./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2866756572 <...> Warning: Permanently added '10.128.1.26' (ED25519) to the list of known hosts. execve("./syz-executor2866756572", ["./syz-executor2866756572"], 0x7ffdd4cdeee0 /* 10 vars */) = 0 brk(NULL) = 0x555576db8000 brk(0x555576db8d00) = 0x555576db8d00 arch_prctl(ARCH_SET_FS, 0x555576db8380) = 0 set_tid_address(0x555576db8650) = 5818 set_robust_list(0x555576db8660, 24) = 0 rseq(0x555576db8ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2866756572", 4096) = 28 getrandom("\xd7\xe2\xa0\x16\x2b\x35\xd9\x46", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555576db8d00 brk(0x555576dd9d00) = 0x555576dd9d00 brk(0x555576dda000) = 0x555576dda000 mprotect(0x7f295726a000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.wzhA9I", 0700) = 0 chmod("./syzkaller.wzhA9I", 0777) = 0 chdir("./syzkaller.wzhA9I") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5819 attached [pid 5819] set_robust_list(0x555576db8660, 24 [pid 5818] <... clone resumed>, child_tidptr=0x555576db8650) = 5819 [pid 5819] <... set_robust_list resumed>) = 0 [pid 5819] chdir("./0") = 0 [pid 5819] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5819] setpgid(0, 0) = 0 [pid 5819] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5819] write(3, "1000", 4) = 4 [pid 5819] close(3) = 0 [pid 5819] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5819] write(1, "executing program\n", 18executing program ) = 18 [pid 5819] memfd_create("syzkaller", 0) = 3 [pid 5819] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f294ec00000 [pid 5819] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5819] munmap(0x7f294ec00000, 138412032) = 0 [pid 5819] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5819] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5819] close(3) = 0 [pid 5819] close(4) = 0 [pid 5819] mkdir("./file2", 0777) = 0 [ 72.594370][ T5819] loop0: detected capacity change from 0 to 4096 [pid 5819] mount("/dev/loop0", "./file2", "nilfs2", 0, "") = 0 [pid 5819] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5819] chdir("./file2") = 0 [pid 5819] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5819] mkdirat(AT_FDCWD, "./bus", 000) = 0 [pid 5819] mount(NULL, "./file0", "overlay", MS_POSIXACL, "workdir=./file0,lowerdir=.,upperdir=./bus,,") = 0 [pid 5819] exit_group(0) = ? [pid 5819] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5819, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555576db96f0 /* 4 entries */, 32768) = 112 umount2("./0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./0/file2", {st_mode=S_IFDIR|0755, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./0/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555576dc1730 /* 9 entries */, 32768) = 264 umount2("./0/file2/.nilfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file2/.nilfs", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file2/.nilfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file2/.nilfs", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555576dc9770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555576dc9770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./0/file2/.nilfs") = 0 umount2("./0/file2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file2/file0", {st_mode=S_IFDIR|0755, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555576dc9770 /* 4 entries */, 32768) = 112 umount2("./0/file2/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file2/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 72.668109][ T5821] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 72.691452][ T5819] overlayfs: failed to create directory ./file0/work (errno: 5); mounting read-only [ 72.701137][ T5819] overlayfs: failed to get uuid (/bus, err=-95); falling back to uuid=null. unlink("./0/file2/file0/file0") = 0 umount2("./0/file2/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file2/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/file2/file0/file1") = 0 getdents64(5, 0x555576dc9770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./0/file2/file0") = 0 umount2("./0/file2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file2/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/file2/file1") = 0 umount2("./0/file2/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file2/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/file2/file2") = 0 umount2("./0/file2/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file2/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 72.749145][ T5818] NILFS (loop0): nilfs_palloc_commit_free_entry (ino=6): entry number 13 already freed [ 72.763361][ T5818] NILFS (loop0): nilfs_palloc_commit_free_entry (ino=6): entry number 14 already freed [ 72.778237][ T5818] NILFS (loop0): nilfs_palloc_commit_free_entry (ino=6): entry number 15 already freed unlink("./0/file2/file3") = 0 umount2("./0/file2/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file2/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/file2/file.cold") = 0 umount2("./0/file2/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file2/bus", {st_mode=S_IFDIR|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file2/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=0, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555576dc9770, 32768) = -1 ENOENT (No such file or directory) close(5) = 0 [ 72.794357][ T5818] NILFS (loop0): nilfs_palloc_commit_free_entry (ino=6): entry number 16 already freed [ 72.807431][ T5818] NILFS (loop0): nilfs_palloc_commit_free_entry (ino=6): entry number 17 already freed [ 72.833088][ T5818] NILFS (loop0): deleting nonexistent file (ino=11), 0 [ 72.840673][ T5818] ------------[ cut here ]------------ [ 72.846339][ T5818] WARNING: CPU: 0 PID: 5818 at fs/inode.c:407 drop_nlink+0xc4/0x110 [ 72.854372][ T5818] Modules linked in: [ 72.858395][ T5818] CPU: 0 UID: 0 PID: 5818 Comm: syz-executor286 Not tainted 6.13.0-rc3-syzkaller-00209-g499551201b5f #0 [ 72.869678][ T5818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 72.879983][ T5818] RIP: 0010:drop_nlink+0xc4/0x110 [ 72.885198][ T5818] Code: bb 70 07 00 00 be 08 00 00 00 e8 07 3c e7 ff f0 48 ff 83 70 07 00 00 5b 41 5c 41 5e 41 5f 5d c3 cc cc cc cc e8 7d 63 83 ff 90 <0f> 0b 90 eb 83 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c 5c ff ff ff [ 72.904889][ T5818] RSP: 0018:ffffc90003c57c70 EFLAGS: 00010293 [ 72.910957][ T5818] RAX: ffffffff821c1023 RBX: 1ffff1100e385694 RCX: ffff888033730000 [ 72.918999][ T5818] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 72.927066][ T5818] RBP: 0000000000000000 R08: ffffffff821c0fa3 R09: 1ffff1100f95b4ee [ 72.935177][ T5818] R10: dffffc0000000000 R11: ffffed100f95b4ef R12: ffff888071c2b4a0 [ 72.943193][ T5818] R13: 1ffff1100e3855c4 R14: ffff888071c2b458 R15: dffffc0000000000 [ 72.951281][ T5818] FS: 0000555576db8380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 72.960280][ T5818] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 72.966978][ T5818] CR2: 00007ffcd1ce0ba8 CR3: 0000000076d12000 CR4: 00000000003526f0 [ 72.975019][ T5818] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 72.982987][ T5818] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 72.991042][ T5818] Call Trace: [ 72.994337][ T5818] [ 72.997341][ T5818] ? __warn+0x165/0x4d0 [ 73.001516][ T5818] ? drop_nlink+0xc4/0x110 [ 73.006100][ T5818] ? report_bug+0x2b3/0x500 [ 73.010643][ T5818] ? drop_nlink+0xc4/0x110 [ 73.015127][ T5818] ? handle_bug+0x60/0x90 [ 73.019476][ T5818] ? exc_invalid_op+0x1a/0x50 [ 73.024152][ T5818] ? asm_exc_invalid_op+0x1a/0x20 [ 73.029262][ T5818] ? drop_nlink+0x43/0x110 [ 73.033708][ T5818] ? drop_nlink+0xc3/0x110 [ 73.038196][ T5818] ? drop_nlink+0xc4/0x110 [ 73.042641][ T5818] nilfs_rmdir+0x1b0/0x250 [ 73.047240][ T5818] ? __pfx_nilfs_rmdir+0x10/0x10 [ 73.052208][ T5818] ? down_write+0x18c/0x220 [ 73.056773][ T5818] ? do_raw_spin_unlock+0x13c/0x8b0 [ 73.062001][ T5818] ? bpf_lsm_inode_rmdir+0x9/0x10 [ 73.067110][ T5818] ? security_inode_rmdir+0xd9/0x340 [ 73.072417][ T5818] vfs_rmdir+0x3a3/0x510 [ 73.076753][ T5818] do_rmdir+0x3b5/0x580 [ 73.080934][ T5818] ? __virt_addr_valid+0x183/0x530 [ 73.086157][ T5818] ? __pfx_do_rmdir+0x10/0x10 [ 73.090878][ T5818] ? getname_flags+0x1e3/0x540 [ 73.095725][ T5818] __x64_sys_rmdir+0x47/0x50 [ 73.100338][ T5818] do_syscall_64+0xf3/0x230 [ 73.104929][ T5818] ? clear_bhb_loop+0x35/0x90 [ 73.109638][ T5818] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 73.115588][ T5818] RIP: 0033:0x7f29571f4c07 [ 73.120039][ T5818] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 54 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 73.139754][ T5818] RSP: 002b:00007ffcd1ce1358 EFLAGS: 00000207 ORIG_RAX: 0000000000000054 [ 73.148231][ T5818] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f29571f4c07 [ 73.156289][ T5818] RDX: 0000000000008890 RSI: 0000000000000000 RDI: 00007ffcd1ce2500 [ 73.164280][ T5818] RBP: 0000000000000065 R08: 0000000000000000 R09: 0000000000000000 [ 73.172484][ T5818] R10: 0000000000001000 R11: 0000000000000207 R12: 00007ffcd1ce2500 [ 73.180529][ T5818] R13: 0000555576dc9740 R14: 431bde82d7b634db R15: 00007ffcd1ce4680 [ 73.188839][ T5818] [ 73.191914][ T5818] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 73.199194][ T5818] CPU: 0 UID: 0 PID: 5818 Comm: syz-executor286 Not tainted 6.13.0-rc3-syzkaller-00209-g499551201b5f #0 [ 73.210291][ T5818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 73.220431][ T5818] Call Trace: [ 73.223731][ T5818] [ 73.226660][ T5818] dump_stack_lvl+0x241/0x360 [ 73.231365][ T5818] ? __pfx_dump_stack_lvl+0x10/0x10 [ 73.236573][ T5818] ? __pfx__printk+0x10/0x10 [ 73.241160][ T5818] ? vscnprintf+0x5d/0x90 [ 73.245493][ T5818] panic+0x349/0x880 [ 73.249397][ T5818] ? __warn+0x174/0x4d0 [ 73.253560][ T5818] ? __pfx_panic+0x10/0x10 [ 73.257991][ T5818] __warn+0x344/0x4d0 [ 73.261971][ T5818] ? drop_nlink+0xc4/0x110 [ 73.266404][ T5818] report_bug+0x2b3/0x500 [ 73.270740][ T5818] ? drop_nlink+0xc4/0x110 [ 73.275161][ T5818] handle_bug+0x60/0x90 [ 73.279318][ T5818] exc_invalid_op+0x1a/0x50 [ 73.283851][ T5818] asm_exc_invalid_op+0x1a/0x20 [ 73.288761][ T5818] RIP: 0010:drop_nlink+0xc4/0x110 [ 73.293822][ T5818] Code: bb 70 07 00 00 be 08 00 00 00 e8 07 3c e7 ff f0 48 ff 83 70 07 00 00 5b 41 5c 41 5e 41 5f 5d c3 cc cc cc cc e8 7d 63 83 ff 90 <0f> 0b 90 eb 83 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c 5c ff ff ff [ 73.313434][ T5818] RSP: 0018:ffffc90003c57c70 EFLAGS: 00010293 [ 73.319519][ T5818] RAX: ffffffff821c1023 RBX: 1ffff1100e385694 RCX: ffff888033730000 [ 73.327491][ T5818] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 73.335460][ T5818] RBP: 0000000000000000 R08: ffffffff821c0fa3 R09: 1ffff1100f95b4ee [ 73.343435][ T5818] R10: dffffc0000000000 R11: ffffed100f95b4ef R12: ffff888071c2b4a0 [ 73.351413][ T5818] R13: 1ffff1100e3855c4 R14: ffff888071c2b458 R15: dffffc0000000000 [ 73.359397][ T5818] ? drop_nlink+0x43/0x110 [ 73.363826][ T5818] ? drop_nlink+0xc3/0x110 [ 73.368274][ T5818] nilfs_rmdir+0x1b0/0x250 [ 73.372731][ T5818] ? __pfx_nilfs_rmdir+0x10/0x10 [ 73.377688][ T5818] ? down_write+0x18c/0x220 [ 73.382377][ T5818] ? do_raw_spin_unlock+0x13c/0x8b0 [ 73.387599][ T5818] ? bpf_lsm_inode_rmdir+0x9/0x10 [ 73.392627][ T5818] ? security_inode_rmdir+0xd9/0x340 [ 73.397918][ T5818] vfs_rmdir+0x3a3/0x510 [ 73.402171][ T5818] do_rmdir+0x3b5/0x580 [ 73.406330][ T5818] ? __virt_addr_valid+0x183/0x530 [ 73.411460][ T5818] ? __pfx_do_rmdir+0x10/0x10 [ 73.416148][ T5818] ? getname_flags+0x1e3/0x540 [ 73.420912][ T5818] __x64_sys_rmdir+0x47/0x50 [ 73.425506][ T5818] do_syscall_64+0xf3/0x230 [ 73.430014][ T5818] ? clear_bhb_loop+0x35/0x90 [ 73.434691][ T5818] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 73.440608][ T5818] RIP: 0033:0x7f29571f4c07 [ 73.445036][ T5818] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 54 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 73.464649][ T5818] RSP: 002b:00007ffcd1ce1358 EFLAGS: 00000207 ORIG_RAX: 0000000000000054 [ 73.473075][ T5818] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f29571f4c07 [ 73.481050][ T5818] RDX: 0000000000008890 RSI: 0000000000000000 RDI: 00007ffcd1ce2500 [ 73.489021][ T5818] RBP: 0000000000000065 R08: 0000000000000000 R09: 0000000000000000 [ 73.497011][ T5818] R10: 0000000000001000 R11: 0000000000000207 R12: 00007ffcd1ce2500 [ 73.504993][ T5818] R13: 0000555576dc9740 R14: 431bde82d7b634db R15: 00007ffcd1ce4680 [ 73.513073][ T5818] [ 73.516369][ T5818] Kernel Offset: disabled [ 73.520764][ T5818] Rebooting in 86400 seconds..