_robust_list(0x5555571c2660, 24) = 0
[pid  5053] chdir("./10")               = 0
[pid  5053] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5053] setpgid(0, 0)               = 0
[pid  5053] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid  5031] <... clone resumed>, child_tidptr=0x5555571c2650) = 5053
[pid  5053] <... openat resumed>)       = 3
[pid  5053] write(3, "1000", 4)         = 4
[pid  5053] close(3)                    = 0
[pid  5053] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5053] memfd_create("syzkaller", 0) = 3
[pid  5053] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1a49548000
[pid  5053] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid  5053] munmap(0x7f1a49548000, 138412032) = 0
[pid  5053] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5053] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5053] close(3)                    = 0
[pid  5053] mkdir("./file1", 0777)      = 0
[   84.138935][ T5053] loop0: detected capacity change from 0 to 4096
[   84.159514][ T5053] NILFS (loop0): invalid segment: Checksum error in segment payload
[   84.168174][ T5053] NILFS (loop0): trying rollback from an earlier position
[pid  5053] mount("/dev/loop0", "./file1", "nilfs2", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_LAZYTIME, "") = 0
[pid  5053] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid  5053] chdir("./file1")            = 0
[pid  5053] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5053] close(4)                    = 0
[pid  5053] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid  5053] write(4, "19", 2)           = 2
[pid  5053] symlinkat("./file2", AT_FDCWD, "./file6") = 0
[pid  5053] exit_group(0)               = ?
[   84.193099][ T5053] NILFS (loop0): recovery complete
[   84.200209][ T5054] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[pid  5053] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5053, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571c36f0 /* 4 entries */, 32768) = 112
umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/binderfs")                 = 0
umount2("./10/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./10/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./10/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555571cb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571cb730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./10/file1")                     = 0
getdents64(3, 0x5555571c36f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./10")                           = 0
mkdir("./11", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5055 attached
 <unfinished ...>
[pid  5055] set_robust_list(0x5555571c2660, 24 <unfinished ...>
[pid  5031] <... clone resumed>, child_tidptr=0x5555571c2650) = 5055
[pid  5055] <... set_robust_list resumed>) = 0
[pid  5055] chdir("./11")               = 0
[pid  5055] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5055] setpgid(0, 0)               = 0
[pid  5055] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5055] write(3, "1000", 4)         = 4
[pid  5055] close(3)                    = 0
[pid  5055] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5055] memfd_create("syzkaller", 0) = 3
[pid  5055] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1a49548000
[pid  5055] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid  5055] munmap(0x7f1a49548000, 138412032) = 0
[pid  5055] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5055] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5055] close(3)                    = 0
[pid  5055] mkdir("./file1", 0777)      = 0
[   84.396881][ T5055] loop0: detected capacity change from 0 to 4096
[   84.416312][ T5055] NILFS (loop0): invalid segment: Checksum error in segment payload
[   84.424639][ T5055] NILFS (loop0): trying rollback from an earlier position
[pid  5055] mount("/dev/loop0", "./file1", "nilfs2", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_LAZYTIME, "") = 0
[pid  5055] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid  5055] chdir("./file1")            = 0
[pid  5055] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5055] close(4)                    = 0
[pid  5055] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid  5055] write(4, "19", 2)           = 2
[pid  5055] symlinkat("./file2", AT_FDCWD, "./file6") = 0
[pid  5055] exit_group(0)               = ?
[pid  5055] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5055, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571c36f0 /* 4 entries */, 32768) = 112
umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/binderfs")                 = 0
[   84.443289][ T5055] NILFS (loop0): recovery complete
[   84.449827][ T5056] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
umount2("./11/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./11/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./11/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555571cb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571cb730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./11/file1")                     = 0
getdents64(3, 0x5555571c36f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./11")                           = 0
mkdir("./12", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571c2650) = 5057
./strace-static-x86_64: Process 5057 attached
[pid  5057] set_robust_list(0x5555571c2660, 24) = 0
[pid  5057] chdir("./12")               = 0
[pid  5057] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5057] setpgid(0, 0)               = 0
[pid  5057] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5057] write(3, "1000", 4)         = 4
[pid  5057] close(3)                    = 0
[pid  5057] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5057] memfd_create("syzkaller", 0) = 3
[pid  5057] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1a49548000
[pid  5057] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid  5057] munmap(0x7f1a49548000, 138412032) = 0
[pid  5057] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5057] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5057] close(3)                    = 0
[pid  5057] mkdir("./file1", 0777)      = 0
[   84.604270][ T5057] loop0: detected capacity change from 0 to 4096
[   84.622205][ T5057] NILFS (loop0): invalid segment: Checksum error in segment payload
[   84.630356][ T5057] NILFS (loop0): trying rollback from an earlier position
[   84.645835][ T5057] NILFS (loop0): recovery complete
[pid  5057] mount("/dev/loop0", "./file1", "nilfs2", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_LAZYTIME, "") = 0
[pid  5057] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid  5057] chdir("./file1")            = 0
[pid  5057] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5057] close(4)                    = 0
[pid  5057] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid  5057] write(4, "19", 2)           = 2
[pid  5057] symlinkat("./file2", AT_FDCWD, "./file6") = 0
[pid  5057] exit_group(0)               = ?
[pid  5057] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5057, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} ---
umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571c36f0 /* 4 entries */, 32768) = 112
umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/binderfs")                 = 0
umount2("./12/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./12/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./12/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555571cb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571cb730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./12/file1")                     = 0
getdents64(3, 0x5555571c36f0 /* 0 entries */, 32768) = 0
[   84.652217][ T5058] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
close(3)                                = 0
rmdir("./12")                           = 0
mkdir("./13", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5059 attached
 <unfinished ...>
[pid  5059] set_robust_list(0x5555571c2660, 24) = 0
[pid  5059] chdir("./13" <unfinished ...>
[pid  5031] <... clone resumed>, child_tidptr=0x5555571c2650) = 5059
[pid  5059] <... chdir resumed>)        = 0
[pid  5059] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5059] setpgid(0, 0)               = 0
[pid  5059] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5059] write(3, "1000", 4)         = 4
[pid  5059] close(3)                    = 0
[pid  5059] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5059] memfd_create("syzkaller", 0) = 3
[pid  5059] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1a49548000
[pid  5059] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid  5059] munmap(0x7f1a49548000, 138412032) = 0
[pid  5059] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5059] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5059] close(3)                    = 0
[pid  5059] mkdir("./file1", 0777)      = 0
[   84.798267][ T5059] loop0: detected capacity change from 0 to 4096
[   84.815438][ T5059] NILFS (loop0): invalid segment: Checksum error in segment payload
[   84.823839][ T5059] NILFS (loop0): trying rollback from an earlier position
[   84.839401][ T5059] NILFS (loop0): recovery complete
[pid  5059] mount("/dev/loop0", "./file1", "nilfs2", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_LAZYTIME, "") = 0
[pid  5059] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid  5059] chdir("./file1")            = 0
[pid  5059] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5059] close(4)                    = 0
[pid  5059] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid  5059] write(4, "19", 2)           = 2
[pid  5059] symlinkat("./file2", AT_FDCWD, "./file6") = 0
[pid  5059] exit_group(0)               = ?
[pid  5059] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5059, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571c36f0 /* 4 entries */, 32768) = 112
umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/binderfs")                 = 0
[   84.845916][ T5060] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
umount2("./13/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./13/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./13/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555571cb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571cb730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./13/file1")                     = 0
getdents64(3, 0x5555571c36f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./13")                           = 0
mkdir("./14", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5061 attached
, child_tidptr=0x5555571c2650) = 5061
[pid  5061] set_robust_list(0x5555571c2660, 24) = 0
[pid  5061] chdir("./14")               = 0
[pid  5061] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5061] setpgid(0, 0)               = 0
[pid  5061] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5061] write(3, "1000", 4)         = 4
[pid  5061] close(3)                    = 0
[pid  5061] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5061] memfd_create("syzkaller", 0) = 3
[pid  5061] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1a49548000
[pid  5061] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid  5061] munmap(0x7f1a49548000, 138412032) = 0
[pid  5061] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5061] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5061] close(3)                    = 0
[pid  5061] mkdir("./file1", 0777)      = 0
[   85.001968][ T5061] loop0: detected capacity change from 0 to 4096
[   85.021829][ T5061] NILFS (loop0): invalid segment: Checksum error in segment payload
[   85.030011][ T5061] NILFS (loop0): trying rollback from an earlier position
[   85.046437][ T5061] NILFS (loop0): recovery complete
[pid  5061] mount("/dev/loop0", "./file1", "nilfs2", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_LAZYTIME, "") = 0
[pid  5061] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid  5061] chdir("./file1")            = 0
[pid  5061] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5061] close(4)                    = 0
[pid  5061] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid  5061] write(4, "19", 2)           = 2
[   85.052483][ T5062] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   85.072550][ T5061] FAULT_INJECTION: forcing a failure.
[   85.072550][ T5061] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   85.086192][ T5061] CPU: 0 PID: 5061 Comm: syz-executor263 Not tainted 6.6.0-rc5-syzkaller-00157-ge8c127b05766 #0
[   85.096657][ T5061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[   85.106747][ T5061] Call Trace:
[   85.110038][ T5061]  <TASK>
[   85.112969][ T5061]  dump_stack_lvl+0x1e7/0x2d0
[   85.117652][ T5061]  ? nf_tcp_handle_invalid+0x650/0x650
[   85.123127][ T5061]  ? panic+0x770/0x770
[   85.127227][ T5061]  should_fail_ex+0x3aa/0x4e0
[   85.131931][ T5061]  prepare_alloc_pages+0x1d9/0x5b0
[   85.137066][ T5061]  __alloc_pages+0x165/0x670
[   85.141719][ T5061]  ? zone_statistics+0x170/0x170
[   85.146693][ T5061]  ? xas_load+0x11e/0x140
[   85.151036][ T5061]  folio_alloc+0x1e/0x60
[   85.155292][ T5061]  filemap_alloc_folio+0xde/0x500
[   85.160365][ T5061]  ? filemap_add_folio+0x570/0x570
[   85.165504][ T5061]  ? __lock_acquire+0x1345/0x7f70
[   85.170551][ T5061]  __filemap_get_folio+0x431/0xbb0
[   85.175850][ T5061]  ? look_up_lock_class+0x77/0x140
[   85.180984][ T5061]  pagecache_get_page+0x2f/0x590
[   85.185961][ T5061]  nilfs_grab_buffer+0xb1/0x540
[   85.190838][ T5061]  nilfs_mdt_submit_block+0xdc/0x790
[   85.196156][ T5061]  ? nilfs_mdt_clear_shadow_map+0x290/0x290
[   85.202070][ T5061]  nilfs_mdt_read_block+0xeb/0x430
[   85.207998][ T5061]  ? nilfs_mdt_get_block+0xb60/0xb60
[   85.213304][ T5061]  ? nilfs_palloc_prepare_alloc_entry+0xf20/0x1150
[   85.219858][ T5061]  nilfs_mdt_get_block+0x11f/0xb60
[   85.224995][ T5061]  ? nilfs_palloc_get_block+0x162/0x290
[   85.230549][ T5061]  ? do_raw_spin_lock+0x14d/0x3a0
[   85.235589][ T5061]  ? PageUptodate+0x290/0x290
[   85.240287][ T5061]  ? do_raw_spin_unlock+0x13b/0x8b0
[   85.245506][ T5061]  nilfs_palloc_get_block+0x181/0x290
[   85.250898][ T5061]  nilfs_palloc_get_entry_block+0x8e/0xa0
[   85.256629][ T5061]  nilfs_dat_prepare_alloc+0x67/0x100
[   85.262018][ T5061]  nilfs_direct_insert+0x1bd/0x510
[   85.267158][ T5061]  ? nilfs_direct_lookup_contig+0x3d0/0x3d0
[   85.273076][ T5061]  nilfs_bmap_insert+0x251/0x3b0
[   85.278024][ T5061]  ? nilfs_bmap_lookup_contig+0x160/0x160
[   85.283754][ T5061]  ? __up_read+0x2bd/0x690
[   85.288214][ T5061]  ? nilfs_transaction_begin+0x4fc/0x6e0
[   85.293866][ T5061]  nilfs_get_block+0x428/0x8e0
[   85.298642][ T5061]  ? folio_create_buffers+0x132/0x250
[   85.304058][ T5061]  ? nilfs_inode_sub_blocks+0xe0/0xe0
[   85.309443][ T5061]  ? do_raw_spin_unlock+0x13b/0x8b0
[   85.314666][ T5061]  ? _raw_spin_unlock+0x28/0x40
[   85.319532][ T5061]  ? folio_create_buffers+0x132/0x250
[   85.324918][ T5061]  __block_write_begin_int+0x54d/0x1ac0
[   85.330476][ T5061]  ? folio_add_lru+0x27b/0x9d0
[   85.335271][ T5061]  ? nilfs_inode_sub_blocks+0xe0/0xe0
[   85.340678][ T5061]  ? folio_zero_new_buffers+0x530/0x530
[   85.346238][ T5061]  ? pagecache_get_page+0x243/0x590
[   85.351458][ T5061]  ? nilfs_inode_sub_blocks+0xe0/0xe0
[   85.356843][ T5061]  block_write_begin+0x9b/0x1e0
[   85.361706][ T5061]  nilfs_write_begin+0xa0/0x110
[   85.366575][ T5061]  page_symlink+0x2c5/0x4e0
[   85.371104][ T5061]  ? page_readlink+0x1d0/0x1d0
[   85.375882][ T5061]  ? trace_nilfs2_transaction_transition+0x9a/0x1f0
[   85.382511][ T5061]  ? nilfs_transaction_begin+0x4fc/0x6e0
[   85.388166][ T5061]  nilfs_symlink+0x236/0x380
[   85.392779][ T5061]  ? nilfs_unlink+0x1d0/0x1d0
[   85.397476][ T5061]  ? bpf_lsm_inode_symlink+0x9/0x10
[   85.402683][ T5061]  ? security_inode_symlink+0xb3/0x100
[   85.408162][ T5061]  vfs_symlink+0x12f/0x2a0
[   85.412599][ T5061]  do_symlinkat+0x201/0x610
[   85.417154][ T5061]  ? vfs_symlink+0x2a0/0x2a0
[   85.421793][ T5061]  ? getname_flags+0x1f0/0x4e0
[   85.426589][ T5061]  __x64_sys_symlinkat+0x99/0xb0
[   85.431570][ T5061]  do_syscall_64+0x41/0xc0
[   85.436008][ T5061]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   85.441918][ T5061] RIP: 0033:0x7f1a51987169
[   85.446362][ T5061] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   85.466005][ T5061] RSP: 002b:00007ffd3852d1f8 EFLAGS: 00000246 ORIG_RAX: 000000000000010a
[   85.474433][ T5061] RAX: ffffffffffffffda RBX: 00007ffd3852d220 RCX: 00007f1a51987169
[   85.482427][ T5061] RDX: 0000000020000200 RSI: 00000000ffffff9c RDI: 00000000200001c0
[   85.490406][ T5061] RBP: 0000000000000002 R08: 00007ffd3852cf96 R09: 0000000002004c10
[pid  5061] symlinkat("./file2", AT_FDCWD, "./file6") = -1 ENOMEM (Cannot allocate memory)
[pid  5061] exit_group(0)               = ?
[pid  5061] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5061, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} ---
umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571c36f0 /* 4 entries */, 32768) = 112
umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/binderfs")                 = 0
umount2("./14/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./14/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./14/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555571cb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571cb730 /* 0 entries */, 32768) = 0
close(4)                                = 0
[   85.498387][ T5061] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffd3852d250
[   85.506370][ T5061] R13: 00007ffd3852d290 R14: 0000000000200000 R15: 0000000000000003
[   85.514368][ T5061]  </TASK>
rmdir("./14/file1")                     = 0
getdents64(3, 0x5555571c36f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./14")                           = 0
mkdir("./15", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5063 attached
, child_tidptr=0x5555571c2650) = 5063
[pid  5063] set_robust_list(0x5555571c2660, 24) = 0
[pid  5063] chdir("./15")               = 0
[pid  5063] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5063] setpgid(0, 0)               = 0
[pid  5063] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5063] write(3, "1000", 4)         = 4
[pid  5063] close(3)                    = 0
[pid  5063] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5063] memfd_create("syzkaller", 0) = 3
[pid  5063] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1a49548000
[pid  5063] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152
[pid  5063] munmap(0x7f1a49548000, 138412032) = 0
[pid  5063] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5063] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5063] close(3)                    = 0
[pid  5063] mkdir("./file1", 0777)      = 0
[   85.630977][ T5063] loop0: detected capacity change from 0 to 4096
[   85.650098][ T5063] NILFS (loop0): invalid segment: Checksum error in segment payload
[   85.658259][ T5063] NILFS (loop0): trying rollback from an earlier position
[pid  5063] mount("/dev/loop0", "./file1", "nilfs2", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_LAZYTIME, "") = 0
[pid  5063] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid  5063] chdir("./file1")            = 0
[pid  5063] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5063] close(4)                    = 0
[pid  5063] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid  5063] write(4, "19", 2)           = 2
[   85.676720][ T5063] NILFS (loop0): recovery complete
[   85.683060][ T5064] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   85.700102][ T5063] FAULT_INJECTION: forcing a failure.
[   85.700102][ T5063] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   85.713934][ T5063] CPU: 0 PID: 5063 Comm: syz-executor263 Not tainted 6.6.0-rc5-syzkaller-00157-ge8c127b05766 #0
[   85.724407][ T5063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[   85.734494][ T5063] Call Trace:
[   85.737823][ T5063]  <TASK>
[   85.740786][ T5063]  dump_stack_lvl+0x1e7/0x2d0
[   85.745494][ T5063]  ? nf_tcp_handle_invalid+0x650/0x650
[   85.750980][ T5063]  ? panic+0x770/0x770
[   85.755083][ T5063]  should_fail_ex+0x3aa/0x4e0
[   85.759788][ T5063]  prepare_alloc_pages+0x1d9/0x5b0
[   85.764924][ T5063]  __alloc_pages+0x165/0x670
[   85.769555][ T5063]  ? zone_statistics+0x170/0x170
[   85.774522][ T5063]  ? xas_load+0x11e/0x140
[   85.778868][ T5063]  folio_alloc+0x1e/0x60
[   85.783125][ T5063]  filemap_alloc_folio+0xde/0x500
[   85.788175][ T5063]  ? filemap_add_folio+0x570/0x570
[   85.793312][ T5063]  ? __lock_acquire+0x1345/0x7f70
[   85.798356][ T5063]  __filemap_get_folio+0x431/0xbb0
[   85.803480][ T5063]  ? look_up_lock_class+0x77/0x140
[   85.808626][ T5063]  pagecache_get_page+0x2f/0x590
[   85.813588][ T5063]  nilfs_grab_buffer+0xb1/0x540
[   85.818468][ T5063]  nilfs_mdt_submit_block+0xdc/0x790
[   85.823853][ T5063]  ? nilfs_mdt_clear_shadow_map+0x290/0x290
[   85.829768][ T5063]  nilfs_mdt_read_block+0xeb/0x430
[   85.834898][ T5063]  ? nilfs_mdt_get_block+0xb60/0xb60
[   85.840202][ T5063]  ? nilfs_palloc_prepare_alloc_entry+0xf20/0x1150
[   85.846728][ T5063]  nilfs_mdt_get_block+0x11f/0xb60
[   85.851868][ T5063]  ? nilfs_palloc_get_block+0x162/0x290
[   85.857423][ T5063]  ? do_raw_spin_lock+0x14d/0x3a0
[   85.862462][ T5063]  ? PageUptodate+0x290/0x290
[   85.867186][ T5063]  ? do_raw_spin_unlock+0x13b/0x8b0
[   85.872407][ T5063]  nilfs_palloc_get_block+0x181/0x290
[   85.877797][ T5063]  nilfs_palloc_get_entry_block+0x8e/0xa0
[   85.883538][ T5063]  nilfs_dat_prepare_alloc+0x67/0x100
[   85.888924][ T5063]  nilfs_direct_insert+0x1bd/0x510
[   85.894053][ T5063]  ? nilfs_direct_lookup_contig+0x3d0/0x3d0
[   85.899971][ T5063]  nilfs_bmap_insert+0x251/0x3b0
[   85.904924][ T5063]  ? nilfs_bmap_lookup_contig+0x160/0x160
[   85.910652][ T5063]  ? __up_read+0x2bd/0x690
[   85.915104][ T5063]  ? nilfs_transaction_begin+0x4fc/0x6e0
[   85.920759][ T5063]  nilfs_get_block+0x428/0x8e0
[   85.925538][ T5063]  ? folio_create_buffers+0x132/0x250
[   85.931016][ T5063]  ? nilfs_inode_sub_blocks+0xe0/0xe0
[   85.936401][ T5063]  ? do_raw_spin_unlock+0x13b/0x8b0
[   85.941620][ T5063]  ? _raw_spin_unlock+0x28/0x40
[   85.946488][ T5063]  ? folio_create_buffers+0x132/0x250
[   85.951965][ T5063]  __block_write_begin_int+0x54d/0x1ac0
[   85.957537][ T5063]  ? folio_add_lru+0x27b/0x9d0
[   85.962329][ T5063]  ? nilfs_inode_sub_blocks+0xe0/0xe0
[   85.967716][ T5063]  ? folio_zero_new_buffers+0x530/0x530
[   85.973301][ T5063]  ? pagecache_get_page+0x243/0x590
[   85.978523][ T5063]  ? nilfs_inode_sub_blocks+0xe0/0xe0
[   85.983905][ T5063]  block_write_begin+0x9b/0x1e0
[   85.988771][ T5063]  nilfs_write_begin+0xa0/0x110
[   85.993639][ T5063]  page_symlink+0x2c5/0x4e0
[   85.998168][ T5063]  ? page_readlink+0x1d0/0x1d0
[   86.002946][ T5063]  ? trace_nilfs2_transaction_transition+0x9a/0x1f0
[   86.009554][ T5063]  ? nilfs_transaction_begin+0x4fc/0x6e0
[   86.015224][ T5063]  nilfs_symlink+0x236/0x380
[   86.019836][ T5063]  ? nilfs_unlink+0x1d0/0x1d0
[   86.024536][ T5063]  ? bpf_lsm_inode_symlink+0x9/0x10
[   86.029745][ T5063]  ? security_inode_symlink+0xb3/0x100
[   86.035223][ T5063]  vfs_symlink+0x12f/0x2a0
[   86.039658][ T5063]  do_symlinkat+0x201/0x610
[   86.044268][ T5063]  ? vfs_symlink+0x2a0/0x2a0
[   86.048872][ T5063]  ? getname_flags+0x1f0/0x4e0
[   86.053664][ T5063]  __x64_sys_symlinkat+0x99/0xb0
[   86.058616][ T5063]  do_syscall_64+0x41/0xc0
[   86.063048][ T5063]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   86.068951][ T5063] RIP: 0033:0x7f1a51987169
[   86.073462][ T5063] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   86.093079][ T5063] RSP: 002b:00007ffd3852d1f8 EFLAGS: 00000246 ORIG_RAX: 000000000000010a
[   86.101594][ T5063] RAX: ffffffffffffffda RBX: 00007ffd3852d220 RCX: 00007f1a51987169
[   86.109574][ T5063] RDX: 0000000020000200 RSI: 00000000ffffff9c RDI: 00000000200001c0
[   86.117552][ T5063] RBP: 0000000000000002 R08: 00007ffd3852cf96 R09: 0000000002004c10
[pid  5063] symlinkat("./file2", AT_FDCWD, "./file6") = -1 ENOMEM (Cannot allocate memory)
[pid  5063] exit_group(0)               = ?
[pid  5063] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5063, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555571c36f0 /* 4 entries */, 32768) = 112
umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/binderfs")                 = 0
[   86.125625][ T5063] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffd3852d250
[   86.133602][ T5063] R13: 00007ffd3852d290 R14: 0000000000200000 R15: 0000000000000003
[   86.141598][ T5063]  </TASK>
[   91.217988][    C1] ==================================================================
[   91.226130][    C1] BUG: KASAN: slab-use-after-free in __lock_acquire+0x11c/0x7f70
[   91.233855][    C1] Read of size 8 at addr ffff88801d4c0a00 by task swapper/1/0
[   91.241307][    C1] 
[   91.243667][    C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.6.0-rc5-syzkaller-00157-ge8c127b05766 #0
[   91.253287][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[   91.263342][    C1] Call Trace:
[   91.266618][    C1]  <IRQ>
[   91.269462][    C1]  dump_stack_lvl+0x1e7/0x2d0
[   91.274143][    C1]  ? nf_tcp_handle_invalid+0x650/0x650
[   91.279617][    C1]  ? panic+0x770/0x770
[   91.283912][    C1]  ? _printk+0xd5/0x120
[   91.288085][    C1]  print_report+0x163/0x540
[   91.292606][    C1]  ? __virt_addr_valid+0x22f/0x2e0
[   91.297816][    C1]  ? __phys_addr+0xba/0x170
[   91.302410][    C1]  ? __lock_acquire+0x11c/0x7f70
[   91.307397][    C1]  kasan_report+0x175/0x1b0
[   91.311916][    C1]  ? __lock_acquire+0x11c/0x7f70
[   91.316854][    C1]  ? mark_lock_irq+0x6e4/0xba0
[   91.321709][    C1]  __lock_acquire+0x11c/0x7f70
[   91.326499][    C1]  ? save_trace+0xb40/0xb40
[   91.331136][    C1]  ? stack_trace_snprint+0xf0/0xf0
[   91.336252][    C1]  ? lockdep_lock+0x123/0x2b0
[   91.340959][    C1]  ? verify_lock_unused+0x140/0x140
[   91.346201][    C1]  ? lockdep_unlock+0x169/0x300
[   91.351050][    C1]  ? lockdep_lock+0x2b0/0x2b0
[   91.355739][    C1]  ? mark_lock+0x9a/0x340
[   91.360064][    C1]  ? _find_first_zero_bit+0xd4/0x100
[   91.365358][    C1]  ? __lock_acquire+0x3683/0x7f70
[   91.370410][    C1]  lock_acquire+0x1e3/0x520
[   91.375303][    C1]  ? try_to_wake_up+0xb1/0x1300
[   91.380201][    C1]  ? verify_lock_unused+0x140/0x140
[   91.385927][    C1]  ? read_lock_is_recursive+0x20/0x20
[   91.391298][    C1]  ? verify_lock_unused+0x140/0x140
[   91.396494][    C1]  ? __lock_acquire+0x1345/0x7f70
[   91.401545][    C1]  _raw_spin_lock_irqsave+0xd5/0x120
[   91.406850][    C1]  ? try_to_wake_up+0xb1/0x1300
[   91.411703][    C1]  ? _raw_spin_lock+0x40/0x40
[   91.416471][    C1]  try_to_wake_up+0xb1/0x1300
[   91.421178][    C1]  ? read_lock_is_recursive+0x20/0x20
[   91.426549][    C1]  ? cpus_share_cache+0x120/0x120
[   91.431590][    C1]  ? call_timer_fn+0xa8/0x580
[   91.436283][    C1]  call_timer_fn+0x17a/0x580
[   91.440874][    C1]  ? call_timer_fn+0xc0/0x580
[   91.445633][    C1]  ? nilfs_iput_work_func+0x70/0x70
[   91.450833][    C1]  ? __run_timers+0x860/0x860
[   91.455717][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[   91.460938][    C1]  ? nilfs_iput_work_func+0x70/0x70
[   91.466160][    C1]  ? lockdep_hardirqs_on+0x98/0x140
[   91.471364][    C1]  ? nilfs_iput_work_func+0x70/0x70
[   91.476586][    C1]  __run_timers+0x64f/0x860
[   91.481138][    C1]  ? detach_timer+0x2f0/0x2f0
[   91.485824][    C1]  ? print_irqtrace_events+0x220/0x220
[   91.491356][    C1]  ? do_raw_spin_unlock+0x13b/0x8b0
[   91.496561][    C1]  run_timer_softirq+0x67/0xf0
[   91.501326][    C1]  __do_softirq+0x2ab/0x908
[   91.505838][    C1]  ? __irq_exit_rcu+0xf1/0x1b0
[   91.510615][    C1]  ? __lock_text_end+0xc/0xc
[   91.515207][    C1]  ? irqtime_account_irq+0xd4/0x1e0
[   91.520427][    C1]  __irq_exit_rcu+0xf1/0x1b0
[   91.525023][    C1]  ? irq_exit_rcu+0x20/0x20
[   91.529539][    C1]  irq_exit_rcu+0x9/0x20
[   91.533782][    C1]  sysvec_apic_timer_interrupt+0x95/0xb0
[   91.539415][    C1]  </IRQ>
[   91.542341][    C1]  <TASK>
[   91.545264][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   91.551244][    C1] RIP: 0010:acpi_safe_halt+0x20/0x30
[   91.556531][    C1] Code: 7f 04 eb 36 66 0f 1f 44 00 00 65 48 8b 05 68 0c 35 75 48 f7 00 08 00 00 00 75 10 66 90 0f 00 2d f6 4e 94 00 f3 0f 1e fa fb f4 <fa> c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 89 fa ec 48 8b 05
[   91.576566][    C1] RSP: 0018:ffffc90000187d08 EFLAGS: 00000246
[   91.582653][    C1] RAX: ffff888016a53b80 RBX: ffff8880146e8064 RCX: 000000000001cca1
[   91.590635][    C1] RDX: 0000000000000001 RSI: ffff8880146e8000 RDI: ffff8880146e8064
[   91.598620][    C1] RBP: 0000000000038df8 R08: ffff8880b9936bcb R09: 1ffff11017326d79
[   91.606583][    C1] R10: dffffc0000000000 R11: ffffed1017326d7a R12: ffff888016302000
[   91.614549][    C1] R13: 0000000000000000 R14: 0000000000000001 R15: ffffffff8da1daa0
[   91.622554][    C1]  acpi_idle_enter+0xe4/0x140
[   91.627260][    C1]  cpuidle_enter_state+0x10e/0x470
[   91.632401][    C1]  ? tick_nohz_idle_stop_tick+0x5b2/0x9d0
[   91.638162][    C1]  cpuidle_enter+0x5d/0x90
[   91.642603][    C1]  do_idle+0x374/0x5c0
[   91.646691][    C1]  ? print_irqtrace_events+0x220/0x220
[   91.652337][    C1]  ? idle_inject_timer_fn+0x60/0x60
[   91.657535][    C1]  ? lockdep_hardirqs_on+0x98/0x140
[   91.662740][    C1]  ? asm_exc_control_protection+0x21/0x60
[   91.668463][    C1]  cpu_startup_entry+0x41/0x60
[   91.673228][    C1]  start_secondary+0xee/0xf0
[   91.677812][    C1]  secondary_startup_64_no_verify+0x167/0x16b
[   91.683901][    C1]  </TASK>
[   91.686928][    C1] 
[   91.689267][    C1] Allocated by task 2:
[   91.693329][    C1]  kasan_set_track+0x4f/0x70
[   91.697937][    C1]  __kasan_slab_alloc+0x66/0x70
[   91.702818][    C1]  slab_post_alloc_hook+0x67/0x3d0
[   91.707926][    C1]  kmem_cache_alloc_node+0x148/0x330
[   91.713220][    C1]  dup_task_struct+0x57/0x7d0
[   91.717905][    C1]  copy_process+0x5d1/0x41a0
[   91.722510][    C1]  kernel_clone+0x222/0x840
[   91.727006][    C1]  kernel_thread+0x1bc/0x230
[   91.731584][    C1]  kthreadd+0x60c/0x810
[   91.735738][    C1]  ret_from_fork+0x48/0x80
[   91.740148][    C1]  ret_from_fork_asm+0x11/0x20
[   91.744909][    C1] 
[   91.747224][    C1] Freed by task 0:
[   91.750952][    C1]  kasan_set_track+0x4f/0x70
[   91.755567][    C1]  kasan_save_free_info+0x28/0x40
[   91.760594][    C1]  ____kasan_slab_free+0xd6/0x120
[   91.765618][    C1]  kmem_cache_free+0x292/0x500
[   91.770376][    C1]  delayed_put_task_struct+0x115/0x2c0
[   91.775830][    C1]  rcu_core+0xacf/0x1790
[   91.780063][    C1]  __do_softirq+0x2ab/0x908
[   91.784566][    C1] 
[   91.786903][    C1] Last potentially related work creation:
[   91.792632][    C1]  kasan_save_stack+0x3f/0x60
[   91.797323][    C1]  __kasan_record_aux_stack+0xad/0xc0
[   91.802699][    C1]  call_rcu+0x167/0xa70
[   91.806854][    C1]  __schedule+0x1974/0x4af0
[   91.811364][    C1]  schedule+0xc3/0x180
[   91.815429][    C1]  nilfs_detach_log_writer+0x2e8/0xbe0
[   91.821147][    C1]  nilfs_put_super+0x4d/0x160
[   91.825827][    C1]  generic_shutdown_super+0x13a/0x2c0
[   91.831208][    C1]  kill_block_super+0x41/0x70
[   91.835882][    C1]  deactivate_locked_super+0xa4/0x110
[   91.841348][    C1]  cleanup_mnt+0x426/0x4c0
[   91.845779][    C1]  task_work_run+0x24a/0x300
[   91.850386][    C1]  ptrace_notify+0x2cd/0x380
[   91.854982][    C1]  syscall_exit_to_user_mode+0x15c/0x280
[   91.860624][    C1]  do_syscall_64+0x4d/0xc0
[   91.865045][    C1]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   91.870934][    C1] 
[   91.873254][    C1] Second to last potentially related work creation:
[   91.879828][    C1]  kasan_save_stack+0x3f/0x60
[   91.884517][    C1]  __kasan_record_aux_stack+0xad/0xc0
[   91.889889][    C1]  call_rcu+0x167/0xa70
[   91.894061][    C1]  release_task+0x1656/0x16f0
[   91.898734][    C1]  wait_consider_task+0x1a68/0x2ec0
[   91.903942][    C1]  do_wait+0x52d/0xb00
[   91.908017][    C1]  kernel_wait4+0x2a2/0x3e0
[   91.912520][    C1]  __x64_sys_wait4+0x134/0x1e0
[   91.917285][    C1]  do_syscall_64+0x41/0xc0
[   91.921694][    C1]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   91.927583][    C1] 
[   91.929897][    C1] The buggy address belongs to the object at ffff88801d4c0000
[   91.929897][    C1]  which belongs to the cache task_struct of size 7360
[   91.944202][    C1] The buggy address is located 2560 bytes inside of
[   91.944202][    C1]  freed 7360-byte region [ffff88801d4c0000, ffff88801d4c1cc0)
[   91.958165][    C1] 
[   91.960482][    C1] The buggy address belongs to the physical page:
[   91.966884][    C1] page:ffffea0000753000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1d4c0
[   91.977025][    C1] head:ffffea0000753000 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   91.985951][    C1] anon flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   91.994360][    C1] page_type: 0xffffffff()
[   91.998684][    C1] raw: 00fff00000000840 ffff888014a43500 0000000000000000 dead000000000001
[   92.007256][    C1] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000
[   92.015826][    C1] page dumped because: kasan: bad access detected
[   92.022227][    C1] page_owner tracks the page as allocated
[   92.027938][    C1] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 43, tgid 43 (kworker/u4:3), ts 10356242719, free_ts 0
[   92.048084][    C1]  post_alloc_hook+0x1e6/0x210
[   92.052947][    C1]  get_page_from_freelist+0x31db/0x3360
[   92.058491][    C1]  __alloc_pages+0x255/0x670
[   92.063077][    C1]  alloc_slab_page+0x6a/0x160
[   92.067749][    C1]  new_slab+0x84/0x2f0
[   92.071827][    C1]  ___slab_alloc+0xc85/0x1310
[   92.076671][    C1]  kmem_cache_alloc_node+0x1e1/0x330
[   92.081964][    C1]  dup_task_struct+0x57/0x7d0
[   92.086655][    C1]  copy_process+0x5d1/0x41a0
[   92.091245][    C1]  kernel_clone+0x222/0x840
[   92.095750][    C1]  user_mode_thread+0x132/0x190
[   92.100591][    C1]  call_usermodehelper_exec_work+0x5c/0x220
[   92.106485][    C1]  process_scheduled_works+0x90f/0x1400
[   92.112043][    C1]  worker_thread+0xa5f/0xff0
[   92.116627][    C1]  kthread+0x2d3/0x370
[   92.120700][    C1]  ret_from_fork+0x48/0x80
[   92.125111][    C1] page_owner free stack trace missing
[   92.130466][    C1] 
[   92.132781][    C1] Memory state around the buggy address:
[   92.138418][    C1]  ffff88801d4c0900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   92.146499][    C1]  ffff88801d4c0980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   92.154561][    C1] >ffff88801d4c0a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   92.162610][    C1]                    ^
[   92.166667][    C1]  ffff88801d4c0a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   92.174721][    C1]  ffff88801d4c0b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   92.182775][    C1] ==================================================================
[   92.190827][    C1] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   92.198009][    C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.6.0-rc5-syzkaller-00157-ge8c127b05766 #0
[   92.207651][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[   92.217715][    C1] Call Trace:
[   92.220990][    C1]  <IRQ>
[   92.223828][    C1]  dump_stack_lvl+0x1e7/0x2d0
[   92.228512][    C1]  ? nf_tcp_handle_invalid+0x650/0x650
[   92.233983][    C1]  ? panic+0x770/0x770
[   92.238063][    C1]  ? lock_release+0xbf/0x9d0
[   92.242650][    C1]  ? vscnprintf+0x5d/0x80
[   92.247068][    C1]  panic+0x30f/0x770
[   92.250966][    C1]  ? check_panic_on_warn+0x21/0xa0
[   92.256074][    C1]  ? __memcpy_flushcache+0x2b0/0x2b0
[   92.261363][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   92.267261][    C1]  ? _raw_spin_unlock+0x40/0x40
[   92.272112][    C1]  ? print_report+0x4fb/0x540
[   92.276811][    C1]  check_panic_on_warn+0x82/0xa0
[   92.281745][    C1]  ? __lock_acquire+0x11c/0x7f70
[   92.286681][    C1]  end_report+0x6e/0x130
[   92.290956][    C1]  kasan_report+0x186/0x1b0
[   92.295460][    C1]  ? __lock_acquire+0x11c/0x7f70
[   92.300397][    C1]  ? mark_lock_irq+0x6e4/0xba0
[   92.305286][    C1]  __lock_acquire+0x11c/0x7f70
[   92.310064][    C1]  ? save_trace+0xb40/0xb40
[   92.314590][    C1]  ? stack_trace_snprint+0xf0/0xf0
[   92.319706][    C1]  ? lockdep_lock+0x123/0x2b0
[   92.324397][    C1]  ? verify_lock_unused+0x140/0x140
[   92.329597][    C1]  ? lockdep_unlock+0x169/0x300
[   92.334461][    C1]  ? lockdep_lock+0x2b0/0x2b0
[   92.339168][    C1]  ? mark_lock+0x9a/0x340
[   92.343511][    C1]  ? _find_first_zero_bit+0xd4/0x100
[   92.348818][    C1]  ? __lock_acquire+0x3683/0x7f70
[   92.353853][    C1]  lock_acquire+0x1e3/0x520
[   92.358363][    C1]  ? try_to_wake_up+0xb1/0x1300
[   92.363231][    C1]  ? verify_lock_unused+0x140/0x140
[   92.368444][    C1]  ? read_lock_is_recursive+0x20/0x20
[   92.373824][    C1]  ? verify_lock_unused+0x140/0x140
[   92.379037][    C1]  ? __lock_acquire+0x1345/0x7f70
[   92.384068][    C1]  _raw_spin_lock_irqsave+0xd5/0x120
[   92.389358][    C1]  ? try_to_wake_up+0xb1/0x1300
[   92.394244][    C1]  ? _raw_spin_lock+0x40/0x40
[   92.399034][    C1]  try_to_wake_up+0xb1/0x1300
[   92.403817][    C1]  ? read_lock_is_recursive+0x20/0x20
[   92.409285][    C1]  ? cpus_share_cache+0x120/0x120
[   92.414343][    C1]  ? call_timer_fn+0xa8/0x580
[   92.419038][    C1]  call_timer_fn+0x17a/0x580
[   92.423631][    C1]  ? call_timer_fn+0xc0/0x580
[   92.428304][    C1]  ? nilfs_iput_work_func+0x70/0x70
[   92.433526][    C1]  ? __run_timers+0x860/0x860
[   92.438241][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[   92.443448][    C1]  ? nilfs_iput_work_func+0x70/0x70
[   92.448653][    C1]  ? lockdep_hardirqs_on+0x98/0x140
[   92.453874][    C1]  ? nilfs_iput_work_func+0x70/0x70
[   92.459081][    C1]  __run_timers+0x64f/0x860
[   92.463586][    C1]  ? detach_timer+0x2f0/0x2f0
[   92.468259][    C1]  ? print_irqtrace_events+0x220/0x220
[   92.473727][    C1]  ? do_raw_spin_unlock+0x13b/0x8b0
[   92.478926][    C1]  run_timer_softirq+0x67/0xf0
[   92.483688][    C1]  __do_softirq+0x2ab/0x908
[   92.488196][    C1]  ? __irq_exit_rcu+0xf1/0x1b0
[   92.493050][    C1]  ? __lock_text_end+0xc/0xc
[   92.497655][    C1]  ? irqtime_account_irq+0xd4/0x1e0
[   92.502868][    C1]  __irq_exit_rcu+0xf1/0x1b0
[   92.507549][    C1]  ? irq_exit_rcu+0x20/0x20
[   92.512064][    C1]  irq_exit_rcu+0x9/0x20
[   92.516307][    C1]  sysvec_apic_timer_interrupt+0x95/0xb0
[   92.521966][    C1]  </IRQ>
[   92.524894][    C1]  <TASK>
[   92.527820][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   92.533797][    C1] RIP: 0010:acpi_safe_halt+0x20/0x30
[   92.539085][    C1] Code: 7f 04 eb 36 66 0f 1f 44 00 00 65 48 8b 05 68 0c 35 75 48 f7 00 08 00 00 00 75 10 66 90 0f 00 2d f6 4e 94 00 f3 0f 1e fa fb f4 <fa> c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 89 fa ec 48 8b 05
[   92.558688][    C1] RSP: 0018:ffffc90000187d08 EFLAGS: 00000246
[   92.564751][    C1] RAX: ffff888016a53b80 RBX: ffff8880146e8064 RCX: 000000000001cca1
[   92.572723][    C1] RDX: 0000000000000001 RSI: ffff8880146e8000 RDI: ffff8880146e8064
[   92.580690][    C1] RBP: 0000000000038df8 R08: ffff8880b9936bcb R09: 1ffff11017326d79
[   92.588678][    C1] R10: dffffc0000000000 R11: ffffed1017326d7a R12: ffff888016302000
[   92.596693][    C1] R13: 0000000000000000 R14: 0000000000000001 R15: ffffffff8da1daa0
[   92.604684][    C1]  acpi_idle_enter+0xe4/0x140
[   92.609373][    C1]  cpuidle_enter_state+0x10e/0x470
[   92.614498][    C1]  ? tick_nohz_idle_stop_tick+0x5b2/0x9d0
[   92.620257][    C1]  cpuidle_enter+0x5d/0x90
[   92.624696][    C1]  do_idle+0x374/0x5c0
[   92.628779][    C1]  ? print_irqtrace_events+0x220/0x220
[   92.634264][    C1]  ? idle_inject_timer_fn+0x60/0x60
[   92.639463][    C1]  ? lockdep_hardirqs_on+0x98/0x140
[   92.644714][    C1]  ? asm_exc_control_protection+0x21/0x60
[   92.650472][    C1]  cpu_startup_entry+0x41/0x60
[   92.655249][    C1]  start_secondary+0xee/0xf0
[   92.659872][    C1]  secondary_startup_64_no_verify+0x167/0x16b
[   92.660970][ T1154] cfg80211: failed to load regulatory.db
[   92.671644][    C1]  </TASK>
[   92.674908][    C1] Kernel Offset: disabled
[   92.679266][    C1] Rebooting in 86400 seconds..