./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3606648874
<...>
Warning: Permanently added '10.128.1.152' (ED25519) to the list of known hosts.
execve("./syz-executor3606648874", ["./syz-executor3606648874"], 0x7ffd209685e0 /* 10 vars */) = 0
brk(NULL) = 0x555555699000
brk(0x555555699d00) = 0x555555699d00
arch_prctl(ARCH_SET_FS, 0x555555699380) = 0
set_tid_address(0x555555699650) = 5057
set_robust_list(0x555555699660, 24) = 0
rseq(0x555555699ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3606648874", 4096) = 28
getrandom("\x98\x24\x7a\x00\xb2\x73\x8d\x90", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x555555699d00
brk(0x5555556bad00) = 0x5555556bad00
brk(0x5555556bb000) = 0x5555556bb000
mprotect(0x7f15a9da8000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
mkdir("./syzkaller.lRcnKp", 0700) = 0
chmod("./syzkaller.lRcnKp", 0777) = 0
chdir("./syzkaller.lRcnKp") = 0
mkdir("./0", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555699650) = 5058
./strace-static-x86_64: Process 5058 attached
[pid 5058] set_robust_list(0x555555699660, 24) = 0
[pid 5058] chdir("./0") = 0
[pid 5058] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5058] setpgid(0, 0) = 0
[pid 5058] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5058] write(3, "1000", 4) = 4
[pid 5058] close(3) = 0
[pid 5058] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5058] openat(AT_FDCWD, ".", O_RDONLY) = 3
[pid 5058] mkdirat(3, "./file0", 000) = 0
[pid 5058] openat(AT_FDCWD, "./file0", O_RDONLY) = 4
[pid 5058] mkdirat(AT_FDCWD, "./file1", 000) = 0
[pid 5058] symlinkat("./bus", 4, "./bus") = 0
[pid 5058] mkdirat(AT_FDCWD, "./bus", 000) = 0
[pid 5058] mount(NULL, "./bus", "overlay", 0, "workdir=./file1,lowerdir=./file0,upperdir=./bus,index=on") = 0
[pid 5058] linkat(4, "./bus", 4, "./file1", 0) = 0
[pid 5058] chdir("./bus") = 0
[pid 5058] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5058] write(5, "20", 2) = 2
[pid 5058] unlink("./file1") = 0
[pid 5058] exit_group(0) = ?
[pid 5058] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5058, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555569a6f0 /* 6 entries */, 32768) = 168
[ 78.476842][ T5058] ERROR: Out of memory at tomoyo_memory_ok.
umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555556a2730 /* 3 entries */, 32768) = 80
umount2("./0/bus/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/bus/file1", {st_mode=S_IFCHR|000, st_rdev=makedev(0, 0), ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/bus/file1") = 0
getdents64(4, 0x5555556a2730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/bus") = 0
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/binderfs") = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555556a2730 /* 4 entries */, 32768) = 104
umount2("./0/file0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file0/bus", {st_mode=S_IFLNK|0777, st_size=5, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/file0/bus") = 0
umount2("./0/file0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file0/file1", {st_mode=S_IFLNK|0777, st_size=5, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/file0/file1") = 0
getdents64(4, 0x5555556a2730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file0") = 0
umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555556a2730 /* 4 entries */, 32768) = 104
umount2("./0/file1/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1/work", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./0/file1/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file1/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x5555556aa770 /* 2 entries */, 32768) = 48
getdents64(5, 0x5555556aa770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./0/file1/work") = 0
umount2("./0/file1/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1/index", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./0/file1/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file1/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x5555556aa770 /* 4 entries */, 32768) = 152
umount2("./0/file1/index/00fb1d00015941fea2f5fa4b4eb5ef9af118b27b958c070000850e947b", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1/index/00fb1d00015941fea2f5fa4b4eb5ef9af118b27b958c070000850e947b", {st_mode=S_IFLNK|0777, st_size=5, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/file1/index/00fb1d00015941fea2f5fa4b4eb5ef9af118b27b958c070000850e947b") = 0
umount2("./0/file1/index/#4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1/index/#4", {st_mode=S_IFCHR|000, st_rdev=makedev(0, 0), ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/file1/index/#4") = 0
getdents64(5, 0x5555556aa770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./0/file1/index") = 0
getdents64(4, 0x5555556a2730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file1") = 0
getdents64(3, 0x55555569a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5059 attached
, child_tidptr=0x555555699650) = 5059
[pid 5059] set_robust_list(0x555555699660, 24) = 0
[pid 5059] chdir("./1") = 0
[pid 5059] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5059] setpgid(0, 0) = 0
[pid 5059] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5059] write(3, "1000", 4) = 4
[pid 5059] close(3) = 0
[pid 5059] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5059] openat(AT_FDCWD, ".", O_RDONLY) = 3
[pid 5059] mkdirat(3, "./file0", 000) = 0
[pid 5059] openat(AT_FDCWD, "./file0", O_RDONLY) = 4
[pid 5059] mkdirat(AT_FDCWD, "./file1", 000) = 0
[pid 5059] symlinkat("./bus", 4, "./bus") = 0
[pid 5059] mkdirat(AT_FDCWD, "./bus", 000) = 0
[pid 5059] mount(NULL, "./bus", "overlay", 0, "workdir=./file1,lowerdir=./file0,upperdir=./bus,index=on") = 0
[pid 5059] linkat(4, "./bus", 4, "./file1", 0) = 0
[pid 5059] chdir("./bus") = 0
[pid 5059] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5059] write(5, "20", 2) = 2
[ 79.353906][ T5059] FAULT_INJECTION: forcing a failure.
[ 79.353906][ T5059] name failslab, interval 1, probability 0, space 0, times 0
[ 79.366976][ T5059] CPU: 1 PID: 5059 Comm: syz-executor360 Not tainted 6.6.0-rc2-next-20230921-syzkaller #0
[ 79.376863][ T5059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 79.386910][ T5059] Call Trace:
[ 79.390179][ T5059]
[ 79.393104][ T5059] dump_stack_lvl+0x125/0x1b0
[ 79.397804][ T5059] should_fail_ex+0x496/0x5b0
[ 79.402508][ T5059] should_failslab+0x9/0x20
[ 79.407002][ T5059] __kmem_cache_alloc_node+0x2eb/0x330
[ 79.412457][ T5059] ? ovl_encode_real_fh+0xd3/0x430
[ 79.417561][ T5059] ? reacquire_held_locks+0x4b0/0x4b0
[ 79.422936][ T5059] kmalloc_trace+0x25/0xe0
[ 79.427349][ T5059] ovl_encode_real_fh+0xd3/0x430
[ 79.432296][ T5059] ? ovl_copy_up_metadata+0x720/0x720
[ 79.437661][ T5059] ? bpf_lsm_capable+0x9/0x10
[ 79.442358][ T5059] ovl_copy_up_one+0xce0/0x3250
[ 79.447236][ T5059] ? print_usage_bug.part.0+0x670/0x670
[ 79.452807][ T5059] ? print_usage_bug.part.0+0x670/0x670
[ 79.458379][ T5059] ? ovl_encode_real_fh+0x430/0x430
[ 79.463596][ T5059] ? __lock_acquire+0x182f/0x5de0
[ 79.468693][ T5059] ? do_raw_spin_unlock+0x173/0x230
[ 79.474013][ T5059] ovl_copy_up_flags+0x189/0x200
[ 79.478967][ T5059] ovl_nlink_start+0x391/0x470
[ 79.483750][ T5059] ovl_do_remove+0x16d/0xd50
[ 79.488368][ T5059] ? ovl_rename+0x1840/0x1840
[ 79.493079][ T5059] vfs_unlink+0x2f1/0x900
[ 79.497430][ T5059] ? bpf_lsm_path_unlink+0x9/0x10
[ 79.502473][ T5059] do_unlinkat+0x3da/0x6d0
[ 79.506925][ T5059] ? __ia32_sys_rmdir+0x110/0x110
[ 79.511979][ T5059] ? __check_object_size+0x323/0x730
[ 79.517314][ T5059] ? getname_flags.part.0+0x1d5/0x4d0
[ 79.522720][ T5059] __x64_sys_unlink+0xc8/0x110
[ 79.527502][ T5059] do_syscall_64+0x38/0xb0
[ 79.531932][ T5059] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 79.537844][ T5059] RIP: 0033:0x7f15a9d353e9
[ 79.542265][ T5059] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 79.561892][ T5059] RSP: 002b:00007ffd8d25ca08 EFLAGS: 00000246 ORIG_RAX: 0000000000000057
[ 79.570407][ T5059] RAX: ffffffffffffffda RBX: 00007ffd8d25ca30 RCX: 00007f15a9d353e9
[ 79.578389][ T5059] RDX: 00007f15a9d344b0 RSI: 00007ffd8d25ca30 RDI: 0000000020000200
[ 79.586458][ T5059] RBP: 0000000000000002 R08: 00007ffd8d25c7a6 R09: 00007ffd8d2d51a0
[ 79.594438][ T5059] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffd8d25ca2c
[pid 5059] unlink("./file1") = -1 ENOMEM (Cannot allocate memory)
[pid 5059] exit_group(0) = ?
[pid 5059] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5059, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555569a6f0 /* 6 entries */, 32768) = 168
umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555556a2730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555556a2730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/bus") = 0
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[ 79.602414][ T5059] R13: 00007ffd8d25ca70 R14: 00007ffd8d25ca50 R15: 0000000000000001
[ 79.610413][ T5059]
unlink("./1/binderfs") = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555556a2730 /* 4 entries */, 32768) = 104
umount2("./1/file0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file0/bus", {st_mode=S_IFLNK|0777, st_size=5, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/file0/bus") = 0
umount2("./1/file0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file0/file1", {st_mode=S_IFLNK|0777, st_size=5, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/file0/file1") = 0
getdents64(4, 0x5555556a2730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file0") = 0
umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555556a2730 /* 4 entries */, 32768) = 104
umount2("./1/file1/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file1/work", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./1/file1/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file1/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x5555556aa770 /* 2 entries */, 32768) = 48
getdents64(5, 0x5555556aa770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./1/file1/work") = 0
umount2("./1/file1/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file1/index", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./1/file1/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file1/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x5555556aa770 /* 2 entries */, 32768) = 48
getdents64(5, 0x5555556aa770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./1/file1/index") = 0
getdents64(4, 0x5555556a2730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file1") = 0
getdents64(3, 0x55555569a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5060 attached
, child_tidptr=0x555555699650) = 5060
[pid 5060] set_robust_list(0x555555699660, 24) = 0
[pid 5060] chdir("./2") = 0
[pid 5060] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5060] setpgid(0, 0) = 0
[pid 5060] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5060] write(3, "1000", 4) = 4
[pid 5060] close(3) = 0
[pid 5060] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5060] openat(AT_FDCWD, ".", O_RDONLY) = 3
[pid 5060] mkdirat(3, "./file0", 000) = 0
[pid 5060] openat(AT_FDCWD, "./file0", O_RDONLY) = 4
[pid 5060] mkdirat(AT_FDCWD, "./file1", 000) = 0
[pid 5060] symlinkat("./bus", 4, "./bus") = 0
[pid 5060] mkdirat(AT_FDCWD, "./bus", 000) = 0
[pid 5060] mount(NULL, "./bus", "overlay", 0, "workdir=./file1,lowerdir=./file0,upperdir=./bus,index=on") = 0
[pid 5060] linkat(4, "./bus", 4, "./file1", 0) = 0
[pid 5060] chdir("./bus") = 0
[pid 5060] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5060] write(5, "20", 2) = 2
[ 80.055384][ T5060] FAULT_INJECTION: forcing a failure.
[ 80.055384][ T5060] name failslab, interval 1, probability 0, space 0, times 0
[ 80.068182][ T5060] CPU: 0 PID: 5060 Comm: syz-executor360 Not tainted 6.6.0-rc2-next-20230921-syzkaller #0
[ 80.078076][ T5060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 80.088139][ T5060] Call Trace:
[ 80.091422][ T5060]
[ 80.094355][ T5060] dump_stack_lvl+0x125/0x1b0
[ 80.099051][ T5060] should_fail_ex+0x496/0x5b0
[ 80.103755][ T5060] should_failslab+0x9/0x20
[ 80.108275][ T5060] __kmem_cache_alloc_node+0x2eb/0x330
[ 80.113744][ T5060] ? ovl_encode_real_fh+0xd3/0x430
[ 80.118876][ T5060] kmalloc_trace+0x25/0xe0
[ 80.123303][ T5060] ovl_encode_real_fh+0xd3/0x430
[ 80.128253][ T5060] ? ovl_copy_up_metadata+0x720/0x720
[ 80.133633][ T5060] ? ovl_copy_up_metadata+0x720/0x720
[ 80.139015][ T5060] ? bpf_lsm_capable+0x9/0x10
[ 80.143711][ T5060] ovl_get_index_name+0x23/0x80
[ 80.148578][ T5060] ovl_copy_up_one+0x1585/0x3250
[ 80.153526][ T5060] ? print_usage_bug.part.0+0x670/0x670
[ 80.159095][ T5060] ? print_usage_bug.part.0+0x670/0x670
[ 80.164667][ T5060] ? ovl_encode_real_fh+0x430/0x430
[ 80.169968][ T5060] ? __lock_acquire+0x182f/0x5de0
[ 80.175070][ T5060] ? do_raw_spin_unlock+0x173/0x230
[ 80.180300][ T5060] ovl_copy_up_flags+0x189/0x200
[ 80.185253][ T5060] ovl_nlink_start+0x391/0x470
[ 80.190036][ T5060] ovl_do_remove+0x16d/0xd50
[ 80.194655][ T5060] ? ovl_rename+0x1840/0x1840
[ 80.199361][ T5060] vfs_unlink+0x2f1/0x900
[ 80.203711][ T5060] ? bpf_lsm_path_unlink+0x9/0x10
[ 80.208755][ T5060] do_unlinkat+0x3da/0x6d0
[ 80.213185][ T5060] ? __ia32_sys_rmdir+0x110/0x110
[ 80.218216][ T5060] ? __check_object_size+0x323/0x730
[ 80.223534][ T5060] ? getname_flags.part.0+0x1d5/0x4d0
[ 80.228929][ T5060] __x64_sys_unlink+0xc8/0x110
[ 80.233704][ T5060] do_syscall_64+0x38/0xb0
[ 80.238140][ T5060] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 80.244048][ T5060] RIP: 0033:0x7f15a9d353e9
[ 80.248467][ T5060] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 80.268084][ T5060] RSP: 002b:00007ffd8d25ca08 EFLAGS: 00000246 ORIG_RAX: 0000000000000057
[ 80.276506][ T5060] RAX: ffffffffffffffda RBX: 00007ffd8d25ca30 RCX: 00007f15a9d353e9
[ 80.284483][ T5060] RDX: 00007f15a9d344b0 RSI: 00007ffd8d25ca30 RDI: 0000000020000200
[ 80.292466][ T5060] RBP: 0000000000000002 R08: 00007ffd8d25c7a6 R09: 00007ffd8d2d51a0
[ 80.300442][ T5060] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffd8d25ca2c
[ 80.308418][ T5060] R13: 00007ffd8d25ca70 R14: 00007ffd8d25ca50 R15: 0000000000000002
[ 80.316414][ T5060]
[ 80.324133][ T5060] ==================================================================
[ 80.332211][ T5060] BUG: KASAN: invalid-free in __kmem_cache_free+0xb8/0x2d0
[ 80.339402][ T5060] Free of addr ffff888078b14650 by task syz-executor360/5060
[ 80.346772][ T5060]
[ 80.349164][ T5060] CPU: 0 PID: 5060 Comm: syz-executor360 Not tainted 6.6.0-rc2-next-20230921-syzkaller #0
[ 80.359038][ T5060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 80.369092][ T5060] Call Trace:
[ 80.372358][ T5060]
[ 80.375280][ T5060] dump_stack_lvl+0xd9/0x1b0
[ 80.379866][ T5060] print_report+0xc4/0x620
[ 80.384278][ T5060] ? __virt_addr_valid+0x5e/0x2d0
[ 80.389316][ T5060] ? __phys_addr+0xc6/0x140
[ 80.393810][ T5060] ? __kmem_cache_free+0xb8/0x2d0
[ 80.398822][ T5060] ? __kmem_cache_free+0xb8/0x2d0
[ 80.403838][ T5060] kasan_report_invalid_free+0xab/0xd0
[ 80.409286][ T5060] ? __kmem_cache_free+0xb8/0x2d0
[ 80.414299][ T5060] ____kasan_slab_free+0x1a0/0x1b0
[ 80.419412][ T5060] slab_free_freelist_hook+0x114/0x1e0
[ 80.424868][ T5060] ? ovl_copy_up_one+0x15ac/0x3250
[ 80.429971][ T5060] __kmem_cache_free+0xb8/0x2d0
[ 80.434832][ T5060] ovl_copy_up_one+0x15ac/0x3250
[ 80.439776][ T5060] ? print_usage_bug.part.0+0x670/0x670
[ 80.445335][ T5060] ? print_usage_bug.part.0+0x670/0x670
[ 80.450901][ T5060] ? ovl_encode_real_fh+0x430/0x430
[ 80.456104][ T5060] ? __lock_acquire+0x182f/0x5de0
[ 80.461169][ T5060] ? do_raw_spin_unlock+0x173/0x230
[ 80.466385][ T5060] ovl_copy_up_flags+0x189/0x200
[ 80.471330][ T5060] ovl_nlink_start+0x391/0x470
[ 80.476106][ T5060] ovl_do_remove+0x16d/0xd50
[ 80.480720][ T5060] ? ovl_rename+0x1840/0x1840
[ 80.485419][ T5060] vfs_unlink+0x2f1/0x900
[ 80.489776][ T5060] ? bpf_lsm_path_unlink+0x9/0x10
[ 80.494813][ T5060] do_unlinkat+0x3da/0x6d0
[ 80.499241][ T5060] ? __ia32_sys_rmdir+0x110/0x110
[ 80.504271][ T5060] ? __check_object_size+0x323/0x730
[ 80.509575][ T5060] ? getname_flags.part.0+0x1d5/0x4d0
[ 80.515049][ T5060] __x64_sys_unlink+0xc8/0x110
[ 80.519819][ T5060] do_syscall_64+0x38/0xb0
[ 80.524244][ T5060] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 80.530150][ T5060] RIP: 0033:0x7f15a9d353e9
[ 80.534570][ T5060] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 80.554184][ T5060] RSP: 002b:00007ffd8d25ca08 EFLAGS: 00000246 ORIG_RAX: 0000000000000057
[ 80.562600][ T5060] RAX: ffffffffffffffda RBX: 00007ffd8d25ca30 RCX: 00007f15a9d353e9
[ 80.570573][ T5060] RDX: 00007f15a9d344b0 RSI: 00007ffd8d25ca30 RDI: 0000000020000200
[ 80.578544][ T5060] RBP: 0000000000000002 R08: 00007ffd8d25c7a6 R09: 00007ffd8d2d51a0
[ 80.586514][ T5060] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffd8d25ca2c
[ 80.594484][ T5060] R13: 00007ffd8d25ca70 R14: 00007ffd8d25ca50 R15: 0000000000000002
[ 80.602464][ T5060]
[ 80.605479][ T5060]
[ 80.607796][ T5060] Allocated by task 5060:
[ 80.612115][ T5060] kasan_save_stack+0x33/0x50
[ 80.616799][ T5060] kasan_set_track+0x25/0x30
[ 80.621391][ T5060] __kasan_slab_alloc+0x81/0x90
[ 80.626247][ T5060] kmem_cache_alloc_lru+0x215/0x670
[ 80.631444][ T5060] __d_alloc+0x32/0xac0
[ 80.635620][ T5060] d_alloc+0x4e/0x220
[ 80.639607][ T5060] lookup_one_qstr_excl+0xc7/0x180
[ 80.644748][ T5060] do_unlinkat+0x294/0x6d0
[ 80.649162][ T5060] __x64_sys_unlink+0xc8/0x110
[ 80.653925][ T5060] do_syscall_64+0x38/0xb0
[ 80.658344][ T5060] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 80.664245][ T5060]
[ 80.666559][ T5060] Last potentially related work creation:
[ 80.672263][ T5060] kasan_save_stack+0x33/0x50
[ 80.677029][ T5060] __kasan_record_aux_stack+0xbc/0xd0
[ 80.682406][ T5060] __call_rcu_common.constprop.0+0x9a/0x790
[ 80.688306][ T5060] dentry_free+0xc2/0x160
[ 80.692646][ T5060] __dentry_kill+0x4c1/0x640
[ 80.697244][ T5060] dput+0x6de/0xf80
[ 80.701059][ T5060] step_into+0x1192/0x2230
[ 80.705494][ T5060] walk_component+0xfc/0x5a0
[ 80.710097][ T5060] path_lookupat+0x17f/0x770
[ 80.714702][ T5060] filename_lookup+0x1e7/0x5b0
[ 80.719468][ T5060] vfs_statx+0x160/0x430
[ 80.723713][ T5060] vfs_fstatat+0xb3/0x140
[ 80.728048][ T5060] __do_sys_newfstatat+0x98/0x110
[ 80.733078][ T5060] do_syscall_64+0x38/0xb0
[ 80.737497][ T5060] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 80.743396][ T5060]
[ 80.745715][ T5060] The buggy address belongs to the object at ffff888078b145e0
[ 80.745715][ T5060] which belongs to the cache dentry of size 312
[ 80.759336][ T5060] The buggy address is located 112 bytes inside of
[ 80.759336][ T5060] 312-byte region [ffff888078b145e0, ffff888078b14718)
[ 80.772612][ T5060]
[ 80.774928][ T5060] The buggy address belongs to the physical page:
[ 80.781333][ T5060] page:ffffea0001e2c500 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78b14
[ 80.791485][ T5060] head:ffffea0001e2c500 order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 80.800417][ T5060] ksm flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 80.808828][ T5060] page_type: 0xffffffff()
[ 80.813156][ T5060] raw: 00fff00000000840 ffff88814000a8c0 ffffea0001e2d080 dead000000000003
[ 80.821744][ T5060] raw: 0000000000000000 0000000000150015 00000001ffffffff 0000000000000000
[ 80.830405][ T5060] page dumped because: kasan: bad access detected
[ 80.836810][ T5060] page_owner tracks the page as allocated
[ 80.842512][ T5060] page last allocated via order 1, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_RECLAIMABLE), pid 4515, tgid 4515 (udevd), ts 47959600386, free_ts 28011797989
[ 80.865009][ T5060] post_alloc_hook+0x2cf/0x340
[ 80.869793][ T5060] get_page_from_freelist+0xf17/0x2e50
[ 80.875255][ T5060] __alloc_pages+0x1d0/0x4a0
[ 80.879845][ T5060] alloc_pages+0x1a9/0x270
[ 80.884274][ T5060] allocate_slab+0x251/0x380
[ 80.888874][ T5060] ___slab_alloc+0x8c7/0x1580
[ 80.893558][ T5060] __slab_alloc.constprop.0+0x56/0xa0
[ 80.898930][ T5060] kmem_cache_alloc_lru+0x4e1/0x670
[ 80.904126][ T5060] __d_alloc+0x32/0xac0
[ 80.908296][ T5060] d_alloc+0x4e/0x220
[ 80.912284][ T5060] d_alloc_parallel+0xe9/0x12d0
[ 80.917145][ T5060] lookup_open.isra.0+0xaa4/0x13b0
[ 80.922270][ T5060] path_openat+0x931/0x29c0
[ 80.926771][ T5060] do_filp_open+0x1de/0x430
[ 80.931277][ T5060] do_sys_openat2+0x176/0x1e0
[ 80.935958][ T5060] __x64_sys_openat+0x175/0x210
[ 80.940812][ T5060] page last free stack trace:
[ 80.945475][ T5060] free_unref_page_prepare+0x476/0xa40
[ 80.951029][ T5060] free_unref_page+0x33/0x3b0
[ 80.955719][ T5060] free_contig_range+0xb6/0x190
[ 80.960590][ T5060] destroy_args+0x7c9/0xa10
[ 80.965116][ T5060] debug_vm_pgtable+0x1d79/0x3e00
[ 80.970158][ T5060] do_one_initcall+0x11c/0x640
[ 80.974942][ T5060] kernel_init_freeable+0x5c2/0x8f0
[ 80.980152][ T5060] kernel_init+0x1c/0x2a0
[ 80.984496][ T5060] ret_from_fork+0x45/0x80
[ 80.988916][ T5060] ret_from_fork_asm+0x11/0x20
[ 80.993717][ T5060]
[ 80.996034][ T5060] Memory state around the buggy address:
[ 81.001655][ T5060] ffff888078b14500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 81.009800][ T5060] ffff888078b14580: 00 00 00 00 fc fc fc fc fc fc fc fc 00 00 00 00
[ 81.017862][ T5060] >ffff888078b14600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 81.025921][ T5060] ^
[ 81.032586][ T5060] ffff888078b14680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 81.040645][ T5060] ffff888078b14700: 00 00 00 fc fc fc fc fc fc fc fc 00 00 00 00 00
[ 81.048698][ T5060] ==================================================================
[ 81.057350][ T5060] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 81.064559][ T5060] CPU: 0 PID: 5060 Comm: syz-executor360 Not tainted 6.6.0-rc2-next-20230921-syzkaller #0
[ 81.074469][ T5060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 81.084536][ T5060] Call Trace:
[ 81.087820][ T5060]
[ 81.090772][ T5060] dump_stack_lvl+0xd9/0x1b0
[ 81.095376][ T5060] panic+0x6dc/0x790
[ 81.099282][ T5060] ? panic_smp_self_stop+0xa0/0xa0
[ 81.104401][ T5060] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 81.110568][ T5060] ? preempt_schedule_thunk+0x1a/0x30
[ 81.115957][ T5060] ? __kmem_cache_free+0xb8/0x2d0
[ 81.120986][ T5060] ? preempt_schedule_common+0x45/0xc0
[ 81.126459][ T5060] ? __kmem_cache_free+0xb8/0x2d0
[ 81.131489][ T5060] ? __kmem_cache_free+0xb8/0x2d0
[ 81.136516][ T5060] check_panic_on_warn+0xab/0xb0
[ 81.141481][ T5060] ? __kmem_cache_free+0xb8/0x2d0
[ 81.146507][ T5060] end_report+0x108/0x150
[ 81.150840][ T5060] kasan_report_invalid_free+0xbb/0xd0
[ 81.156308][ T5060] ? __kmem_cache_free+0xb8/0x2d0
[ 81.161341][ T5060] ____kasan_slab_free+0x1a0/0x1b0
[ 81.166461][ T5060] slab_free_freelist_hook+0x114/0x1e0
[ 81.171939][ T5060] ? ovl_copy_up_one+0x15ac/0x3250
[ 81.177055][ T5060] __kmem_cache_free+0xb8/0x2d0
[ 81.181912][ T5060] ovl_copy_up_one+0x15ac/0x3250
[ 81.186857][ T5060] ? print_usage_bug.part.0+0x670/0x670
[ 81.192421][ T5060] ? print_usage_bug.part.0+0x670/0x670
[ 81.197984][ T5060] ? ovl_encode_real_fh+0x430/0x430
[ 81.203190][ T5060] ? __lock_acquire+0x182f/0x5de0
[ 81.208250][ T5060] ? do_raw_spin_unlock+0x173/0x230
[ 81.213473][ T5060] ovl_copy_up_flags+0x189/0x200
[ 81.218421][ T5060] ovl_nlink_start+0x391/0x470
[ 81.223198][ T5060] ovl_do_remove+0x16d/0xd50
[ 81.227810][ T5060] ? ovl_rename+0x1840/0x1840
[ 81.232504][ T5060] vfs_unlink+0x2f1/0x900
[ 81.236848][ T5060] ? bpf_lsm_path_unlink+0x9/0x10
[ 81.241881][ T5060] do_unlinkat+0x3da/0x6d0
[ 81.246301][ T5060] ? __ia32_sys_rmdir+0x110/0x110
[ 81.251335][ T5060] ? __check_object_size+0x323/0x730
[ 81.256640][ T5060] ? getname_flags.part.0+0x1d5/0x4d0
[ 81.262029][ T5060] __x64_sys_unlink+0xc8/0x110
[ 81.266802][ T5060] do_syscall_64+0x38/0xb0
[ 81.271226][ T5060] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 81.277128][ T5060] RIP: 0033:0x7f15a9d353e9
[ 81.281541][ T5060] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 81.301155][ T5060] RSP: 002b:00007ffd8d25ca08 EFLAGS: 00000246 ORIG_RAX: 0000000000000057
[ 81.309572][ T5060] RAX: ffffffffffffffda RBX: 00007ffd8d25ca30 RCX: 00007f15a9d353e9
[ 81.317552][ T5060] RDX: 00007f15a9d344b0 RSI: 00007ffd8d25ca30 RDI: 0000000020000200
[ 81.325522][ T5060] RBP: 0000000000000002 R08: 00007ffd8d25c7a6 R09: 00007ffd8d2d51a0
[ 81.333492][ T5060] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffd8d25ca2c
[ 81.341460][ T5060] R13: 00007ffd8d25ca70 R14: 00007ffd8d25ca50 R15: 0000000000000002
[ 81.349438][ T5060]
[ 81.352772][ T5060] Kernel Offset: disabled
[ 81.357084][ T5060] Rebooting in 86400 seconds..