./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3177226103 <...> [ 97.191136][ T977] cfg80211: failed to load regulatory.db Warning: Permanently added '10.128.1.54' (ED25519) to the list of known hosts. execve("./syz-executor3177226103", ["./syz-executor3177226103"], 0x7ffd111433c0 /* 10 vars */) = 0 brk(NULL) = 0x55556f1be000 brk(0x55556f1bee00) = 0x55556f1bee00 arch_prctl(ARCH_SET_FS, 0x55556f1be480) = 0 set_tid_address(0x55556f1be750) = 5851 set_robust_list(0x55556f1be760, 24) = 0 rseq(0x55556f1beda0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3177226103", 4096) = 28 getrandom("\x0d\x8d\x42\x3e\xfa\xfa\xc3\x00", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55556f1bee00 brk(0x55556f1dfe00) = 0x55556f1dfe00 brk(0x55556f1e0000) = 0x55556f1e0000 mprotect(0x7f10017f1000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7f1001743950, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f100174c530}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7f1001743950, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f100174c530}, NULL, 8) = 0 mkdir("./syzkaller.Wxat7p", 0700) = 0 chmod("./syzkaller.Wxat7p", 0777) = 0 chdir("./syzkaller.Wxat7p") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5852 attached , child_tidptr=0x55556f1be750) = 5852 [pid 5852] set_robust_list(0x55556f1be760, 24) = 0 [pid 5852] chdir("./0") = 0 [pid 5852] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5852] setpgid(0, 0) = 0 [pid 5852] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5852] write(3, "1000", 4) = 4 [pid 5852] close(3) = 0 [pid 5852] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5852] write(1, "executing program\n", 18) = 18 [pid 5852] memfd_create("syzkaller", 0) = 3 [pid 5852] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ff9200000 [pid 5852] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5852] munmap(0x7f0ff9200000, 138412032) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5852] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5852] close(3) = 0 [pid 5852] close(4) = 0 [pid 5852] mkdir("./file0", 0777) = 0 [ 101.732785][ T5852] loop0: detected capacity change from 0 to 32768 [ 101.761412][ T5852] (syz-executor317,5852,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 101.778511][ T5852] (syz-executor317,5852,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 101.809463][ T5852] JBD2: Ignoring recovery information on journal [pid 5852] mount("/dev/loop0", "./file0", "ocfs2", MS_RELATIME, "journal_async_commit,coherency=full,errors=continue,heartbeat=none,errors=continue,nointr,grpquota,") = 0 [pid 5852] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5852] chdir("./file0") = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 101.843373][ T5852] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5852] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [ 101.912233][ T30] audit: type=1800 audit(1752426760.145:2): pid=5852 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor317" name="bus" dev="loop0" ino=16978 res=0 errno=0 [pid 5852] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=499712}], 1, 208896, RWF_HIPRI|RWF_DSYNC) = 499712 [pid 5852] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 5852] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5852] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5852] exit_group(0) = ? [pid 5852] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5852, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f1bf7f0 /* 4 entries */, 32768) = 112 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f1c7830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f1c7830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 getdents64(3, 0x55556f1bf7f0 /* 0 entries */, 32768) = 0 close(3) = 0 [ 102.124716][ T5851] ocfs2: Unmounting device (7,0) on (node local) rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5856 attached , child_tidptr=0x55556f1be750) = 5856 [pid 5856] set_robust_list(0x55556f1be760, 24) = 0 [pid 5856] chdir("./1") = 0 [pid 5856] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5856] setpgid(0, 0) = 0 [pid 5856] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5856] write(3, "1000", 4) = 4 [pid 5856] close(3) = 0 [pid 5856] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5856] write(1, "executing program\n", 18) = 18 [pid 5856] memfd_create("syzkaller", 0) = 3 [pid 5856] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ff9200000 [pid 5856] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5856] munmap(0x7f0ff9200000, 138412032) = 0 [pid 5856] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5856] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5856] close(3) = 0 [pid 5856] close(4) = 0 [pid 5856] mkdir("./file0", 0777) = 0 [ 102.588792][ T5856] loop0: detected capacity change from 0 to 32768 [ 102.623193][ T5856] (syz-executor317,5856,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 102.638612][ T5856] (syz-executor317,5856,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 102.672769][ T5856] JBD2: Ignoring recovery information on journal [pid 5856] mount("/dev/loop0", "./file0", "ocfs2", MS_RELATIME, "journal_async_commit,coherency=full,errors=continue,heartbeat=none,errors=continue,nointr,grpquota,") = 0 [pid 5856] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5856] chdir("./file0") = 0 [pid 5856] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 102.704671][ T5856] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5856] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5856] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=499712}], 1, 208896, RWF_HIPRI|RWF_DSYNC) = 499712 [pid 5856] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 5856] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5856] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5856] exit_group(0) = ? [ 102.756821][ T30] audit: type=1800 audit(1752426760.985:3): pid=5856 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor317" name="bus" dev="loop0" ino=16978 res=0 errno=0 [pid 5856] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5856, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f1bf7f0 /* 4 entries */, 32768) = 112 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f1c7830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f1c7830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 getdents64(3, 0x55556f1bf7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 102.843894][ T5851] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5860 attached [pid 5860] set_robust_list(0x55556f1be760, 24 [pid 5851] <... clone resumed>, child_tidptr=0x55556f1be750) = 5860 [pid 5860] <... set_robust_list resumed>) = 0 [pid 5860] chdir("./2") = 0 [pid 5860] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5860] setpgid(0, 0) = 0 [pid 5860] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5860] write(3, "1000", 4) = 4 [pid 5860] close(3) = 0 [pid 5860] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5860] write(1, "executing program\n", 18executing program ) = 18 [pid 5860] memfd_create("syzkaller", 0) = 3 [pid 5860] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ff9200000 [pid 5860] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5860] munmap(0x7f0ff9200000, 138412032) = 0 [pid 5860] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5860] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5860] close(3) = 0 [pid 5860] close(4) = 0 [pid 5860] mkdir("./file0", 0777) = 0 [ 103.257884][ T5860] loop0: detected capacity change from 0 to 32768 [ 103.277218][ T5860] (syz-executor317,5860,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 103.291564][ T5860] (syz-executor317,5860,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 103.316452][ T5860] JBD2: Ignoring recovery information on journal [pid 5860] mount("/dev/loop0", "./file0", "ocfs2", MS_RELATIME, "journal_async_commit,coherency=full,errors=continue,heartbeat=none,errors=continue,nointr,grpquota,") = 0 [pid 5860] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5860] chdir("./file0") = 0 [pid 5860] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 103.361842][ T5860] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5860] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5860] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=499712}], 1, 208896, RWF_HIPRI|RWF_DSYNC) = 499712 [pid 5860] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 5860] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5860] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5860] exit_group(0) = ? [pid 5860] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5860, si_uid=0, si_status=0, si_utime=0, si_stime=25 /* 0.25 s */} --- [ 103.423959][ T30] audit: type=1800 audit(1752426761.655:4): pid=5860 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor317" name="bus" dev="loop0" ino=16978 res=0 errno=0 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f1bf7f0 /* 4 entries */, 32768) = 112 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f1c7830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f1c7830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 103.555801][ T5851] ocfs2: Unmounting device (7,0) on (node local) unlink("./2/binderfs") = 0 getdents64(3, 0x55556f1bf7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5864 attached [pid 5864] set_robust_list(0x55556f1be760, 24 [pid 5851] <... clone resumed>, child_tidptr=0x55556f1be750) = 5864 [pid 5864] <... set_robust_list resumed>) = 0 [pid 5864] chdir("./3") = 0 [pid 5864] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5864] setpgid(0, 0) = 0 [pid 5864] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5864] write(3, "1000", 4) = 4 [pid 5864] close(3) = 0 [pid 5864] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5864] write(1, "executing program\n", 18) = 18 [pid 5864] memfd_create("syzkaller", 0) = 3 [pid 5864] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ff9200000 [pid 5864] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5864] munmap(0x7f0ff9200000, 138412032) = 0 [pid 5864] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5864] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5864] close(3) = 0 [pid 5864] close(4) = 0 [pid 5864] mkdir("./file0", 0777) = 0 [ 104.033813][ T5864] loop0: detected capacity change from 0 to 32768 [ 104.057597][ T5864] (syz-executor317,5864,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 104.072580][ T5864] (syz-executor317,5864,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [pid 5864] mount("/dev/loop0", "./file0", "ocfs2", MS_RELATIME, "journal_async_commit,coherency=full,errors=continue,heartbeat=none,errors=continue,nointr,grpquota,") = 0 [pid 5864] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5864] chdir("./file0") = 0 [pid 5864] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 104.114856][ T5864] JBD2: Ignoring recovery information on journal [ 104.143760][ T5864] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5864] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5864] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=499712}], 1, 208896, RWF_HIPRI|RWF_DSYNC) = 499712 [pid 5864] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 5864] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5864] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 104.179371][ T30] audit: type=1800 audit(1752426762.415:5): pid=5864 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor317" name="bus" dev="loop0" ino=16978 res=0 errno=0 [pid 5864] exit_group(0) = ? [pid 5864] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5864, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f1bf7f0 /* 4 entries */, 32768) = 112 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 104.365778][ T5851] ocfs2: Unmounting device (7,0) on (node local) newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f1c7830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f1c7830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 getdents64(3, 0x55556f1bf7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5868 attached [pid 5868] set_robust_list(0x55556f1be760, 24 [pid 5851] <... clone resumed>, child_tidptr=0x55556f1be750) = 5868 [pid 5868] <... set_robust_list resumed>) = 0 [pid 5868] chdir("./4") = 0 [pid 5868] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5868] setpgid(0, 0) = 0 [pid 5868] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5868] write(3, "1000", 4) = 4 [pid 5868] close(3) = 0 [pid 5868] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5868] write(1, "executing program\n", 18) = 18 [pid 5868] memfd_create("syzkaller", 0) = 3 [pid 5868] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ff9200000 [pid 5868] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5868] munmap(0x7f0ff9200000, 138412032) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5868] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5868] close(3) = 0 [pid 5868] close(4) = 0 [pid 5868] mkdir("./file0", 0777) = 0 [ 104.954618][ T5868] loop0: detected capacity change from 0 to 32768 [ 104.978044][ T5868] (syz-executor317,5868,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 104.992904][ T5868] (syz-executor317,5868,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 105.017011][ T5868] JBD2: Ignoring recovery information on journal [pid 5868] mount("/dev/loop0", "./file0", "ocfs2", MS_RELATIME, "journal_async_commit,coherency=full,errors=continue,heartbeat=none,errors=continue,nointr,grpquota,") = 0 [pid 5868] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5868] chdir("./file0") = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5868] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [ 105.055492][ T5868] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5868] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=499712}], 1, 208896, RWF_HIPRI|RWF_DSYNC) = 499712 [pid 5868] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [ 105.087001][ T30] audit: type=1800 audit(1752426763.315:6): pid=5868 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor317" name="bus" dev="loop0" ino=16978 res=0 errno=0 [pid 5868] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5868] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5868] exit_group(0) = ? [pid 5868] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5868, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f1bf7f0 /* 4 entries */, 32768) = 112 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 105.267781][ T5851] ocfs2: Unmounting device (7,0) on (node local) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f1c7830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f1c7830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 getdents64(3, 0x55556f1bf7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5872 attached , child_tidptr=0x55556f1be750) = 5872 [pid 5872] set_robust_list(0x55556f1be760, 24) = 0 [pid 5872] chdir("./5") = 0 [pid 5872] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5872] setpgid(0, 0) = 0 [pid 5872] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5872] write(3, "1000", 4) = 4 [pid 5872] close(3) = 0 [pid 5872] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5872] write(1, "executing program\n", 18executing program ) = 18 [pid 5872] memfd_create("syzkaller", 0) = 3 [pid 5872] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ff9200000 [pid 5872] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5872] munmap(0x7f0ff9200000, 138412032) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5872] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5872] close(3) = 0 [pid 5872] close(4) = 0 [pid 5872] mkdir("./file0", 0777) = 0 [ 105.878136][ T5872] loop0: detected capacity change from 0 to 32768 [ 105.902552][ T5872] (syz-executor317,5872,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 105.917067][ T5872] (syz-executor317,5872,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 105.940731][ T5872] JBD2: Ignoring recovery information on journal [pid 5872] mount("/dev/loop0", "./file0", "ocfs2", MS_RELATIME, "journal_async_commit,coherency=full,errors=continue,heartbeat=none,errors=continue,nointr,grpquota,") = 0 [pid 5872] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5872] chdir("./file0") = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5872] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [ 105.980226][ T5872] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 106.009762][ T30] audit: type=1800 audit(1752426764.245:7): pid=5872 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor317" name="bus" dev="loop0" ino=16978 res=0 errno=0 [pid 5872] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=499712}], 1, 208896, RWF_HIPRI|RWF_DSYNC) = 499712 [pid 5872] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 5872] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5872] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5872] exit_group(0) = ? [pid 5872] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5872, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f1bf7f0 /* 4 entries */, 32768) = 112 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 106.202142][ T5851] ocfs2: Unmounting device (7,0) on (node local) getdents64(4, 0x55556f1c7830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f1c7830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 getdents64(3, 0x55556f1bf7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556f1be750) = 5876 ./strace-static-x86_64: Process 5876 attached [pid 5876] set_robust_list(0x55556f1be760, 24) = 0 [pid 5876] chdir("./6") = 0 [pid 5876] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5876] setpgid(0, 0) = 0 [pid 5876] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5876] write(3, "1000", 4) = 4 [pid 5876] close(3) = 0 [pid 5876] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5876] write(1, "executing program\n", 18executing program ) = 18 [pid 5876] memfd_create("syzkaller", 0) = 3 [pid 5876] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ff9200000 [pid 5876] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5876] munmap(0x7f0ff9200000, 138412032) = 0 [pid 5876] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5876] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5876] close(3) = 0 [pid 5876] close(4) = 0 [pid 5876] mkdir("./file0", 0777) = 0 [ 106.784030][ T5876] loop0: detected capacity change from 0 to 32768 [ 106.822626][ T5876] (syz-executor317,5876,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 106.836947][ T5876] (syz-executor317,5876,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 106.858755][ T5876] JBD2: Ignoring recovery information on journal [pid 5876] mount("/dev/loop0", "./file0", "ocfs2", MS_RELATIME, "journal_async_commit,coherency=full,errors=continue,heartbeat=none,errors=continue,nointr,grpquota,") = 0 [pid 5876] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5876] chdir("./file0") = 0 [pid 5876] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 106.895499][ T5876] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5876] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5876] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=499712}], 1, 208896, RWF_HIPRI|RWF_DSYNC) = 499712 [ 106.953268][ T30] audit: type=1800 audit(1752426765.185:8): pid=5876 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor317" name="bus" dev="loop0" ino=16978 res=0 errno=0 [pid 5876] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 5876] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5876] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5876] exit_group(0) = ? [pid 5876] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5876, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=24 /* 0.24 s */} --- umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f1bf7f0 /* 4 entries */, 32768) = 112 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f1c7830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f1c7830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 [ 107.102326][ T5851] ocfs2: Unmounting device (7,0) on (node local) getdents64(3, 0x55556f1bf7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5881 attached , child_tidptr=0x55556f1be750) = 5881 [pid 5881] set_robust_list(0x55556f1be760, 24) = 0 [pid 5881] chdir("./7") = 0 [pid 5881] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5881] setpgid(0, 0) = 0 [pid 5881] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5881] write(3, "1000", 4) = 4 [pid 5881] close(3) = 0 [pid 5881] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5881] write(1, "executing program\n", 18executing program ) = 18 [pid 5881] memfd_create("syzkaller", 0) = 3 [pid 5881] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ff9200000 [pid 5881] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5881] munmap(0x7f0ff9200000, 138412032) = 0 [pid 5881] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5881] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5881] close(3) = 0 [pid 5881] close(4) = 0 [pid 5881] mkdir("./file0", 0777) = 0 [ 107.603922][ T5881] loop0: detected capacity change from 0 to 32768 [ 107.657629][ T5881] (syz-executor317,5881,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 107.673218][ T5881] (syz-executor317,5881,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 107.695467][ T5881] JBD2: Ignoring recovery information on journal [pid 5881] mount("/dev/loop0", "./file0", "ocfs2", MS_RELATIME, "journal_async_commit,coherency=full,errors=continue,heartbeat=none,errors=continue,nointr,grpquota,") = 0 [pid 5881] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5881] chdir("./file0") = 0 [pid 5881] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 107.723803][ T5881] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5881] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5881] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=499712}], 1, 208896, RWF_HIPRI|RWF_DSYNC) = 499712 [ 107.775720][ T30] audit: type=1800 audit(1752426766.005:9): pid=5881 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor317" name="bus" dev="loop0" ino=16978 res=0 errno=0 [pid 5881] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 5881] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5881] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5881] exit_group(0) = ? [pid 5881] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5881, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f1bf7f0 /* 4 entries */, 32768) = 112 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 107.943321][ T5851] ocfs2: Unmounting device (7,0) on (node local) getdents64(4, 0x55556f1c7830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f1c7830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 getdents64(3, 0x55556f1bf7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5885 attached , child_tidptr=0x55556f1be750) = 5885 [pid 5885] set_robust_list(0x55556f1be760, 24) = 0 [pid 5885] chdir("./8") = 0 [pid 5885] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5885] setpgid(0, 0) = 0 [pid 5885] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5885] write(3, "1000", 4) = 4 [pid 5885] close(3) = 0 [pid 5885] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5885] write(1, "executing program\n", 18) = 18 [pid 5885] memfd_create("syzkaller", 0) = 3 [pid 5885] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ff9200000 [pid 5885] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5885] munmap(0x7f0ff9200000, 138412032) = 0 [pid 5885] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5885] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5885] close(3) = 0 [pid 5885] close(4) = 0 [pid 5885] mkdir("./file0", 0777) = 0 [ 108.405121][ T5885] loop0: detected capacity change from 0 to 32768 [ 108.437364][ T5885] (syz-executor317,5885,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 108.456247][ T5885] (syz-executor317,5885,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 108.483137][ T5885] JBD2: Ignoring recovery information on journal [pid 5885] mount("/dev/loop0", "./file0", "ocfs2", MS_RELATIME, "journal_async_commit,coherency=full,errors=continue,heartbeat=none,errors=continue,nointr,grpquota,") = 0 [pid 5885] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5885] chdir("./file0") = 0 [pid 5885] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 108.511275][ T5885] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5885] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5885] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=499712}], 1, 208896, RWF_HIPRI|RWF_DSYNC) = 499712 [pid 5885] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 5885] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5885] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 108.556279][ T30] audit: type=1800 audit(1752426766.785:10): pid=5885 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor317" name="bus" dev="loop0" ino=16978 res=0 errno=0 [pid 5885] exit_group(0) = ? [pid 5885] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5885, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f1bf7f0 /* 4 entries */, 32768) = 112 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f1c7830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f1c7830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 getdents64(3, 0x55556f1bf7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 108.708961][ T5851] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5889 attached , child_tidptr=0x55556f1be750) = 5889 [pid 5889] set_robust_list(0x55556f1be760, 24) = 0 [pid 5889] chdir("./9") = 0 [pid 5889] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5889] setpgid(0, 0) = 0 [pid 5889] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5889] write(3, "1000", 4) = 4 [pid 5889] close(3) = 0 [pid 5889] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5889] write(1, "executing program\n", 18) = 18 [pid 5889] memfd_create("syzkaller", 0) = 3 [pid 5889] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ff9200000 [pid 5889] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5889] munmap(0x7f0ff9200000, 138412032) = 0 [pid 5889] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5889] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5889] close(3) = 0 [pid 5889] close(4) = 0 [pid 5889] mkdir("./file0", 0777) = 0 [ 109.098703][ T5889] loop0: detected capacity change from 0 to 32768 [ 109.163753][ T5889] (syz-executor317,5889,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 109.177897][ T5889] (syz-executor317,5889,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 109.200790][ T5889] JBD2: Ignoring recovery information on journal [pid 5889] mount("/dev/loop0", "./file0", "ocfs2", MS_RELATIME, "journal_async_commit,coherency=full,errors=continue,heartbeat=none,errors=continue,nointr,grpquota,") = 0 [pid 5889] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5889] chdir("./file0") = 0 [pid 5889] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 109.225719][ T5889] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5889] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5889] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=499712}], 1, 208896, RWF_HIPRI|RWF_DSYNC) = 499712 [pid 5889] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 5889] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5889] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5889] exit_group(0) = ? [pid 5889] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5889, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=26 /* 0.26 s */} --- [ 109.277105][ T30] audit: type=1800 audit(1752426767.505:11): pid=5889 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor317" name="bus" dev="loop0" ino=16978 res=0 errno=0 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f1bf7f0 /* 4 entries */, 32768) = 112 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f1c7830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f1c7830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 getdents64(3, 0x55556f1bf7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 109.416798][ T5851] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5893 attached , child_tidptr=0x55556f1be750) = 5893 [pid 5893] set_robust_list(0x55556f1be760, 24) = 0 [pid 5893] chdir("./10") = 0 [pid 5893] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5893] setpgid(0, 0) = 0 [pid 5893] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5893] write(3, "1000", 4) = 4 [pid 5893] close(3) = 0 [pid 5893] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5893] write(1, "executing program\n", 18executing program ) = 18 [pid 5893] memfd_create("syzkaller", 0) = 3 [pid 5893] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ff9200000 [pid 5893] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5893] munmap(0x7f0ff9200000, 138412032) = 0 [pid 5893] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5893] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5893] close(3) = 0 [pid 5893] close(4) = 0 [pid 5893] mkdir("./file0", 0777) = 0 [ 109.834597][ T5893] loop0: detected capacity change from 0 to 32768 [ 109.887286][ T5893] (syz-executor317,5893,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 109.903149][ T5893] (syz-executor317,5893,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 109.926847][ T5893] JBD2: Ignoring recovery information on journal [pid 5893] mount("/dev/loop0", "./file0", "ocfs2", MS_RELATIME, "journal_async_commit,coherency=full,errors=continue,heartbeat=none,errors=continue,nointr,grpquota,") = 0 [pid 5893] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5893] chdir("./file0") = 0 [pid 5893] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 109.957615][ T5893] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5893] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5893] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=499712}], 1, 208896, RWF_HIPRI|RWF_DSYNC) = 499712 [ 110.000078][ T30] audit: type=1800 audit(1752426768.235:12): pid=5893 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor317" name="bus" dev="loop0" ino=16978 res=0 errno=0 [pid 5893] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 5893] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5893] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5893] exit_group(0) = ? [pid 5893] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5893, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f1bf7f0 /* 4 entries */, 32768) = 112 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f1c7830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f1c7830 /* 0 entries */, 32768) = 0 close(4) = 0 [ 110.161074][ T5851] ocfs2: Unmounting device (7,0) on (node local) rmdir("./10/file0") = 0 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 getdents64(3, 0x55556f1bf7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5897 attached , child_tidptr=0x55556f1be750) = 5897 [pid 5897] set_robust_list(0x55556f1be760, 24) = 0 [pid 5897] chdir("./11") = 0 [pid 5897] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5897] setpgid(0, 0) = 0 [pid 5897] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5897] write(3, "1000", 4) = 4 [pid 5897] close(3) = 0 [pid 5897] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5897] write(1, "executing program\n", 18executing program ) = 18 [pid 5897] memfd_create("syzkaller", 0) = 3 [pid 5897] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ff9200000 [pid 5897] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5897] munmap(0x7f0ff9200000, 138412032) = 0 [pid 5897] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5897] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5897] close(3) = 0 [pid 5897] close(4) = 0 [pid 5897] mkdir("./file0", 0777) = 0 [ 110.692202][ T5897] loop0: detected capacity change from 0 to 32768 [ 110.720444][ T5897] (syz-executor317,5897,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 110.735891][ T5897] (syz-executor317,5897,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 110.762496][ T5897] JBD2: Ignoring recovery information on journal [pid 5897] mount("/dev/loop0", "./file0", "ocfs2", MS_RELATIME, "journal_async_commit,coherency=full,errors=continue,heartbeat=none,errors=continue,nointr,grpquota,") = 0 [pid 5897] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5897] chdir("./file0") = 0 [pid 5897] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 110.796371][ T5897] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5897] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5897] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=499712}], 1, 208896, RWF_HIPRI|RWF_DSYNC) = 499712 [ 110.863814][ T30] audit: type=1800 audit(1752426769.095:13): pid=5897 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor317" name="bus" dev="loop0" ino=16978 res=0 errno=0 [pid 5897] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 5897] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5897] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5897] exit_group(0) = ? [pid 5897] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5897, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f1bf7f0 /* 4 entries */, 32768) = 112 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 111.026612][ T5851] ocfs2: Unmounting device (7,0) on (node local) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f1c7830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f1c7830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 getdents64(3, 0x55556f1bf7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5901 attached , child_tidptr=0x55556f1be750) = 5901 [pid 5901] set_robust_list(0x55556f1be760, 24) = 0 [pid 5901] chdir("./12") = 0 [pid 5901] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5901] setpgid(0, 0) = 0 [pid 5901] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5901] write(3, "1000", 4) = 4 [pid 5901] close(3) = 0 [pid 5901] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5901] write(1, "executing program\n", 18) = 18 [pid 5901] memfd_create("syzkaller", 0) = 3 [pid 5901] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ff9200000 [pid 5901] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5901] munmap(0x7f0ff9200000, 138412032) = 0 [pid 5901] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5901] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5901] close(3) = 0 [pid 5901] close(4) = 0 [pid 5901] mkdir("./file0", 0777) = 0 [ 111.684153][ T5901] loop0: detected capacity change from 0 to 32768 [ 111.714509][ T5901] (syz-executor317,5901,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 111.728889][ T5901] (syz-executor317,5901,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 111.751345][ T5901] JBD2: Ignoring recovery information on journal [pid 5901] mount("/dev/loop0", "./file0", "ocfs2", MS_RELATIME, "journal_async_commit,coherency=full,errors=continue,heartbeat=none,errors=continue,nointr,grpquota,") = 0 [pid 5901] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5901] chdir("./file0") = 0 [ 111.784601][ T5901] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5901] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5901] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5901] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=499712}], 1, 208896, RWF_HIPRI|RWF_DSYNC) = 499712 [pid 5901] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [ 111.864971][ T30] audit: type=1800 audit(1752426770.095:14): pid=5901 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor317" name="bus" dev="loop0" ino=16978 res=0 errno=0 [pid 5901] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5901] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5901] exit_group(0) = ? [pid 5901] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5901, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f1bf7f0 /* 4 entries */, 32768) = 112 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f1c7830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f1c7830 /* 0 entries */, 32768) = 0 [ 112.015672][ T5851] ocfs2: Unmounting device (7,0) on (node local) close(4) = 0 rmdir("./12/file0") = 0 umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 getdents64(3, 0x55556f1bf7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5905 attached [pid 5905] set_robust_list(0x55556f1be760, 24 [pid 5851] <... clone resumed>, child_tidptr=0x55556f1be750) = 5905 [pid 5905] <... set_robust_list resumed>) = 0 [pid 5905] chdir("./13") = 0 [pid 5905] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5905] setpgid(0, 0) = 0 [pid 5905] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5905] write(3, "1000", 4) = 4 [pid 5905] close(3) = 0 [pid 5905] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5905] write(1, "executing program\n", 18executing program ) = 18 [pid 5905] memfd_create("syzkaller", 0) = 3 [pid 5905] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ff9200000 [pid 5905] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5905] munmap(0x7f0ff9200000, 138412032) = 0 [pid 5905] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5905] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5905] close(3) = 0 [pid 5905] close(4) = 0 [pid 5905] mkdir("./file0", 0777) = 0 [ 112.541473][ T5905] loop0: detected capacity change from 0 to 32768 [ 112.573409][ T5905] (syz-executor317,5905,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 112.587806][ T5905] (syz-executor317,5905,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 112.615785][ T5905] JBD2: Ignoring recovery information on journal [pid 5905] mount("/dev/loop0", "./file0", "ocfs2", MS_RELATIME, "journal_async_commit,coherency=full,errors=continue,heartbeat=none,errors=continue,nointr,grpquota,") = 0 [pid 5905] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5905] chdir("./file0") = 0 [pid 5905] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5905] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5905] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=499712}], 1, 208896, RWF_HIPRI|RWF_DSYNC) = 499712 [pid 5905] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [ 112.644494][ T5905] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 112.668478][ T30] audit: type=1800 audit(1752426770.895:15): pid=5905 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor317" name="bus" dev="loop0" ino=16978 res=0 errno=0 [pid 5905] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5905] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5905] exit_group(0) = ? [pid 5905] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5905, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f1bf7f0 /* 4 entries */, 32768) = 112 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 112.820982][ T5851] ocfs2: Unmounting device (7,0) on (node local) newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f1c7830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f1c7830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 getdents64(3, 0x55556f1bf7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5909 attached , child_tidptr=0x55556f1be750) = 5909 [pid 5909] set_robust_list(0x55556f1be760, 24) = 0 [pid 5909] chdir("./14") = 0 [pid 5909] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5909] setpgid(0, 0) = 0 [pid 5909] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5909] write(3, "1000", 4) = 4 [pid 5909] close(3) = 0 [pid 5909] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5909] write(1, "executing program\n", 18executing program ) = 18 [pid 5909] memfd_create("syzkaller", 0) = 3 [pid 5909] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ff9200000 [pid 5909] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5909] munmap(0x7f0ff9200000, 138412032) = 0 [pid 5909] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5909] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5909] close(3) = 0 [pid 5909] close(4) = 0 [pid 5909] mkdir("./file0", 0777) = 0 [ 113.425353][ T5909] loop0: detected capacity change from 0 to 32768 [ 113.462865][ T5909] (syz-executor317,5909,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 113.477866][ T5909] (syz-executor317,5909,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 113.501786][ T5909] JBD2: Ignoring recovery information on journal [pid 5909] mount("/dev/loop0", "./file0", "ocfs2", MS_RELATIME, "journal_async_commit,coherency=full,errors=continue,heartbeat=none,errors=continue,nointr,grpquota,") = 0 [pid 5909] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5909] chdir("./file0") = 0 [pid 5909] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 113.542435][ T5909] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5909] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5909] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=499712}], 1, 208896, RWF_HIPRI|RWF_DSYNC) = 499712 [pid 5909] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 5909] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5909] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5909] exit_group(0) = ? [pid 5909] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5909, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=26 /* 0.26 s */} --- [ 113.578173][ T30] audit: type=1800 audit(1752426771.805:16): pid=5909 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor317" name="bus" dev="loop0" ino=16978 res=0 errno=0 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f1bf7f0 /* 4 entries */, 32768) = 112 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 113.736032][ T5851] ocfs2: Unmounting device (7,0) on (node local) getdents64(4, 0x55556f1c7830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f1c7830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 getdents64(3, 0x55556f1bf7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5913 attached [pid 5913] set_robust_list(0x55556f1be760, 24 [pid 5851] <... clone resumed>, child_tidptr=0x55556f1be750) = 5913 [pid 5913] <... set_robust_list resumed>) = 0 [pid 5913] chdir("./15") = 0 [pid 5913] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5913] setpgid(0, 0) = 0 [pid 5913] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5913] write(3, "1000", 4) = 4 [pid 5913] close(3) = 0 [pid 5913] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5913] write(1, "executing program\n", 18) = 18 [pid 5913] memfd_create("syzkaller", 0) = 3 [pid 5913] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ff9200000 [pid 5913] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5913] munmap(0x7f0ff9200000, 138412032) = 0 [pid 5913] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5913] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5913] close(3) = 0 [pid 5913] close(4) = 0 [pid 5913] mkdir("./file0", 0777) = 0 [ 114.301591][ T5913] loop0: detected capacity change from 0 to 32768 [ 114.326088][ T5913] (syz-executor317,5913,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 114.341148][ T5913] (syz-executor317,5913,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 114.364719][ T5913] JBD2: Ignoring recovery information on journal [pid 5913] mount("/dev/loop0", "./file0", "ocfs2", MS_RELATIME, "journal_async_commit,coherency=full,errors=continue,heartbeat=none,errors=continue,nointr,grpquota,") = 0 [pid 5913] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5913] chdir("./file0") = 0 [pid 5913] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 114.404673][ T5913] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5913] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5913] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=499712}], 1, 208896, RWF_HIPRI|RWF_DSYNC) = 499712 [pid 5913] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [ 114.475379][ T30] audit: type=1800 audit(1752426772.705:17): pid=5913 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor317" name="bus" dev="loop0" ino=16978 res=0 errno=0 [pid 5913] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5913] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5913] exit_group(0) = ? [pid 5913] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5913, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f1bf7f0 /* 4 entries */, 32768) = 112 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 114.636262][ T5851] ocfs2: Unmounting device (7,0) on (node local) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f1c7830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f1c7830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 getdents64(3, 0x55556f1bf7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5917 attached , child_tidptr=0x55556f1be750) = 5917 [pid 5917] set_robust_list(0x55556f1be760, 24) = 0 [pid 5917] chdir("./16") = 0 [pid 5917] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5917] setpgid(0, 0) = 0 [pid 5917] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5917] write(3, "1000", 4) = 4 [pid 5917] close(3) = 0 [pid 5917] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5917] write(1, "executing program\n", 18executing program ) = 18 [pid 5917] memfd_create("syzkaller", 0) = 3 [pid 5917] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ff9200000 [pid 5917] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5917] munmap(0x7f0ff9200000, 138412032) = 0 [pid 5917] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5917] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5917] close(3) = 0 [pid 5917] close(4) = 0 [pid 5917] mkdir("./file0", 0777) = 0 [ 115.189659][ T5917] loop0: detected capacity change from 0 to 32768 [ 115.214825][ T5917] (syz-executor317,5917,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 115.229629][ T5917] (syz-executor317,5917,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 115.252235][ T5917] JBD2: Ignoring recovery information on journal [pid 5917] mount("/dev/loop0", "./file0", "ocfs2", MS_RELATIME, "journal_async_commit,coherency=full,errors=continue,heartbeat=none,errors=continue,nointr,grpquota,") = 0 [pid 5917] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5917] chdir("./file0") = 0 [ 115.291564][ T5917] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5917] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5917] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5917] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=499712}], 1, 208896, RWF_HIPRI|RWF_DSYNC) = 499712 [ 115.362105][ T30] audit: type=1800 audit(1752426773.595:18): pid=5917 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor317" name="bus" dev="loop0" ino=16978 res=0 errno=0 [pid 5917] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 5917] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5917] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5917] exit_group(0) = ? [pid 5917] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5917, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=24 /* 0.24 s */} --- umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f1bf7f0 /* 4 entries */, 32768) = 112 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f1c7830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f1c7830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 getdents64(3, 0x55556f1bf7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 115.560263][ T5851] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5921 attached [pid 5921] set_robust_list(0x55556f1be760, 24 [pid 5851] <... clone resumed>, child_tidptr=0x55556f1be750) = 5921 [pid 5921] <... set_robust_list resumed>) = 0 [pid 5921] chdir("./17") = 0 [pid 5921] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5921] setpgid(0, 0) = 0 [pid 5921] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5921] write(3, "1000", 4) = 4 [pid 5921] close(3) = 0 [pid 5921] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5921] write(1, "executing program\n", 18) = 18 [pid 5921] memfd_create("syzkaller", 0) = 3 [pid 5921] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ff9200000 [pid 5921] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5921] munmap(0x7f0ff9200000, 138412032) = 0 [pid 5921] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5921] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5921] close(3) = 0 [pid 5921] close(4) = 0 [pid 5921] mkdir("./file0", 0777) = 0 [ 115.967715][ T5921] loop0: detected capacity change from 0 to 32768 [ 115.988707][ T5921] (syz-executor317,5921,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 116.002910][ T5921] (syz-executor317,5921,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 116.024888][ T5921] JBD2: Ignoring recovery information on journal [pid 5921] mount("/dev/loop0", "./file0", "ocfs2", MS_RELATIME, "journal_async_commit,coherency=full,errors=continue,heartbeat=none,errors=continue,nointr,grpquota,") = 0 [pid 5921] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5921] chdir("./file0") = 0 [pid 5921] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5921] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [ 116.068100][ T5921] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5921] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=499712}], 1, 208896, RWF_HIPRI|RWF_DSYNC) = 499712 [pid 5921] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 5921] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5921] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5921] exit_group(0) = ? [ 116.106754][ T30] audit: type=1800 audit(1752426774.335:19): pid=5921 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor317" name="bus" dev="loop0" ino=16978 res=0 errno=0 [pid 5921] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5921, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f1bf7f0 /* 4 entries */, 32768) = 112 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 116.285742][ T5851] ocfs2: Unmounting device (7,0) on (node local) getdents64(4, 0x55556f1c7830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f1c7830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 getdents64(3, 0x55556f1bf7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5925 attached , child_tidptr=0x55556f1be750) = 5925 [pid 5925] set_robust_list(0x55556f1be760, 24) = 0 [pid 5925] chdir("./18") = 0 [pid 5925] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5925] setpgid(0, 0) = 0 [pid 5925] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5925] write(3, "1000", 4) = 4 [pid 5925] close(3) = 0 [pid 5925] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5925] write(1, "executing program\n", 18executing program ) = 18 [pid 5925] memfd_create("syzkaller", 0) = 3 [pid 5925] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ff9200000 [pid 5925] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5925] munmap(0x7f0ff9200000, 138412032) = 0 [pid 5925] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5925] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5925] close(3) = 0 [pid 5925] close(4) = 0 [pid 5925] mkdir("./file0", 0777) = 0 [ 116.823070][ T5925] loop0: detected capacity change from 0 to 32768 [ 116.882193][ T5925] (syz-executor317,5925,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 116.896433][ T5925] (syz-executor317,5925,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 116.917218][ T5925] JBD2: Ignoring recovery information on journal [pid 5925] mount("/dev/loop0", "./file0", "ocfs2", MS_RELATIME, "journal_async_commit,coherency=full,errors=continue,heartbeat=none,errors=continue,nointr,grpquota,") = 0 [pid 5925] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5925] chdir("./file0") = 0 [pid 5925] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 116.945567][ T5925] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5925] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5925] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=499712}], 1, 208896, RWF_HIPRI|RWF_DSYNC) = 499712 [pid 5925] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [ 117.006403][ T30] audit: type=1800 audit(1752426775.235:20): pid=5925 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor317" name="bus" dev="loop0" ino=16978 res=0 errno=0 [pid 5925] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5925] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5925] exit_group(0) = ? [pid 5925] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5925, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f1bf7f0 /* 4 entries */, 32768) = 112 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f1c7830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f1c7830 /* 0 entries */, 32768) = 0 [ 117.134954][ T5851] ocfs2: Unmounting device (7,0) on (node local) close(4) = 0 rmdir("./18/file0") = 0 umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 getdents64(3, 0x55556f1bf7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5929 attached , child_tidptr=0x55556f1be750) = 5929 [pid 5929] set_robust_list(0x55556f1be760, 24) = 0 [pid 5929] chdir("./19") = 0 [pid 5929] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5929] setpgid(0, 0) = 0 [pid 5929] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5929] write(3, "1000", 4) = 4 [pid 5929] close(3) = 0 [pid 5929] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5929] write(1, "executing program\n", 18) = 18 [pid 5929] memfd_create("syzkaller", 0) = 3 [pid 5929] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ff9200000 [pid 5929] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5929] munmap(0x7f0ff9200000, 138412032) = 0 [pid 5929] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5929] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5929] close(3) = 0 [pid 5929] close(4) = 0 [pid 5929] mkdir("./file0", 0777) = 0 [ 117.726669][ T5929] loop0: detected capacity change from 0 to 32768 [ 117.762378][ T5929] (syz-executor317,5929,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 117.777609][ T5929] (syz-executor317,5929,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 117.804327][ T5929] JBD2: Ignoring recovery information on journal [pid 5929] mount("/dev/loop0", "./file0", "ocfs2", MS_RELATIME, "journal_async_commit,coherency=full,errors=continue,heartbeat=none,errors=continue,nointr,grpquota,") = 0 [pid 5929] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5929] chdir("./file0") = 0 [pid 5929] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5929] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [ 117.836081][ T5929] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 117.863476][ T30] audit: type=1800 audit(1752426776.095:21): pid=5929 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor317" name="bus" dev="loop0" ino=16978 res=0 errno=0 [pid 5929] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=499712}], 1, 208896, RWF_HIPRI|RWF_DSYNC) = 499712 [pid 5929] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 5929] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5929] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5929] exit_group(0) = ? [pid 5929] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5929, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f1bf7f0 /* 4 entries */, 32768) = 112 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f1c7830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f1c7830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 getdents64(3, 0x55556f1bf7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 118.077262][ T5851] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5933 attached , child_tidptr=0x55556f1be750) = 5933 [pid 5933] set_robust_list(0x55556f1be760, 24) = 0 [pid 5933] chdir("./20") = 0 [pid 5933] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5933] setpgid(0, 0) = 0 [pid 5933] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5933] write(3, "1000", 4) = 4 [pid 5933] close(3) = 0 [pid 5933] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5933] write(1, "executing program\n", 18executing program ) = 18 [pid 5933] memfd_create("syzkaller", 0) = 3 [pid 5933] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ff9200000 [pid 5933] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5933] munmap(0x7f0ff9200000, 138412032) = 0 [pid 5933] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5933] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5933] close(3) = 0 [pid 5933] close(4) = 0 [pid 5933] mkdir("./file0", 0777) = 0 [ 118.483807][ T5933] loop0: detected capacity change from 0 to 32768 [ 118.517386][ T5933] (syz-executor317,5933,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 118.532153][ T5933] (syz-executor317,5933,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 118.561187][ T5933] JBD2: Ignoring recovery information on journal [pid 5933] mount("/dev/loop0", "./file0", "ocfs2", MS_RELATIME, "journal_async_commit,coherency=full,errors=continue,heartbeat=none,errors=continue,nointr,grpquota,") = 0 [pid 5933] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5933] chdir("./file0") = 0 [pid 5933] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 118.591013][ T5933] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5933] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5933] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=499712}], 1, 208896, RWF_HIPRI|RWF_DSYNC) = 499712 [pid 5933] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 5933] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5933] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5933] exit_group(0) = ? [pid 5933] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5933, si_uid=0, si_status=0, si_utime=0, si_stime=28 /* 0.28 s */} --- [ 118.633198][ T30] audit: type=1800 audit(1752426776.865:22): pid=5933 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor317" name="bus" dev="loop0" ino=16978 res=0 errno=0 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f1bf7f0 /* 4 entries */, 32768) = 112 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f1c7830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f1c7830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 118.773536][ T5851] ocfs2: Unmounting device (7,0) on (node local) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 getdents64(3, 0x55556f1bf7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5937 attached , child_tidptr=0x55556f1be750) = 5937 [pid 5937] set_robust_list(0x55556f1be760, 24) = 0 [pid 5937] chdir("./21") = 0 [pid 5937] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5937] setpgid(0, 0) = 0 [pid 5937] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5937] write(3, "1000", 4) = 4 [pid 5937] close(3) = 0 [pid 5937] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5937] write(1, "executing program\n", 18) = 18 [pid 5937] memfd_create("syzkaller", 0) = 3 [pid 5937] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ff9200000 [pid 5937] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5937] munmap(0x7f0ff9200000, 138412032) = 0 [pid 5937] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5937] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5937] close(3) = 0 [pid 5937] close(4) = 0 [pid 5937] mkdir("./file0", 0777) = 0 [ 119.383933][ T5937] loop0: detected capacity change from 0 to 32768 [ 119.402862][ T5937] (syz-executor317,5937,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 119.418334][ T5937] (syz-executor317,5937,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 119.450803][ T5937] JBD2: Ignoring recovery information on journal [pid 5937] mount("/dev/loop0", "./file0", "ocfs2", MS_RELATIME, "journal_async_commit,coherency=full,errors=continue,heartbeat=none,errors=continue,nointr,grpquota,") = 0 [pid 5937] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5937] chdir("./file0") = 0 [pid 5937] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 119.493100][ T5937] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5937] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [ 119.525906][ T30] audit: type=1800 audit(1752426777.755:23): pid=5937 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor317" name="bus" dev="loop0" ino=16978 res=0 errno=0 [pid 5937] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=499712}], 1, 208896, RWF_HIPRI|RWF_DSYNC) = 499712 [pid 5937] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 5937] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5937] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5937] exit_group(0) = ? [pid 5937] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5937, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=33 /* 0.33 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f1bf7f0 /* 4 entries */, 32768) = 112 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f1c7830 /* 2 entries */, 32768) = 48 [ 119.734584][ T5851] ocfs2: Unmounting device (7,0) on (node local) getdents64(4, 0x55556f1c7830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 getdents64(3, 0x55556f1bf7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5941 attached , child_tidptr=0x55556f1be750) = 5941 [pid 5941] set_robust_list(0x55556f1be760, 24) = 0 [pid 5941] chdir("./22") = 0 [pid 5941] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5941] setpgid(0, 0) = 0 [pid 5941] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5941] write(3, "1000", 4) = 4 [pid 5941] close(3) = 0 [pid 5941] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5941] write(1, "executing program\n", 18executing program ) = 18 [pid 5941] memfd_create("syzkaller", 0) = 3 [pid 5941] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ff9200000 [pid 5941] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5941] munmap(0x7f0ff9200000, 138412032) = 0 [pid 5941] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5941] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5941] close(3) = 0 [pid 5941] close(4) = 0 [pid 5941] mkdir("./file0", 0777) = 0 [ 120.245506][ T5941] loop0: detected capacity change from 0 to 32768 [ 120.288579][ T5941] (syz-executor317,5941,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 120.305324][ T5941] (syz-executor317,5941,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 120.327765][ T5941] JBD2: Ignoring recovery information on journal [pid 5941] mount("/dev/loop0", "./file0", "ocfs2", MS_RELATIME, "journal_async_commit,coherency=full,errors=continue,heartbeat=none,errors=continue,nointr,grpquota,") = 0 [pid 5941] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5941] chdir("./file0") = 0 [pid 5941] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5941] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5941] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=499712}], 1, 208896, RWF_HIPRI|RWF_DSYNC) = 499712 [pid 5941] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 5941] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 120.355309][ T5941] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 120.378723][ T30] audit: type=1800 audit(1752426778.605:24): pid=5941 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor317" name="bus" dev="loop0" ino=16978 res=0 errno=0 [pid 5941] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5941] exit_group(0) = ? [pid 5941] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5941, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f1bf7f0 /* 4 entries */, 32768) = 112 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f1c7830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f1c7830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 getdents64(3, 0x55556f1bf7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 120.561236][ T5851] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5945 attached , child_tidptr=0x55556f1be750) = 5945 [pid 5945] set_robust_list(0x55556f1be760, 24) = 0 [pid 5945] chdir("./23") = 0 [pid 5945] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5945] setpgid(0, 0) = 0 [pid 5945] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5945] write(3, "1000", 4) = 4 [pid 5945] close(3) = 0 [pid 5945] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5945] write(1, "executing program\n", 18) = 18 [pid 5945] memfd_create("syzkaller", 0) = 3 [pid 5945] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ff9200000 [pid 5945] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5945] munmap(0x7f0ff9200000, 138412032) = 0 [pid 5945] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5945] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5945] close(3) = 0 [pid 5945] close(4) = 0 [pid 5945] mkdir("./file0", 0777) = 0 [ 120.968211][ T5945] loop0: detected capacity change from 0 to 32768 [ 121.006293][ T5945] (syz-executor317,5945,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 121.021082][ T5945] (syz-executor317,5945,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 121.047357][ T5945] JBD2: Ignoring recovery information on journal [pid 5945] mount("/dev/loop0", "./file0", "ocfs2", MS_RELATIME, "journal_async_commit,coherency=full,errors=continue,heartbeat=none,errors=continue,nointr,grpquota,") = 0 [pid 5945] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5945] chdir("./file0") = 0 [pid 5945] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 121.080581][ T5945] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5945] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5945] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=499712}], 1, 208896, RWF_HIPRI|RWF_DSYNC) = 499712 [ 121.141860][ T30] audit: type=1800 audit(1752426779.375:25): pid=5945 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor317" name="bus" dev="loop0" ino=16978 res=0 errno=0 [pid 5945] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 5945] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5945] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5945] exit_group(0) = ? [pid 5945] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5945, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f1bf7f0 /* 4 entries */, 32768) = 112 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 121.347489][ T5851] ocfs2: Unmounting device (7,0) on (node local) newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f1c7830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f1c7830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 getdents64(3, 0x55556f1bf7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5949 attached , child_tidptr=0x55556f1be750) = 5949 [pid 5949] set_robust_list(0x55556f1be760, 24) = 0 [pid 5949] chdir("./24") = 0 [pid 5949] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5949] setpgid(0, 0) = 0 [pid 5949] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5949] write(3, "1000", 4) = 4 [pid 5949] close(3) = 0 [pid 5949] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5949] write(1, "executing program\n", 18) = 18 [pid 5949] memfd_create("syzkaller", 0) = 3 [pid 5949] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ff9200000 [pid 5949] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5949] munmap(0x7f0ff9200000, 138412032) = 0 [pid 5949] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5949] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5949] close(3) = 0 [pid 5949] close(4) = 0 [pid 5949] mkdir("./file0", 0777) = 0 [ 121.893418][ T5949] loop0: detected capacity change from 0 to 32768 [ 121.953759][ T5949] (syz-executor317,5949,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 121.968683][ T5949] (syz-executor317,5949,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 121.991038][ T5949] JBD2: Ignoring recovery information on journal [pid 5949] mount("/dev/loop0", "./file0", "ocfs2", MS_RELATIME, "journal_async_commit,coherency=full,errors=continue,heartbeat=none,errors=continue,nointr,grpquota,") = 0 [pid 5949] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5949] chdir("./file0") = 0 [pid 5949] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5949] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [ 122.019975][ T5949] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5949] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=499712}], 1, 208896, RWF_HIPRI|RWF_DSYNC) = 499712 [pid 5949] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 5949] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 122.053221][ T30] audit: type=1800 audit(1752426780.285:26): pid=5949 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor317" name="bus" dev="loop0" ino=16978 res=0 errno=0 [pid 5949] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5949] exit_group(0) = ? [pid 5949] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5949, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f1bf7f0 /* 4 entries */, 32768) = 112 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f1c7830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f1c7830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 getdents64(3, 0x55556f1bf7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 122.235679][ T5851] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5953 attached [pid 5953] set_robust_list(0x55556f1be760, 24 [pid 5851] <... clone resumed>, child_tidptr=0x55556f1be750) = 5953 [pid 5953] <... set_robust_list resumed>) = 0 [pid 5953] chdir("./25") = 0 [pid 5953] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5953] setpgid(0, 0) = 0 [pid 5953] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5953] write(3, "1000", 4) = 4 [pid 5953] close(3) = 0 [pid 5953] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5953] write(1, "executing program\n", 18) = 18 [pid 5953] memfd_create("syzkaller", 0) = 3 [pid 5953] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ff9200000 [pid 5953] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5953] munmap(0x7f0ff9200000, 138412032) = 0 [pid 5953] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5953] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5953] close(3) = 0 [pid 5953] close(4) = 0 [pid 5953] mkdir("./file0", 0777) = 0 [ 122.625266][ T5953] loop0: detected capacity change from 0 to 32768 [ 122.659643][ T5953] (syz-executor317,5953,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 122.676881][ T5953] (syz-executor317,5953,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 122.703415][ T5953] JBD2: Ignoring recovery information on journal [pid 5953] mount("/dev/loop0", "./file0", "ocfs2", MS_RELATIME, "journal_async_commit,coherency=full,errors=continue,heartbeat=none,errors=continue,nointr,grpquota,") = 0 [pid 5953] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5953] chdir("./file0") = 0 [pid 5953] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 122.738147][ T5953] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5953] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5953] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=499712}], 1, 208896, RWF_HIPRI|RWF_DSYNC) = 499712 [ 122.791838][ T30] audit: type=1800 audit(1752426781.025:27): pid=5953 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor317" name="bus" dev="loop0" ino=16978 res=0 errno=0 [pid 5953] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 5953] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5953] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5953] exit_group(0) = ? [pid 5953] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5953, si_uid=0, si_status=0, si_utime=0, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f1bf7f0 /* 4 entries */, 32768) = 112 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 122.968218][ T5851] ocfs2: Unmounting device (7,0) on (node local) newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f1c7830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f1c7830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 getdents64(3, 0x55556f1bf7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5959 attached [pid 5959] set_robust_list(0x55556f1be760, 24 [pid 5851] <... clone resumed>, child_tidptr=0x55556f1be750) = 5959 [pid 5959] <... set_robust_list resumed>) = 0 [pid 5959] chdir("./26") = 0 [pid 5959] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5959] setpgid(0, 0) = 0 [pid 5959] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5959] write(3, "1000", 4) = 4 [pid 5959] close(3) = 0 [pid 5959] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5959] write(1, "executing program\n", 18) = 18 [pid 5959] memfd_create("syzkaller", 0) = 3 [pid 5959] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ff9200000 [pid 5959] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5959] munmap(0x7f0ff9200000, 138412032) = 0 [pid 5959] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5959] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5959] close(3) = 0 [pid 5959] close(4) = 0 [pid 5959] mkdir("./file0", 0777) = 0 [ 123.531219][ T5959] loop0: detected capacity change from 0 to 32768 [ 123.567131][ T5959] (syz-executor317,5959,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 123.582233][ T5959] (syz-executor317,5959,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 123.616277][ T5959] JBD2: Ignoring recovery information on journal [pid 5959] mount("/dev/loop0", "./file0", "ocfs2", MS_RELATIME, "journal_async_commit,coherency=full,errors=continue,heartbeat=none,errors=continue,nointr,grpquota,") = 0 [pid 5959] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5959] chdir("./file0") = 0 [ 123.646533][ T5959] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5959] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5959] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5959] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=499712}], 1, 208896, RWF_HIPRI|RWF_DSYNC) = 499712 [pid 5959] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 5959] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5959] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5959] exit_group(0) = ? [pid 5959] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5959, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=24 /* 0.24 s */} --- [ 123.722876][ T30] audit: type=1800 audit(1752426781.955:28): pid=5959 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor317" name="bus" dev="loop0" ino=16978 res=0 errno=0 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f1bf7f0 /* 4 entries */, 32768) = 112 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 123.876737][ T5851] ocfs2: Unmounting device (7,0) on (node local) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f1c7830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f1c7830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 getdents64(3, 0x55556f1bf7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5963 attached , child_tidptr=0x55556f1be750) = 5963 [pid 5963] set_robust_list(0x55556f1be760, 24) = 0 [pid 5963] chdir("./27") = 0 [pid 5963] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5963] setpgid(0, 0) = 0 [pid 5963] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5963] write(3, "1000", 4) = 4 [pid 5963] close(3) = 0 [pid 5963] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5963] write(1, "executing program\n", 18) = 18 [pid 5963] memfd_create("syzkaller", 0) = 3 [pid 5963] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ff9200000 [pid 5963] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5963] munmap(0x7f0ff9200000, 138412032) = 0 [pid 5963] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5963] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5963] close(3) = 0 [pid 5963] close(4) = 0 [pid 5963] mkdir("./file0", 0777) = 0 [ 124.493988][ T5963] loop0: detected capacity change from 0 to 32768 [ 124.530391][ T5963] (syz-executor317,5963,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 124.545028][ T5963] (syz-executor317,5963,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 124.570347][ T5963] JBD2: Ignoring recovery information on journal [pid 5963] mount("/dev/loop0", "./file0", "ocfs2", MS_RELATIME, "journal_async_commit,coherency=full,errors=continue,heartbeat=none,errors=continue,nointr,grpquota,") = 0 [pid 5963] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5963] chdir("./file0") = 0 [pid 5963] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5963] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [ 124.606927][ T5963] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 124.635781][ T30] audit: type=1800 audit(1752426782.865:29): pid=5963 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor317" name="bus" dev="loop0" ino=16978 res=0 errno=0 [pid 5963] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=499712}], 1, 208896, RWF_HIPRI|RWF_DSYNC) = 499712 [pid 5963] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 5963] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5963] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5963] exit_group(0) = ? [pid 5963] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5963, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f1bf7f0 /* 4 entries */, 32768) = 112 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 124.815823][ T5851] ocfs2: Unmounting device (7,0) on (node local) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f1c7830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f1c7830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 getdents64(3, 0x55556f1bf7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5968 attached [pid 5968] set_robust_list(0x55556f1be760, 24 [pid 5851] <... clone resumed>, child_tidptr=0x55556f1be750) = 5968 [pid 5968] <... set_robust_list resumed>) = 0 [pid 5968] chdir("./28") = 0 [pid 5968] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5968] setpgid(0, 0) = 0 [pid 5968] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5968] write(3, "1000", 4) = 4 [pid 5968] close(3) = 0 [pid 5968] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5968] write(1, "executing program\n", 18) = 18 [pid 5968] memfd_create("syzkaller", 0) = 3 [pid 5968] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ff9200000 [pid 5968] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5968] munmap(0x7f0ff9200000, 138412032) = 0 [pid 5968] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5968] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5968] close(3) = 0 [pid 5968] close(4) = 0 [pid 5968] mkdir("./file0", 0777) = 0 [ 125.366085][ T5968] loop0: detected capacity change from 0 to 32768 [ 125.401253][ T5968] (syz-executor317,5968,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 125.415945][ T5968] (syz-executor317,5968,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 125.444634][ T5968] JBD2: Ignoring recovery information on journal [pid 5968] mount("/dev/loop0", "./file0", "ocfs2", MS_RELATIME, "journal_async_commit,coherency=full,errors=continue,heartbeat=none,errors=continue,nointr,grpquota,") = 0 [pid 5968] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5968] chdir("./file0") = 0 [pid 5968] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 125.474207][ T5968] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5968] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5968] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=499712}], 1, 208896, RWF_HIPRI|RWF_DSYNC) = 499712 [pid 5968] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 5968] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 125.511360][ T30] audit: type=1800 audit(1752426783.745:30): pid=5968 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor317" name="bus" dev="loop0" ino=16978 res=0 errno=0 [pid 5968] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5968] exit_group(0) = ? [pid 5968] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5968, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f1bf7f0 /* 4 entries */, 32768) = 112 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f1c7830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f1c7830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 getdents64(3, 0x55556f1bf7f0 /* 0 entries */, 32768) = 0 close(3) = 0 [ 125.696813][ T5851] ocfs2: Unmounting device (7,0) on (node local) rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5974 attached , child_tidptr=0x55556f1be750) = 5974 [pid 5974] set_robust_list(0x55556f1be760, 24) = 0 [pid 5974] chdir("./29") = 0 [pid 5974] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5974] setpgid(0, 0) = 0 [pid 5974] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5974] write(3, "1000", 4) = 4 [pid 5974] close(3) = 0 [pid 5974] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5974] write(1, "executing program\n", 18) = 18 [pid 5974] memfd_create("syzkaller", 0) = 3 [pid 5974] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ff9200000 [pid 5974] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5974] munmap(0x7f0ff9200000, 138412032) = 0 [pid 5974] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5974] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5974] close(3) = 0 [pid 5974] close(4) = 0 [pid 5974] mkdir("./file0", 0777) = 0 [ 126.181060][ T5974] loop0: detected capacity change from 0 to 32768 [ 126.216658][ T5974] (syz-executor317,5974,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 126.231188][ T5974] (syz-executor317,5974,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 126.265743][ T5974] JBD2: Ignoring recovery information on journal [pid 5974] mount("/dev/loop0", "./file0", "ocfs2", MS_RELATIME, "journal_async_commit,coherency=full,errors=continue,heartbeat=none,errors=continue,nointr,grpquota,") = 0 [pid 5974] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5974] chdir("./file0") = 0 [pid 5974] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 126.295775][ T5974] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5974] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5974] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=499712}], 1, 208896, RWF_HIPRI|RWF_DSYNC) = 499712 [pid 5974] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 5974] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5974] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5974] exit_group(0) = ? [pid 5974] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5974, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 126.366375][ T30] audit: type=1800 audit(1752426784.595:31): pid=5974 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor317" name="bus" dev="loop0" ino=16978 res=0 errno=0 openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f1bf7f0 /* 4 entries */, 32768) = 112 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f1c7830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f1c7830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 getdents64(3, 0x55556f1bf7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 126.484473][ T5851] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5978 attached , child_tidptr=0x55556f1be750) = 5978 [pid 5978] set_robust_list(0x55556f1be760, 24) = 0 [pid 5978] chdir("./30") = 0 [pid 5978] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5978] setpgid(0, 0) = 0 [pid 5978] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5978] write(3, "1000", 4) = 4 [pid 5978] close(3) = 0 [pid 5978] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5978] write(1, "executing program\n", 18) = 18 [pid 5978] memfd_create("syzkaller", 0) = 3 [pid 5978] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ff9200000 [pid 5978] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5978] munmap(0x7f0ff9200000, 138412032) = 0 [pid 5978] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5978] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5978] close(3) = 0 [pid 5978] close(4) = 0 [pid 5978] mkdir("./file0", 0777) = 0 [ 126.869888][ T5978] loop0: detected capacity change from 0 to 32768 [ 126.903789][ T5978] (syz-executor317,5978,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 126.918584][ T5978] (syz-executor317,5978,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 126.958229][ T5978] JBD2: Ignoring recovery information on journal [pid 5978] mount("/dev/loop0", "./file0", "ocfs2", MS_RELATIME, "journal_async_commit,coherency=full,errors=continue,heartbeat=none,errors=continue,nointr,grpquota,") = 0 [pid 5978] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5978] chdir("./file0") = 0 [pid 5978] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 126.986886][ T5978] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5978] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5978] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=499712}], 1, 208896, RWF_HIPRI|RWF_DSYNC) = 499712 [ 127.040641][ T30] audit: type=1800 audit(1752426785.275:32): pid=5978 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor317" name="bus" dev="loop0" ino=16978 res=0 errno=0 [pid 5978] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 5978] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5978] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5978] exit_group(0) = ? [pid 5978] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5978, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f1bf7f0 /* 4 entries */, 32768) = 112 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 127.205264][ T5851] ocfs2: Unmounting device (7,0) on (node local) newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f1c7830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f1c7830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 getdents64(3, 0x55556f1bf7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5983 attached , child_tidptr=0x55556f1be750) = 5983 [pid 5983] set_robust_list(0x55556f1be760, 24) = 0 [pid 5983] chdir("./31") = 0 [pid 5983] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5983] setpgid(0, 0) = 0 [pid 5983] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5983] write(3, "1000", 4) = 4 [pid 5983] close(3) = 0 [pid 5983] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5983] write(1, "executing program\n", 18) = 18 [pid 5983] memfd_create("syzkaller", 0) = 3 [pid 5983] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ff9200000 [pid 5983] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5983] munmap(0x7f0ff9200000, 138412032) = 0 [pid 5983] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5983] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5983] close(3) = 0 [pid 5983] close(4) = 0 [pid 5983] mkdir("./file0", 0777) = 0 [ 127.795695][ T5983] loop0: detected capacity change from 0 to 32768 [ 127.822544][ T5983] (syz-executor317,5983,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 127.837052][ T5983] (syz-executor317,5983,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 127.863358][ T5983] JBD2: Ignoring recovery information on journal [pid 5983] mount("/dev/loop0", "./file0", "ocfs2", MS_RELATIME, "journal_async_commit,coherency=full,errors=continue,heartbeat=none,errors=continue,nointr,grpquota,") = 0 [pid 5983] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5983] chdir("./file0") = 0 [pid 5983] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 127.906013][ T5983] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5983] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5983] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=499712}], 1, 208896, RWF_HIPRI|RWF_DSYNC) = 499712 [ 127.936907][ T30] audit: type=1800 audit(1752426786.165:33): pid=5983 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor317" name="bus" dev="loop0" ino=16978 res=0 errno=0 [pid 5983] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 5983] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5983] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5983] exit_group(0) = ? [pid 5983] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5983, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f1bf7f0 /* 4 entries */, 32768) = 112 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f1c7830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f1c7830 /* 0 entries */, 32768) = 0 close(4) = 0 [ 128.108176][ T5851] ocfs2: Unmounting device (7,0) on (node local) rmdir("./31/file0") = 0 umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 getdents64(3, 0x55556f1bf7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5987 attached , child_tidptr=0x55556f1be750) = 5987 [pid 5987] set_robust_list(0x55556f1be760, 24) = 0 [pid 5987] chdir("./32") = 0 [pid 5987] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5987] setpgid(0, 0) = 0 [pid 5987] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5987] write(3, "1000", 4) = 4 [pid 5987] close(3) = 0 [pid 5987] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5987] write(1, "executing program\n", 18) = 18 [pid 5987] memfd_create("syzkaller", 0) = 3 [pid 5987] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ff9200000 [pid 5987] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5987] munmap(0x7f0ff9200000, 138412032) = 0 [pid 5987] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5987] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5987] close(3) = 0 [pid 5987] close(4) = 0 [pid 5987] mkdir("./file0", 0777) = 0 [ 128.662002][ T5987] loop0: detected capacity change from 0 to 32768 [ 128.686450][ T5987] (syz-executor317,5987,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 128.700747][ T5987] (syz-executor317,5987,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 128.723996][ T5987] JBD2: Ignoring recovery information on journal [pid 5987] mount("/dev/loop0", "./file0", "ocfs2", MS_RELATIME, "journal_async_commit,coherency=full,errors=continue,heartbeat=none,errors=continue,nointr,grpquota,") = 0 [pid 5987] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5987] chdir("./file0") = 0 [pid 5987] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5987] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [ 128.762098][ T5987] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5987] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=499712}], 1, 208896, RWF_HIPRI|RWF_DSYNC) = 499712 [pid 5987] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [ 128.796612][ T30] audit: type=1800 audit(1752426787.025:34): pid=5987 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor317" name="bus" dev="loop0" ino=16978 res=0 errno=0 [pid 5987] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5987] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5987] exit_group(0) = ? [pid 5987] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5987, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f1bf7f0 /* 4 entries */, 32768) = 112 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 129.006196][ T5851] ocfs2: Unmounting device (7,0) on (node local) newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f1c7830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f1c7830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = 0 umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 getdents64(3, 0x55556f1bf7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5991 attached [pid 5991] set_robust_list(0x55556f1be760, 24 [pid 5851] <... clone resumed>, child_tidptr=0x55556f1be750) = 5991 [pid 5991] <... set_robust_list resumed>) = 0 [pid 5991] chdir("./33") = 0 [pid 5991] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5991] setpgid(0, 0) = 0 [pid 5991] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5991] write(3, "1000", 4) = 4 [pid 5991] close(3) = 0 [pid 5991] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5991] write(1, "executing program\n", 18) = 18 [pid 5991] memfd_create("syzkaller", 0) = 3 [pid 5991] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ff9200000 [pid 5991] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5991] munmap(0x7f0ff9200000, 138412032) = 0 [pid 5991] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5991] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5991] close(3) = 0 [pid 5991] close(4) = 0 [pid 5991] mkdir("./file0", 0777) = 0 [ 129.556048][ T5991] loop0: detected capacity change from 0 to 32768 [ 129.584517][ T5991] (syz-executor317,5991,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 129.599416][ T5991] (syz-executor317,5991,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 129.636644][ T5991] JBD2: Ignoring recovery information on journal [pid 5991] mount("/dev/loop0", "./file0", "ocfs2", MS_RELATIME, "journal_async_commit,coherency=full,errors=continue,heartbeat=none,errors=continue,nointr,grpquota,") = 0 [pid 5991] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5991] chdir("./file0") = 0 [pid 5991] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5991] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5991] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=499712}], 1, 208896, RWF_HIPRI|RWF_DSYNC) = 499712 [pid 5991] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 5991] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 129.667005][ T5991] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 129.691722][ T30] audit: type=1800 audit(1752426787.925:35): pid=5991 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor317" name="bus" dev="loop0" ino=16978 res=0 errno=0 [pid 5991] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5991] exit_group(0) = ? [pid 5991] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5991, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f1bf7f0 /* 4 entries */, 32768) = 112 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 129.868162][ T5851] ocfs2: Unmounting device (7,0) on (node local) openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f1c7830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f1c7830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file0") = 0 umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 getdents64(3, 0x55556f1bf7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5995 attached , child_tidptr=0x55556f1be750) = 5995 [pid 5995] set_robust_list(0x55556f1be760, 24) = 0 [pid 5995] chdir("./34") = 0 [pid 5995] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5995] setpgid(0, 0) = 0 [pid 5995] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5995] write(3, "1000", 4) = 4 [pid 5995] close(3) = 0 [pid 5995] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5995] write(1, "executing program\n", 18) = 18 [pid 5995] memfd_create("syzkaller", 0) = 3 [pid 5995] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ff9200000 [pid 5995] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5995] munmap(0x7f0ff9200000, 138412032) = 0 [pid 5995] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5995] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5995] close(3) = 0 [pid 5995] close(4) = 0 [pid 5995] mkdir("./file0", 0777) = 0 [ 130.470856][ T5995] loop0: detected capacity change from 0 to 32768 [ 130.498772][ T5995] (syz-executor317,5995,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 130.513403][ T5995] (syz-executor317,5995,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 130.544198][ T5995] JBD2: Ignoring recovery information on journal [pid 5995] mount("/dev/loop0", "./file0", "ocfs2", MS_RELATIME, "journal_async_commit,coherency=full,errors=continue,heartbeat=none,errors=continue,nointr,grpquota,") = 0 [pid 5995] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5995] chdir("./file0") = 0 [pid 5995] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 130.571370][ T5995] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5995] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5995] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=499712}], 1, 208896, RWF_HIPRI|RWF_DSYNC) = 499712 [pid 5995] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 5995] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5995] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5995] exit_group(0) = ? [pid 5995] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5995, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 130.633958][ T30] audit: type=1800 audit(1752426788.865:36): pid=5995 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor317" name="bus" dev="loop0" ino=16978 res=0 errno=0 umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f1bf7f0 /* 4 entries */, 32768) = 112 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 130.775821][ T5851] ocfs2: Unmounting device (7,0) on (node local) openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f1c7830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f1c7830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file0") = 0 umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 getdents64(3, 0x55556f1bf7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5999 attached , child_tidptr=0x55556f1be750) = 5999 [pid 5999] set_robust_list(0x55556f1be760, 24) = 0 [pid 5999] chdir("./35") = 0 [pid 5999] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5999] setpgid(0, 0) = 0 [pid 5999] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5999] write(3, "1000", 4) = 4 [pid 5999] close(3) = 0 [pid 5999] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5999] write(1, "executing program\n", 18executing program ) = 18 [pid 5999] memfd_create("syzkaller", 0) = 3 [pid 5999] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ff9200000 [pid 5999] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5999] munmap(0x7f0ff9200000, 138412032) = 0 [pid 5999] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5999] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5999] close(3) = 0 [pid 5999] close(4) = 0 [pid 5999] mkdir("./file0", 0777) = 0 [ 131.427216][ T5999] loop0: detected capacity change from 0 to 32768 [ 131.469939][ T5999] (syz-executor317,5999,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 131.485127][ T5999] (syz-executor317,5999,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 131.513795][ T5999] JBD2: Ignoring recovery information on journal [pid 5999] mount("/dev/loop0", "./file0", "ocfs2", MS_RELATIME, "journal_async_commit,coherency=full,errors=continue,heartbeat=none,errors=continue,nointr,grpquota,") = 0 [pid 5999] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5999] chdir("./file0") = 0 [pid 5999] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5999] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5999] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=499712}], 1, 208896, RWF_HIPRI|RWF_DSYNC) = 499712 [pid 5999] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 5999] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 131.540793][ T5999] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 131.566137][ T30] audit: type=1800 audit(1752426789.795:37): pid=5999 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor317" name="bus" dev="loop0" ino=16978 res=0 errno=0 [pid 5999] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5999] exit_group(0) = ? [pid 5999] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5999, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f1bf7f0 /* 4 entries */, 32768) = 112 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f1c7830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f1c7830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file0") = 0 umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 getdents64(3, 0x55556f1bf7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 131.706445][ T5851] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6003 attached , child_tidptr=0x55556f1be750) = 6003 [pid 6003] set_robust_list(0x55556f1be760, 24) = 0 [pid 6003] chdir("./36") = 0 [pid 6003] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6003] setpgid(0, 0) = 0 [pid 6003] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6003] write(3, "1000", 4) = 4 [pid 6003] close(3) = 0 [pid 6003] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6003] write(1, "executing program\n", 18executing program ) = 18 [pid 6003] memfd_create("syzkaller", 0) = 3 [pid 6003] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ff9200000 [pid 6003] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 6003] munmap(0x7f0ff9200000, 138412032) = 0 [pid 6003] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6003] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6003] close(3) = 0 [pid 6003] close(4) = 0 [pid 6003] mkdir("./file0", 0777) = 0 [ 132.107651][ T6003] loop0: detected capacity change from 0 to 32768 [ 132.131962][ T6003] (syz-executor317,6003,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 132.146833][ T6003] (syz-executor317,6003,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 132.170884][ T6003] JBD2: Ignoring recovery information on journal [pid 6003] mount("/dev/loop0", "./file0", "ocfs2", MS_RELATIME, "journal_async_commit,coherency=full,errors=continue,heartbeat=none,errors=continue,nointr,grpquota,") = 0 [pid 6003] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6003] chdir("./file0") = 0 [pid 6003] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 132.207273][ T6003] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 6003] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 6003] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=499712}], 1, 208896, RWF_HIPRI|RWF_DSYNC) = 499712 [pid 6003] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6003] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6003] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6003] exit_group(0) = ? [pid 6003] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6003, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 132.276149][ T30] audit: type=1800 audit(1752426790.505:38): pid=6003 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor317" name="bus" dev="loop0" ino=16978 res=0 errno=0 umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f1bf7f0 /* 4 entries */, 32768) = 112 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 132.406031][ T5851] ocfs2: Unmounting device (7,0) on (node local) openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f1c7830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f1c7830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file0") = 0 umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 getdents64(3, 0x55556f1bf7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6007 attached , child_tidptr=0x55556f1be750) = 6007 [pid 6007] set_robust_list(0x55556f1be760, 24) = 0 [pid 6007] chdir("./37") = 0 [pid 6007] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6007] setpgid(0, 0) = 0 [pid 6007] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6007] write(3, "1000", 4) = 4 [pid 6007] close(3) = 0 [pid 6007] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6007] write(1, "executing program\n", 18) = 18 [pid 6007] memfd_create("syzkaller", 0) = 3 [pid 6007] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ff9200000 [pid 6007] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 6007] munmap(0x7f0ff9200000, 138412032) = 0 [pid 6007] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6007] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6007] close(3) = 0 [pid 6007] close(4) = 0 [pid 6007] mkdir("./file0", 0777) = 0 [ 133.012972][ T6007] loop0: detected capacity change from 0 to 32768 [ 133.049809][ T6007] (syz-executor317,6007,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 133.065207][ T6007] (syz-executor317,6007,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 133.091763][ T6007] JBD2: Ignoring recovery information on journal [pid 6007] mount("/dev/loop0", "./file0", "ocfs2", MS_RELATIME, "journal_async_commit,coherency=full,errors=continue,heartbeat=none,errors=continue,nointr,grpquota,") = 0 [pid 6007] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6007] chdir("./file0") = 0 [pid 6007] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 133.128952][ T6007] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 6007] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [ 133.200174][ T30] audit: type=1800 audit(1752426791.435:39): pid=6007 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor317" name="bus" dev="loop0" ino=16978 res=0 errno=0 [ 133.238098][ T6007] [ 133.240476][ T6007] ====================================================== [ 133.247497][ T6007] WARNING: possible circular locking dependency detected [ 133.254542][ T6007] 6.16.0-rc5-syzkaller-00266-g3f31a806a62e #0 Not tainted [ 133.261656][ T6007] ------------------------------------------------------ [ 133.268674][ T6007] syz-executor317/6007 is trying to acquire lock: [ 133.275084][ T6007] ffff888076d109c0 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]){+.+.}-{4:4}, at: ocfs2_del_inode_from_orphan+0x134/0x740 [ 133.288103][ T6007] [ 133.288103][ T6007] but task is already holding lock: [ 133.295484][ T6007] ffff888076d8ea20 (&ocfs2_quota_ip_alloc_sem_key){++++}-{4:4}, at: ocfs2_dio_end_io+0x389/0x10f0 [ 133.306114][ T6007] [ 133.306114][ T6007] which lock already depends on the new lock. [ 133.306114][ T6007] [ 133.316525][ T6007] [ 133.316525][ T6007] the existing dependency chain (in reverse order) is: [ 133.325543][ T6007] [ 133.325543][ T6007] -> #3 (&ocfs2_quota_ip_alloc_sem_key){++++}-{4:4}: [ 133.334414][ T6007] lock_acquire+0x120/0x360 [ 133.339462][ T6007] down_write+0x96/0x1f0 [ 133.344243][ T6007] ocfs2_create_local_dquot+0x19d/0x1a40 [ 133.350403][ T6007] ocfs2_acquire_dquot+0x80f/0xb30 [ 133.356056][ T6007] dqget+0x7b1/0xf10 [ 133.360486][ T6007] __dquot_initialize+0x3b3/0xcb0 [ 133.366054][ T6007] ocfs2_get_init_inode+0x13b/0x1b0 [ 133.371783][ T6007] ocfs2_mknod+0x863/0x2050 [ 133.376820][ T6007] ocfs2_create+0x1a5/0x440 [ 133.381854][ T6007] path_openat+0x14f4/0x3830 [ 133.386974][ T6007] do_filp_open+0x1fa/0x410 [ 133.392017][ T6007] do_sys_openat2+0x121/0x1c0 [ 133.397222][ T6007] __x64_sys_open+0x11e/0x150 [ 133.402444][ T6007] do_syscall_64+0xfa/0x3b0 [ 133.407473][ T6007] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.413888][ T6007] [ 133.413888][ T6007] -> #2 (&dquot->dq_lock){+.+.}-{4:4}: [ 133.421544][ T6007] lock_acquire+0x120/0x360 [ 133.426573][ T6007] __mutex_lock+0x182/0xe80 [ 133.431615][ T6007] dqget+0x72a/0xf10 [ 133.436134][ T6007] __dquot_initialize+0x3b3/0xcb0 [ 133.441689][ T6007] ocfs2_get_init_inode+0x13b/0x1b0 [ 133.447420][ T6007] ocfs2_mknod+0x863/0x2050 [ 133.452452][ T6007] ocfs2_create+0x1a5/0x440 [ 133.457484][ T6007] path_openat+0x14f4/0x3830 [ 133.462605][ T6007] do_filp_open+0x1fa/0x410 [ 133.467759][ T6007] do_sys_openat2+0x121/0x1c0 [ 133.472964][ T6007] __x64_sys_open+0x11e/0x150 [ 133.478172][ T6007] do_syscall_64+0xfa/0x3b0 [ 133.483202][ T6007] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.489625][ T6007] [ 133.489625][ T6007] -> #1 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#2){+.+.}-{4:4}: [ 133.500153][ T6007] lock_acquire+0x120/0x360 [ 133.505187][ T6007] down_write+0x96/0x1f0 [ 133.510055][ T6007] ocfs2_evict_inode+0x153d/0x40e0 [ 133.515727][ T6007] evict+0x504/0x9c0 [ 133.520170][ T6007] vfs_rmdir+0x3ec/0x520 [ 133.524982][ T6007] do_rmdir+0x2ac/0x630 [ 133.529679][ T6007] __x64_sys_rmdir+0x47/0x50 [ 133.534811][ T6007] do_syscall_64+0xfa/0x3b0 [ 133.539849][ T6007] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.546275][ T6007] [ 133.546275][ T6007] -> #0 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]){+.+.}-{4:4}: [ 133.556656][ T6007] validate_chain+0xb9b/0x2140 [ 133.561965][ T6007] __lock_acquire+0xab9/0xd20 [ 133.567186][ T6007] lock_acquire+0x120/0x360 [ 133.572234][ T6007] down_write+0x96/0x1f0 [ 133.577011][ T6007] ocfs2_del_inode_from_orphan+0x134/0x740 [ 133.583357][ T6007] ocfs2_dio_end_io+0x479/0x10f0 [ 133.588820][ T6007] dio_complete+0x258/0x790 [ 133.593868][ T6007] __blockdev_direct_IO+0x2db6/0x33d0 [ 133.599863][ T6007] ocfs2_direct_IO+0x25f/0x2d0 [ 133.605159][ T6007] generic_file_direct_write+0x1db/0x3e0 [ 133.611327][ T6007] __generic_file_write_iter+0x11d/0x230 [ 133.617509][ T6007] ocfs2_file_write_iter+0x157a/0x1d10 [ 133.623500][ T6007] do_iter_readv_writev+0x56b/0x7f0 [ 133.629243][ T6007] vfs_writev+0x31a/0x960 [ 133.634100][ T6007] __se_sys_pwritev2+0x179/0x290 [ 133.639572][ T6007] do_syscall_64+0xfa/0x3b0 [ 133.644601][ T6007] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.651019][ T6007] [ 133.651019][ T6007] other info that might help us debug this: [ 133.651019][ T6007] [ 133.661247][ T6007] Chain exists of: [ 133.661247][ T6007] &ocfs2_sysfile_lock_key[args->fi_sysfile_type] --> &dquot->dq_lock --> &ocfs2_quota_ip_alloc_sem_key [ 133.661247][ T6007] [ 133.678231][ T6007] Possible unsafe locking scenario: [ 133.678231][ T6007] [ 133.685686][ T6007] CPU0 CPU1 [ 133.691067][ T6007] ---- ---- [ 133.696430][ T6007] lock(&ocfs2_quota_ip_alloc_sem_key); [ 133.702069][ T6007] lock(&dquot->dq_lock); [ 133.709011][ T6007] lock(&ocfs2_quota_ip_alloc_sem_key); [ 133.717169][ T6007] lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]); [ 133.724290][ T6007] [ 133.724290][ T6007] *** DEADLOCK *** [ 133.724290][ T6007] [ 133.732438][ T6007] 3 locks held by syz-executor317/6007: [ 133.737980][ T6007] #0: ffff88807e8c0428 (sb_writers#8){.+.+}-{0:0}, at: vfs_writev+0x288/0x960 [ 133.746963][ T6007] #1: ffff888076d8ed80 (&sb->s_type->i_mutex_key#14){+.+.}-{4:4}, at: ocfs2_file_write_iter+0x429/0x1d10 [ 133.758299][ T6007] #2: ffff888076d8ea20 (&ocfs2_quota_ip_alloc_sem_key){++++}-{4:4}, at: ocfs2_dio_end_io+0x389/0x10f0 [ 133.769498][ T6007] [ 133.769498][ T6007] stack backtrace: [ 133.775420][ T6007] CPU: 1 UID: 0 PID: 6007 Comm: syz-executor317 Not tainted 6.16.0-rc5-syzkaller-00266-g3f31a806a62e #0 PREEMPT(full) [ 133.775439][ T6007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 133.775454][ T6007] Call Trace: [ 133.775465][ T6007] [ 133.775472][ T6007] dump_stack_lvl+0x189/0x250 [ 133.775494][ T6007] ? __pfx_dump_stack_lvl+0x10/0x10 [ 133.775510][ T6007] ? __pfx__printk+0x10/0x10 [ 133.775529][ T6007] ? print_lock_name+0xde/0x100 [ 133.775548][ T6007] print_circular_bug+0x2ee/0x310 [ 133.775567][ T6007] check_noncircular+0x134/0x160 [ 133.775585][ T6007] validate_chain+0xb9b/0x2140 [ 133.775602][ T6007] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 133.775618][ T6007] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 133.775635][ T6007] __lock_acquire+0xab9/0xd20 [ 133.775650][ T6007] ? ocfs2_del_inode_from_orphan+0x134/0x740 [ 133.775672][ T6007] lock_acquire+0x120/0x360 [ 133.775684][ T6007] ? ocfs2_del_inode_from_orphan+0x134/0x740 [ 133.775708][ T6007] ? do_raw_spin_unlock+0x122/0x240 [ 133.775727][ T6007] down_write+0x96/0x1f0 [ 133.775742][ T6007] ? ocfs2_del_inode_from_orphan+0x134/0x740 [ 133.775763][ T6007] ? __pfx_down_write+0x10/0x10 [ 133.775781][ T6007] ocfs2_del_inode_from_orphan+0x134/0x740 [ 133.775804][ T6007] ? ocfs2_dio_end_io+0x389/0x10f0 [ 133.775818][ T6007] ? __pfx_ocfs2_del_inode_from_orphan+0x10/0x10 [ 133.775843][ T6007] ? down_write+0x162/0x1f0 [ 133.775857][ T6007] ? __pfx_down_write+0x10/0x10 [ 133.775870][ T6007] ? ocfs2_direct_IO+0x25f/0x2d0 [ 133.775882][ T6007] ? __generic_file_write_iter+0x11d/0x230 [ 133.775903][ T6007] ? ocfs2_file_write_iter+0x157a/0x1d10 [ 133.775923][ T6007] ? do_iter_readv_writev+0x56b/0x7f0 [ 133.775947][ T6007] ocfs2_dio_end_io+0x479/0x10f0 [ 133.775964][ T6007] ? __pfx_ocfs2_dio_end_io+0x10/0x10 [ 133.775985][ T6007] ? __lock_acquire+0xab9/0xd20 [ 133.775999][ T6007] ? do_raw_spin_lock+0x121/0x290 [ 133.776021][ T6007] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 133.776040][ T6007] ? lockdep_hardirqs_on+0x9c/0x150 [ 133.776061][ T6007] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 133.776081][ T6007] ? __pfx_ocfs2_dio_end_io+0x10/0x10 [ 133.776094][ T6007] dio_complete+0x258/0x790 [ 133.776116][ T6007] __blockdev_direct_IO+0x2db6/0x33d0 [ 133.776146][ T6007] ? __pfx___blockdev_direct_IO+0x10/0x10 [ 133.776164][ T6007] ? __pfx_invalidate_inode_pages2_range+0x10/0x10 [ 133.776180][ T6007] ? __pfx_ocfs2_dio_wr_get_block+0x10/0x10 [ 133.776196][ T6007] ? filemap_write_and_wait_range+0x182/0x310 [ 133.776214][ T6007] ? __pfx_filemap_write_and_wait_range+0x10/0x10 [ 133.776242][ T6007] ? __pfx_queue_delayed_work_on+0x10/0x10 [ 133.776258][ T6007] ? _raw_spin_lock_irq+0xae/0xf0 [ 133.776277][ T6007] ? __pfx_ocfs2_dio_wr_get_block+0x10/0x10 [ 133.776291][ T6007] ocfs2_direct_IO+0x25f/0x2d0 [ 133.776306][ T6007] generic_file_direct_write+0x1db/0x3e0 [ 133.776328][ T6007] ? file_update_time+0x416/0x490 [ 133.776351][ T6007] __generic_file_write_iter+0x11d/0x230 [ 133.776372][ T6007] ? ocfs2_file_write_iter+0x1551/0x1d10 [ 133.776394][ T6007] ocfs2_file_write_iter+0x157a/0x1d10 [ 133.776422][ T6007] ? __pfx_ocfs2_file_write_iter+0x10/0x10 [ 133.776443][ T6007] ? __lock_acquire+0xab9/0xd20 [ 133.776457][ T6007] ? finish_task_switch+0x18b/0x950 [ 133.776483][ T6007] ? finish_task_switch+0x266/0x950 [ 133.776504][ T6007] ? lockdep_hardirqs_on+0x9c/0x150 [ 133.776531][ T6007] do_iter_readv_writev+0x56b/0x7f0 [ 133.776553][ T6007] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 133.776573][ T6007] ? rcu_read_lock_any_held+0xb3/0x120 [ 133.776596][ T6007] vfs_writev+0x31a/0x960 [ 133.776613][ T6007] ? __pfx_vfs_writev+0x10/0x10 [ 133.776625][ T6007] ? _raw_spin_lock_irq+0xae/0xf0 [ 133.776651][ T6007] ? _raw_spin_unlock_irq+0x2e/0x50 [ 133.776673][ T6007] __se_sys_pwritev2+0x179/0x290 [ 133.776695][ T6007] ? __pfx___se_sys_pwritev2+0x10/0x10 [ 133.776718][ T6007] ? __x64_sys_pwritev2+0x20/0xc0 [ 133.776739][ T6007] do_syscall_64+0xfa/0x3b0 [ 133.776752][ T6007] ? lockdep_hardirqs_on+0x9c/0x150 [ 133.776772][ T6007] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.776786][ T6007] ? clear_bhb_loop+0x60/0xb0 [ 133.776801][ T6007] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.776816][ T6007] RIP: 0033:0x7f1001779969 [ 133.776832][ T6007] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [pid 6007] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=499712}], 1, 208896, RWF_HIPRI|RWF_DSYNC) = 499712 [pid 6007] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6007] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6007] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6007] exit_group(0) = ? [pid 6007] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6007, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 133.776848][ T6007] RSP: 002b:00007ffe5237d868 EFLAGS: 00000216 ORIG_RAX: 0000000000000148 [ 133.776863][ T6007] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f1001779969 [ 133.776873][ T6007] RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000004 [ 133.776882][ T6007] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000003 [ 133.776890][ T6007] R10: 0000000000033000 R11: 0000000000000216 R12: 00007ffe5237d8ac [ 133.776899][ T6007] R13: 0000000000000025 R14: 431bde82d7b634db R15: 00007ffe5237d8e0 [ 133.776915][ T6007] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f1bf7f0 /* 4 entries */, 32768) = 112 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 134.353928][ T5851] ocfs2: Unmounting device (7,0) on (node local) openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f1c7830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f1c7830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file0") = 0 umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 getdents64(3, 0x55556f1bf7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6011 attached [pid 6011] set_robust_list(0x55556f1be760, 24) = 0 [pid 5851] <... clone resumed>, child_tidptr=0x55556f1be750) = 6011 [pid 6011] chdir("./38") = 0 [pid 6011] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6011] setpgid(0, 0) = 0 [pid 6011] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6011] write(3, "1000", 4) = 4 [pid 6011] close(3) = 0 [pid 6011] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6011] write(1, "executing program\n", 18) = 18 [pid 6011] memfd_create("syzkaller", 0) = 3 [pid 6011] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ff9200000 [pid 6011] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 6011] munmap(0x7f0ff9200000, 138412032) = 0 [pid 6011] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6011] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6011] close(3) = 0 [pid 6011] close(4) = 0 [pid 6011] mkdir("./file0", 0777) = 0 [ 134.722557][ T6011] loop0: detected capacity change from 0 to 32768 [ 134.744269][ T6011] (syz-executor317,6011,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 134.758797][ T6011] (syz-executor317,6011,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [pid 6011] mount("/dev/loop0", "./file0", "ocfs2", MS_RELATIME, "journal_async_commit,coherency=full,errors=continue,heartbeat=none,errors=continue,nointr,grpquota,") = 0 [pid 6011] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6011] chdir("./file0") = 0 [pid 6011] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6011] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [ 134.781181][ T6011] JBD2: Ignoring recovery information on journal [ 134.802936][ T6011] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 6011] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=499712}], 1, 208896, RWF_HIPRI|RWF_DSYNC) = 499712 [pid 6011] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6011] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6011] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6011] exit_group(0) = ? [pid 6011] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6011, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 134.820552][ T30] audit: type=1800 audit(1752426793.055:40): pid=6011 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor317" name="bus" dev="loop0" ino=16978 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f1bf7f0 /* 4 entries */, 32768) = 112 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 134.943141][ T5851] ocfs2: Unmounting device (7,0) on (node local) getdents64(4, 0x55556f1c7830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f1c7830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file0") = 0 umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 getdents64(3, 0x55556f1bf7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6015 attached [pid 6015] set_robust_list(0x55556f1be760, 24 [pid 5851] <... clone resumed>, child_tidptr=0x55556f1be750) = 6015 [pid 6015] <... set_robust_list resumed>) = 0 [pid 6015] chdir("./39") = 0 [pid 6015] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6015] setpgid(0, 0) = 0 [pid 6015] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6015] write(3, "1000", 4) = 4 [pid 6015] close(3) = 0 [pid 6015] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6015] write(1, "executing program\n", 18) = 18 [pid 6015] memfd_create("syzkaller", 0) = 3 [pid 6015] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ff9200000 [pid 6015] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 6015] munmap(0x7f0ff9200000, 138412032) = 0 [pid 6015] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6015] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6015] close(3) = 0 [pid 6015] close(4) = 0 [pid 6015] mkdir("./file0", 0777) = 0 [ 135.413380][ T6015] loop0: detected capacity change from 0 to 32768 [ 135.435915][ T6015] (syz-executor317,6015,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 135.450054][ T6015] (syz-executor317,6015,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [pid 6015] mount("/dev/loop0", "./file0", "ocfs2", MS_RELATIME, "journal_async_commit,coherency=full,errors=continue,heartbeat=none,errors=continue,nointr,grpquota,") = 0 [pid 6015] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6015] chdir("./file0") = 0 [pid 6015] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 135.468714][ T6015] JBD2: Ignoring recovery information on journal [ 135.487715][ T6015] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 6015] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 6015] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=499712}], 1, 208896, RWF_HIPRI|RWF_DSYNC) = 499712 [pid 6015] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6015] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 135.554715][ T30] audit: type=1800 audit(1752426793.785:41): pid=6015 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor317" name="bus" dev="loop0" ino=16978 res=0 errno=0 [pid 6015] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6015] exit_group(0) = ? [pid 6015] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6015, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f1bf7f0 /* 4 entries */, 32768) = 112 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f1c7830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f1c7830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file0") = 0 umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 getdents64(3, 0x55556f1bf7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 135.722982][ T5851] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6019 attached , child_tidptr=0x55556f1be750) = 6019 [pid 6019] set_robust_list(0x55556f1be760, 24) = 0 [pid 6019] chdir("./40") = 0 [pid 6019] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6019] setpgid(0, 0) = 0 [pid 6019] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6019] write(3, "1000", 4) = 4 [pid 6019] close(3) = 0 [pid 6019] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6019] write(1, "executing program\n", 18) = 18 [pid 6019] memfd_create("syzkaller", 0) = 3 [pid 6019] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ff9200000 [pid 6019] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 6019] munmap(0x7f0ff9200000, 138412032) = 0 [pid 6019] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6019] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6019] close(3) = 0 [pid 6019] close(4) = 0 [pid 6019] mkdir("./file0", 0777) = 0 [ 136.040224][ T6019] loop0: detected capacity change from 0 to 32768 [ 136.086104][ T6019] (syz-executor317,6019,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 136.100375][ T6019] (syz-executor317,6019,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 136.119153][ T6019] JBD2: Ignoring recovery information on journal [pid 6019] mount("/dev/loop0", "./file0", "ocfs2", MS_RELATIME, "journal_async_commit,coherency=full,errors=continue,heartbeat=none,errors=continue,nointr,grpquota,") = 0 [pid 6019] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6019] chdir("./file0") = 0 [pid 6019] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 136.138939][ T6019] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 6019] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 6019] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=499712}], 1, 208896, RWF_HIPRI|RWF_DSYNC) = 499712 [pid 6019] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6019] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6019] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6019] exit_group(0) = ? [pid 6019] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6019, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 136.197764][ T30] audit: type=1800 audit(1752426794.425:42): pid=6019 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor317" name="bus" dev="loop0" ino=16978 res=0 errno=0 openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f1bf7f0 /* 4 entries */, 32768) = 112 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f1c7830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f1c7830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file0") = 0 umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 getdents64(3, 0x55556f1bf7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 136.313149][ T5851] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6023 attached , child_tidptr=0x55556f1be750) = 6023 [pid 6023] set_robust_list(0x55556f1be760, 24) = 0 [pid 6023] chdir("./41") = 0 [pid 6023] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6023] setpgid(0, 0) = 0 [pid 6023] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6023] write(3, "1000", 4) = 4 [pid 6023] close(3) = 0 [pid 6023] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6023] write(1, "executing program\n", 18executing program ) = 18 [pid 6023] memfd_create("syzkaller", 0) = 3 [pid 6023] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ff9200000 [pid 6023] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 6023] munmap(0x7f0ff9200000, 138412032) = 0 [pid 6023] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6023] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6023] close(3) = 0 [pid 6023] close(4) = 0 [pid 6023] mkdir("./file0", 0777) = 0 [ 136.602533][ T6023] loop0: detected capacity change from 0 to 32768 [ 136.624039][ T6023] (syz-executor317,6023,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 136.639094][ T6023] (syz-executor317,6023,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [pid 6023] mount("/dev/loop0", "./file0", "ocfs2", MS_RELATIME, "journal_async_commit,coherency=full,errors=continue,heartbeat=none,errors=continue,nointr,grpquota,") = 0 [pid 6023] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6023] chdir("./file0") = 0 [pid 6023] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6023] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [ 136.664344][ T6023] JBD2: Ignoring recovery information on journal [ 136.684427][ T6023] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 6023] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=499712}], 1, 208896, RWF_HIPRI|RWF_DSYNC) = 499712 [pid 6023] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6023] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6023] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6023] exit_group(0) = ? [pid 6023] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6023, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 136.705207][ T30] audit: type=1800 audit(1752426794.935:43): pid=6023 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor317" name="bus" dev="loop0" ino=16978 res=0 errno=0 umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f1bf7f0 /* 4 entries */, 32768) = 112 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f1c7830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f1c7830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file0") = 0 umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 getdents64(3, 0x55556f1bf7f0 /* 0 entries */, 32768) = 0 close(3) = 0 [ 136.854388][ T5851] ocfs2: Unmounting device (7,0) on (node local) rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6027 attached [pid 6027] set_robust_list(0x55556f1be760, 24 [pid 5851] <... clone resumed>, child_tidptr=0x55556f1be750) = 6027 [pid 6027] <... set_robust_list resumed>) = 0 [pid 6027] chdir("./42") = 0 [pid 6027] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6027] setpgid(0, 0) = 0 [pid 6027] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6027] write(3, "1000", 4) = 4 [pid 6027] close(3) = 0 [pid 6027] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6027] write(1, "executing program\n", 18) = 18 [pid 6027] memfd_create("syzkaller", 0) = 3 [pid 6027] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ff9200000 [pid 6027] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 6027] munmap(0x7f0ff9200000, 138412032) = 0 [pid 6027] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6027] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6027] close(3) = 0 [pid 6027] close(4) = 0 [pid 6027] mkdir("./file0", 0777) = 0 [ 137.211686][ T6027] loop0: detected capacity change from 0 to 32768 [ 137.234247][ T6027] (syz-executor317,6027,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 137.248369][ T6027] (syz-executor317,6027,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [pid 6027] mount("/dev/loop0", "./file0", "ocfs2", MS_RELATIME, "journal_async_commit,coherency=full,errors=continue,heartbeat=none,errors=continue,nointr,grpquota,") = 0 [pid 6027] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6027] chdir("./file0") = 0 [pid 6027] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6027] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [ 137.268183][ T6027] JBD2: Ignoring recovery information on journal [ 137.290966][ T6027] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 6027] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=499712}], 1, 208896, RWF_HIPRI|RWF_DSYNC) = 499712 [pid 6027] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6027] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6027] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6027] exit_group(0) = ? [pid 6027] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6027, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- [ 137.308715][ T30] audit: type=1800 audit(1752426795.535:44): pid=6027 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor317" name="bus" dev="loop0" ino=16978 res=0 errno=0 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f1bf7f0 /* 4 entries */, 32768) = 112 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f1c7830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f1c7830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file0") = 0 umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 getdents64(3, 0x55556f1bf7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 137.447550][ T5851] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6031 attached , child_tidptr=0x55556f1be750) = 6031 [pid 6031] set_robust_list(0x55556f1be760, 24) = 0 [pid 6031] chdir("./43") = 0 [pid 6031] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6031] setpgid(0, 0) = 0 [pid 6031] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6031] write(3, "1000", 4) = 4 [pid 6031] close(3) = 0 [pid 6031] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6031] write(1, "executing program\n", 18executing program ) = 18 [pid 6031] memfd_create("syzkaller", 0) = 3 [pid 6031] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ff9200000 [pid 6031] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 6031] munmap(0x7f0ff9200000, 138412032) = 0 [pid 6031] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6031] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6031] close(3) = 0 [pid 6031] close(4) = 0 [pid 6031] mkdir("./file0", 0777) = 0 [ 137.667982][ T6031] loop0: detected capacity change from 0 to 32768 [ 137.703066][ T6031] (syz-executor317,6031,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [pid 6031] mount("/dev/loop0", "./file0", "ocfs2", MS_RELATIME, "journal_async_commit,coherency=full,errors=continue,heartbeat=none,errors=continue,nointr,grpquota,") = 0 [pid 6031] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6031] chdir("./file0") = 0 [ 137.717939][ T6031] (syz-executor317,6031,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 137.736278][ T6031] JBD2: Ignoring recovery information on journal [ 137.757865][ T6031] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 6031] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6031] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 6031] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=499712}], 1, 208896, RWF_HIPRI|RWF_DSYNC) = 499712 [pid 6031] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6031] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6031] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6031] exit_group(0) = ? [pid 6031] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6031, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f1bf7f0 /* 4 entries */, 32768) = 112 [ 137.805037][ T30] audit: type=1800 audit(1752426796.035:45): pid=6031 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor317" name="bus" dev="loop0" ino=16978 res=0 errno=0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f1c7830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f1c7830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file0") = 0 umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 getdents64(3, 0x55556f1bf7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 137.869431][ T5851] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6035 attached , child_tidptr=0x55556f1be750) = 6035 [pid 6035] set_robust_list(0x55556f1be760, 24) = 0 [pid 6035] chdir("./44") = 0 [pid 6035] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6035] setpgid(0, 0) = 0 [pid 6035] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6035] write(3, "1000", 4) = 4 [pid 6035] close(3) = 0 [pid 6035] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6035] write(1, "executing program\n", 18) = 18 [pid 6035] memfd_create("syzkaller", 0) = 3 [pid 6035] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ff9200000 [pid 6035] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 6035] munmap(0x7f0ff9200000, 138412032) = 0 [pid 6035] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6035] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6035] close(3) = 0 [pid 6035] close(4) = 0 [pid 6035] mkdir("./file0", 0777) = 0 [ 138.172840][ T6035] loop0: detected capacity change from 0 to 32768 [ 138.189301][ T6035] (syz-executor317,6035,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 138.206348][ T6035] (syz-executor317,6035,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [pid 6035] mount("/dev/loop0", "./file0", "ocfs2", MS_RELATIME, "journal_async_commit,coherency=full,errors=continue,heartbeat=none,errors=continue,nointr,grpquota,") = 0 [pid 6035] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6035] chdir("./file0") = 0 [pid 6035] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 138.226209][ T6035] JBD2: Ignoring recovery information on journal [ 138.247493][ T6035] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 6035] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 6035] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=499712}], 1, 208896, RWF_HIPRI|RWF_DSYNC) = 499712 [pid 6035] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6035] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6035] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6035] exit_group(0) = ? [pid 6035] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6035, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=16 /* 0.16 s */} --- [ 138.283868][ T30] audit: type=1800 audit(1752426796.515:46): pid=6035 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor317" name="bus" dev="loop0" ino=16978 res=0 errno=0 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f1bf7f0 /* 4 entries */, 32768) = 112 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f1c7830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f1c7830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file0") = 0 umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 getdents64(3, 0x55556f1bf7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 138.387935][ T5851] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6039 attached [pid 6039] set_robust_list(0x55556f1be760, 24 [pid 5851] <... clone resumed>, child_tidptr=0x55556f1be750) = 6039 [pid 6039] <... set_robust_list resumed>) = 0 [pid 6039] chdir("./45") = 0 [pid 6039] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6039] setpgid(0, 0) = 0 [pid 6039] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6039] write(3, "1000", 4) = 4 [pid 6039] close(3) = 0 [pid 6039] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6039] write(1, "executing program\n", 18) = 18 [pid 6039] memfd_create("syzkaller", 0) = 3 [pid 6039] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ff9200000 [pid 6039] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 6039] munmap(0x7f0ff9200000, 138412032) = 0 [pid 6039] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6039] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6039] close(3) = 0 [pid 6039] close(4) = 0 [pid 6039] mkdir("./file0", 0777) = 0 [ 138.655696][ T6039] loop0: detected capacity change from 0 to 32768 [ 138.687310][ T6039] (syz-executor317,6039,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [pid 6039] mount("/dev/loop0", "./file0", "ocfs2", MS_RELATIME, "journal_async_commit,coherency=full,errors=continue,heartbeat=none,errors=continue,nointr,grpquota,") = 0 [pid 6039] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6039] chdir("./file0") = 0 [ 138.702787][ T6039] (syz-executor317,6039,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 138.723786][ T6039] JBD2: Ignoring recovery information on journal [ 138.742911][ T6039] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 6039] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6039] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 6039] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=499712}], 1, 208896, RWF_HIPRI|RWF_DSYNC) = 499712 [pid 6039] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6039] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6039] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6039] exit_group(0) = ? [pid 6039] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6039, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 138.809624][ T30] audit: type=1800 audit(1752426797.045:47): pid=6039 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor317" name="bus" dev="loop0" ino=16978 res=0 errno=0 umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f1bf7f0 /* 4 entries */, 32768) = 112 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 138.905284][ T5851] ocfs2: Unmounting device (7,0) on (node local) newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f1c7830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f1c7830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file0") = 0 umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 getdents64(3, 0x55556f1bf7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6043 attached [pid 6043] set_robust_list(0x55556f1be760, 24 [pid 5851] <... clone resumed>, child_tidptr=0x55556f1be750) = 6043 [pid 6043] <... set_robust_list resumed>) = 0 [pid 6043] chdir("./46") = 0 [pid 6043] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6043] setpgid(0, 0) = 0 [pid 6043] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6043] write(3, "1000", 4) = 4 [pid 6043] close(3) = 0 [pid 6043] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6043] write(1, "executing program\n", 18executing program ) = 18 [pid 6043] memfd_create("syzkaller", 0) = 3 [pid 6043] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ff9200000 [pid 6043] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 6043] munmap(0x7f0ff9200000, 138412032) = 0 [pid 6043] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6043] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6043] close(3) = 0 [pid 6043] close(4) = 0 [pid 6043] mkdir("./file0", 0777) = 0 [ 139.341787][ T6043] loop0: detected capacity change from 0 to 32768 [ 139.357935][ T6043] (syz-executor317,6043,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 139.372094][ T6043] (syz-executor317,6043,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [pid 6043] mount("/dev/loop0", "./file0", "ocfs2", MS_RELATIME, "journal_async_commit,coherency=full,errors=continue,heartbeat=none,errors=continue,nointr,grpquota,") = 0 [pid 6043] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6043] chdir("./file0") = 0 [pid 6043] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6043] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [ 139.404383][ T6043] JBD2: Ignoring recovery information on journal [ 139.425480][ T6043] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 6043] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=499712}], 1, 208896, RWF_HIPRI|RWF_DSYNC) = 499712 [pid 6043] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [ 139.444700][ T30] audit: type=1800 audit(1752426797.675:48): pid=6043 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor317" name="bus" dev="loop0" ino=16978 res=0 errno=0 [pid 6043] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6043] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6043] exit_group(0) = ? [pid 6043] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6043, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f1bf7f0 /* 4 entries */, 32768) = 112 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f1c7830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f1c7830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file0") = 0 umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 getdents64(3, 0x55556f1bf7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 139.591743][ T5851] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556f1be750) = 6047 ./strace-static-x86_64: Process 6047 attached [pid 6047] set_robust_list(0x55556f1be760, 24) = 0 [pid 6047] chdir("./47") = 0 [pid 6047] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6047] setpgid(0, 0) = 0 [pid 6047] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6047] write(3, "1000", 4) = 4 [pid 6047] close(3) = 0 [pid 6047] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6047] write(1, "executing program\n", 18) = 18 [pid 6047] memfd_create("syzkaller", 0) = 3 [pid 6047] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ff9200000 [pid 6047] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 6047] munmap(0x7f0ff9200000, 138412032) = 0 [pid 6047] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6047] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6047] close(3) = 0 [pid 6047] close(4) = 0 [pid 6047] mkdir("./file0", 0777) = 0 [ 139.896527][ T6047] loop0: detected capacity change from 0 to 32768 [ 139.947820][ T6047] (syz-executor317,6047,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 139.962754][ T6047] (syz-executor317,6047,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 139.981197][ T6047] JBD2: Ignoring recovery information on journal [pid 6047] mount("/dev/loop0", "./file0", "ocfs2", MS_RELATIME, "journal_async_commit,coherency=full,errors=continue,heartbeat=none,errors=continue,nointr,grpquota,") = 0 [pid 6047] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6047] chdir("./file0") = 0 [pid 6047] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6047] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [ 140.001860][ T6047] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 6047] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=499712}], 1, 208896, RWF_HIPRI|RWF_DSYNC) = 499712 [pid 6047] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6047] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6047] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6047] exit_group(0) = ? [pid 6047] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6047, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- [ 140.058379][ T30] audit: type=1800 audit(1752426798.285:49): pid=6047 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor317" name="bus" dev="loop0" ino=16978 res=0 errno=0 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f1bf7f0 /* 4 entries */, 32768) = 112 umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f1c7830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f1c7830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file0") = 0 umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 getdents64(3, 0x55556f1bf7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 140.186345][ T5851] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6051 attached [pid 6051] set_robust_list(0x55556f1be760, 24 [pid 5851] <... clone resumed>, child_tidptr=0x55556f1be750) = 6051 [pid 6051] <... set_robust_list resumed>) = 0 [pid 6051] chdir("./48") = 0 [pid 6051] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6051] setpgid(0, 0) = 0 [pid 6051] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6051] write(3, "1000", 4) = 4 [pid 6051] close(3) = 0 [pid 6051] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6051] write(1, "executing program\n", 18executing program ) = 18 [pid 6051] memfd_create("syzkaller", 0) = 3 [pid 6051] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ff9200000 [pid 6051] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 6051] munmap(0x7f0ff9200000, 138412032) = 0 [pid 6051] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6051] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6051] close(3) = 0 [pid 6051] close(4) = 0 [pid 6051] mkdir("./file0", 0777) = 0 [ 140.453108][ T6051] loop0: detected capacity change from 0 to 32768 [ 140.492848][ T6051] (syz-executor317,6051,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 140.507183][ T6051] (syz-executor317,6051,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 140.525366][ T6051] JBD2: Ignoring recovery information on journal [pid 6051] mount("/dev/loop0", "./file0", "ocfs2", MS_RELATIME, "journal_async_commit,coherency=full,errors=continue,heartbeat=none,errors=continue,nointr,grpquota,") = 0 [pid 6051] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6051] chdir("./file0") = 0 [ 140.545762][ T6051] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 6051] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6051] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 6051] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=499712}], 1, 208896, RWF_HIPRI|RWF_DSYNC) = 499712 [pid 6051] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6051] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6051] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 140.614374][ T30] audit: type=1800 audit(1752426798.845:50): pid=6051 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor317" name="bus" dev="loop0" ino=16978 res=0 errno=0 [pid 6051] exit_group(0) = ? [pid 6051] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6051, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f1bf7f0 /* 4 entries */, 32768) = 112 umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f1c7830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f1c7830 /* 0 entries */, 32768) = 0 [ 140.773696][ T5851] ocfs2: Unmounting device (7,0) on (node local) close(4) = 0 rmdir("./48/file0") = 0 umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 getdents64(3, 0x55556f1bf7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6055 attached [pid 6055] set_robust_list(0x55556f1be760, 24 [pid 5851] <... clone resumed>, child_tidptr=0x55556f1be750) = 6055 [pid 6055] <... set_robust_list resumed>) = 0 [pid 6055] chdir("./49") = 0 [pid 6055] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6055] setpgid(0, 0) = 0 [pid 6055] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6055] write(3, "1000", 4) = 4 [pid 6055] close(3) = 0 [pid 6055] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6055] write(1, "executing program\n", 18) = 18 [pid 6055] memfd_create("syzkaller", 0) = 3 [pid 6055] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ff9200000 [pid 6055] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 6055] munmap(0x7f0ff9200000, 138412032) = 0 [pid 6055] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6055] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6055] close(3) = 0 [pid 6055] close(4) = 0 [pid 6055] mkdir("./file0", 0777) = 0 [ 141.212237][ T6055] loop0: detected capacity change from 0 to 32768 [ 141.233618][ T6055] (syz-executor317,6055,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 141.248345][ T6055] (syz-executor317,6055,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [pid 6055] mount("/dev/loop0", "./file0", "ocfs2", MS_RELATIME, "journal_async_commit,coherency=full,errors=continue,heartbeat=none,errors=continue,nointr,grpquota,") = 0 [pid 6055] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6055] chdir("./file0") = 0 [pid 6055] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 141.267232][ T6055] JBD2: Ignoring recovery information on journal [ 141.287920][ T6055] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 6055] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 6055] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=499712}], 1, 208896, RWF_HIPRI|RWF_DSYNC) = 499712 [pid 6055] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [ 141.334225][ T30] audit: type=1800 audit(1752426799.565:51): pid=6055 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor317" name="bus" dev="loop0" ino=16978 res=0 errno=0 [pid 6055] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6055] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6055] exit_group(0) = ? [pid 6055] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6055, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f1bf7f0 /* 4 entries */, 32768) = 112 umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f1c7830 /* 2 entries */, 32768) = 48 [ 141.493657][ T5851] ocfs2: Unmounting device (7,0) on (node local) getdents64(4, 0x55556f1c7830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file0") = 0 umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 getdents64(3, 0x55556f1bf7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6059 attached [pid 6059] set_robust_list(0x55556f1be760, 24 [pid 5851] <... clone resumed>, child_tidptr=0x55556f1be750) = 6059 [pid 6059] <... set_robust_list resumed>) = 0 [pid 6059] chdir("./50") = 0 [pid 6059] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6059] setpgid(0, 0) = 0 [pid 6059] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6059] write(3, "1000", 4) = 4 [pid 6059] close(3) = 0 [pid 6059] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6059] write(1, "executing program\n", 18) = 18 [pid 6059] memfd_create("syzkaller", 0) = 3 [pid 6059] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ff9200000 [pid 6059] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 6059] munmap(0x7f0ff9200000, 138412032) = 0 [pid 6059] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6059] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6059] close(3) = 0 [pid 6059] close(4) = 0 [pid 6059] mkdir("./file0", 0777) = 0 [ 141.961851][ T6059] loop0: detected capacity change from 0 to 32768 [ 141.984257][ T6059] (syz-executor317,6059,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 141.998474][ T6059] (syz-executor317,6059,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [pid 6059] mount("/dev/loop0", "./file0", "ocfs2", MS_RELATIME, "journal_async_commit,coherency=full,errors=continue,heartbeat=none,errors=continue,nointr,grpquota,") = 0 [pid 6059] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6059] chdir("./file0") = 0 [pid 6059] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 142.023576][ T6059] JBD2: Ignoring recovery information on journal [ 142.046415][ T6059] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 6059] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 6059] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=499712}], 1, 208896, RWF_HIPRI|RWF_DSYNC) = 499712 [pid 6059] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6059] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6059] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6059] exit_group(0) = ? [pid 6059] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6059, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=14 /* 0.14 s */} --- [ 142.065802][ T30] audit: type=1800 audit(1752426800.295:52): pid=6059 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor317" name="bus" dev="loop0" ino=16978 res=0 errno=0 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f1bf7f0 /* 4 entries */, 32768) = 112 umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f1c7830 /* 2 entries */, 32768) = 48 [ 142.223322][ T5851] ocfs2: Unmounting device (7,0) on (node local) getdents64(4, 0x55556f1c7830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file0") = 0 umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 getdents64(3, 0x55556f1bf7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6063 attached , child_tidptr=0x55556f1be750) = 6063 [pid 6063] set_robust_list(0x55556f1be760, 24) = 0 [pid 6063] chdir("./51") = 0 [pid 6063] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6063] setpgid(0, 0) = 0 [pid 6063] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6063] write(3, "1000", 4) = 4 [pid 6063] close(3) = 0 [pid 6063] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6063] write(1, "executing program\n", 18executing program ) = 18 [pid 6063] memfd_create("syzkaller", 0) = 3 [pid 6063] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ff9200000 [pid 6063] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 6063] munmap(0x7f0ff9200000, 138412032) = 0 [pid 6063] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6063] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6063] close(3) = 0 [pid 6063] close(4) = 0 [pid 6063] mkdir("./file0", 0777) = 0 [ 142.732107][ T6063] loop0: detected capacity change from 0 to 32768 [ 142.774852][ T6063] (syz-executor317,6063,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 142.789657][ T6063] (syz-executor317,6063,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 142.808602][ T6063] JBD2: Ignoring recovery information on journal [pid 6063] mount("/dev/loop0", "./file0", "ocfs2", MS_RELATIME, "journal_async_commit,coherency=full,errors=continue,heartbeat=none,errors=continue,nointr,grpquota,") = 0 [pid 6063] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6063] chdir("./file0") = 0 [pid 6063] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 142.827640][ T6063] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 6063] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 6063] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=499712}], 1, 208896, RWF_HIPRI|RWF_DSYNC) = 499712 [pid 6063] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6063] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6063] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6063] exit_group(0) = ? [pid 6063] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6063, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=17 /* 0.17 s */} --- [ 142.884567][ T30] audit: type=1800 audit(1752426801.115:53): pid=6063 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor317" name="bus" dev="loop0" ino=16978 res=0 errno=0 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f1bf7f0 /* 4 entries */, 32768) = 112 umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f1c7830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f1c7830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file0") = 0 umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 getdents64(3, 0x55556f1bf7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 143.013124][ T5851] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6067 attached [pid 6067] set_robust_list(0x55556f1be760, 24 [pid 5851] <... clone resumed>, child_tidptr=0x55556f1be750) = 6067 [pid 6067] <... set_robust_list resumed>) = 0 [pid 6067] chdir("./52") = 0 [pid 6067] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6067] setpgid(0, 0) = 0 [pid 6067] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6067] write(3, "1000", 4) = 4 [pid 6067] close(3) = 0 [pid 6067] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6067] write(1, "executing program\n", 18) = 18 [pid 6067] memfd_create("syzkaller", 0) = 3 [pid 6067] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ff9200000