./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1678210037 <...> Warning: Permanently added '10.128.1.252' (ED25519) to the list of known hosts. execve("./syz-executor1678210037", ["./syz-executor1678210037"], 0x7ffd85f23c20 /* 10 vars */) = 0 brk(NULL) = 0x55558e4a0000 brk(0x55558e4a0d00) = 0x55558e4a0d00 arch_prctl(ARCH_SET_FS, 0x55558e4a0380) = 0 set_tid_address(0x55558e4a0650) = 5849 set_robust_list(0x55558e4a0660, 24) = 0 rseq(0x55558e4a0ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1678210037", 4096) = 28 getrandom("\x67\x43\x0d\x61\xe9\xfd\x86\xfc", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55558e4a0d00 brk(0x55558e4c1d00) = 0x55558e4c1d00 brk(0x55558e4c2000) = 0x55558e4c2000 mprotect(0x7fd897aa2000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 mkdir("./syzkaller.TTq3cz", 0700) = 0 chmod("./syzkaller.TTq3cz", 0777) = 0 chdir("./syzkaller.TTq3cz") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5850 attached [pid 5850] set_robust_list(0x55558e4a0660, 24 [pid 5849] <... clone resumed>, child_tidptr=0x55558e4a0650) = 5850 [pid 5850] <... set_robust_list resumed>) = 0 [pid 5850] chdir("./0") = 0 [pid 5850] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5850] setpgid(0, 0) = 0 [pid 5850] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5850] write(3, "1000", 4) = 4 [pid 5850] close(3) = 0 [pid 5850] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5850] write(1, "executing program\n", 18) = 18 [pid 5850] memfd_create("syzkaller", 0) = 3 [pid 5850] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd88f5e3000 [pid 5850] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5850] munmap(0x7fd88f5e3000, 138412032) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5850] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5850] close(3) = 0 [pid 5850] close(4) = 0 [pid 5850] mkdir("./file0", 0777) = 0 [ 101.439513][ T5850] loop0: detected capacity change from 0 to 32768 [ 101.481084][ T5850] (syz-executor167,5850,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 101.485300][ T5850] (syz-executor167,5850,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 101.521812][ T5850] JBD2: Ignoring recovery information on journal [pid 5850] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5850] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5850] chdir("./file0") = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 101.569031][ T5850] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5850] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 5850] mount("./file0", "./file0", NULL, MS_RDONLY|MS_NOEXEC|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_REC|MS_UNBINDABLE|MS_SHARED|MS_LAZYTIME, NULL) = 0 [pid 5850] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0611) = 4 [pid 5850] write(4, "\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 9216) = 9216 [pid 5850] exit_group(0) = ? [pid 5850] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5850, si_uid=0, si_status=0, si_utime=0, si_stime=33 /* 0.33 s */} --- [ 101.661571][ T37] audit: type=1800 audit(1754834545.338:2): pid=5850 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor167" name="file2" dev="loop0" ino=16979 res=0 errno=0 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558e4a16f0 /* 4 entries */, 32768) = 112 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558e4a9730 /* 5 entries */, 32768) = 144 umount2("./0/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0/lost+found", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./0/file0/lost+found") = 0 umount2("./0/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0/file0", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./0/file0/file0") = 0 umount2("./0/file0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0/file2", {st_mode=S_IFREG|0600, st_size=9216, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/file0/file2") = 0 getdents64(4, 0x55558e4a9730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = -1 EBUSY (Device or resource busy) umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./0/file0") = 0 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 [ 102.252475][ T5849] ocfs2: Unmounting device (7,0) on (node local) getdents64(3, 0x55558e4a16f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5854 attached , child_tidptr=0x55558e4a0650) = 5854 [pid 5854] set_robust_list(0x55558e4a0660, 24) = 0 [pid 5854] chdir("./1") = 0 [pid 5854] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5854] setpgid(0, 0) = 0 [pid 5854] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5854] write(3, "1000", 4) = 4 [pid 5854] close(3) = 0 [pid 5854] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5854] write(1, "executing program\n", 18executing program ) = 18 [pid 5854] memfd_create("syzkaller", 0) = 3 [pid 5854] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd88f5e3000 [pid 5854] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5854] munmap(0x7fd88f5e3000, 138412032) = 0 [pid 5854] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5854] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5854] close(3) = 0 [pid 5854] close(4) = 0 [pid 5854] mkdir("./file0", 0777) = 0 [ 102.783941][ T5854] loop0: detected capacity change from 0 to 32768 [ 102.807562][ T5854] (syz-executor167,5854,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 102.808681][ T5854] (syz-executor167,5854,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 102.852029][ T5854] JBD2: Ignoring recovery information on journal [pid 5854] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5854] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5854] chdir("./file0") = 0 [pid 5854] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 102.889982][ T5854] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5854] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 5854] mount("./file0", "./file0", NULL, MS_RDONLY|MS_NOEXEC|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_REC|MS_UNBINDABLE|MS_SHARED|MS_LAZYTIME, NULL) = 0 [pid 5854] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0611) = 4 [pid 5854] write(4, "\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 9216) = 9216 [pid 5854] exit_group(0) = ? [pid 5854] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5854, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=22 /* 0.22 s */} --- umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558e4a16f0 /* 4 entries */, 32768) = 112 [ 102.984288][ T37] audit: type=1800 audit(1754834546.668:3): pid=5854 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor167" name="file2" dev="loop0" ino=16979 res=0 errno=0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558e4a9730 /* 5 entries */, 32768) = 144 umount2("./1/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0/lost+found", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./1/file0/lost+found") = 0 umount2("./1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0/file0", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./1/file0/file0") = 0 umount2("./1/file0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0/file2", {st_mode=S_IFREG|0600, st_size=9216, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/file0/file2") = 0 getdents64(4, 0x55558e4a9730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = -1 EBUSY (Device or resource busy) umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./1/file0") = 0 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 getdents64(3, 0x55558e4a16f0 /* 0 entries */, 32768) = 0 [ 103.525301][ T5849] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5858 attached , child_tidptr=0x55558e4a0650) = 5858 [pid 5858] set_robust_list(0x55558e4a0660, 24) = 0 [pid 5858] chdir("./2") = 0 [pid 5858] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5858] setpgid(0, 0) = 0 [pid 5858] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5858] write(3, "1000", 4) = 4 [pid 5858] close(3) = 0 [pid 5858] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5858] write(1, "executing program\n", 18) = 18 [pid 5858] memfd_create("syzkaller", 0) = 3 [pid 5858] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd88f5e3000 [pid 5858] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5858] munmap(0x7fd88f5e3000, 138412032) = 0 [pid 5858] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5858] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5858] close(3) = 0 [pid 5858] close(4) = 0 [pid 5858] mkdir("./file0", 0777) = 0 [ 104.032990][ T5858] loop0: detected capacity change from 0 to 32768 [ 104.055647][ T5858] (syz-executor167,5858,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 104.055999][ T5858] (syz-executor167,5858,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [pid 5858] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5858] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5858] chdir("./file0") = 0 [pid 5858] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 104.070126][ T5858] JBD2: Ignoring recovery information on journal [ 104.120357][ T5858] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5858] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 5858] mount("./file0", "./file0", NULL, MS_RDONLY|MS_NOEXEC|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_REC|MS_UNBINDABLE|MS_SHARED|MS_LAZYTIME, NULL) = 0 [pid 5858] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0611) = 4 [pid 5858] write(4, "\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 9216) = 9216 [pid 5858] exit_group(0) = ? [pid 5858] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5858, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 104.204686][ T37] audit: type=1800 audit(1754834547.888:4): pid=5858 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor167" name="file2" dev="loop0" ino=16979 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558e4a16f0 /* 4 entries */, 32768) = 112 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558e4a9730 /* 5 entries */, 32768) = 144 umount2("./2/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0/lost+found", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./2/file0/lost+found") = 0 umount2("./2/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0/file0", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./2/file0/file0") = 0 umount2("./2/file0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0/file2", {st_mode=S_IFREG|0600, st_size=9216, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/file0/file2") = 0 getdents64(4, 0x55558e4a9730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = -1 EBUSY (Device or resource busy) umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./2/file0") = 0 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 getdents64(3, 0x55558e4a16f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 [ 104.775542][ T5849] ocfs2: Unmounting device (7,0) on (node local) openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5862 attached , child_tidptr=0x55558e4a0650) = 5862 [pid 5862] set_robust_list(0x55558e4a0660, 24) = 0 [pid 5862] chdir("./3") = 0 [pid 5862] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5862] setpgid(0, 0) = 0 [pid 5862] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5862] write(3, "1000", 4) = 4 [pid 5862] close(3) = 0 [pid 5862] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5862] write(1, "executing program\n", 18) = 18 [pid 5862] memfd_create("syzkaller", 0) = 3 [pid 5862] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd88f5e3000 [pid 5862] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5862] munmap(0x7fd88f5e3000, 138412032) = 0 [pid 5862] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5862] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5862] close(3) = 0 [pid 5862] close(4) = 0 [pid 5862] mkdir("./file0", 0777) = 0 [ 105.295189][ T5862] loop0: detected capacity change from 0 to 32768 [ 105.331494][ T5862] (syz-executor167,5862,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 105.339834][ T5862] (syz-executor167,5862,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 105.374086][ T5862] JBD2: Ignoring recovery information on journal [pid 5862] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5862] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5862] chdir("./file0") = 0 [pid 5862] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5862] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 5862] mount("./file0", "./file0", NULL, MS_RDONLY|MS_NOEXEC|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_REC|MS_UNBINDABLE|MS_SHARED|MS_LAZYTIME, NULL) = 0 [pid 5862] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0611) = 4 [ 105.420909][ T5862] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5862] write(4, "\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 9216) = 9216 [pid 5862] exit_group(0) = ? [pid 5862] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5862, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 105.478838][ T37] audit: type=1800 audit(1754834549.158:5): pid=5862 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor167" name="file2" dev="loop0" ino=16979 res=0 errno=0 getdents64(3, 0x55558e4a16f0 /* 4 entries */, 32768) = 112 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558e4a9730 /* 5 entries */, 32768) = 144 umount2("./3/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0/lost+found", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./3/file0/lost+found") = 0 umount2("./3/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0/file0", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./3/file0/file0") = 0 umount2("./3/file0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0/file2", {st_mode=S_IFREG|0600, st_size=9216, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/file0/file2") = 0 getdents64(4, 0x55558e4a9730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = -1 EBUSY (Device or resource busy) umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./3/file0") = 0 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 106.099676][ T5849] ocfs2: Unmounting device (7,0) on (node local) unlink("./3/binderfs") = 0 getdents64(3, 0x55558e4a16f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5867 attached , child_tidptr=0x55558e4a0650) = 5867 [pid 5867] set_robust_list(0x55558e4a0660, 24) = 0 [pid 5867] chdir("./4") = 0 [pid 5867] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5867] setpgid(0, 0) = 0 [pid 5867] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5867] write(3, "1000", 4) = 4 [pid 5867] close(3) = 0 [pid 5867] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5867] write(1, "executing program\n", 18) = 18 [pid 5867] memfd_create("syzkaller", 0) = 3 [pid 5867] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd88f5e3000 [pid 5867] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5867] munmap(0x7fd88f5e3000, 138412032) = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5867] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5867] close(3) = 0 [pid 5867] close(4) = 0 [pid 5867] mkdir("./file0", 0777) = 0 [ 106.670056][ T5867] loop0: detected capacity change from 0 to 32768 [ 106.718575][ T5867] (syz-executor167,5867,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 106.718946][ T5867] (syz-executor167,5867,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [pid 5867] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5867] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5867] chdir("./file0") = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 106.778082][ T5867] JBD2: Ignoring recovery information on journal [ 106.815878][ T5867] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5867] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 5867] mount("./file0", "./file0", NULL, MS_RDONLY|MS_NOEXEC|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_REC|MS_UNBINDABLE|MS_SHARED|MS_LAZYTIME, NULL) = 0 [pid 5867] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0611) = 4 [pid 5867] write(4, "\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 9216) = 9216 [pid 5867] exit_group(0) = ? [pid 5867] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5867, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 106.882380][ T37] audit: type=1800 audit(1754834550.558:6): pid=5867 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor167" name="file2" dev="loop0" ino=16979 res=0 errno=0 openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558e4a16f0 /* 4 entries */, 32768) = 112 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558e4a9730 /* 5 entries */, 32768) = 144 umount2("./4/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file0/lost+found", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./4/file0/lost+found") = 0 umount2("./4/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file0/file0", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./4/file0/file0") = 0 umount2("./4/file0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file0/file2", {st_mode=S_IFREG|0600, st_size=9216, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/file0/file2") = 0 getdents64(4, 0x55558e4a9730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = -1 EBUSY (Device or resource busy) umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./4/file0") = 0 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 getdents64(3, 0x55558e4a16f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 107.376815][ T5849] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5871 attached , child_tidptr=0x55558e4a0650) = 5871 [pid 5871] set_robust_list(0x55558e4a0660, 24) = 0 [pid 5871] chdir("./5") = 0 [pid 5871] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5871] setpgid(0, 0) = 0 [pid 5871] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5871] write(3, "1000", 4) = 4 [pid 5871] close(3) = 0 [pid 5871] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5871] write(1, "executing program\n", 18) = 18 [pid 5871] memfd_create("syzkaller", 0) = 3 [pid 5871] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd88f5e3000 [pid 5871] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5871] munmap(0x7fd88f5e3000, 138412032) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5871] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5871] close(3) = 0 [pid 5871] close(4) = 0 [pid 5871] mkdir("./file0", 0777) = 0 [ 107.884059][ T5871] loop0: detected capacity change from 0 to 32768 [ 107.916778][ T5871] (syz-executor167,5871,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [pid 5871] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5871] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5871] chdir("./file0") = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 107.917095][ T5871] (syz-executor167,5871,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 107.936699][ T5871] JBD2: Ignoring recovery information on journal [ 107.982328][ T5871] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5871] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 5871] mount("./file0", "./file0", NULL, MS_RDONLY|MS_NOEXEC|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_REC|MS_UNBINDABLE|MS_SHARED|MS_LAZYTIME, NULL) = 0 [pid 5871] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0611) = 4 [pid 5871] write(4, "\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 9216) = 9216 [pid 5871] exit_group(0) = ? [pid 5871] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5871, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 108.069027][ T37] audit: type=1800 audit(1754834551.748:7): pid=5871 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor167" name="file2" dev="loop0" ino=16979 res=0 errno=0 openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558e4a16f0 /* 4 entries */, 32768) = 112 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558e4a9730 /* 5 entries */, 32768) = 144 umount2("./5/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file0/lost+found", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./5/file0/lost+found") = 0 umount2("./5/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file0/file0", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./5/file0/file0") = 0 umount2("./5/file0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file0/file2", {st_mode=S_IFREG|0600, st_size=9216, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/file0/file2") = 0 getdents64(4, 0x55558e4a9730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = -1 EBUSY (Device or resource busy) umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./5/file0") = 0 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 108.679817][ T5849] ocfs2: Unmounting device (7,0) on (node local) unlink("./5/binderfs") = 0 getdents64(3, 0x55558e4a16f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5875 attached , child_tidptr=0x55558e4a0650) = 5875 [pid 5875] set_robust_list(0x55558e4a0660, 24) = 0 [pid 5875] chdir("./6") = 0 [pid 5875] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5875] setpgid(0, 0) = 0 [pid 5875] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5875] write(3, "1000", 4) = 4 [pid 5875] close(3) = 0 [pid 5875] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5875] write(1, "executing program\n", 18) = 18 [pid 5875] memfd_create("syzkaller", 0) = 3 [pid 5875] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd88f5e3000 [pid 5875] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5875] munmap(0x7fd88f5e3000, 138412032) = 0 [pid 5875] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5875] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5875] close(3) = 0 [pid 5875] close(4) = 0 [pid 5875] mkdir("./file0", 0777) = 0 [ 109.221648][ T5875] loop0: detected capacity change from 0 to 32768 [ 109.255441][ T5875] (syz-executor167,5875,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 109.255736][ T5875] (syz-executor167,5875,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 109.277903][ T5875] JBD2: Ignoring recovery information on journal [pid 5875] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5875] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5875] chdir("./file0") = 0 [pid 5875] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5875] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 5875] mount("./file0", "./file0", NULL, MS_RDONLY|MS_NOEXEC|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_REC|MS_UNBINDABLE|MS_SHARED|MS_LAZYTIME, NULL) = 0 [ 109.328324][ T5875] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5875] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0611) = 4 [pid 5875] write(4, "\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 9216) = 9216 [pid 5875] exit_group(0) = ? [pid 5875] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5875, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 109.387766][ T37] audit: type=1800 audit(1754834553.068:8): pid=5875 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor167" name="file2" dev="loop0" ino=16979 res=0 errno=0 openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558e4a16f0 /* 4 entries */, 32768) = 112 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558e4a9730 /* 5 entries */, 32768) = 144 umount2("./6/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file0/lost+found", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./6/file0/lost+found") = 0 umount2("./6/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file0/file0", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./6/file0/file0") = 0 umount2("./6/file0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file0/file2", {st_mode=S_IFREG|0600, st_size=9216, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/file0/file2") = 0 getdents64(4, 0x55558e4a9730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = -1 EBUSY (Device or resource busy) umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./6/file0") = 0 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 getdents64(3, 0x55558e4a16f0 /* 0 entries */, 32768) = 0 close(3) = 0 [ 110.016587][ T5849] ocfs2: Unmounting device (7,0) on (node local) rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5879 attached , child_tidptr=0x55558e4a0650) = 5879 [pid 5879] set_robust_list(0x55558e4a0660, 24) = 0 [pid 5879] chdir("./7") = 0 [pid 5879] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5879] setpgid(0, 0) = 0 [pid 5879] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5879] write(3, "1000", 4) = 4 [pid 5879] close(3) = 0 [pid 5879] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5879] write(1, "executing program\n", 18) = 18 [pid 5879] memfd_create("syzkaller", 0) = 3 [pid 5879] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd88f5e3000 [pid 5879] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5879] munmap(0x7fd88f5e3000, 138412032) = 0 [pid 5879] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5879] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5879] close(3) = 0 [pid 5879] close(4) = 0 [pid 5879] mkdir("./file0", 0777) = 0 [ 110.537787][ T5879] loop0: detected capacity change from 0 to 32768 [ 110.555305][ T5879] (syz-executor167,5879,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 110.555658][ T5879] (syz-executor167,5879,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 110.600230][ T5879] JBD2: Ignoring recovery information on journal [pid 5879] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5879] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5879] chdir("./file0") = 0 [pid 5879] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5879] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 5879] mount("./file0", "./file0", NULL, MS_RDONLY|MS_NOEXEC|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_REC|MS_UNBINDABLE|MS_SHARED|MS_LAZYTIME, NULL) = 0 [pid 5879] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0611) = 4 [ 110.658246][ T5879] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5879] write(4, "\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 9216) = 9216 [pid 5879] exit_group(0) = ? [pid 5879] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5879, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=26 /* 0.26 s */} --- umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 110.699989][ T37] audit: type=1800 audit(1754834554.378:9): pid=5879 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor167" name="file2" dev="loop0" ino=16979 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558e4a16f0 /* 4 entries */, 32768) = 112 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558e4a9730 /* 5 entries */, 32768) = 144 umount2("./7/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file0/lost+found", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./7/file0/lost+found") = 0 umount2("./7/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file0/file0", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./7/file0/file0") = 0 umount2("./7/file0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file0/file2", {st_mode=S_IFREG|0600, st_size=9216, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/file0/file2") = 0 getdents64(4, 0x55558e4a9730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = -1 EBUSY (Device or resource busy) umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./7/file0") = 0 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 getdents64(3, 0x55558e4a16f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 111.277954][ T5849] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5883 attached , child_tidptr=0x55558e4a0650) = 5883 [pid 5883] set_robust_list(0x55558e4a0660, 24) = 0 [pid 5883] chdir("./8") = 0 [pid 5883] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5883] setpgid(0, 0) = 0 [pid 5883] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5883] write(3, "1000", 4) = 4 [pid 5883] close(3) = 0 [pid 5883] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5883] write(1, "executing program\n", 18) = 18 [pid 5883] memfd_create("syzkaller", 0) = 3 [pid 5883] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd88f5e3000 [pid 5883] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5883] munmap(0x7fd88f5e3000, 138412032) = 0 [pid 5883] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5883] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5883] close(3) = 0 [pid 5883] close(4) = 0 [pid 5883] mkdir("./file0", 0777) = 0 [ 111.762555][ T5883] loop0: detected capacity change from 0 to 32768 [ 111.793096][ T5883] (syz-executor167,5883,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 111.793656][ T5883] (syz-executor167,5883,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 111.815710][ T5883] JBD2: Ignoring recovery information on journal [pid 5883] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5883] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5883] chdir("./file0") = 0 [pid 5883] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5883] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 5883] mount("./file0", "./file0", NULL, MS_RDONLY|MS_NOEXEC|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_REC|MS_UNBINDABLE|MS_SHARED|MS_LAZYTIME, NULL) = 0 [pid 5883] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0611) = 4 [ 111.865126][ T5883] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5883] write(4, "\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 9216) = 9216 [pid 5883] exit_group(0) = ? [pid 5883] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5883, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 111.920278][ T37] audit: type=1800 audit(1754834555.598:10): pid=5883 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor167" name="file2" dev="loop0" ino=16979 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558e4a16f0 /* 4 entries */, 32768) = 112 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558e4a9730 /* 5 entries */, 32768) = 144 umount2("./8/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file0/lost+found", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./8/file0/lost+found") = 0 umount2("./8/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file0/file0", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./8/file0/file0") = 0 umount2("./8/file0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file0/file2", {st_mode=S_IFREG|0600, st_size=9216, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/file0/file2") = 0 getdents64(4, 0x55558e4a9730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = -1 EBUSY (Device or resource busy) umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./8/file0") = 0 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 getdents64(3, 0x55558e4a16f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 112.467678][ T5849] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5887 attached , child_tidptr=0x55558e4a0650) = 5887 [pid 5887] set_robust_list(0x55558e4a0660, 24) = 0 [pid 5887] chdir("./9") = 0 [pid 5887] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5887] setpgid(0, 0) = 0 [pid 5887] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5887] write(3, "1000", 4) = 4 [pid 5887] close(3) = 0 [pid 5887] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5887] write(1, "executing program\n", 18) = 18 [pid 5887] memfd_create("syzkaller", 0) = 3 [pid 5887] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd88f5e3000 [pid 5887] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5887] munmap(0x7fd88f5e3000, 138412032) = 0 [pid 5887] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5887] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5887] close(3) = 0 [pid 5887] close(4) = 0 [pid 5887] mkdir("./file0", 0777) = 0 [ 112.971668][ T5887] loop0: detected capacity change from 0 to 32768 [ 112.998766][ T5887] (syz-executor167,5887,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [pid 5887] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5887] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5887] chdir("./file0") = 0 [pid 5887] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 112.999146][ T5887] (syz-executor167,5887,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 113.010639][ T5887] JBD2: Ignoring recovery information on journal [ 113.051980][ T5887] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5887] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 5887] mount("./file0", "./file0", NULL, MS_RDONLY|MS_NOEXEC|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_REC|MS_UNBINDABLE|MS_SHARED|MS_LAZYTIME, NULL) = 0 [pid 5887] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0611) = 4 [pid 5887] write(4, "\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 9216) = 9216 [pid 5887] exit_group(0) = ? [pid 5887] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5887, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 113.124214][ T37] audit: type=1800 audit(1754834556.808:11): pid=5887 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor167" name="file2" dev="loop0" ino=16979 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558e4a16f0 /* 4 entries */, 32768) = 112 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558e4a9730 /* 5 entries */, 32768) = 144 umount2("./9/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file0/lost+found", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./9/file0/lost+found") = 0 umount2("./9/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file0/file0", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./9/file0/file0") = 0 umount2("./9/file0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file0/file2", {st_mode=S_IFREG|0600, st_size=9216, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/file0/file2") = 0 getdents64(4, 0x55558e4a9730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = -1 EBUSY (Device or resource busy) umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./9/file0") = 0 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 113.689038][ T5849] ocfs2: Unmounting device (7,0) on (node local) unlink("./9/binderfs") = 0 getdents64(3, 0x55558e4a16f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5891 attached , child_tidptr=0x55558e4a0650) = 5891 [pid 5891] set_robust_list(0x55558e4a0660, 24) = 0 [pid 5891] chdir("./10") = 0 [pid 5891] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5891] setpgid(0, 0) = 0 [pid 5891] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5891] write(3, "1000", 4) = 4 [pid 5891] close(3) = 0 [pid 5891] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5891] write(1, "executing program\n", 18executing program ) = 18 [pid 5891] memfd_create("syzkaller", 0) = 3 [pid 5891] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd88f5e3000 [pid 5891] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5891] munmap(0x7fd88f5e3000, 138412032) = 0 [pid 5891] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5891] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5891] close(3) = 0 [pid 5891] close(4) = 0 [pid 5891] mkdir("./file0", 0777) = 0 [ 114.269048][ T5891] loop0: detected capacity change from 0 to 32768 [ 114.301008][ T5891] (syz-executor167,5891,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 114.301300][ T5891] (syz-executor167,5891,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 114.321462][ T5891] JBD2: Ignoring recovery information on journal [pid 5891] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5891] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5891] chdir("./file0") = 0 [pid 5891] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 114.363319][ T5891] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5891] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 5891] mount("./file0", "./file0", NULL, MS_RDONLY|MS_NOEXEC|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_REC|MS_UNBINDABLE|MS_SHARED|MS_LAZYTIME, NULL) = 0 [pid 5891] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0611) = 4 [pid 5891] write(4, "\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 9216) = 9216 [pid 5891] exit_group(0) = ? [pid 5891] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5891, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 114.453345][ T37] audit: type=1800 audit(1754834558.138:12): pid=5891 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor167" name="file2" dev="loop0" ino=16979 res=0 errno=0 getdents64(3, 0x55558e4a16f0 /* 4 entries */, 32768) = 112 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558e4a9730 /* 5 entries */, 32768) = 144 umount2("./10/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file0/lost+found", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./10/file0/lost+found") = 0 umount2("./10/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file0/file0", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./10/file0/file0") = 0 umount2("./10/file0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file0/file2", {st_mode=S_IFREG|0600, st_size=9216, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/file0/file2") = 0 getdents64(4, 0x55558e4a9730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = -1 EBUSY (Device or resource busy) umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./10/file0") = 0 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 getdents64(3, 0x55558e4a16f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 [ 114.988362][ T5849] ocfs2: Unmounting device (7,0) on (node local) openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5895 attached , child_tidptr=0x55558e4a0650) = 5895 [pid 5895] set_robust_list(0x55558e4a0660, 24) = 0 [pid 5895] chdir("./11") = 0 [pid 5895] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5895] setpgid(0, 0) = 0 [pid 5895] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5895] write(3, "1000", 4) = 4 [pid 5895] close(3) = 0 [pid 5895] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5895] write(1, "executing program\n", 18executing program ) = 18 [pid 5895] memfd_create("syzkaller", 0) = 3 [pid 5895] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd88f5e3000 [pid 5895] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5895] munmap(0x7fd88f5e3000, 138412032) = 0 [pid 5895] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5895] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5895] close(3) = 0 [pid 5895] close(4) = 0 [pid 5895] mkdir("./file0", 0777) = 0 [ 115.530014][ T5895] loop0: detected capacity change from 0 to 32768 [ 115.562023][ T5895] (syz-executor167,5895,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 115.562680][ T5895] (syz-executor167,5895,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 115.610182][ T5895] JBD2: Ignoring recovery information on journal [pid 5895] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5895] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5895] chdir("./file0") = 0 [pid 5895] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5895] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 5895] mount("./file0", "./file0", NULL, MS_RDONLY|MS_NOEXEC|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_REC|MS_UNBINDABLE|MS_SHARED|MS_LAZYTIME, NULL) = 0 [pid 5895] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0611) = 4 [pid 5895] write(4, "\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 9216) = 9216 [ 115.641111][ T5895] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5895] exit_group(0) = ? [pid 5895] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5895, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 115.693360][ T37] audit: type=1800 audit(1754834559.378:13): pid=5895 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor167" name="file2" dev="loop0" ino=16979 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558e4a16f0 /* 4 entries */, 32768) = 112 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558e4a9730 /* 5 entries */, 32768) = 144 umount2("./11/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file0/lost+found", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./11/file0/lost+found") = 0 umount2("./11/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file0/file0", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./11/file0/file0") = 0 umount2("./11/file0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file0/file2", {st_mode=S_IFREG|0600, st_size=9216, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/file0/file2") = 0 getdents64(4, 0x55558e4a9730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = -1 EBUSY (Device or resource busy) umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./11/file0") = 0 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 getdents64(3, 0x55558e4a16f0 /* 0 entries */, 32768) = 0 [ 116.238811][ T5849] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5899 attached , child_tidptr=0x55558e4a0650) = 5899 [pid 5899] set_robust_list(0x55558e4a0660, 24) = 0 [pid 5899] chdir("./12") = 0 [pid 5899] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5899] setpgid(0, 0) = 0 [pid 5899] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5899] write(3, "1000", 4) = 4 [pid 5899] close(3) = 0 [pid 5899] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5899] write(1, "executing program\n", 18executing program ) = 18 [pid 5899] memfd_create("syzkaller", 0) = 3 [pid 5899] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd88f5e3000 [pid 5899] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5899] munmap(0x7fd88f5e3000, 138412032) = 0 [pid 5899] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5899] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5899] close(3) = 0 [pid 5899] close(4) = 0 [pid 5899] mkdir("./file0", 0777) = 0 [ 116.748318][ T5899] loop0: detected capacity change from 0 to 32768 [ 116.806007][ T5899] (syz-executor167,5899,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 116.806373][ T5899] (syz-executor167,5899,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 116.839122][ T5899] JBD2: Ignoring recovery information on journal [pid 5899] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5899] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5899] chdir("./file0") = 0 [pid 5899] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5899] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 5899] mount("./file0", "./file0", NULL, MS_RDONLY|MS_NOEXEC|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_REC|MS_UNBINDABLE|MS_SHARED|MS_LAZYTIME, NULL) = 0 [ 116.879117][ T5899] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5899] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0611) = 4 [pid 5899] write(4, "\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 9216) = 9216 [pid 5899] exit_group(0) = ? [pid 5899] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5899, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=27 /* 0.27 s */} --- umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 116.953084][ T37] audit: type=1800 audit(1754834560.638:14): pid=5899 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor167" name="file2" dev="loop0" ino=16979 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558e4a16f0 /* 4 entries */, 32768) = 112 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558e4a9730 /* 5 entries */, 32768) = 144 umount2("./12/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file0/lost+found", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./12/file0/lost+found") = 0 umount2("./12/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file0/file0", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./12/file0/file0") = 0 umount2("./12/file0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file0/file2", {st_mode=S_IFREG|0600, st_size=9216, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/file0/file2") = 0 getdents64(4, 0x55558e4a9730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = -1 EBUSY (Device or resource busy) umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./12/file0") = 0 umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 getdents64(3, 0x55558e4a16f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 117.484399][ T5849] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5903 attached , child_tidptr=0x55558e4a0650) = 5903 [pid 5903] set_robust_list(0x55558e4a0660, 24) = 0 [pid 5903] chdir("./13") = 0 [pid 5903] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5903] setpgid(0, 0) = 0 [pid 5903] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5903] write(3, "1000", 4) = 4 [pid 5903] close(3) = 0 [pid 5903] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5903] write(1, "executing program\n", 18) = 18 [pid 5903] memfd_create("syzkaller", 0) = 3 [pid 5903] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd88f5e3000 [pid 5903] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5903] munmap(0x7fd88f5e3000, 138412032) = 0 [pid 5903] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5903] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5903] close(3) = 0 [pid 5903] close(4) = 0 [pid 5903] mkdir("./file0", 0777) = 0 [ 117.993124][ T5903] loop0: detected capacity change from 0 to 32768 [ 118.022887][ T5903] (syz-executor167,5903,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 118.023770][ T5903] (syz-executor167,5903,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 118.068265][ T5903] JBD2: Ignoring recovery information on journal [pid 5903] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5903] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5903] chdir("./file0") = 0 [pid 5903] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5903] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 5903] mount("./file0", "./file0", NULL, MS_RDONLY|MS_NOEXEC|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_REC|MS_UNBINDABLE|MS_SHARED|MS_LAZYTIME, NULL) = 0 [pid 5903] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0611) = 4 [ 118.111232][ T5903] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5903] write(4, "\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 9216) = 9216 [pid 5903] exit_group(0) = ? [pid 5903] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5903, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 118.158455][ T37] audit: type=1800 audit(1754834561.838:15): pid=5903 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor167" name="file2" dev="loop0" ino=16979 res=0 errno=0 openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558e4a16f0 /* 4 entries */, 32768) = 112 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558e4a9730 /* 5 entries */, 32768) = 144 umount2("./13/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file0/lost+found", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./13/file0/lost+found") = 0 umount2("./13/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file0/file0", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./13/file0/file0") = 0 umount2("./13/file0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file0/file2", {st_mode=S_IFREG|0600, st_size=9216, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/file0/file2") = 0 getdents64(4, 0x55558e4a9730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = -1 EBUSY (Device or resource busy) umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./13/file0") = 0 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 getdents64(3, 0x55558e4a16f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 [ 118.813692][ T5849] ocfs2: Unmounting device (7,0) on (node local) openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5907 attached , child_tidptr=0x55558e4a0650) = 5907 [pid 5907] set_robust_list(0x55558e4a0660, 24) = 0 [pid 5907] chdir("./14") = 0 [pid 5907] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5907] setpgid(0, 0) = 0 [pid 5907] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5907] write(3, "1000", 4) = 4 [pid 5907] close(3) = 0 [pid 5907] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5907] write(1, "executing program\n", 18executing program ) = 18 [pid 5907] memfd_create("syzkaller", 0) = 3 [pid 5907] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd88f5e3000 [pid 5907] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5907] munmap(0x7fd88f5e3000, 138412032) = 0 [pid 5907] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5907] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5907] close(3) = 0 [pid 5907] close(4) = 0 [pid 5907] mkdir("./file0", 0777) = 0 [ 119.404498][ T5907] loop0: detected capacity change from 0 to 32768 [ 119.438322][ T5907] (syz-executor167,5907,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 119.440531][ T5907] (syz-executor167,5907,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 119.452637][ T5907] JBD2: Ignoring recovery information on journal [pid 5907] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5907] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5907] chdir("./file0") = 0 [pid 5907] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 119.505214][ T5907] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5907] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 5907] mount("./file0", "./file0", NULL, MS_RDONLY|MS_NOEXEC|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_REC|MS_UNBINDABLE|MS_SHARED|MS_LAZYTIME, NULL) = 0 [pid 5907] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0611) = 4 [pid 5907] write(4, "\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 9216) = 9216 [pid 5907] exit_group(0) = ? [pid 5907] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5907, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=26 /* 0.26 s */} --- [ 119.601569][ T37] audit: type=1800 audit(1754834563.278:16): pid=5907 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor167" name="file2" dev="loop0" ino=16979 res=0 errno=0 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558e4a16f0 /* 4 entries */, 32768) = 112 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558e4a9730 /* 5 entries */, 32768) = 144 umount2("./14/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file0/lost+found", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./14/file0/lost+found") = 0 umount2("./14/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file0/file0", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./14/file0/file0") = 0 umount2("./14/file0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file0/file2", {st_mode=S_IFREG|0600, st_size=9216, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/file0/file2") = 0 getdents64(4, 0x55558e4a9730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = -1 EBUSY (Device or resource busy) umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./14/file0") = 0 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 getdents64(3, 0x55558e4a16f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 120.251315][ T5849] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5911 attached , child_tidptr=0x55558e4a0650) = 5911 [pid 5911] set_robust_list(0x55558e4a0660, 24) = 0 [pid 5911] chdir("./15") = 0 [pid 5911] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5911] setpgid(0, 0) = 0 [pid 5911] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5911] write(3, "1000", 4) = 4 [pid 5911] close(3) = 0 [pid 5911] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5911] write(1, "executing program\n", 18) = 18 [pid 5911] memfd_create("syzkaller", 0) = 3 [pid 5911] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd88f5e3000 [pid 5911] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5911] munmap(0x7fd88f5e3000, 138412032) = 0 [pid 5911] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5911] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5911] close(3) = 0 [pid 5911] close(4) = 0 [pid 5911] mkdir("./file0", 0777) = 0 [ 120.726535][ T5911] loop0: detected capacity change from 0 to 32768 [ 120.762291][ T5911] (syz-executor167,5911,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 120.762574][ T5911] (syz-executor167,5911,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 120.779318][ T5911] JBD2: Ignoring recovery information on journal [pid 5911] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5911] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5911] chdir("./file0") = 0 [pid 5911] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5911] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 5911] mount("./file0", "./file0", NULL, MS_RDONLY|MS_NOEXEC|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_REC|MS_UNBINDABLE|MS_SHARED|MS_LAZYTIME, NULL) = 0 [ 120.819342][ T5911] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5911] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0611) = 4 [pid 5911] write(4, "\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 9216) = 9216 [pid 5911] exit_group(0) = ? [pid 5911] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5911, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 120.896109][ T37] audit: type=1800 audit(1754834564.578:17): pid=5911 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor167" name="file2" dev="loop0" ino=16979 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558e4a16f0 /* 4 entries */, 32768) = 112 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558e4a9730 /* 5 entries */, 32768) = 144 umount2("./15/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file0/lost+found", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./15/file0/lost+found") = 0 umount2("./15/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file0/file0", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./15/file0/file0") = 0 umount2("./15/file0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file0/file2", {st_mode=S_IFREG|0600, st_size=9216, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/file0/file2") = 0 getdents64(4, 0x55558e4a9730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = -1 EBUSY (Device or resource busy) umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./15/file0") = 0 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 getdents64(3, 0x55558e4a16f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 [ 121.488877][ T5849] ocfs2: Unmounting device (7,0) on (node local) openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5915 attached , child_tidptr=0x55558e4a0650) = 5915 [pid 5915] set_robust_list(0x55558e4a0660, 24) = 0 [pid 5915] chdir("./16") = 0 [pid 5915] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5915] setpgid(0, 0) = 0 [pid 5915] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5915] write(3, "1000", 4) = 4 [pid 5915] close(3) = 0 [pid 5915] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5915] write(1, "executing program\n", 18executing program ) = 18 [pid 5915] memfd_create("syzkaller", 0) = 3 [pid 5915] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd88f5e3000 [pid 5915] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5915] munmap(0x7fd88f5e3000, 138412032) = 0 [pid 5915] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5915] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5915] close(3) = 0 [pid 5915] close(4) = 0 [pid 5915] mkdir("./file0", 0777) = 0 [ 122.030139][ T5915] loop0: detected capacity change from 0 to 32768 [ 122.060681][ T5915] (syz-executor167,5915,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 122.061081][ T5915] (syz-executor167,5915,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 122.080214][ T5915] JBD2: Ignoring recovery information on journal [pid 5915] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5915] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5915] chdir("./file0") = 0 [pid 5915] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5915] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 5915] mount("./file0", "./file0", NULL, MS_RDONLY|MS_NOEXEC|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_REC|MS_UNBINDABLE|MS_SHARED|MS_LAZYTIME, NULL) = 0 [pid 5915] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0611) = 4 [ 122.134271][ T5915] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5915] write(4, "\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 9216) = 9216 [pid 5915] exit_group(0) = ? [pid 5915] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5915, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=23 /* 0.23 s */} --- umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 122.180600][ T37] audit: type=1800 audit(1754834565.858:18): pid=5915 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor167" name="file2" dev="loop0" ino=16979 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558e4a16f0 /* 4 entries */, 32768) = 112 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558e4a9730 /* 5 entries */, 32768) = 144 umount2("./16/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file0/lost+found", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./16/file0/lost+found") = 0 umount2("./16/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file0/file0", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./16/file0/file0") = 0 umount2("./16/file0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file0/file2", {st_mode=S_IFREG|0600, st_size=9216, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/file0/file2") = 0 getdents64(4, 0x55558e4a9730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = -1 EBUSY (Device or resource busy) umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./16/file0") = 0 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 122.769000][ T5849] ocfs2: Unmounting device (7,0) on (node local) unlink("./16/binderfs") = 0 getdents64(3, 0x55558e4a16f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5919 attached , child_tidptr=0x55558e4a0650) = 5919 [pid 5919] set_robust_list(0x55558e4a0660, 24) = 0 [pid 5919] chdir("./17") = 0 [pid 5919] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5919] setpgid(0, 0) = 0 [pid 5919] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5919] write(3, "1000", 4) = 4 [pid 5919] close(3) = 0 [pid 5919] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5919] write(1, "executing program\n", 18executing program ) = 18 [pid 5919] memfd_create("syzkaller", 0) = 3 [pid 5919] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd88f5e3000 [pid 5919] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5919] munmap(0x7fd88f5e3000, 138412032) = 0 [pid 5919] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5919] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5919] close(3) = 0 [pid 5919] close(4) = 0 [pid 5919] mkdir("./file0", 0777) = 0 [ 123.315845][ T5919] loop0: detected capacity change from 0 to 32768 [ 123.363744][ T5919] (syz-executor167,5919,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 123.364036][ T5919] (syz-executor167,5919,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 123.405977][ T5919] JBD2: Ignoring recovery information on journal [pid 5919] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5919] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5919] chdir("./file0") = 0 [pid 5919] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 123.439142][ T5919] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5919] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 5919] mount("./file0", "./file0", NULL, MS_RDONLY|MS_NOEXEC|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_REC|MS_UNBINDABLE|MS_SHARED|MS_LAZYTIME, NULL) = 0 [pid 5919] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0611) = 4 [pid 5919] write(4, "\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 9216) = 9216 [pid 5919] exit_group(0) = ? [pid 5919] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5919, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=24 /* 0.24 s */} --- umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 123.524110][ T37] audit: type=1800 audit(1754834567.208:19): pid=5919 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor167" name="file2" dev="loop0" ino=16979 res=0 errno=0 openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558e4a16f0 /* 4 entries */, 32768) = 112 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558e4a9730 /* 5 entries */, 32768) = 144 umount2("./17/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file0/lost+found", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./17/file0/lost+found") = 0 umount2("./17/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file0/file0", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./17/file0/file0") = 0 umount2("./17/file0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file0/file2", {st_mode=S_IFREG|0600, st_size=9216, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/file0/file2") = 0 getdents64(4, 0x55558e4a9730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = -1 EBUSY (Device or resource busy) umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./17/file0") = 0 umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 getdents64(3, 0x55558e4a16f0 /* 0 entries */, 32768) = 0 [ 124.171832][ T5849] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5923 attached , child_tidptr=0x55558e4a0650) = 5923 [pid 5923] set_robust_list(0x55558e4a0660, 24) = 0 [pid 5923] chdir("./18") = 0 [pid 5923] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5923] setpgid(0, 0) = 0 [pid 5923] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5923] write(3, "1000", 4) = 4 [pid 5923] close(3) = 0 [pid 5923] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5923] write(1, "executing program\n", 18) = 18 [pid 5923] memfd_create("syzkaller", 0) = 3 [pid 5923] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd88f5e3000 [pid 5923] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5923] munmap(0x7fd88f5e3000, 138412032) = 0 [pid 5923] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5923] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5923] close(3) = 0 [pid 5923] close(4) = 0 [pid 5923] mkdir("./file0", 0777) = 0 [ 124.753634][ T5923] loop0: detected capacity change from 0 to 32768 [ 124.796005][ T5923] (syz-executor167,5923,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 124.796388][ T5923] (syz-executor167,5923,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [pid 5923] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5923] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5923] chdir("./file0") = 0 [pid 5923] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5923] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 5923] mount("./file0", "./file0", NULL, MS_RDONLY|MS_NOEXEC|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_REC|MS_UNBINDABLE|MS_SHARED|MS_LAZYTIME, NULL) = 0 [ 124.844286][ T5923] JBD2: Ignoring recovery information on journal [ 124.879346][ T5923] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5923] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0611) = 4 [pid 5923] write(4, "\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 9216) = 9216 [pid 5923] exit_group(0) = ? [pid 5923] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5923, si_uid=0, si_status=0, si_utime=0, si_stime=26 /* 0.26 s */} --- umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 124.935416][ T37] audit: type=1800 audit(1754834568.618:20): pid=5923 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor167" name="file2" dev="loop0" ino=16979 res=0 errno=0 getdents64(3, 0x55558e4a16f0 /* 4 entries */, 32768) = 112 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558e4a9730 /* 5 entries */, 32768) = 144 umount2("./18/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file0/lost+found", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./18/file0/lost+found") = 0 umount2("./18/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file0/file0", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./18/file0/file0") = 0 umount2("./18/file0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file0/file2", {st_mode=S_IFREG|0600, st_size=9216, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/file0/file2") = 0 getdents64(4, 0x55558e4a9730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = -1 EBUSY (Device or resource busy) umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./18/file0") = 0 umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 [ 125.497485][ T5849] ocfs2: Unmounting device (7,0) on (node local) getdents64(3, 0x55558e4a16f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5927 attached , child_tidptr=0x55558e4a0650) = 5927 [pid 5927] set_robust_list(0x55558e4a0660, 24) = 0 [pid 5927] chdir("./19") = 0 [pid 5927] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5927] setpgid(0, 0) = 0 [pid 5927] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5927] write(3, "1000", 4) = 4 [pid 5927] close(3) = 0 [pid 5927] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5927] write(1, "executing program\n", 18executing program ) = 18 [pid 5927] memfd_create("syzkaller", 0) = 3 [pid 5927] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd88f5e3000 [pid 5927] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5927] munmap(0x7fd88f5e3000, 138412032) = 0 [pid 5927] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5927] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5927] close(3) = 0 [pid 5927] close(4) = 0 [pid 5927] mkdir("./file0", 0777) = 0 [ 126.058002][ T5927] loop0: detected capacity change from 0 to 32768 [ 126.105972][ T5927] (syz-executor167,5927,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 126.106348][ T5927] (syz-executor167,5927,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [pid 5927] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5927] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5927] chdir("./file0") = 0 [pid 5927] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5927] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 5927] mount("./file0", "./file0", NULL, MS_RDONLY|MS_NOEXEC|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_REC|MS_UNBINDABLE|MS_SHARED|MS_LAZYTIME, NULL) = 0 [pid 5927] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0611) = 4 [ 126.155241][ T5927] JBD2: Ignoring recovery information on journal [ 126.195810][ T5927] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5927] write(4, "\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 9216) = 9216 [pid 5927] exit_group(0) = ? [pid 5927] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5927, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=28 /* 0.28 s */} --- umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 126.234853][ T37] audit: type=1800 audit(1754834569.918:21): pid=5927 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor167" name="file2" dev="loop0" ino=16979 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558e4a16f0 /* 4 entries */, 32768) = 112 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558e4a9730 /* 5 entries */, 32768) = 144 umount2("./19/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file0/lost+found", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./19/file0/lost+found") = 0 umount2("./19/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file0/file0", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./19/file0/file0") = 0 umount2("./19/file0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file0/file2", {st_mode=S_IFREG|0600, st_size=9216, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/file0/file2") = 0 getdents64(4, 0x55558e4a9730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = -1 EBUSY (Device or resource busy) umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./19/file0") = 0 umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 [ 126.752649][ T5849] ocfs2: Unmounting device (7,0) on (node local) getdents64(3, 0x55558e4a16f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5932 attached , child_tidptr=0x55558e4a0650) = 5932 [pid 5932] set_robust_list(0x55558e4a0660, 24) = 0 [pid 5932] chdir("./20") = 0 [pid 5932] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5932] setpgid(0, 0) = 0 [pid 5932] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5932] write(3, "1000", 4) = 4 [pid 5932] close(3) = 0 [pid 5932] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5932] write(1, "executing program\n", 18) = 18 [pid 5932] memfd_create("syzkaller", 0) = 3 [pid 5932] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd88f5e3000 [pid 5932] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5932] munmap(0x7fd88f5e3000, 138412032) = 0 [pid 5932] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5932] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5932] close(3) = 0 [pid 5932] close(4) = 0 [pid 5932] mkdir("./file0", 0777) = 0 [ 127.239797][ T5932] loop0: detected capacity change from 0 to 32768 [ 127.258998][ T5932] (syz-executor167,5932,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 127.259540][ T5932] (syz-executor167,5932,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 127.299847][ T5932] JBD2: Ignoring recovery information on journal [pid 5932] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5932] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5932] chdir("./file0") = 0 [pid 5932] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 127.341544][ T5932] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5932] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 5932] mount("./file0", "./file0", NULL, MS_RDONLY|MS_NOEXEC|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_REC|MS_UNBINDABLE|MS_SHARED|MS_LAZYTIME, NULL) = 0 [pid 5932] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0611) = 4 [pid 5932] write(4, "\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 9216) = 9216 [pid 5932] exit_group(0) = ? [pid 5932] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5932, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=19 /* 0.19 s */} --- umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558e4a16f0 /* 4 entries */, 32768) = 112 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 127.425532][ T37] audit: type=1800 audit(1754834571.108:22): pid=5932 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor167" name="file2" dev="loop0" ino=16979 res=0 errno=0 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558e4a9730 /* 5 entries */, 32768) = 144 umount2("./20/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file0/lost+found", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./20/file0/lost+found") = 0 umount2("./20/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file0/file0", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./20/file0/file0") = 0 umount2("./20/file0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file0/file2", {st_mode=S_IFREG|0600, st_size=9216, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/file0/file2") = 0 getdents64(4, 0x55558e4a9730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = -1 EBUSY (Device or resource busy) umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./20/file0") = 0 umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 getdents64(3, 0x55558e4a16f0 /* 0 entries */, 32768) = 0 close(3) = 0 [ 127.891936][ T5849] ocfs2: Unmounting device (7,0) on (node local) rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5936 attached , child_tidptr=0x55558e4a0650) = 5936 [pid 5936] set_robust_list(0x55558e4a0660, 24) = 0 [pid 5936] chdir("./21") = 0 [pid 5936] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5936] setpgid(0, 0) = 0 [pid 5936] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5936] write(3, "1000", 4) = 4 [pid 5936] close(3) = 0 [pid 5936] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5936] write(1, "executing program\n", 18executing program ) = 18 [pid 5936] memfd_create("syzkaller", 0) = 3 [pid 5936] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd88f5e3000 [pid 5936] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5936] munmap(0x7fd88f5e3000, 138412032) = 0 [pid 5936] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5936] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5936] close(3) = 0 [pid 5936] close(4) = 0 [pid 5936] mkdir("./file0", 0777) = 0 [ 128.458169][ T5936] loop0: detected capacity change from 0 to 32768 [ 128.491932][ T5936] (syz-executor167,5936,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 128.492425][ T5936] (syz-executor167,5936,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 128.536004][ T5936] JBD2: Ignoring recovery information on journal [pid 5936] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5936] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5936] chdir("./file0") = 0 [pid 5936] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5936] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 5936] mount("./file0", "./file0", NULL, MS_RDONLY|MS_NOEXEC|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_REC|MS_UNBINDABLE|MS_SHARED|MS_LAZYTIME, NULL) = 0 [pid 5936] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0611) = 4 [ 128.596532][ T5936] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5936] write(4, "\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 9216) = 9216 [pid 5936] exit_group(0) = ? [pid 5936] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5936, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=22 /* 0.22 s */} --- umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 128.650530][ T37] audit: type=1800 audit(1754834572.328:23): pid=5936 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor167" name="file2" dev="loop0" ino=16979 res=0 errno=0 openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558e4a16f0 /* 4 entries */, 32768) = 112 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558e4a9730 /* 5 entries */, 32768) = 144 umount2("./21/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file0/lost+found", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./21/file0/lost+found") = 0 umount2("./21/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file0/file0", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./21/file0/file0") = 0 umount2("./21/file0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file0/file2", {st_mode=S_IFREG|0600, st_size=9216, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/file0/file2") = 0 getdents64(4, 0x55558e4a9730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = -1 EBUSY (Device or resource busy) umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./21/file0") = 0 umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 129.239485][ T5849] ocfs2: Unmounting device (7,0) on (node local) unlink("./21/binderfs") = 0 getdents64(3, 0x55558e4a16f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5941 attached , child_tidptr=0x55558e4a0650) = 5941 [pid 5941] set_robust_list(0x55558e4a0660, 24) = 0 [pid 5941] chdir("./22") = 0 [pid 5941] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5941] setpgid(0, 0) = 0 [pid 5941] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5941] write(3, "1000", 4) = 4 [pid 5941] close(3) = 0 [pid 5941] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5941] write(1, "executing program\n", 18) = 18 [pid 5941] memfd_create("syzkaller", 0) = 3 [pid 5941] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd88f5e3000 [pid 5941] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5941] munmap(0x7fd88f5e3000, 138412032) = 0 [pid 5941] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5941] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5941] close(3) = 0 [pid 5941] close(4) = 0 [pid 5941] mkdir("./file0", 0777) = 0 [ 129.815241][ T5941] loop0: detected capacity change from 0 to 32768 [ 129.840663][ T5941] (syz-executor167,5941,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 129.841055][ T5941] (syz-executor167,5941,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 129.864383][ T5941] JBD2: Ignoring recovery information on journal [pid 5941] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5941] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5941] chdir("./file0") = 0 [pid 5941] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5941] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 5941] mount("./file0", "./file0", NULL, MS_RDONLY|MS_NOEXEC|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_REC|MS_UNBINDABLE|MS_SHARED|MS_LAZYTIME, NULL) = 0 [pid 5941] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0611) = 4 [ 129.907245][ T5941] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5941] write(4, "\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 9216) = 9216 [pid 5941] exit_group(0) = ? [pid 5941] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5941, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 129.970910][ T37] audit: type=1800 audit(1754834573.648:24): pid=5941 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor167" name="file2" dev="loop0" ino=16979 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558e4a16f0 /* 4 entries */, 32768) = 112 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558e4a9730 /* 5 entries */, 32768) = 144 umount2("./22/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file0/lost+found", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./22/file0/lost+found") = 0 umount2("./22/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file0/file0", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./22/file0/file0") = 0 umount2("./22/file0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file0/file2", {st_mode=S_IFREG|0600, st_size=9216, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/file0/file2") = 0 getdents64(4, 0x55558e4a9730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = -1 EBUSY (Device or resource busy) umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./22/file0") = 0 umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 [ 130.541229][ T5849] ocfs2: Unmounting device (7,0) on (node local) getdents64(3, 0x55558e4a16f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5949 attached , child_tidptr=0x55558e4a0650) = 5949 [pid 5949] set_robust_list(0x55558e4a0660, 24) = 0 [pid 5949] chdir("./23") = 0 [pid 5949] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5949] setpgid(0, 0) = 0 [pid 5949] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5949] write(3, "1000", 4) = 4 [pid 5949] close(3) = 0 [pid 5949] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5949] write(1, "executing program\n", 18executing program ) = 18 [pid 5949] memfd_create("syzkaller", 0) = 3 [pid 5949] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd88f5e3000 [pid 5949] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5949] munmap(0x7fd88f5e3000, 138412032) = 0 [pid 5949] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5949] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5949] close(3) = 0 [pid 5949] close(4) = 0 [pid 5949] mkdir("./file0", 0777) = 0 [ 131.092622][ T5949] loop0: detected capacity change from 0 to 32768 [ 131.111078][ T5949] (syz-executor167,5949,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 131.111772][ T5949] (syz-executor167,5949,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [pid 5949] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [ 131.121985][ T5949] JBD2: Ignoring recovery information on journal [pid 5949] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5949] chdir("./file0") = 0 [pid 5949] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5949] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 131.164101][ T5949] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5949] mount("./file0", "./file0", NULL, MS_RDONLY|MS_NOEXEC|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_REC|MS_UNBINDABLE|MS_SHARED|MS_LAZYTIME, NULL) = 0 [pid 5949] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0611) = 4 [pid 5949] write(4, "\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 9216) = 9216 [pid 5949] exit_group(0) = ? [pid 5949] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5949, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=24 /* 0.24 s */} --- umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 131.238599][ T37] audit: type=1800 audit(1754834574.918:25): pid=5949 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor167" name="file2" dev="loop0" ino=16979 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558e4a16f0 /* 4 entries */, 32768) = 112 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558e4a9730 /* 5 entries */, 32768) = 144 umount2("./23/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file0/lost+found", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./23/file0/lost+found") = 0 umount2("./23/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file0/file0", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./23/file0/file0") = 0 umount2("./23/file0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file0/file2", {st_mode=S_IFREG|0600, st_size=9216, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/file0/file2") = 0 getdents64(4, 0x55558e4a9730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = -1 EBUSY (Device or resource busy) umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./23/file0") = 0 umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 getdents64(3, 0x55558e4a16f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 131.788467][ T5849] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5953 attached , child_tidptr=0x55558e4a0650) = 5953 [pid 5953] set_robust_list(0x55558e4a0660, 24) = 0 [pid 5953] chdir("./24") = 0 [pid 5953] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5953] setpgid(0, 0) = 0 [pid 5953] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5953] write(3, "1000", 4) = 4 [pid 5953] close(3) = 0 [pid 5953] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5953] write(1, "executing program\n", 18executing program ) = 18 [pid 5953] memfd_create("syzkaller", 0) = 3 [pid 5953] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd88f5e3000 [pid 5953] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5953] munmap(0x7fd88f5e3000, 138412032) = 0 [pid 5953] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5953] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5953] close(3) = 0 [pid 5953] close(4) = 0 [pid 5953] mkdir("./file0", 0777) = 0 [ 132.267108][ T5953] loop0: detected capacity change from 0 to 32768 [ 132.296889][ T5953] (syz-executor167,5953,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [pid 5953] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [ 132.297731][ T5953] (syz-executor167,5953,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 132.333199][ T5953] JBD2: Ignoring recovery information on journal [pid 5953] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5953] chdir("./file0") = 0 [pid 5953] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5953] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 5953] mount("./file0", "./file0", NULL, MS_RDONLY|MS_NOEXEC|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_REC|MS_UNBINDABLE|MS_SHARED|MS_LAZYTIME, NULL) = 0 [pid 5953] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0611) = 4 [pid 5953] write(4, "\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 9216) = 9216 [pid 5953] exit_group(0) = ? [ 132.385551][ T5953] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5953] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5953, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 132.422839][ T37] audit: type=1800 audit(1754834576.098:26): pid=5953 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor167" name="file2" dev="loop0" ino=16979 res=0 errno=0 getdents64(3, 0x55558e4a16f0 /* 4 entries */, 32768) = 112 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558e4a9730 /* 5 entries */, 32768) = 144 umount2("./24/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file0/lost+found", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./24/file0/lost+found") = 0 umount2("./24/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file0/file0", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./24/file0/file0") = 0 umount2("./24/file0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file0/file2", {st_mode=S_IFREG|0600, st_size=9216, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/file0/file2") = 0 getdents64(4, 0x55558e4a9730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = -1 EBUSY (Device or resource busy) umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./24/file0") = 0 umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 getdents64(3, 0x55558e4a16f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 [ 133.025646][ T5849] ocfs2: Unmounting device (7,0) on (node local) openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5957 attached , child_tidptr=0x55558e4a0650) = 5957 [pid 5957] set_robust_list(0x55558e4a0660, 24) = 0 [pid 5957] chdir("./25") = 0 [pid 5957] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5957] setpgid(0, 0) = 0 [pid 5957] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5957] write(3, "1000", 4) = 4 [pid 5957] close(3) = 0 [pid 5957] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5957] write(1, "executing program\n", 18) = 18 [pid 5957] memfd_create("syzkaller", 0) = 3 [pid 5957] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd88f5e3000 [pid 5957] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5957] munmap(0x7fd88f5e3000, 138412032) = 0 [pid 5957] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5957] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5957] close(3) = 0 [pid 5957] close(4) = 0 [pid 5957] mkdir("./file0", 0777) = 0 [ 133.532568][ T5957] loop0: detected capacity change from 0 to 32768 [ 133.569739][ T5957] (syz-executor167,5957,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 133.570545][ T5957] (syz-executor167,5957,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 133.581700][ T5957] JBD2: Ignoring recovery information on journal [pid 5957] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5957] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5957] chdir("./file0") = 0 [pid 5957] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5957] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 5957] mount("./file0", "./file0", NULL, MS_RDONLY|MS_NOEXEC|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_REC|MS_UNBINDABLE|MS_SHARED|MS_LAZYTIME, NULL) = 0 [ 133.631981][ T5957] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5957] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0611) = 4 [pid 5957] write(4, "\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 9216) = 9216 [pid 5957] exit_group(0) = ? [pid 5957] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5957, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=21 /* 0.21 s */} --- umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 133.695253][ T37] audit: type=1800 audit(1754834577.378:27): pid=5957 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor167" name="file2" dev="loop0" ino=16979 res=0 errno=0 getdents64(3, 0x55558e4a16f0 /* 4 entries */, 32768) = 112 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558e4a9730 /* 5 entries */, 32768) = 144 umount2("./25/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file0/lost+found", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./25/file0/lost+found") = 0 umount2("./25/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file0/file0", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./25/file0/file0") = 0 umount2("./25/file0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file0/file2", {st_mode=S_IFREG|0600, st_size=9216, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/file0/file2") = 0 getdents64(4, 0x55558e4a9730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = -1 EBUSY (Device or resource busy) umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./25/file0") = 0 umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 getdents64(3, 0x55558e4a16f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 134.217561][ T5849] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5961 attached , child_tidptr=0x55558e4a0650) = 5961 [pid 5961] set_robust_list(0x55558e4a0660, 24) = 0 [pid 5961] chdir("./26") = 0 [pid 5961] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5961] setpgid(0, 0) = 0 [pid 5961] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5961] write(3, "1000", 4) = 4 [pid 5961] close(3) = 0 [pid 5961] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5961] write(1, "executing program\n", 18executing program ) = 18 [pid 5961] memfd_create("syzkaller", 0) = 3 [pid 5961] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd88f5e3000 [pid 5961] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5961] munmap(0x7fd88f5e3000, 138412032) = 0 [pid 5961] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5961] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5961] close(3) = 0 [pid 5961] close(4) = 0 [pid 5961] mkdir("./file0", 0777) = 0 [ 134.690271][ T5961] loop0: detected capacity change from 0 to 32768 [ 134.724312][ T5961] (syz-executor167,5961,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 134.724652][ T5961] (syz-executor167,5961,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 134.741178][ T5961] JBD2: Ignoring recovery information on journal [pid 5961] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5961] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5961] chdir("./file0") = 0 [pid 5961] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5961] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 5961] mount("./file0", "./file0", NULL, MS_RDONLY|MS_NOEXEC|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_REC|MS_UNBINDABLE|MS_SHARED|MS_LAZYTIME, NULL) = 0 [pid 5961] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0611) = 4 [ 134.808417][ T5961] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5961] write(4, "\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 9216) = 9216 [pid 5961] exit_group(0) = ? [pid 5961] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5961, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 134.847265][ T37] audit: type=1800 audit(1754834578.528:28): pid=5961 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor167" name="file2" dev="loop0" ino=16979 res=0 errno=0 openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558e4a16f0 /* 4 entries */, 32768) = 112 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558e4a9730 /* 5 entries */, 32768) = 144 umount2("./26/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file0/lost+found", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./26/file0/lost+found") = 0 umount2("./26/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file0/file0", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./26/file0/file0") = 0 umount2("./26/file0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file0/file2", {st_mode=S_IFREG|0600, st_size=9216, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/file0/file2") = 0 getdents64(4, 0x55558e4a9730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = -1 EBUSY (Device or resource busy) umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./26/file0") = 0 umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 [ 135.475186][ T5849] ocfs2: Unmounting device (7,0) on (node local) getdents64(3, 0x55558e4a16f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5965 attached , child_tidptr=0x55558e4a0650) = 5965 [pid 5965] set_robust_list(0x55558e4a0660, 24) = 0 [pid 5965] chdir("./27") = 0 [pid 5965] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5965] setpgid(0, 0) = 0 [pid 5965] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5965] write(3, "1000", 4) = 4 [pid 5965] close(3) = 0 [pid 5965] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5965] write(1, "executing program\n", 18executing program ) = 18 [pid 5965] memfd_create("syzkaller", 0) = 3 [pid 5965] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd88f5e3000 [pid 5965] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5965] munmap(0x7fd88f5e3000, 138412032) = 0 [pid 5965] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5965] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5965] close(3) = 0 [pid 5965] close(4) = 0 [pid 5965] mkdir("./file0", 0777) = 0 [ 135.994282][ T5965] loop0: detected capacity change from 0 to 32768 [ 136.024825][ T5965] (syz-executor167,5965,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [pid 5965] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5965] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5965] chdir("./file0") = 0 [pid 5965] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 136.025521][ T5965] (syz-executor167,5965,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 136.045766][ T5965] JBD2: Ignoring recovery information on journal [ 136.085959][ T5965] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5965] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 5965] mount("./file0", "./file0", NULL, MS_RDONLY|MS_NOEXEC|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_REC|MS_UNBINDABLE|MS_SHARED|MS_LAZYTIME, NULL) = 0 [pid 5965] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0611) = 4 [pid 5965] write(4, "\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 9216) = 9216 [pid 5965] exit_group(0) = ? [pid 5965] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5965, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=19 /* 0.19 s */} --- umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 136.157913][ T37] audit: type=1800 audit(1754834579.838:29): pid=5965 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor167" name="file2" dev="loop0" ino=16979 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558e4a16f0 /* 4 entries */, 32768) = 112 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558e4a9730 /* 5 entries */, 32768) = 144 umount2("./27/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file0/lost+found", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./27/file0/lost+found") = 0 umount2("./27/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file0/file0", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./27/file0/file0") = 0 umount2("./27/file0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file0/file2", {st_mode=S_IFREG|0600, st_size=9216, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/file0/file2") = 0 getdents64(4, 0x55558e4a9730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = -1 EBUSY (Device or resource busy) umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./27/file0") = 0 umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 [ 136.720625][ T5849] ocfs2: Unmounting device (7,0) on (node local) getdents64(3, 0x55558e4a16f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5969 attached , child_tidptr=0x55558e4a0650) = 5969 [pid 5969] set_robust_list(0x55558e4a0660, 24) = 0 [pid 5969] chdir("./28") = 0 [pid 5969] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5969] setpgid(0, 0) = 0 [pid 5969] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5969] write(3, "1000", 4) = 4 [pid 5969] close(3) = 0 [pid 5969] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5969] write(1, "executing program\n", 18) = 18 [pid 5969] memfd_create("syzkaller", 0) = 3 [pid 5969] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd88f5e3000 [pid 5969] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5969] munmap(0x7fd88f5e3000, 138412032) = 0 [pid 5969] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5969] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5969] close(3) = 0 [pid 5969] close(4) = 0 [pid 5969] mkdir("./file0", 0777) = 0 [ 137.271814][ T5969] loop0: detected capacity change from 0 to 32768 [ 137.305612][ T5969] (syz-executor167,5969,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 137.306882][ T5969] (syz-executor167,5969,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 137.322520][ T5969] JBD2: Ignoring recovery information on journal [pid 5969] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5969] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5969] chdir("./file0") = 0 [pid 5969] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5969] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 5969] mount("./file0", "./file0", NULL, MS_RDONLY|MS_NOEXEC|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_REC|MS_UNBINDABLE|MS_SHARED|MS_LAZYTIME, NULL) = 0 [ 137.374280][ T5969] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5969] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0611) = 4 [pid 5969] write(4, "\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 9216) = 9216 [pid 5969] exit_group(0) = ? [pid 5969] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5969, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 137.439325][ T37] audit: type=1800 audit(1754834581.118:30): pid=5969 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor167" name="file2" dev="loop0" ino=16979 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558e4a16f0 /* 4 entries */, 32768) = 112 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./28/file0", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558e4a9730 /* 5 entries */, 32768) = 144 umount2("./28/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file0/lost+found", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./28/file0/lost+found") = 0 umount2("./28/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file0/file0", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./28/file0/file0") = 0 umount2("./28/file0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file0/file2", {st_mode=S_IFREG|0600, st_size=9216, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/file0/file2") = 0 getdents64(4, 0x55558e4a9730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = -1 EBUSY (Device or resource busy) umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./28/file0") = 0 umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 137.978142][ T5849] ocfs2: Unmounting device (7,0) on (node local) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 getdents64(3, 0x55558e4a16f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5973 attached , child_tidptr=0x55558e4a0650) = 5973 [pid 5973] set_robust_list(0x55558e4a0660, 24) = 0 [pid 5973] chdir("./29") = 0 [pid 5973] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5973] setpgid(0, 0) = 0 [pid 5973] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5973] write(3, "1000", 4) = 4 [pid 5973] close(3) = 0 [pid 5973] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5973] write(1, "executing program\n", 18) = 18 [pid 5973] memfd_create("syzkaller", 0) = 3 [pid 5973] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd88f5e3000 [pid 5973] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5973] munmap(0x7fd88f5e3000, 138412032) = 0 [pid 5973] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5973] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5973] close(3) = 0 [pid 5973] close(4) = 0 [pid 5973] mkdir("./file0", 0777) = 0 [ 138.539680][ T5973] loop0: detected capacity change from 0 to 32768 [ 138.571240][ T5973] (syz-executor167,5973,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [pid 5973] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5973] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5973] chdir("./file0") = 0 [ 138.571690][ T5973] (syz-executor167,5973,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 138.605294][ T5973] JBD2: Ignoring recovery information on journal [pid 5973] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5973] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 5973] mount("./file0", "./file0", NULL, MS_RDONLY|MS_NOEXEC|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_REC|MS_UNBINDABLE|MS_SHARED|MS_LAZYTIME, NULL) = 0 [pid 5973] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0611) = 4 [ 138.663729][ T5973] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5973] write(4, "\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 9216) = 9216 [pid 5973] exit_group(0) = ? [pid 5973] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5973, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 138.701384][ T37] audit: type=1800 audit(1754834582.378:31): pid=5973 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor167" name="file2" dev="loop0" ino=16979 res=0 errno=0 umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558e4a16f0 /* 4 entries */, 32768) = 112 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./29/file0", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558e4a9730 /* 5 entries */, 32768) = 144 umount2("./29/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file0/lost+found", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./29/file0/lost+found") = 0 umount2("./29/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file0/file0", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./29/file0/file0") = 0 umount2("./29/file0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file0/file2", {st_mode=S_IFREG|0600, st_size=9216, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/file0/file2") = 0 getdents64(4, 0x55558e4a9730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = -1 EBUSY (Device or resource busy) umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./29/file0") = 0 umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 getdents64(3, 0x55558e4a16f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 139.301497][ T5849] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5977 attached , child_tidptr=0x55558e4a0650) = 5977 [pid 5977] set_robust_list(0x55558e4a0660, 24) = 0 [pid 5977] chdir("./30") = 0 [pid 5977] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5977] setpgid(0, 0) = 0 [pid 5977] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5977] write(3, "1000", 4) = 4 [pid 5977] close(3) = 0 [pid 5977] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5977] write(1, "executing program\n", 18executing program ) = 18 [pid 5977] memfd_create("syzkaller", 0) = 3 [pid 5977] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd88f5e3000 [pid 5977] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5977] munmap(0x7fd88f5e3000, 138412032) = 0 [pid 5977] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5977] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5977] close(3) = 0 [pid 5977] close(4) = 0 [pid 5977] mkdir("./file0", 0777) = 0 [ 139.733533][ T5977] loop0: detected capacity change from 0 to 32768 [ 139.756839][ T5977] (syz-executor167,5977,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 139.757234][ T5977] (syz-executor167,5977,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 139.790614][ T5977] JBD2: Ignoring recovery information on journal [pid 5977] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5977] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5977] chdir("./file0") = 0 [pid 5977] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5977] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 5977] mount("./file0", "./file0", NULL, MS_RDONLY|MS_NOEXEC|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_REC|MS_UNBINDABLE|MS_SHARED|MS_LAZYTIME, NULL) = 0 [pid 5977] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0611) = 4 [pid 5977] write(4, "\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 9216) = 9216 [ 139.841171][ T5977] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5977] exit_group(0) = ? [pid 5977] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5977, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558e4a16f0 /* 4 entries */, 32768) = 112 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./30/file0", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558e4a9730 /* 5 entries */, 32768) = 144 umount2("./30/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file0/lost+found", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./30/file0/lost+found") = 0 [ 139.884463][ T37] audit: type=1800 audit(1754834583.568:32): pid=5977 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor167" name="file2" dev="loop0" ino=16979 res=0 errno=0 umount2("./30/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file0/file0", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./30/file0/file0") = 0 umount2("./30/file0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file0/file2", {st_mode=S_IFREG|0600, st_size=9216, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/file0/file2") = 0 getdents64(4, 0x55558e4a9730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = -1 EBUSY (Device or resource busy) umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./30/file0") = 0 umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 getdents64(3, 0x55558e4a16f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 140.242060][ T5849] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5981 attached , child_tidptr=0x55558e4a0650) = 5981 [pid 5981] set_robust_list(0x55558e4a0660, 24) = 0 [pid 5981] chdir("./31") = 0 [pid 5981] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5981] setpgid(0, 0) = 0 [pid 5981] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5981] write(3, "1000", 4) = 4 [pid 5981] close(3) = 0 [pid 5981] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5981] write(1, "executing program\n", 18) = 18 [pid 5981] memfd_create("syzkaller", 0) = 3 [pid 5981] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd88f5e3000 [pid 5981] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5981] munmap(0x7fd88f5e3000, 138412032) = 0 [pid 5981] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5981] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5981] close(3) = 0 [pid 5981] close(4) = 0 [pid 5981] mkdir("./file0", 0777) = 0 [ 140.730785][ T5981] loop0: detected capacity change from 0 to 32768 [ 140.758462][ T5981] (syz-executor167,5981,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 140.758813][ T5981] (syz-executor167,5981,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 140.784461][ T5981] JBD2: Ignoring recovery information on journal [pid 5981] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5981] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5981] chdir("./file0") = 0 [pid 5981] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5981] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 5981] mount("./file0", "./file0", NULL, MS_RDONLY|MS_NOEXEC|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_REC|MS_UNBINDABLE|MS_SHARED|MS_LAZYTIME, NULL) = 0 [pid 5981] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0611) = 4 [ 140.824729][ T5981] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5981] write(4, "\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 9216) = 9216 [pid 5981] exit_group(0) = ? [pid 5981] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5981, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=23 /* 0.23 s */} --- umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 140.890115][ T37] audit: type=1800 audit(1754834584.568:33): pid=5981 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor167" name="file2" dev="loop0" ino=16979 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558e4a16f0 /* 4 entries */, 32768) = 112 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./31/file0", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558e4a9730 /* 5 entries */, 32768) = 144 umount2("./31/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file0/lost+found", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./31/file0/lost+found") = 0 umount2("./31/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./31/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file0/file0", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./31/file0/file0") = 0 umount2("./31/file0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file0/file2", {st_mode=S_IFREG|0600, st_size=9216, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/file0/file2") = 0 getdents64(4, 0x55558e4a9730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = -1 EBUSY (Device or resource busy) umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./31/file0") = 0 umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 getdents64(3, 0x55558e4a16f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 141.523124][ T5849] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5985 attached , child_tidptr=0x55558e4a0650) = 5985 [pid 5985] set_robust_list(0x55558e4a0660, 24) = 0 [pid 5985] chdir("./32") = 0 [pid 5985] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5985] setpgid(0, 0) = 0 [pid 5985] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5985] write(3, "1000", 4) = 4 [pid 5985] close(3) = 0 [pid 5985] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5985] write(1, "executing program\n", 18) = 18 [pid 5985] memfd_create("syzkaller", 0) = 3 [pid 5985] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd88f5e3000 [pid 5985] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5985] munmap(0x7fd88f5e3000, 138412032) = 0 [pid 5985] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5985] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5985] close(3) = 0 [pid 5985] close(4) = 0 [pid 5985] mkdir("./file0", 0777) = 0 [ 142.029364][ T5985] loop0: detected capacity change from 0 to 32768 [ 142.058569][ T5985] (syz-executor167,5985,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 142.058851][ T5985] (syz-executor167,5985,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 142.099280][ T5985] JBD2: Ignoring recovery information on journal [pid 5985] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5985] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5985] chdir("./file0") = 0 [pid 5985] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5985] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 142.152524][ T5985] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5985] mount("./file0", "./file0", NULL, MS_RDONLY|MS_NOEXEC|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_REC|MS_UNBINDABLE|MS_SHARED|MS_LAZYTIME, NULL) = 0 [pid 5985] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0611) = 4 [pid 5985] write(4, "\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 9216) = 9216 [pid 5985] exit_group(0) = ? [pid 5985] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5985, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=22 /* 0.22 s */} --- [ 142.221545][ T37] audit: type=1800 audit(1754834585.898:34): pid=5985 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor167" name="file2" dev="loop0" ino=16979 res=0 errno=0 umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558e4a16f0 /* 4 entries */, 32768) = 112 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./32/file0", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558e4a9730 /* 5 entries */, 32768) = 144 umount2("./32/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file0/lost+found", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./32/file0/lost+found") = 0 umount2("./32/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./32/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file0/file0", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./32/file0/file0") = 0 umount2("./32/file0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file0/file2", {st_mode=S_IFREG|0600, st_size=9216, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/file0/file2") = 0 getdents64(4, 0x55558e4a9730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = -1 EBUSY (Device or resource busy) umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./32/file0") = 0 umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 getdents64(3, 0x55558e4a16f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 142.859319][ T5849] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5989 attached , child_tidptr=0x55558e4a0650) = 5989 [pid 5989] set_robust_list(0x55558e4a0660, 24) = 0 [pid 5989] chdir("./33") = 0 [pid 5989] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5989] setpgid(0, 0) = 0 [pid 5989] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5989] write(3, "1000", 4) = 4 [pid 5989] close(3) = 0 [pid 5989] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5989] write(1, "executing program\n", 18executing program ) = 18 [pid 5989] memfd_create("syzkaller", 0) = 3 [pid 5989] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd88f5e3000 [pid 5989] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5989] munmap(0x7fd88f5e3000, 138412032) = 0 [pid 5989] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5989] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5989] close(3) = 0 [pid 5989] close(4) = 0 [pid 5989] mkdir("./file0", 0777) = 0 [ 143.355013][ T5989] loop0: detected capacity change from 0 to 32768 [ 143.376432][ T5989] (syz-executor167,5989,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 143.376828][ T5989] (syz-executor167,5989,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 143.402431][ T5989] JBD2: Ignoring recovery information on journal [pid 5989] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5989] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5989] chdir("./file0") = 0 [pid 5989] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5989] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 5989] mount("./file0", "./file0", NULL, MS_RDONLY|MS_NOEXEC|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_REC|MS_UNBINDABLE|MS_SHARED|MS_LAZYTIME, NULL) = 0 [pid 5989] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0611) = 4 [ 143.450736][ T5989] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5989] write(4, "\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 9216) = 9216 [pid 5989] exit_group(0) = ? [pid 5989] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5989, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 143.497580][ T37] audit: type=1800 audit(1754834587.178:35): pid=5989 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor167" name="file2" dev="loop0" ino=16979 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558e4a16f0 /* 4 entries */, 32768) = 112 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./33/file0", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558e4a9730 /* 5 entries */, 32768) = 144 umount2("./33/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file0/lost+found", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file0/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./33/file0/lost+found") = 0 umount2("./33/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./33/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file0/file0", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./33/file0/file0") = 0 umount2("./33/file0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file0/file2", {st_mode=S_IFREG|0600, st_size=9216, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/file0/file2") = 0 getdents64(4, 0x55558e4a9730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file0") = -1 EBUSY (Device or resource busy) umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./33/file0") = 0 umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 getdents64(3, 0x55558e4a16f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 144.009596][ T5849] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5993 attached , child_tidptr=0x55558e4a0650) = 5993 [pid 5993] set_robust_list(0x55558e4a0660, 24) = 0 [pid 5993] chdir("./34") = 0 [pid 5993] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5993] setpgid(0, 0) = 0 [pid 5993] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5993] write(3, "1000", 4) = 4 [pid 5993] close(3) = 0 [pid 5993] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5993] write(1, "executing program\n", 18) = 18 [pid 5993] memfd_create("syzkaller", 0) = 3 [pid 5993] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd88f5e3000 [pid 5993] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5993] munmap(0x7fd88f5e3000, 138412032) = 0 [pid 5993] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5993] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5993] close(3) = 0 [pid 5993] close(4) = 0 [pid 5993] mkdir("./file0", 0777) = 0 [ 144.487621][ T5993] loop0: detected capacity change from 0 to 32768 [ 144.519615][ T5993] (syz-executor167,5993,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 144.520098][ T5993] (syz-executor167,5993,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 144.552718][ T5993] JBD2: Ignoring recovery information on journal [pid 5993] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5993] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5993] chdir("./file0") = 0 [pid 5993] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 144.600573][ T5993] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5993] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 5993] mount("./file0", "./file0", NULL, MS_RDONLY|MS_NOEXEC|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_REC|MS_UNBINDABLE|MS_SHARED|MS_LAZYTIME, NULL) = 0 [pid 5993] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0611) = 4 [pid 5993] write(4, "\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 9216) = 9216 [pid 5993] exit_group(0) = ? [pid 5993] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5993, si_uid=0, si_status=0, si_utime=0, si_stime=29 /* 0.29 s */} --- [ 144.680421][ T37] audit: type=1800 audit(1754834588.358:36): pid=5993 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor167" name="file2" dev="loop0" ino=16979 res=0 errno=0 umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558e4a16f0 /* 4 entries */, 32768) = 112 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./34/file0", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558e4a9730 /* 5 entries */, 32768) = 144 umount2("./34/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file0/lost+found", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file0/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./34/file0/lost+found") = 0 umount2("./34/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./34/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file0/file0", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./34/file0/file0") = 0 umount2("./34/file0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file0/file2", {st_mode=S_IFREG|0600, st_size=9216, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/file0/file2") = 0 getdents64(4, 0x55558e4a9730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file0") = -1 EBUSY (Device or resource busy) umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./34/file0") = 0 umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 145.269958][ T5849] ocfs2: Unmounting device (7,0) on (node local) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 getdents64(3, 0x55558e4a16f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5997 attached , child_tidptr=0x55558e4a0650) = 5997 [pid 5997] set_robust_list(0x55558e4a0660, 24) = 0 [pid 5997] chdir("./35") = 0 [pid 5997] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5997] setpgid(0, 0) = 0 [pid 5997] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5997] write(3, "1000", 4) = 4 [pid 5997] close(3) = 0 [pid 5997] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5997] write(1, "executing program\n", 18) = 18 [pid 5997] memfd_create("syzkaller", 0) = 3 [pid 5997] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd88f5e3000 [pid 5997] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5997] munmap(0x7fd88f5e3000, 138412032) = 0 [pid 5997] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5997] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5997] close(3) = 0 [pid 5997] close(4) = 0 [pid 5997] mkdir("./file0", 0777) = 0 [ 145.828283][ T5997] loop0: detected capacity change from 0 to 32768 [ 145.880722][ T5997] (syz-executor167,5997,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 145.881114][ T5997] (syz-executor167,5997,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 145.916389][ T5997] JBD2: Ignoring recovery information on journal [pid 5997] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5997] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5997] chdir("./file0") = 0 [pid 5997] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5997] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 145.945578][ T5997] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5997] mount("./file0", "./file0", NULL, MS_RDONLY|MS_NOEXEC|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_REC|MS_UNBINDABLE|MS_SHARED|MS_LAZYTIME, NULL) = 0 [pid 5997] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0611) = 4 [pid 5997] write(4, "\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 9216) = 9216 [pid 5997] exit_group(0) = ? [pid 5997] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5997, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558e4a16f0 /* 4 entries */, 32768) = 112 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./35/file0", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558e4a9730 /* 5 entries */, 32768) = 144 umount2("./35/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file0/lost+found", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file0/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./35/file0/lost+found") = 0 [ 146.015381][ T37] audit: type=1800 audit(1754834589.698:37): pid=5997 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor167" name="file2" dev="loop0" ino=16979 res=0 errno=0 umount2("./35/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./35/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file0/file0", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./35/file0/file0") = 0 umount2("./35/file0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file0/file2", {st_mode=S_IFREG|0600, st_size=9216, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/file0/file2") = 0 getdents64(4, 0x55558e4a9730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file0") = -1 EBUSY (Device or resource busy) umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./35/file0") = 0 umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 getdents64(3, 0x55558e4a16f0 /* 0 entries */, 32768) = 0 [ 146.371072][ T5849] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6001 attached , child_tidptr=0x55558e4a0650) = 6001 [pid 6001] set_robust_list(0x55558e4a0660, 24) = 0 [pid 6001] chdir("./36") = 0 [pid 6001] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6001] setpgid(0, 0) = 0 [pid 6001] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6001] write(3, "1000", 4) = 4 [pid 6001] close(3) = 0 [pid 6001] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6001] write(1, "executing program\n", 18) = 18 [pid 6001] memfd_create("syzkaller", 0) = 3 [pid 6001] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd88f5e3000 [pid 6001] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 6001] munmap(0x7fd88f5e3000, 138412032) = 0 [pid 6001] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6001] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6001] close(3) = 0 [pid 6001] close(4) = 0 [pid 6001] mkdir("./file0", 0777) = 0 [ 146.909042][ T6001] loop0: detected capacity change from 0 to 32768 [ 146.955316][ T6001] (syz-executor167,6001,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 146.955562][ T6001] (syz-executor167,6001,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 146.988723][ T6001] JBD2: Ignoring recovery information on journal [pid 6001] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 6001] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6001] chdir("./file0") = 0 [pid 6001] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6001] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 6001] mount("./file0", "./file0", NULL, MS_RDONLY|MS_NOEXEC|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_REC|MS_UNBINDABLE|MS_SHARED|MS_LAZYTIME, NULL) = 0 [pid 6001] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0611) = 4 [ 147.030983][ T6001] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 6001] write(4, "\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 9216) = 9216 [pid 6001] exit_group(0) = ? [pid 6001] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6001, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 147.069264][ T37] audit: type=1800 audit(1754834590.748:38): pid=6001 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor167" name="file2" dev="loop0" ino=16979 res=0 errno=0 openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558e4a16f0 /* 4 entries */, 32768) = 112 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./36/file0", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558e4a9730 /* 5 entries */, 32768) = 144 umount2("./36/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file0/lost+found", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file0/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./36/file0/lost+found") = 0 umount2("./36/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./36/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file0/file0", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./36/file0/file0") = 0 umount2("./36/file0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file0/file2", {st_mode=S_IFREG|0600, st_size=9216, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/file0/file2") = 0 getdents64(4, 0x55558e4a9730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file0") = -1 EBUSY (Device or resource busy) umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./36/file0") = 0 umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 getdents64(3, 0x55558e4a16f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 [ 147.672169][ T5849] ocfs2: Unmounting device (7,0) on (node local) mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6005 attached , child_tidptr=0x55558e4a0650) = 6005 [pid 6005] set_robust_list(0x55558e4a0660, 24) = 0 [pid 6005] chdir("./37") = 0 [pid 6005] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6005] setpgid(0, 0) = 0 [pid 6005] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6005] write(3, "1000", 4) = 4 [pid 6005] close(3) = 0 [pid 6005] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6005] write(1, "executing program\n", 18) = 18 [pid 6005] memfd_create("syzkaller", 0) = 3 [pid 6005] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd88f5e3000 [pid 6005] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 6005] munmap(0x7fd88f5e3000, 138412032) = 0 [pid 6005] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6005] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6005] close(3) = 0 [pid 6005] close(4) = 0 [pid 6005] mkdir("./file0", 0777) = 0 [ 148.135652][ T6005] loop0: detected capacity change from 0 to 32768 [ 148.169378][ T6005] (syz-executor167,6005,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 148.169826][ T6005] (syz-executor167,6005,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 148.214667][ T6005] JBD2: Ignoring recovery information on journal [pid 6005] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 6005] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6005] chdir("./file0") = 0 [pid 6005] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6005] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 6005] mount("./file0", "./file0", NULL, MS_RDONLY|MS_NOEXEC|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_REC|MS_UNBINDABLE|MS_SHARED|MS_LAZYTIME, NULL) = 0 [pid 6005] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0611) = 4 [pid 6005] write(4, "\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 9216) = 9216 [ 148.269966][ T6005] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 6005] exit_group(0) = ? [pid 6005] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6005, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558e4a16f0 /* 4 entries */, 32768) = 112 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) [ 148.316159][ T37] audit: type=1800 audit(1754834591.998:39): pid=6005 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor167" name="file2" dev="loop0" ino=16979 res=0 errno=0 newfstatat(AT_FDCWD, "./37/file0", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558e4a9730 /* 5 entries */, 32768) = 144 umount2("./37/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file0/lost+found", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file0/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./37/file0/lost+found") = 0 umount2("./37/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./37/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file0/file0", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./37/file0/file0") = 0 umount2("./37/file0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file0/file2", {st_mode=S_IFREG|0600, st_size=9216, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/file0/file2") = 0 getdents64(4, 0x55558e4a9730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file0") = -1 EBUSY (Device or resource busy) umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./37/file0") = 0 umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 [ 148.767756][ T5849] ocfs2: Unmounting device (7,0) on (node local) getdents64(3, 0x55558e4a16f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6009 attached , child_tidptr=0x55558e4a0650) = 6009 [pid 6009] set_robust_list(0x55558e4a0660, 24) = 0 [pid 6009] chdir("./38") = 0 [pid 6009] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6009] setpgid(0, 0) = 0 [pid 6009] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6009] write(3, "1000", 4) = 4 [pid 6009] close(3) = 0 [pid 6009] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6009] write(1, "executing program\n", 18) = 18 [pid 6009] memfd_create("syzkaller", 0) = 3 [pid 6009] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd88f5e3000 [pid 6009] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 6009] munmap(0x7fd88f5e3000, 138412032) = 0 [pid 6009] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6009] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6009] close(3) = 0 [pid 6009] close(4) = 0 [pid 6009] mkdir("./file0", 0777) = 0 [ 149.334552][ T6009] loop0: detected capacity change from 0 to 32768 [ 149.370432][ T6009] (syz-executor167,6009,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 149.370720][ T6009] (syz-executor167,6009,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 149.416347][ T6009] JBD2: Ignoring recovery information on journal [pid 6009] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 6009] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6009] chdir("./file0") = 0 [pid 6009] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6009] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 6009] mount("./file0", "./file0", NULL, MS_RDONLY|MS_NOEXEC|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_REC|MS_UNBINDABLE|MS_SHARED|MS_LAZYTIME, NULL) = 0 [ 149.456289][ T6009] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 6009] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0611) = 4 [pid 6009] write(4, "\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 9216) = 9216 [pid 6009] exit_group(0) = ? [pid 6009] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6009, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=25 /* 0.25 s */} --- [ 149.510725][ T37] audit: type=1800 audit(1754834593.188:40): pid=6009 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor167" name="file2" dev="loop0" ino=16979 res=0 errno=0 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558e4a16f0 /* 4 entries */, 32768) = 112 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./38/file0", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558e4a9730 /* 5 entries */, 32768) = 144 umount2("./38/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file0/lost+found", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file0/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./38/file0/lost+found") = 0 umount2("./38/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./38/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file0/file0", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./38/file0/file0") = 0 umount2("./38/file0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file0/file2", {st_mode=S_IFREG|0600, st_size=9216, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/file0/file2") = 0 getdents64(4, 0x55558e4a9730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file0") = -1 EBUSY (Device or resource busy) umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./38/file0") = 0 umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 getdents64(3, 0x55558e4a16f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 150.114575][ T5849] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6013 attached , child_tidptr=0x55558e4a0650) = 6013 [pid 6013] set_robust_list(0x55558e4a0660, 24) = 0 [pid 6013] chdir("./39") = 0 [pid 6013] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6013] setpgid(0, 0) = 0 [pid 6013] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6013] write(3, "1000", 4) = 4 [pid 6013] close(3) = 0 [pid 6013] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6013] write(1, "executing program\n", 18executing program ) = 18 [pid 6013] memfd_create("syzkaller", 0) = 3 [pid 6013] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd88f5e3000 [pid 6013] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 6013] munmap(0x7fd88f5e3000, 138412032) = 0 [pid 6013] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6013] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6013] close(3) = 0 [pid 6013] close(4) = 0 [pid 6013] mkdir("./file0", 0777) = 0 [ 150.520528][ T6013] loop0: detected capacity change from 0 to 32768 [ 150.553297][ T6013] (syz-executor167,6013,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 150.554303][ T6013] (syz-executor167,6013,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 150.576873][ T6013] JBD2: Ignoring recovery information on journal [pid 6013] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 6013] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6013] chdir("./file0") = 0 [pid 6013] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6013] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 6013] mount("./file0", "./file0", NULL, MS_RDONLY|MS_NOEXEC|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_REC|MS_UNBINDABLE|MS_SHARED|MS_LAZYTIME, NULL) = 0 [pid 6013] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0611) = 4 [ 150.630356][ T6013] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 6013] write(4, "\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 9216) = 9216 [pid 6013] exit_group(0) = ? [pid 6013] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6013, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=23 /* 0.23 s */} --- umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 150.681988][ T37] audit: type=1800 audit(1754834594.358:41): pid=6013 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor167" name="file2" dev="loop0" ino=16979 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558e4a16f0 /* 4 entries */, 32768) = 112 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558e4a9730 /* 5 entries */, 32768) = 144 umount2("./39/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file0/lost+found", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file0/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./39/file0/lost+found") = 0 umount2("./39/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./39/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file0/file0", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./39/file0/file0") = 0 umount2("./39/file0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file0/file2", {st_mode=S_IFREG|0600, st_size=9216, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/file0/file2") = 0 getdents64(4, 0x55558e4a9730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file0") = -1 EBUSY (Device or resource busy) umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./39/file0") = 0 umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 getdents64(3, 0x55558e4a16f0 /* 0 entries */, 32768) = 0 [ 151.266778][ T5849] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6017 attached , child_tidptr=0x55558e4a0650) = 6017 [pid 6017] set_robust_list(0x55558e4a0660, 24) = 0 [pid 6017] chdir("./40") = 0 [pid 6017] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6017] setpgid(0, 0) = 0 [pid 6017] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6017] write(3, "1000", 4) = 4 [pid 6017] close(3) = 0 [pid 6017] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6017] write(1, "executing program\n", 18executing program ) = 18 [pid 6017] memfd_create("syzkaller", 0) = 3 [pid 6017] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd88f5e3000 [pid 6017] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 6017] munmap(0x7fd88f5e3000, 138412032) = 0 [pid 6017] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6017] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6017] close(3) = 0 [pid 6017] close(4) = 0 [pid 6017] mkdir("./file0", 0777) = 0 [ 151.776906][ T6017] loop0: detected capacity change from 0 to 32768 [ 151.798680][ T6017] (syz-executor167,6017,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 151.800096][ T6017] (syz-executor167,6017,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 151.841121][ T6017] JBD2: Ignoring recovery information on journal [pid 6017] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 6017] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6017] chdir("./file0") = 0 [pid 6017] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6017] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 6017] mount("./file0", "./file0", NULL, MS_RDONLY|MS_NOEXEC|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_REC|MS_UNBINDABLE|MS_SHARED|MS_LAZYTIME, NULL) = 0 [ 151.906415][ T6017] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 6017] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0611) = 4 [pid 6017] write(4, "\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 9216) = 9216 [pid 6017] exit_group(0) = ? [pid 6017] +++ exited with 0 +++ [ 151.969664][ T37] audit: type=1800 audit(1754834595.648:42): pid=6017 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor167" name="file2" dev="loop0" ino=16979 res=0 errno=0 [ 151.994891][ T6017] [ 151.994900][ T6017] ====================================================== [ 151.994906][ T6017] WARNING: possible circular locking dependency detected --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6017, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=23 /* 0.23 s */} --- umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 151.994913][ T6017] 6.16.0-syzkaller-12288-g2b38afce25c4 #0 Tainted: G W [ 151.994921][ T6017] ------------------------------------------------------ [ 151.994925][ T6017] syz-executor167/6017 is trying to acquire lock: [ 151.994933][ T6017] ffff888042800b80 (&ocfs2_sysfile_lock_key[ORPHAN_DIR_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_del_inode_from_orphan+0x134/0x740 [ 151.994974][ T6017] [ 151.994974][ T6017] but task is already holding lock: [ 151.994978][ T6017] ffff888042853ad0 (&ocfs2_quota_ip_alloc_sem_key){++++}-{4:4}, at: ocfs2_dio_end_io+0x38b/0x1100 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558e4a16f0 /* 4 entries */, 32768) = 112 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./40/file0", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 151.995003][ T6017] [ 151.995003][ T6017] which lock already depends on the new lock. [ 151.995003][ T6017] [ 151.995007][ T6017] [ 151.995007][ T6017] the existing dependency chain (in reverse order) is: [ 151.995011][ T6017] [ 151.995011][ T6017] -> #3 (&ocfs2_quota_ip_alloc_sem_key){++++}-{4:4}: [ 151.995027][ T6017] lock_acquire+0x120/0x360 [ 151.995042][ T6017] down_write+0x3a/0x50 [ 151.995056][ T6017] ocfs2_create_local_dquot+0x19d/0x1a40 [ 151.995068][ T6017] ocfs2_acquire_dquot+0x80f/0xb30 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558e4a9730 /* 5 entries */, 32768) = 144 umount2("./40/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 151.995079][ T6017] dqget+0x7c1/0xf20 [ 151.995094][ T6017] __dquot_initialize+0x3b3/0xcb0 [ 151.995109][ T6017] ocfs2_get_init_inode+0x13b/0x1b0 [ 151.995124][ T6017] ocfs2_mknod+0x863/0x2050 [ 151.995139][ T6017] ocfs2_mkdir+0x191/0x440 [ 151.995154][ T6017] vfs_mkdir+0x306/0x510 [ 151.995167][ T6017] do_mkdirat+0x247/0x590 [ 151.995178][ T6017] __x64_sys_mkdirat+0x87/0xa0 [ 151.995190][ T6017] do_syscall_64+0xfa/0x3b0 newfstatat(AT_FDCWD, "./40/file0/lost+found", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file0/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./40/file0/lost+found") = 0 [ 151.995203][ T6017] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.995214][ T6017] [ 151.995214][ T6017] -> #2 (&dquot->dq_lock){+.+.}-{4:4}: [ 151.995229][ T6017] lock_acquire+0x120/0x360 [ 151.995242][ T6017] mutex_lock_nested+0x5a/0x1d0 [ 151.995257][ T6017] dqget+0x73a/0xf20 [ 151.995272][ T6017] __dquot_initialize+0x3b3/0xcb0 [ 151.995287][ T6017] ocfs2_get_init_inode+0x13b/0x1b0 [ 151.995302][ T6017] ocfs2_mknod+0x863/0x2050 [ 151.995317][ T6017] ocfs2_mkdir+0x191/0x440 [ 151.995332][ T6017] vfs_mkdir+0x306/0x510 [ 151.995343][ T6017] do_mkdirat+0x247/0x590 [ 151.995354][ T6017] __x64_sys_mkdirat+0x87/0xa0 [ 151.995366][ T6017] do_syscall_64+0xfa/0x3b0 [ 151.995379][ T6017] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.995389][ T6017] [ 151.995389][ T6017] -> #1 (&ocfs2_sysfile_lock_key[INODE_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}: [ 151.995405][ T6017] lock_acquire+0x120/0x360 [ 151.995418][ T6017] down_write+0x3a/0x50 [ 151.995431][ T6017] ocfs2_evict_inode+0x153d/0x40c0 umount2("./40/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./40/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file0/file0", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 151.995441][ T6017] evict+0x504/0x9c0 [ 151.995451][ T6017] vfs_rmdir+0x3ec/0x520 [ 151.995463][ T6017] do_rmdir+0x25f/0x550 [ 151.995475][ T6017] __x64_sys_rmdir+0x47/0x50 [ 151.995487][ T6017] do_syscall_64+0xfa/0x3b0 [ 151.995500][ T6017] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.995510][ T6017] [ 151.995510][ T6017] -> #0 (&ocfs2_sysfile_lock_key[ORPHAN_DIR_SYSTEM_INODE]){+.+.}-{4:4}: [ 151.995525][ T6017] validate_chain+0xb9b/0x2140 [ 151.995541][ T6017] __lock_acquire+0xab9/0xd20 umount2("./40/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./40/file0/file0") = 0 umount2("./40/file0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file0/file2", {st_mode=S_IFREG|0600, st_size=9216, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/file0/file2") = 0 getdents64(4, 0x55558e4a9730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file0") = -1 EBUSY (Device or resource busy) [ 151.995554][ T6017] lock_acquire+0x120/0x360 [ 151.995576][ T6017] down_write+0x3a/0x50 [ 151.995589][ T6017] ocfs2_del_inode_from_orphan+0x134/0x740 [ 151.995605][ T6017] ocfs2_dio_end_io+0x47b/0x1100 [ 151.995615][ T6017] dio_complete+0x25e/0x790 [ 151.995627][ T6017] __blockdev_direct_IO+0x2bc0/0x31f0 [ 151.995641][ T6017] ocfs2_direct_IO+0x260/0x2d0 [ 151.995650][ T6017] generic_file_direct_write+0x1dc/0x3e0 [ 151.995662][ T6017] __generic_file_write_iter+0x120/0x240 [ 151.995673][ T6017] ocfs2_file_write_iter+0x157d/0x1d20 [ 151.995688][ T6017] vfs_write+0x5d2/0xb40 [ 151.995700][ T6017] ksys_write+0x14b/0x260 [ 151.995712][ T6017] do_syscall_64+0xfa/0x3b0 [ 151.995725][ T6017] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.995735][ T6017] [ 151.995735][ T6017] other info that might help us debug this: [ 151.995735][ T6017] [ 151.995739][ T6017] Chain exists of: [ 151.995739][ T6017] &ocfs2_sysfile_lock_key[ORPHAN_DIR_SYSTEM_INODE] --> &dquot->dq_lock --> &ocfs2_quota_ip_alloc_sem_key umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./40/file0") = 0 umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 getdents64(3, 0x55558e4a16f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 [ 151.995739][ T6017] [ 151.995759][ T6017] Possible unsafe locking scenario: [ 151.995759][ T6017] [ 151.995762][ T6017] CPU0 CPU1 [ 151.995766][ T6017] ---- ---- [ 151.995769][ T6017] lock(&ocfs2_quota_ip_alloc_sem_key); [ 151.995778][ T6017] lock(&dquot->dq_lock); [ 151.995786][ T6017] lock(&ocfs2_quota_ip_alloc_sem_key); [ 151.995794][ T6017] lock(&ocfs2_sysfile_lock_key[ORPHAN_DIR_SYSTEM_INODE]); mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 151.995803][ T6017] [ 151.995803][ T6017] *** DEADLOCK *** [ 151.995803][ T6017] [ 151.995806][ T6017] 3 locks held by syz-executor167/6017: [ 151.995814][ T6017] #0: ffff88803585e488 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x217/0xb40 [ 151.995847][ T6017] #1: ffff888042853e80 (&sb->s_type->i_mutex_key#14){++++}-{4:4}, at: ocfs2_file_write_iter+0x42c/0x1d20 [ 151.995881][ T6017] #2: ffff888042853ad0 (&ocfs2_quota_ip_alloc_sem_key){++++}-{4:4}, at: ocfs2_dio_end_io+0x38b/0x1100 [ 151.995908][ T6017] [ 151.995908][ T6017] stack backtrace: [ 151.995917][ T6017] CPU: 0 UID: 0 PID: 6017 Comm: syz-executor167 Tainted: G W 6.16.0-syzkaller-12288-g2b38afce25c4 #0 PREEMPT_{RT,(full)} [ 151.995935][ T6017] Tainted: [W]=WARN [ 151.995939][ T6017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 151.995946][ T6017] Call Trace: [ 151.995950][ T6017] [ 151.995955][ T6017] dump_stack_lvl+0x189/0x250 [ 151.995974][ T6017] ? __pfx_dump_stack_lvl+0x10/0x10 [ 151.995990][ T6017] ? __pfx__printk+0x10/0x10 close(3) = 0 [ 151.996002][ T6017] ? print_lock_name+0xde/0x100 [ 151.996014][ T6017] print_circular_bug+0x2ee/0x310 [ 151.996026][ T6017] check_noncircular+0x134/0x160 [ 151.996044][ T6017] validate_chain+0xb9b/0x2140 [ 151.996061][ T6017] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 151.996076][ T6017] __lock_acquire+0xab9/0xd20 [ 151.996091][ T6017] ? ocfs2_del_inode_from_orphan+0x134/0x740 [ 151.996108][ T6017] lock_acquire+0x120/0x360 [ 151.996122][ T6017] ? ocfs2_del_inode_from_orphan+0x134/0x740 [ 151.996141][ T6017] down_write+0x3a/0x50 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6021 attached , child_tidptr=0x55558e4a0650) = 6021 [pid 6021] set_robust_list(0x55558e4a0660, 24) = 0 [pid 6021] chdir("./41") = 0 [pid 6021] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6021] setpgid(0, 0) = 0 [ 151.996154][ T6017] ? ocfs2_del_inode_from_orphan+0x134/0x740 [ 151.996171][ T6017] ocfs2_del_inode_from_orphan+0x134/0x740 [ 151.996188][ T6017] ? lockdep_hardirqs_on+0x9c/0x150 [ 151.996201][ T6017] ? __pfx_ocfs2_del_inode_from_orphan+0x10/0x10 [ 151.996218][ T6017] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 151.996231][ T6017] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 151.996247][ T6017] ? rwbase_write_lock+0x56f/0x750 [ 151.996262][ T6017] ? try_to_take_rt_mutex+0x840/0xb00 [ 151.996275][ T6017] ocfs2_dio_end_io+0x47b/0x1100 [pid 6021] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6021] write(3, "1000", 4) = 4 [pid 6021] close(3) = 0 [pid 6021] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6021] write(1, "executing program\n", 18executing program ) = 18 [pid 6021] memfd_create("syzkaller", 0) = 3 [pid 6021] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd88f5e3000 [ 151.996287][ T6017] ? __pfx_ocfs2_dio_end_io+0x10/0x10 [ 151.996302][ T6017] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 151.996316][ T6017] ? lockdep_hardirqs_on+0x9c/0x150 [ 151.996328][ T6017] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 151.996341][ T6017] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 151.996357][ T6017] ? rt_mutex_slowunlock+0x493/0x8a0 [ 151.996368][ T6017] ? reacquire_held_locks+0x127/0x1d0 [ 151.996384][ T6017] ? __pfx_migrate_enable+0x10/0x10 [ 151.996398][ T6017] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 151.996409][ T6017] ? __pfx_ocfs2_dio_end_io+0x10/0x10 [ 151.996420][ T6017] dio_complete+0x25e/0x790 [ 151.996435][ T6017] __blockdev_direct_IO+0x2bc0/0x31f0 [ 151.996456][ T6017] ? __pfx___blockdev_direct_IO+0x10/0x10 [ 151.996471][ T6017] ? rtlock_slowlock_locked+0xd8/0x4010 [ 151.996483][ T6017] ? __pfx_ocfs2_dio_wr_get_block+0x10/0x10 [ 151.996496][ T6017] ? filemap_check_errors+0xd2/0x120 [ 151.996511][ T6017] ? filemap_write_and_wait_range+0x18a/0x320 [ 151.996531][ T6017] ? __lock_acquire+0xab9/0xd20 [ 151.996547][ T6017] ? reacquire_held_locks+0x127/0x1d0 [ 151.996568][ T6017] ? rt_spin_lock+0x1bb/0x2c0 [ 151.996578][ T6017] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 151.996589][ T6017] ? __pfx_ocfs2_dio_wr_get_block+0x10/0x10 [ 151.996600][ T6017] ocfs2_direct_IO+0x260/0x2d0 [ 151.996612][ T6017] generic_file_direct_write+0x1dc/0x3e0 [ 151.996625][ T6017] ? file_update_time+0x41c/0x490 [ 151.996637][ T6017] __generic_file_write_iter+0x120/0x240 [ 151.996649][ T6017] ? ocfs2_file_write_iter+0x1554/0x1d20 [ 151.996665][ T6017] ocfs2_file_write_iter+0x157d/0x1d20 [ 151.996684][ T6017] ? __lock_acquire+0xab9/0xd20 [ 151.996698][ T6017] ? __pfx_ocfs2_file_write_iter+0x10/0x10 [ 151.996717][ T6017] ? __lock_acquire+0xab9/0xd20 [ 151.996733][ T6017] ? rcu_read_lock_any_held+0xb3/0x120 [ 151.996744][ T6017] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 151.996758][ T6017] vfs_write+0x5d2/0xb40 [ 151.996772][ T6017] ? __pfx_ocfs2_file_write_iter+0x10/0x10 [ 151.996788][ T6017] ? __pfx_vfs_write+0x10/0x10 [ 151.996805][ T6017] ksys_write+0x14b/0x260 [ 151.996821][ T6017] ? __pfx_ksys_write+0x10/0x10 [ 151.996837][ T6017] do_syscall_64+0xfa/0x3b0 [ 151.996850][ T6017] ? lockdep_hardirqs_on+0x9c/0x150 [ 151.996863][ T6017] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.996874][ T6017] ? clear_bhb_loop+0x60/0xb0 [ 151.996887][ T6017] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.996898][ T6017] RIP: 0033:0x7fd897a2a369 [pid 6021] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 6021] munmap(0x7fd88f5e3000, 138412032) = 0 [pid 6021] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6021] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6021] close(3) = 0 [pid 6021] close(4) = 0 [pid 6021] mkdir("./file0", 0777) = 0 [ 151.996908][ T6017] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 151.996918][ T6017] RSP: 002b:00007fff6091f6f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 151.996931][ T6017] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007fd897a2a369 [ 151.996940][ T6017] RDX: 0000000000002400 RSI: 0000200000000000 RDI: 0000000000000004 [ 151.996948][ T6017] RBP: 656e6f6e3d746165 R08: 00007fff6091f730 R09: 00007fff6091f730 [ 151.996956][ T6017] R10: 00007fff6091f730 R11: 0000000000000246 R12: 6165627472616568 [ 151.996967][ T6017] R13: 0000000000000028 R14: 431bde82d7b634db R15: 00007fff6091f750 [ 151.996978][ T6017] [ 152.424340][ T5849] ocfs2: Unmounting device (7,0) on (node local) [ 152.960568][ T6021] loop0: detected capacity change from 0 to 32768 [ 152.972464][ T6021] (syz-executor167,6021,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 152.972622][ T6021] (syz-executor167,6021,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 152.979952][ T6021] JBD2: Ignoring recovery information on journal [pid 6021] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 6021] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6021] chdir("./file0") = 0 [pid 6021] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6021] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 6021] mount("./file0", "./file0", NULL, MS_RDONLY|MS_NOEXEC|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_REC|MS_UNBINDABLE|MS_SHARED|MS_LAZYTIME, NULL) = 0 [pid 6021] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0611) = 4 [pid 6021] write(4, "\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 9216) = 9216 [pid 6021] exit_group(0) = ? [pid 6021] +++ exited with 0 +++ [ 153.016608][ T6021] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6021, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558e4a16f0 /* 4 entries */, 32768) = 112 [ 153.061922][ T37] audit: type=1800 audit(1754834596.738:43): pid=6021 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor167" name="file2" dev="loop0" ino=16979 res=0 errno=0 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./41/file0", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558e4a9730 /* 5 entries */, 32768) = 144 umount2("./41/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file0/lost+found", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file0/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./41/file0/lost+found") = 0 umount2("./41/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./41/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file0/file0", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./41/file0/file0") = 0 umount2("./41/file0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file0/file2", {st_mode=S_IFREG|0600, st_size=9216, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/file0/file2") = 0 getdents64(4, 0x55558e4a9730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file0") = -1 EBUSY (Device or resource busy) umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./41/file0") = 0 umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 getdents64(3, 0x55558e4a16f0 /* 0 entries */, 32768) = 0 [ 153.573583][ T5849] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6025 attached , child_tidptr=0x55558e4a0650) = 6025 [pid 6025] set_robust_list(0x55558e4a0660, 24) = 0 [pid 6025] chdir("./42") = 0 [pid 6025] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6025] setpgid(0, 0) = 0 [pid 6025] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6025] write(3, "1000", 4) = 4 [pid 6025] close(3) = 0 [pid 6025] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6025] write(1, "executing program\n", 18) = 18 [pid 6025] memfd_create("syzkaller", 0) = 3 [pid 6025] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd88f5e3000 [pid 6025] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 6025] munmap(0x7fd88f5e3000, 138412032) = 0 [pid 6025] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6025] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6025] close(3) = 0 [pid 6025] close(4) = 0 [pid 6025] mkdir("./file0", 0777) = 0 [ 153.989350][ T6025] loop0: detected capacity change from 0 to 32768 [ 154.013207][ T6025] (syz-executor167,6025,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [pid 6025] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 6025] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6025] chdir("./file0") = 0 [pid 6025] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6025] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 6025] mount("./file0", "./file0", NULL, MS_RDONLY|MS_NOEXEC|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_REC|MS_UNBINDABLE|MS_SHARED|MS_LAZYTIME, NULL) = 0 [pid 6025] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0611) = 4 [ 154.013749][ T6025] (syz-executor167,6025,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 154.022443][ T6025] JBD2: Ignoring recovery information on journal [ 154.071941][ T6025] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 6025] write(4, "\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 9216) = 9216 [pid 6025] exit_group(0) = ? [pid 6025] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6025, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 154.120755][ T37] audit: type=1800 audit(1754834597.798:44): pid=6025 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor167" name="file2" dev="loop0" ino=16979 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558e4a16f0 /* 4 entries */, 32768) = 112 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./42/file0", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558e4a9730 /* 5 entries */, 32768) = 144 umount2("./42/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file0/lost+found", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file0/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./42/file0/lost+found") = 0 umount2("./42/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./42/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file0/file0", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./42/file0/file0") = 0 umount2("./42/file0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file0/file2", {st_mode=S_IFREG|0600, st_size=9216, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/file0/file2") = 0 getdents64(4, 0x55558e4a9730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file0") = -1 EBUSY (Device or resource busy) umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./42/file0") = 0 umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 getdents64(3, 0x55558e4a16f0 /* 0 entries */, 32768) = 0 [ 154.578753][ T5849] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6029 attached , child_tidptr=0x55558e4a0650) = 6029 [pid 6029] set_robust_list(0x55558e4a0660, 24) = 0 [pid 6029] chdir("./43") = 0 [pid 6029] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6029] setpgid(0, 0) = 0 [pid 6029] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6029] write(3, "1000", 4) = 4 [pid 6029] close(3) = 0 [pid 6029] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6029] write(1, "executing program\n", 18) = 18 [pid 6029] memfd_create("syzkaller", 0) = 3 [pid 6029] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd88f5e3000 [pid 6029] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 6029] munmap(0x7fd88f5e3000, 138412032) = 0 [pid 6029] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6029] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6029] close(3) = 0 [pid 6029] close(4) = 0 [pid 6029] mkdir("./file0", 0777) = 0 [ 154.988811][ T6029] loop0: detected capacity change from 0 to 32768 [ 155.004890][ T6029] (syz-executor167,6029,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 155.005110][ T6029] (syz-executor167,6029,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 155.011757][ T6029] JBD2: Ignoring recovery information on journal [pid 6029] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 6029] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6029] chdir("./file0") = 0 [pid 6029] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6029] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 6029] mount("./file0", "./file0", NULL, MS_RDONLY|MS_NOEXEC|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_REC|MS_UNBINDABLE|MS_SHARED|MS_LAZYTIME, NULL) = 0 [pid 6029] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0611) = 4 [pid 6029] write(4, "\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 9216) = 9216 [pid 6029] exit_group(0) = ? [ 155.063630][ T6029] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 6029] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6029, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=11 /* 0.11 s */} --- umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 155.127545][ T37] audit: type=1800 audit(1754834598.808:45): pid=6029 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor167" name="file2" dev="loop0" ino=16979 res=0 errno=0 getdents64(3, 0x55558e4a16f0 /* 4 entries */, 32768) = 112 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./43/file0", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558e4a9730 /* 5 entries */, 32768) = 144 umount2("./43/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file0/lost+found", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file0/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./43/file0/lost+found") = 0 umount2("./43/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./43/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file0/file0", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./43/file0/file0") = 0 umount2("./43/file0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file0/file2", {st_mode=S_IFREG|0600, st_size=9216, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/file0/file2") = 0 getdents64(4, 0x55558e4a9730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file0") = -1 EBUSY (Device or resource busy) umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./43/file0") = 0 umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 getdents64(3, 0x55558e4a16f0 /* 0 entries */, 32768) = 0 [ 155.663374][ T5849] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6033 attached , child_tidptr=0x55558e4a0650) = 6033 [pid 6033] set_robust_list(0x55558e4a0660, 24) = 0 [pid 6033] chdir("./44") = 0 [pid 6033] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6033] setpgid(0, 0) = 0 [pid 6033] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6033] write(3, "1000", 4) = 4 [pid 6033] close(3) = 0 [pid 6033] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6033] write(1, "executing program\n", 18) = 18 [pid 6033] memfd_create("syzkaller", 0) = 3 [pid 6033] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd88f5e3000 [pid 6033] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 6033] munmap(0x7fd88f5e3000, 138412032) = 0 [pid 6033] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6033] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6033] close(3) = 0 [pid 6033] close(4) = 0 [pid 6033] mkdir("./file0", 0777) = 0 [ 155.974835][ T6033] loop0: detected capacity change from 0 to 32768 [ 155.992159][ T6033] (syz-executor167,6033,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 155.992394][ T6033] (syz-executor167,6033,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 156.002892][ T6033] JBD2: Ignoring recovery information on journal [pid 6033] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 6033] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6033] chdir("./file0") = 0 [pid 6033] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6033] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 6033] mount("./file0", "./file0", NULL, MS_RDONLY|MS_NOEXEC|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_REC|MS_UNBINDABLE|MS_SHARED|MS_LAZYTIME, NULL) = 0 [pid 6033] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0611) = 4 [pid 6033] write(4, "\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 9216) = 9216 [pid 6033] exit_group(0) = ? [pid 6033] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6033, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=10 /* 0.10 s */} --- [ 156.029702][ T6033] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 156.062924][ T37] audit: type=1800 audit(1754834599.748:46): pid=6033 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor167" name="file2" dev="loop0" ino=16979 res=0 errno=0 getdents64(3, 0x55558e4a16f0 /* 4 entries */, 32768) = 112 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./44/file0", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558e4a9730 /* 5 entries */, 32768) = 144 umount2("./44/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file0/lost+found", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file0/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./44/file0/lost+found") = 0 umount2("./44/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./44/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file0/file0", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./44/file0/file0") = 0 umount2("./44/file0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file0/file2", {st_mode=S_IFREG|0600, st_size=9216, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/file0/file2") = 0 getdents64(4, 0x55558e4a9730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file0") = -1 EBUSY (Device or resource busy) umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./44/file0") = 0 umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 getdents64(3, 0x55558e4a16f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 156.564121][ T5849] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6037 attached , child_tidptr=0x55558e4a0650) = 6037 [pid 6037] set_robust_list(0x55558e4a0660, 24) = 0 [pid 6037] chdir("./45") = 0 [pid 6037] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6037] setpgid(0, 0) = 0 [pid 6037] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6037] write(3, "1000", 4) = 4 [pid 6037] close(3) = 0 [pid 6037] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6037] write(1, "executing program\n", 18) = 18 [pid 6037] memfd_create("syzkaller", 0) = 3 [pid 6037] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd88f5e3000 [pid 6037] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 6037] munmap(0x7fd88f5e3000, 138412032) = 0 [pid 6037] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6037] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6037] close(3) = 0 [pid 6037] close(4) = 0 [pid 6037] mkdir("./file0", 0777) = 0 [ 156.858188][ T6037] loop0: detected capacity change from 0 to 32768 [pid 6037] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 6037] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6037] chdir("./file0") = 0 [pid 6037] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6037] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 6037] mount("./file0", "./file0", NULL, MS_RDONLY|MS_NOEXEC|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_REC|MS_UNBINDABLE|MS_SHARED|MS_LAZYTIME, NULL) = 0 [pid 6037] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0611) = 4 [pid 6037] write(4, "\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 9216) = 9216 [ 156.895666][ T6037] (syz-executor167,6037,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 156.895902][ T6037] (syz-executor167,6037,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 156.900895][ T6037] JBD2: Ignoring recovery information on journal [ 156.936649][ T6037] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 6037] exit_group(0) = ? [pid 6037] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6037, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 156.989441][ T37] audit: type=1800 audit(1754834600.668:47): pid=6037 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor167" name="file2" dev="loop0" ino=16979 res=0 errno=0 getdents64(3, 0x55558e4a16f0 /* 4 entries */, 32768) = 112 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./45/file0", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558e4a9730 /* 5 entries */, 32768) = 144 umount2("./45/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file0/lost+found", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file0/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./45/file0/lost+found") = 0 umount2("./45/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./45/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file0/file0", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./45/file0/file0") = 0 umount2("./45/file0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file0/file2", {st_mode=S_IFREG|0600, st_size=9216, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/file0/file2") = 0 getdents64(4, 0x55558e4a9730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file0") = -1 EBUSY (Device or resource busy) umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./45/file0") = 0 umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 getdents64(3, 0x55558e4a16f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 157.543154][ T5849] ocfs2: Unmounting device (7,0) on (node local) ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6041 attached [pid 6041] set_robust_list(0x55558e4a0660, 24 [pid 5849] <... clone resumed>, child_tidptr=0x55558e4a0650) = 6041 [pid 6041] <... set_robust_list resumed>) = 0 [pid 6041] chdir("./46") = 0 [pid 6041] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6041] setpgid(0, 0) = 0 [pid 6041] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6041] write(3, "1000", 4) = 4 [pid 6041] close(3) = 0 [pid 6041] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6041] write(1, "executing program\n", 18) = 18 [pid 6041] memfd_create("syzkaller", 0) = 3 [pid 6041] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd88f5e3000 [pid 6041] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 6041] munmap(0x7fd88f5e3000, 138412032) = 0 [pid 6041] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6041] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6041] close(3) = 0 [pid 6041] close(4) = 0 [pid 6041] mkdir("./file0", 0777) = 0 [ 157.930407][ T6041] loop0: detected capacity change from 0 to 32768 [ 157.944110][ T6041] (syz-executor167,6041,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 157.944315][ T6041] (syz-executor167,6041,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [pid 6041] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 6041] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6041] chdir("./file0") = 0 [pid 6041] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6041] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 6041] mount("./file0", "./file0", NULL, MS_RDONLY|MS_NOEXEC|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_REC|MS_UNBINDABLE|MS_SHARED|MS_LAZYTIME, NULL) = 0 [pid 6041] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0611) = 4 [pid 6041] write(4, "\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 9216) = 9216 [pid 6041] exit_group(0) = ? [pid 6041] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6041, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558e4a16f0 /* 4 entries */, 32768) = 112 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) [ 157.950497][ T6041] JBD2: Ignoring recovery information on journal [ 157.975843][ T6041] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 158.009232][ T37] audit: type=1800 audit(1754834601.688:48): pid=6041 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor167" name="file2" dev="loop0" ino=16979 res=0 errno=0 newfstatat(AT_FDCWD, "./46/file0", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558e4a9730 /* 5 entries */, 32768) = 144 umount2("./46/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file0/lost+found", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file0/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./46/file0/lost+found") = 0 umount2("./46/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./46/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file0/file0", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./46/file0/file0") = 0 umount2("./46/file0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file0/file2", {st_mode=S_IFREG|0600, st_size=9216, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/file0/file2") = 0 getdents64(4, 0x55558e4a9730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file0") = -1 EBUSY (Device or resource busy) umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./46/file0") = 0 umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 getdents64(3, 0x55558e4a16f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 [ 158.523624][ T5849] ocfs2: Unmounting device (7,0) on (node local) openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6045 attached , child_tidptr=0x55558e4a0650) = 6045 [pid 6045] set_robust_list(0x55558e4a0660, 24) = 0 [pid 6045] chdir("./47") = 0 [pid 6045] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6045] setpgid(0, 0) = 0 [pid 6045] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6045] write(3, "1000", 4) = 4 [pid 6045] close(3) = 0 [pid 6045] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6045] write(1, "executing program\n", 18) = 18 [pid 6045] memfd_create("syzkaller", 0) = 3 [pid 6045] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd88f5e3000 [pid 6045] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 6045] munmap(0x7fd88f5e3000, 138412032) = 0 [pid 6045] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6045] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6045] close(3) = 0 [pid 6045] close(4) = 0 [pid 6045] mkdir("./file0", 0777) = 0 [ 158.910897][ T6045] loop0: detected capacity change from 0 to 32768 [pid 6045] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 6045] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6045] chdir("./file0") = 0 [pid 6045] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6045] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 6045] mount("./file0", "./file0", NULL, MS_RDONLY|MS_NOEXEC|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_REC|MS_UNBINDABLE|MS_SHARED|MS_LAZYTIME, NULL) = 0 [pid 6045] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0611) = 4 [ 158.961490][ T6045] (syz-executor167,6045,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 158.961672][ T6045] (syz-executor167,6045,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 158.975227][ T6045] JBD2: Ignoring recovery information on journal [ 159.001438][ T6045] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 6045] write(4, "\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 9216) = 9216 [pid 6045] exit_group(0) = ? [pid 6045] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6045, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=12 /* 0.12 s */} --- umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558e4a16f0 /* 4 entries */, 32768) = 112 [ 159.028395][ T37] audit: type=1800 audit(1754834602.708:49): pid=6045 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor167" name="file2" dev="loop0" ino=16979 res=0 errno=0 umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./47/file0", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558e4a9730 /* 5 entries */, 32768) = 144 umount2("./47/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file0/lost+found", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file0/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./47/file0/lost+found") = 0 umount2("./47/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./47/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file0/file0", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./47/file0/file0") = 0 umount2("./47/file0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file0/file2", {st_mode=S_IFREG|0600, st_size=9216, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/file0/file2") = 0 getdents64(4, 0x55558e4a9730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file0") = -1 EBUSY (Device or resource busy) umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./47/file0") = 0 umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 getdents64(3, 0x55558e4a16f0 /* 0 entries */, 32768) = 0 close(3) = 0 [ 159.508942][ T5849] ocfs2: Unmounting device (7,0) on (node local) rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6049 attached , child_tidptr=0x55558e4a0650) = 6049 [pid 6049] set_robust_list(0x55558e4a0660, 24) = 0 [pid 6049] chdir("./48") = 0 [pid 6049] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6049] setpgid(0, 0) = 0 [pid 6049] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6049] write(3, "1000", 4) = 4 [pid 6049] close(3) = 0 [pid 6049] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6049] write(1, "executing program\n", 18executing program ) = 18 [pid 6049] memfd_create("syzkaller", 0) = 3 [pid 6049] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd88f5e3000 [pid 6049] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 6049] munmap(0x7fd88f5e3000, 138412032) = 0 [pid 6049] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6049] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6049] close(3) = 0 [pid 6049] close(4) = 0 [pid 6049] mkdir("./file0", 0777) = 0 [ 159.906646][ T6049] loop0: detected capacity change from 0 to 32768 [ 159.935572][ T6049] (syz-executor167,6049,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [pid 6049] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 6049] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6049] chdir("./file0") = 0 [pid 6049] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6049] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 6049] mount("./file0", "./file0", NULL, MS_RDONLY|MS_NOEXEC|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_REC|MS_UNBINDABLE|MS_SHARED|MS_LAZYTIME, NULL) = 0 [pid 6049] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0611) = 4 [pid 6049] write(4, "\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 9216) = 9216 [ 159.935796][ T6049] (syz-executor167,6049,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 159.941546][ T6049] JBD2: Ignoring recovery information on journal [ 159.964627][ T6049] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 6049] exit_group(0) = ? [pid 6049] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6049, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 160.028870][ T37] audit: type=1800 audit(1754834603.708:50): pid=6049 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor167" name="file2" dev="loop0" ino=16979 res=0 errno=0 openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558e4a16f0 /* 4 entries */, 32768) = 112 umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./48/file0", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558e4a9730 /* 5 entries */, 32768) = 144 umount2("./48/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file0/lost+found", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file0/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./48/file0/lost+found") = 0 umount2("./48/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./48/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file0/file0", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./48/file0/file0") = 0 umount2("./48/file0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file0/file2", {st_mode=S_IFREG|0600, st_size=9216, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/file0/file2") = 0 getdents64(4, 0x55558e4a9730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file0") = -1 EBUSY (Device or resource busy) umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./48/file0") = 0 umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 getdents64(3, 0x55558e4a16f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 160.623211][ T5849] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6053 attached , child_tidptr=0x55558e4a0650) = 6053 [pid 6053] set_robust_list(0x55558e4a0660, 24) = 0 [pid 6053] chdir("./49") = 0 [pid 6053] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6053] setpgid(0, 0) = 0 [pid 6053] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6053] write(3, "1000", 4) = 4 [pid 6053] close(3) = 0 [pid 6053] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6053] write(1, "executing program\n", 18executing program ) = 18 [pid 6053] memfd_create("syzkaller", 0) = 3 [pid 6053] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd88f5e3000 [pid 6053] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 6053] munmap(0x7fd88f5e3000, 138412032) = 0 [pid 6053] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6053] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6053] close(3) = 0 [pid 6053] close(4) = 0 [pid 6053] mkdir("./file0", 0777) = 0 [ 160.898798][ T6053] loop0: detected capacity change from 0 to 32768 [ 160.926133][ T6053] (syz-executor167,6053,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [pid 6053] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 6053] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6053] chdir("./file0") = 0 [pid 6053] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6053] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 6053] mount("./file0", "./file0", NULL, MS_RDONLY|MS_NOEXEC|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_REC|MS_UNBINDABLE|MS_SHARED|MS_LAZYTIME, NULL) = 0 [pid 6053] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0611) = 4 [ 160.926352][ T6053] (syz-executor167,6053,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 160.931995][ T6053] JBD2: Ignoring recovery information on journal [ 160.966920][ T6053] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 6053] write(4, "\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 9216) = 9216 [pid 6053] exit_group(0) = ? [pid 6053] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6053, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 160.991213][ T37] audit: type=1800 audit(1754834604.668:51): pid=6053 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor167" name="file2" dev="loop0" ino=16979 res=0 errno=0 getdents64(3, 0x55558e4a16f0 /* 4 entries */, 32768) = 112 umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./49/file0", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558e4a9730 /* 5 entries */, 32768) = 144 umount2("./49/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file0/lost+found", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file0/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./49/file0/lost+found") = 0 umount2("./49/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./49/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file0/file0", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558e4b1770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558e4b1770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./49/file0/file0") = 0 umount2("./49/file0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file0/file2", {st_mode=S_IFREG|0600, st_size=9216, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/file0/file2") = 0 getdents64(4, 0x55558e4a9730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file0") = -1 EBUSY (Device or resource busy) umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./49/file0") = 0 umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 getdents64(3, 0x55558e4a16f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 161.543853][ T5849] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6057 attached , child_tidptr=0x55558e4a0650) = 6057 [pid 6057] set_robust_list(0x55558e4a0660, 24) = 0 [pid 6057] chdir("./50") = 0 [pid 6057] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6057] setpgid(0, 0) = 0 [pid 6057] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6057] write(3, "1000", 4executing program ) = 4 [pid 6057] close(3) = 0 [pid 6057] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6057] write(1, "executing program\n", 18) = 18 [pid 6057] memfd_create("syzkaller", 0) = 3 [pid 6057] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd88f5e3000 [pid 6057] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 6057] munmap(0x7fd88f5e3000, 138412032) = 0 [pid 6057] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6057] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6057] close(3) = 0 [pid 6057] close(4) = 0 [pid 6057] mkdir("./file0", 0777) = 0 [ 161.815811][ T6057] loop0: detected capacity change from 0 to 32768 [ 161.846504][ T6057] (syz-executor167,6057,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [pid 6057] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 6057] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6057] chdir("./file0") = 0 [pid 6057] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6057] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 6057] mount("./file0", "./file0", NULL, MS_RDONLY|MS_NOEXEC|MS_SYNCHRONOUS|MS_DIRSYNC|MS_BIND|MS_REC|MS_UNBINDABLE|MS_SHARED|MS_LAZYTIME, NULL) = 0 [pid 6057] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0611) = 4 [ 161.846728][ T6057] (syz-executor167,6057,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 161.867627][ T6057] JBD2: Ignoring recovery information on journal [ 161.891150][ T6057] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 6057] write(4, "\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 9216) = 9216 [pid 6057] exit_group(0) = ? [pid 6057] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6057, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 161.928009][ T37] audit: type=1800 audit(1754834605.608:52): pid=6057 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor167" name="file2" dev="loop0" ino=16979 res=0 errno=0 openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558e4a16f0 /* 4 entries */, 32768) = 112 umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./50/file0", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558e4a9730 /* 5 entries */, 32768) = 144 umount2("./50/file0/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file0/lost+found", {st_mode=S_IFDIR|0755, st_size=312, ...}, AT_SYMLINK_NOFOLLOW) = 0