./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor85248236 <...> Warning: Permanently added '10.128.0.53' (ED25519) to the list of known hosts. execve("./syz-executor85248236", ["./syz-executor85248236"], 0x7ffe02cf4c70 /* 10 vars */) = 0 brk(NULL) = 0x555569530000 brk(0x555569530d00) = 0x555569530d00 arch_prctl(ARCH_SET_FS, 0x555569530380) = 0 set_tid_address(0x555569530650) = 5826 set_robust_list(0x555569530660, 24) = 0 rseq(0x555569530ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor85248236", 4096) = 26 getrandom("\x67\xa0\xde\xfd\xa8\x9b\x66\xd9", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555569530d00 brk(0x555569551d00) = 0x555569551d00 brk(0x555569552000) = 0x555569552000 mprotect(0x7f25176bc000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 getrandom("\x07\x99\xbb\xe5\x81\xf2\xdf\x01", 8, GRND_NONBLOCK) = 8 mkdir("./syzkaller.b3vYbT", 0700) = 0 chmod("./syzkaller.b3vYbT", 0777) = 0 chdir("./syzkaller.b3vYbT") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5828 attached , child_tidptr=0x555569530650) = 5828 [pid 5828] set_robust_list(0x555569530660, 24) = 0 [pid 5828] chdir("./0") = 0 [pid 5828] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5828] setpgid(0, 0) = 0 [pid 5828] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5828] write(3, "1000", 4) = 4 [pid 5828] close(3) = 0 [pid 5828] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5828] write(1, "executing program\n", 18) = 18 [pid 5828] memfd_create("syzkaller", 0) = 3 [pid 5828] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f250f000000 [pid 5828] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5828] munmap(0x7f250f000000, 138412032) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5828] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5828] close(3) = 0 [pid 5828] close(4) = 0 [pid 5828] mkdir("./file0", 0777) = 0 [ 93.804836][ T5828] loop0: detected capacity change from 0 to 32768 [ 93.844531][ T5828] (syz-executor852,5828,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 93.862640][ T5828] (syz-executor852,5828,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [pid 5828] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5828] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5828] chdir("./file0") = 0 [ 93.902028][ T5828] JBD2: Ignoring recovery information on journal [ 93.937632][ T5828] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5828] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 5828] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5828] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 5828] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY) = 5 [ 94.011918][ T30] audit: type=1800 audit(1749089681.201:2): pid=5828 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor852" name="file1" dev="loop0" ino=16978 res=0 errno=0 [pid 5828] sendfile(4, 5, NULL, 16776834) = 5963776 [pid 5828] exit_group(0) = ? [pid 5828] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5828, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=84 /* 0.84 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555695316f0 /* 4 entries */, 32768) = 112 [ 94.742287][ T5828] (syz-executor852,5828,1):ocfs2_dio_end_io:2398 ERROR: Direct IO failed, bytes = -28 [ 94.749291][ T5828] syz-executor852 (5828) used greatest stack depth: 17944 bytes left umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555569539730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555569539730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 94.834935][ T5826] ocfs2: Unmounting device (7,0) on (node local) unlink("./0/binderfs") = 0 getdents64(3, 0x5555695316f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5832 attached , child_tidptr=0x555569530650) = 5832 [pid 5832] set_robust_list(0x555569530660, 24) = 0 [pid 5832] chdir("./1") = 0 [pid 5832] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5832] setpgid(0, 0) = 0 [pid 5832] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5832] write(3, "1000", 4) = 4 [pid 5832] close(3) = 0 [pid 5832] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5832] write(1, "executing program\n", 18) = 18 [pid 5832] memfd_create("syzkaller", 0) = 3 [pid 5832] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f250f000000 [pid 5832] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5832] munmap(0x7f250f000000, 138412032) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5832] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5832] close(3) = 0 [pid 5832] close(4) = 0 [pid 5832] mkdir("./file0", 0777) = 0 [ 95.372297][ T5832] loop0: detected capacity change from 0 to 32768 [ 95.419613][ T5832] (syz-executor852,5832,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 95.435995][ T5832] (syz-executor852,5832,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 95.462666][ T5832] JBD2: Ignoring recovery information on journal [pid 5832] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5832] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5832] chdir("./file0") = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5832] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 5832] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 95.497318][ T5832] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5832] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 5832] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY) = 5 [ 95.544439][ T30] audit: type=1800 audit(1749089682.731:3): pid=5832 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor852" name="file1" dev="loop0" ino=16978 res=0 errno=0 [pid 5832] sendfile(4, 5, NULL, 16776834) = 5963776 [pid 5832] exit_group(0) = ? [pid 5832] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5832, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=86 /* 0.86 s */} --- umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555695316f0 /* 4 entries */, 32768) = 112 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 96.284849][ T5832] (syz-executor852,5832,1):ocfs2_dio_end_io:2398 ERROR: Direct IO failed, bytes = -28 [ 96.415024][ T5826] ocfs2: Unmounting device (7,0) on (node local) umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555569539730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555569539730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 getdents64(3, 0x5555695316f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5839 attached [pid 5839] set_robust_list(0x555569530660, 24 [pid 5826] <... clone resumed>, child_tidptr=0x555569530650) = 5839 [pid 5839] <... set_robust_list resumed>) = 0 [pid 5839] chdir("./2") = 0 [pid 5839] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5839] setpgid(0, 0) = 0 [pid 5839] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5839] write(3, "1000", 4) = 4 [pid 5839] close(3) = 0 [pid 5839] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5839] write(1, "executing program\n", 18executing program ) = 18 [pid 5839] memfd_create("syzkaller", 0) = 3 [pid 5839] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f250f000000 [pid 5839] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5839] munmap(0x7f250f000000, 138412032) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5839] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5839] close(3) = 0 [pid 5839] close(4) = 0 [pid 5839] mkdir("./file0", 0777) = 0 [ 96.960477][ T5839] loop0: detected capacity change from 0 to 32768 [ 96.999645][ T5839] (syz-executor852,5839,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 97.017847][ T5839] (syz-executor852,5839,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 97.041804][ T5839] JBD2: Ignoring recovery information on journal [pid 5839] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5839] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5839] chdir("./file0") = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5839] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 5839] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 97.076676][ T5839] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5839] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 5839] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY) = 5 [ 97.119562][ T30] audit: type=1800 audit(1749089684.301:4): pid=5839 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor852" name="file1" dev="loop0" ino=16978 res=0 errno=0 [ 97.473327][ T24] cfg80211: failed to load regulatory.db [pid 5839] sendfile(4, 5, NULL, 16776834) = 5963776 [pid 5839] exit_group(0) = ? [pid 5839] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5839, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=78 /* 0.78 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555695316f0 /* 4 entries */, 32768) = 112 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 97.873240][ T5839] (syz-executor852,5839,0):ocfs2_dio_end_io:2398 ERROR: Direct IO failed, bytes = -28 [ 97.978947][ T5826] ocfs2: Unmounting device (7,0) on (node local) umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555569539730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555569539730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 getdents64(3, 0x5555695316f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5845 attached , child_tidptr=0x555569530650) = 5845 [pid 5845] set_robust_list(0x555569530660, 24) = 0 [pid 5845] chdir("./3") = 0 [pid 5845] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5845] setpgid(0, 0) = 0 [pid 5845] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5845] write(3, "1000", 4) = 4 [pid 5845] close(3) = 0 [pid 5845] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5845] write(1, "executing program\n", 18executing program ) = 18 [pid 5845] memfd_create("syzkaller", 0) = 3 [pid 5845] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f250f000000 [pid 5845] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5845] munmap(0x7f250f000000, 138412032) = 0 [pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5845] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5845] close(3) = 0 [pid 5845] close(4) = 0 [pid 5845] mkdir("./file0", 0777) = 0 [ 98.569009][ T5845] loop0: detected capacity change from 0 to 32768 [ 98.633668][ T5845] (syz-executor852,5845,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 98.650331][ T5845] (syz-executor852,5845,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 98.677793][ T5845] JBD2: Ignoring recovery information on journal [pid 5845] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5845] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5845] chdir("./file0") = 0 [pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 98.711157][ T5845] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5845] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 5845] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5845] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 5845] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY) = 5 [ 98.792815][ T30] audit: type=1800 audit(1749089685.981:5): pid=5845 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor852" name="file1" dev="loop0" ino=16978 res=0 errno=0 [pid 5845] sendfile(4, 5, NULL, 16776834) = 5963776 [pid 5845] exit_group(0) = ? [pid 5845] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5845, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=83 /* 0.83 s */} --- umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555695316f0 /* 4 entries */, 32768) = 112 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 99.501363][ T5845] (syz-executor852,5845,1):ocfs2_dio_end_io:2398 ERROR: Direct IO failed, bytes = -28 [ 99.629506][ T5826] ocfs2: Unmounting device (7,0) on (node local) umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555569539730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555569539730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 getdents64(3, 0x5555695316f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5850 attached , child_tidptr=0x555569530650) = 5850 [pid 5850] set_robust_list(0x555569530660, 24) = 0 [pid 5850] chdir("./4") = 0 [pid 5850] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5850] setpgid(0, 0) = 0 [pid 5850] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5850] write(3, "1000", 4) = 4 [pid 5850] close(3) = 0 [pid 5850] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5850] write(1, "executing program\n", 18executing program ) = 18 [pid 5850] memfd_create("syzkaller", 0) = 3 [pid 5850] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f250f000000 [pid 5850] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5850] munmap(0x7f250f000000, 138412032) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5850] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5850] close(3) = 0 [pid 5850] close(4) = 0 [pid 5850] mkdir("./file0", 0777) = 0 [ 100.267631][ T5850] loop0: detected capacity change from 0 to 32768 [ 100.296109][ T5850] (syz-executor852,5850,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 100.310858][ T5850] (syz-executor852,5850,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 100.334353][ T5850] JBD2: Ignoring recovery information on journal [pid 5850] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5850] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5850] chdir("./file0") = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5850] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 5850] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 100.371370][ T5850] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5850] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 5850] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY) = 5 [ 100.439470][ T30] audit: type=1800 audit(1749089687.621:6): pid=5850 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor852" name="file1" dev="loop0" ino=16978 res=0 errno=0 [pid 5850] sendfile(4, 5, NULL, 16776834) = 5963776 [pid 5850] exit_group(0) = ? [pid 5850] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5850, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=79 /* 0.79 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555695316f0 /* 4 entries */, 32768) = 112 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 101.148267][ T5850] (syz-executor852,5850,0):ocfs2_dio_end_io:2398 ERROR: Direct IO failed, bytes = -28 [ 101.278025][ T5826] ocfs2: Unmounting device (7,0) on (node local) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555569539730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555569539730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 getdents64(3, 0x5555695316f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5854 attached , child_tidptr=0x555569530650) = 5854 [pid 5854] set_robust_list(0x555569530660, 24) = 0 [pid 5854] chdir("./5") = 0 [pid 5854] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5854] setpgid(0, 0) = 0 [pid 5854] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5854] write(3, "1000", 4) = 4 [pid 5854] close(3) = 0 [pid 5854] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5854] write(1, "executing program\n", 18) = 18 [pid 5854] memfd_create("syzkaller", 0) = 3 [pid 5854] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f250f000000 [pid 5854] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5854] munmap(0x7f250f000000, 138412032) = 0 [pid 5854] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5854] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5854] close(3) = 0 [pid 5854] close(4) = 0 [pid 5854] mkdir("./file0", 0777) = 0 [ 101.922784][ T5854] loop0: detected capacity change from 0 to 32768 [ 101.977615][ T5854] (syz-executor852,5854,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 101.993978][ T5854] (syz-executor852,5854,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 102.016846][ T5854] JBD2: Ignoring recovery information on journal [pid 5854] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5854] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5854] chdir("./file0") = 0 [pid 5854] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5854] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 5854] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5854] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [ 102.047464][ T5854] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5854] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY) = 5 [ 102.092600][ T30] audit: type=1800 audit(1749089689.281:7): pid=5854 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor852" name="file1" dev="loop0" ino=16978 res=0 errno=0 [pid 5854] sendfile(4, 5, NULL, 16776834) = 5963776 [pid 5854] exit_group(0) = ? [pid 5854] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5854, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=81 /* 0.81 s */} --- umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555695316f0 /* 4 entries */, 32768) = 112 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 102.799232][ T5854] (syz-executor852,5854,0):ocfs2_dio_end_io:2398 ERROR: Direct IO failed, bytes = -28 [ 102.958232][ T5826] ocfs2: Unmounting device (7,0) on (node local) newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555569539730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555569539730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 getdents64(3, 0x5555695316f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5858 attached , child_tidptr=0x555569530650) = 5858 [pid 5858] set_robust_list(0x555569530660, 24) = 0 [pid 5858] chdir("./6") = 0 [pid 5858] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5858] setpgid(0, 0) = 0 [pid 5858] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5858] write(3, "1000", 4) = 4 [pid 5858] close(3) = 0 [pid 5858] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5858] write(1, "executing program\n", 18) = 18 [pid 5858] memfd_create("syzkaller", 0) = 3 [pid 5858] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f250f000000 [pid 5858] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5858] munmap(0x7f250f000000, 138412032) = 0 [pid 5858] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5858] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5858] close(3) = 0 [pid 5858] close(4) = 0 [pid 5858] mkdir("./file0", 0777) = 0 [ 103.575901][ T5858] loop0: detected capacity change from 0 to 32768 [ 103.598715][ T5858] (syz-executor852,5858,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 103.613830][ T5858] (syz-executor852,5858,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 103.641602][ T5858] JBD2: Ignoring recovery information on journal [pid 5858] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5858] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5858] chdir("./file0") = 0 [pid 5858] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5858] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 5858] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 103.677104][ T5858] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5858] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 5858] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY) = 5 [ 103.737698][ T30] audit: type=1800 audit(1749089690.921:8): pid=5858 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor852" name="file1" dev="loop0" ino=16978 res=0 errno=0 [pid 5858] sendfile(4, 5, NULL, 16776834) = 5963776 [pid 5858] exit_group(0) = ? [pid 5858] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5858, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=80 /* 0.80 s */} --- umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555695316f0 /* 4 entries */, 32768) = 112 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555569539730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555569539730 /* 0 entries */, 32768) = 0 close(4) = 0 [ 104.448994][ T5858] (syz-executor852,5858,1):ocfs2_dio_end_io:2398 ERROR: Direct IO failed, bytes = -28 [ 104.586585][ T5826] ocfs2: Unmounting device (7,0) on (node local) rmdir("./6/file0") = 0 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 getdents64(3, 0x5555695316f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5862 attached , child_tidptr=0x555569530650) = 5862 [pid 5862] set_robust_list(0x555569530660, 24) = 0 [pid 5862] chdir("./7") = 0 [pid 5862] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5862] setpgid(0, 0) = 0 [pid 5862] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5862] write(3, "1000", 4) = 4 [pid 5862] close(3) = 0 [pid 5862] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5862] write(1, "executing program\n", 18executing program ) = 18 [pid 5862] memfd_create("syzkaller", 0) = 3 [pid 5862] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f250f000000 [pid 5862] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5862] munmap(0x7f250f000000, 138412032) = 0 [pid 5862] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5862] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5862] close(3) = 0 [pid 5862] close(4) = 0 [pid 5862] mkdir("./file0", 0777) = 0 [ 105.213210][ T5862] loop0: detected capacity change from 0 to 32768 [ 105.239530][ T5862] (syz-executor852,5862,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 105.286973][ T5862] (syz-executor852,5862,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 105.338662][ T5862] JBD2: Ignoring recovery information on journal [pid 5862] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5862] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5862] chdir("./file0") = 0 [pid 5862] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5862] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 5862] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 105.391777][ T5862] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5862] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 5862] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY) = 5 [ 105.452291][ T30] audit: type=1800 audit(1749089692.641:9): pid=5862 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor852" name="file1" dev="loop0" ino=16978 res=0 errno=0 [pid 5862] sendfile(4, 5, NULL, 16776834) = 5963776 [pid 5862] exit_group(0) = ? [pid 5862] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5862, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=86 /* 0.86 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555695316f0 /* 4 entries */, 32768) = 112 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 106.182121][ T5862] (syz-executor852,5862,1):ocfs2_dio_end_io:2398 ERROR: Direct IO failed, bytes = -28 [ 106.313828][ T5826] ocfs2: Unmounting device (7,0) on (node local) newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555569539730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555569539730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 getdents64(3, 0x5555695316f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5866 attached [pid 5866] set_robust_list(0x555569530660, 24 [pid 5826] <... clone resumed>, child_tidptr=0x555569530650) = 5866 [pid 5866] <... set_robust_list resumed>) = 0 [pid 5866] chdir("./8") = 0 [pid 5866] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5866] setpgid(0, 0) = 0 [pid 5866] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5866] write(3, "1000", 4) = 4 [pid 5866] close(3) = 0 [pid 5866] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5866] write(1, "executing program\n", 18) = 18 [pid 5866] memfd_create("syzkaller", 0) = 3 [pid 5866] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f250f000000 [pid 5866] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5866] munmap(0x7f250f000000, 138412032) = 0 [pid 5866] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5866] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5866] close(3) = 0 [pid 5866] close(4) = 0 [pid 5866] mkdir("./file0", 0777) = 0 [ 107.001712][ T5866] loop0: detected capacity change from 0 to 32768 [ 107.030202][ T5866] (syz-executor852,5866,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 107.045836][ T5866] (syz-executor852,5866,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 107.073431][ T5866] JBD2: Ignoring recovery information on journal [pid 5866] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5866] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5866] chdir("./file0") = 0 [pid 5866] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 107.129915][ T5866] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5866] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 5866] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5866] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 5866] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY) = 5 [ 107.202679][ T30] audit: type=1800 audit(1749089694.391:10): pid=5866 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor852" name="file1" dev="loop0" ino=16978 res=0 errno=0 [pid 5866] sendfile(4, 5, NULL, 16776834) = 5963776 [pid 5866] exit_group(0) = ? [pid 5866] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5866, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=80 /* 0.80 s */} --- umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555695316f0 /* 4 entries */, 32768) = 112 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 107.926302][ T5866] (syz-executor852,5866,1):ocfs2_dio_end_io:2398 ERROR: Direct IO failed, bytes = -28 [ 108.032803][ T5826] ocfs2: Unmounting device (7,0) on (node local) getdents64(4, 0x555569539730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555569539730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 getdents64(3, 0x5555695316f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5871 attached [pid 5871] set_robust_list(0x555569530660, 24 [pid 5826] <... clone resumed>, child_tidptr=0x555569530650) = 5871 [pid 5871] <... set_robust_list resumed>) = 0 [pid 5871] chdir("./9") = 0 [pid 5871] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5871] setpgid(0, 0) = 0 [pid 5871] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5871] write(3, "1000", 4) = 4 [pid 5871] close(3) = 0 [pid 5871] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5871] write(1, "executing program\n", 18executing program ) = 18 [pid 5871] memfd_create("syzkaller", 0) = 3 [pid 5871] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f250f000000 [pid 5871] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5871] munmap(0x7f250f000000, 138412032) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5871] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5871] close(3) = 0 [pid 5871] close(4) = 0 [pid 5871] mkdir("./file0", 0777) = 0 [ 108.598323][ T5871] loop0: detected capacity change from 0 to 32768 [ 108.624165][ T5871] (syz-executor852,5871,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 108.639337][ T5871] (syz-executor852,5871,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [pid 5871] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5871] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5871] chdir("./file0") = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 108.671474][ T5871] JBD2: Ignoring recovery information on journal [ 108.708585][ T5871] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5871] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 5871] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5871] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 5871] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY) = 5 [ 108.764236][ T30] audit: type=1800 audit(1749089695.951:11): pid=5871 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor852" name="file1" dev="loop0" ino=16978 res=0 errno=0 [pid 5871] sendfile(4, 5, NULL, 16776834) = 5963776 [pid 5871] exit_group(0) = ? [pid 5871] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5871, si_uid=0, si_status=0, si_utime=0, si_stime=83 /* 0.83 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555695316f0 /* 4 entries */, 32768) = 112 [ 109.486448][ T5871] (syz-executor852,5871,0):ocfs2_dio_end_io:2398 ERROR: Direct IO failed, bytes = -28 [ 109.502469][ T5871] syz-executor852 (5871) used greatest stack depth: 16776 bytes left umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555569539730 /* 2 entries */, 32768) = 48 [ 109.597558][ T5826] ocfs2: Unmounting device (7,0) on (node local) getdents64(4, 0x555569539730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 getdents64(3, 0x5555695316f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5875 attached , child_tidptr=0x555569530650) = 5875 [pid 5875] set_robust_list(0x555569530660, 24) = 0 [pid 5875] chdir("./10") = 0 [pid 5875] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5875] setpgid(0, 0) = 0 [pid 5875] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5875] write(3, "1000", 4) = 4 [pid 5875] close(3) = 0 [pid 5875] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5875] write(1, "executing program\n", 18) = 18 [pid 5875] memfd_create("syzkaller", 0) = 3 [pid 5875] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f250f000000 [pid 5875] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5875] munmap(0x7f250f000000, 138412032) = 0 [pid 5875] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5875] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5875] close(3) = 0 [pid 5875] close(4) = 0 [pid 5875] mkdir("./file0", 0777) = 0 [ 110.085119][ T5875] loop0: detected capacity change from 0 to 32768 [ 110.128813][ T5875] (syz-executor852,5875,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 110.151957][ T5875] (syz-executor852,5875,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 110.176577][ T5875] JBD2: Ignoring recovery information on journal [pid 5875] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5875] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5875] chdir("./file0") = 0 [pid 5875] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5875] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [ 110.207548][ T5875] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5875] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5875] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 5875] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY) = 5 [ 110.282598][ T30] audit: type=1800 audit(1749089697.471:12): pid=5875 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor852" name="file1" dev="loop0" ino=16978 res=0 errno=0 [pid 5875] sendfile(4, 5, NULL, 16776834) = 5963776 [pid 5875] exit_group(0) = ? [pid 5875] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5875, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=77 /* 0.77 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555695316f0 /* 4 entries */, 32768) = 112 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555569539730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555569539730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 [ 110.987937][ T5875] (syz-executor852,5875,0):ocfs2_dio_end_io:2398 ERROR: Direct IO failed, bytes = -28 [ 111.138498][ T5826] ocfs2: Unmounting device (7,0) on (node local) getdents64(3, 0x5555695316f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5879 attached , child_tidptr=0x555569530650) = 5879 [pid 5879] set_robust_list(0x555569530660, 24) = 0 [pid 5879] chdir("./11") = 0 [pid 5879] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5879] setpgid(0, 0) = 0 [pid 5879] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5879] write(3, "1000", 4) = 4 [pid 5879] close(3) = 0 [pid 5879] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5879] write(1, "executing program\n", 18) = 18 [pid 5879] memfd_create("syzkaller", 0) = 3 [pid 5879] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f250f000000 [pid 5879] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5879] munmap(0x7f250f000000, 138412032) = 0 [pid 5879] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5879] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5879] close(3) = 0 [pid 5879] close(4) = 0 [pid 5879] mkdir("./file0", 0777) = 0 [ 111.628381][ T5879] loop0: detected capacity change from 0 to 32768 [ 111.672282][ T5879] (syz-executor852,5879,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 111.687866][ T5879] (syz-executor852,5879,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 111.713536][ T5879] JBD2: Ignoring recovery information on journal [pid 5879] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5879] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5879] chdir("./file0") = 0 [pid 5879] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5879] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 5879] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5879] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [ 111.743468][ T5879] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5879] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY) = 5 [ 111.777757][ T30] audit: type=1800 audit(1749089698.961:13): pid=5879 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor852" name="file1" dev="loop0" ino=16978 res=0 errno=0 [pid 5879] sendfile(4, 5, NULL, 16776834) = 5963776 [pid 5879] exit_group(0) = ? [pid 5879] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5879, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=75 /* 0.75 s */} --- umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555695316f0 /* 4 entries */, 32768) = 112 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555569539730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555569539730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 getdents64(3, 0x5555695316f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 112.483219][ T5879] (syz-executor852,5879,1):ocfs2_dio_end_io:2398 ERROR: Direct IO failed, bytes = -28 [ 112.605194][ T5826] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5883 attached , child_tidptr=0x555569530650) = 5883 [pid 5883] set_robust_list(0x555569530660, 24) = 0 [pid 5883] chdir("./12") = 0 [pid 5883] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5883] setpgid(0, 0) = 0 [pid 5883] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5883] write(3, "1000", 4) = 4 [pid 5883] close(3) = 0 [pid 5883] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5883] write(1, "executing program\n", 18) = 18 [pid 5883] memfd_create("syzkaller", 0) = 3 [pid 5883] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f250f000000 [pid 5883] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5883] munmap(0x7f250f000000, 138412032) = 0 [pid 5883] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5883] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5883] close(3) = 0 [pid 5883] close(4) = 0 [pid 5883] mkdir("./file0", 0777) = 0 [ 113.038320][ T5883] loop0: detected capacity change from 0 to 32768 [ 113.057805][ T5883] (syz-executor852,5883,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 113.073475][ T5883] (syz-executor852,5883,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 113.098357][ T5883] JBD2: Ignoring recovery information on journal [pid 5883] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5883] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5883] chdir("./file0") = 0 [pid 5883] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5883] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [ 113.143124][ T5883] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5883] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5883] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 5883] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY) = 5 [ 113.209632][ T30] audit: type=1800 audit(1749089700.391:14): pid=5883 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor852" name="file1" dev="loop0" ino=16978 res=0 errno=0 [pid 5883] sendfile(4, 5, NULL, 16776834) = 5963776 [pid 5883] exit_group(0) = ? [pid 5883] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5883, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=77 /* 0.77 s */} --- umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555695316f0 /* 4 entries */, 32768) = 112 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 113.916394][ T5883] (syz-executor852,5883,1):ocfs2_dio_end_io:2398 ERROR: Direct IO failed, bytes = -28 [ 114.034598][ T5826] ocfs2: Unmounting device (7,0) on (node local) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555569539730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555569539730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 getdents64(3, 0x5555695316f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5887 attached , child_tidptr=0x555569530650) = 5887 [pid 5887] set_robust_list(0x555569530660, 24) = 0 [pid 5887] chdir("./13") = 0 [pid 5887] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5887] setpgid(0, 0) = 0 [pid 5887] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5887] write(3, "1000", 4) = 4 [pid 5887] close(3) = 0 [pid 5887] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5887] write(1, "executing program\n", 18) = 18 [pid 5887] memfd_create("syzkaller", 0) = 3 [pid 5887] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f250f000000 [pid 5887] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5887] munmap(0x7f250f000000, 138412032) = 0 [pid 5887] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5887] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5887] close(3) = 0 [pid 5887] close(4) = 0 [pid 5887] mkdir("./file0", 0777) = 0 [ 114.616850][ T5887] loop0: detected capacity change from 0 to 32768 [ 114.663624][ T5887] (syz-executor852,5887,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 114.680792][ T5887] (syz-executor852,5887,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 114.705051][ T5887] JBD2: Ignoring recovery information on journal [pid 5887] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5887] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5887] chdir("./file0") = 0 [pid 5887] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 114.736475][ T5887] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5887] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 5887] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5887] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 5887] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY) = 5 [ 114.814294][ T30] audit: type=1800 audit(1749089702.001:15): pid=5887 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor852" name="file1" dev="loop0" ino=16978 res=0 errno=0 [pid 5887] sendfile(4, 5, NULL, 16776834) = 5963776 [pid 5887] exit_group(0) = ? [pid 5887] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5887, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=83 /* 0.83 s */} --- umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555695316f0 /* 4 entries */, 32768) = 112 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 115.579149][ T5887] (syz-executor852,5887,0):ocfs2_dio_end_io:2398 ERROR: Direct IO failed, bytes = -28 [ 115.725438][ T5826] ocfs2: Unmounting device (7,0) on (node local) newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555569539730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555569539730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 getdents64(3, 0x5555695316f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5891 attached , child_tidptr=0x555569530650) = 5891 [pid 5891] set_robust_list(0x555569530660, 24) = 0 [pid 5891] chdir("./14") = 0 [pid 5891] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5891] setpgid(0, 0) = 0 [pid 5891] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5891] write(3, "1000", 4) = 4 [pid 5891] close(3) = 0 [pid 5891] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5891] write(1, "executing program\n", 18) = 18 [pid 5891] memfd_create("syzkaller", 0) = 3 [pid 5891] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f250f000000 [pid 5891] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5891] munmap(0x7f250f000000, 138412032) = 0 [pid 5891] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5891] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5891] close(3) = 0 [pid 5891] close(4) = 0 [pid 5891] mkdir("./file0", 0777) = 0 [ 116.327443][ T5891] loop0: detected capacity change from 0 to 32768 [ 116.366935][ T5891] (syz-executor852,5891,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 116.383679][ T5891] (syz-executor852,5891,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 116.414148][ T5891] JBD2: Ignoring recovery information on journal [pid 5891] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5891] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5891] chdir("./file0") = 0 [pid 5891] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5891] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 5891] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 116.449322][ T5891] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5891] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 5891] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY) = 5 [ 116.499624][ T30] audit: type=1800 audit(1749089703.681:16): pid=5891 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor852" name="file1" dev="loop0" ino=16978 res=0 errno=0 [pid 5891] sendfile(4, 5, NULL, 16776834) = 5963776 [pid 5891] exit_group(0) = ? [pid 5891] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5891, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=76 /* 0.76 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555695316f0 /* 4 entries */, 32768) = 112 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555569539730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555569539730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 getdents64(3, 0x5555695316f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 [ 117.208053][ T5891] (syz-executor852,5891,0):ocfs2_dio_end_io:2398 ERROR: Direct IO failed, bytes = -28 [ 117.269154][ T5826] ocfs2: Unmounting device (7,0) on (node local) openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5895 attached [pid 5895] set_robust_list(0x555569530660, 24 [pid 5826] <... clone resumed>, child_tidptr=0x555569530650) = 5895 [pid 5895] <... set_robust_list resumed>) = 0 [pid 5895] chdir("./15") = 0 [pid 5895] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5895] setpgid(0, 0) = 0 [pid 5895] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5895] write(3, "1000", 4) = 4 [pid 5895] close(3) = 0 [pid 5895] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5895] write(1, "executing program\n", 18) = 18 [pid 5895] memfd_create("syzkaller", 0) = 3 [pid 5895] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f250f000000 [pid 5895] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5895] munmap(0x7f250f000000, 138412032) = 0 [pid 5895] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5895] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5895] close(3) = 0 [pid 5895] close(4) = 0 [pid 5895] mkdir("./file0", 0777) = 0 [ 117.642155][ T5895] loop0: detected capacity change from 0 to 32768 [ 117.689867][ T5895] (syz-executor852,5895,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 117.705346][ T5895] (syz-executor852,5895,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 117.729378][ T5895] JBD2: Ignoring recovery information on journal [pid 5895] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5895] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5895] chdir("./file0") = 0 [pid 5895] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5895] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [ 117.764103][ T5895] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5895] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5895] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 5895] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY) = 5 [ 117.827649][ T30] audit: type=1800 audit(1749089705.011:17): pid=5895 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor852" name="file1" dev="loop0" ino=16978 res=0 errno=0 [pid 5895] sendfile(4, 5, NULL, 16776834) = 5963776 [pid 5895] exit_group(0) = ? [pid 5895] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5895, si_uid=0, si_status=0, si_utime=0, si_stime=79 /* 0.79 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555695316f0 /* 4 entries */, 32768) = 112 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555569539730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555569539730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 118.532957][ T5895] (syz-executor852,5895,0):ocfs2_dio_end_io:2398 ERROR: Direct IO failed, bytes = -28 [ 118.650365][ T5826] ocfs2: Unmounting device (7,0) on (node local) unlink("./15/binderfs") = 0 getdents64(3, 0x5555695316f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5899 attached [pid 5899] set_robust_list(0x555569530660, 24 [pid 5826] <... clone resumed>, child_tidptr=0x555569530650) = 5899 [pid 5899] <... set_robust_list resumed>) = 0 [pid 5899] chdir("./16") = 0 [pid 5899] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5899] setpgid(0, 0) = 0 [pid 5899] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5899] write(3, "1000", 4) = 4 [pid 5899] close(3) = 0 [pid 5899] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5899] write(1, "executing program\n", 18) = 18 [pid 5899] memfd_create("syzkaller", 0) = 3 [pid 5899] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f250f000000 [pid 5899] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5899] munmap(0x7f250f000000, 138412032) = 0 [pid 5899] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5899] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5899] close(3) = 0 [pid 5899] close(4) = 0 [pid 5899] mkdir("./file0", 0777) = 0 [ 119.157305][ T5899] loop0: detected capacity change from 0 to 32768 [ 119.193029][ T5899] (syz-executor852,5899,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 119.208657][ T5899] (syz-executor852,5899,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 119.242645][ T5899] JBD2: Ignoring recovery information on journal [pid 5899] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5899] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5899] chdir("./file0") = 0 [pid 5899] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5899] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 5899] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 119.274683][ T5899] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5899] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 5899] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY) = 5 [ 119.315029][ T30] audit: type=1800 audit(1749089706.501:18): pid=5899 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor852" name="file1" dev="loop0" ino=16978 res=0 errno=0 [pid 5899] sendfile(4, 5, NULL, 16776834) = 5963776 [pid 5899] exit_group(0) = ? [pid 5899] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5899, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=81 /* 0.81 s */} --- umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555695316f0 /* 4 entries */, 32768) = 112 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 120.027416][ T5899] (syz-executor852,5899,1):ocfs2_dio_end_io:2398 ERROR: Direct IO failed, bytes = -28 [ 120.116777][ T5826] ocfs2: Unmounting device (7,0) on (node local) umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555569539730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555569539730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 getdents64(3, 0x5555695316f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5903 attached , child_tidptr=0x555569530650) = 5903 [pid 5903] set_robust_list(0x555569530660, 24) = 0 [pid 5903] chdir("./17") = 0 [pid 5903] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5903] setpgid(0, 0) = 0 [pid 5903] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5903] write(3, "1000", 4) = 4 [pid 5903] close(3) = 0 [pid 5903] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5903] write(1, "executing program\n", 18) = 18 [pid 5903] memfd_create("syzkaller", 0) = 3 [pid 5903] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f250f000000 [pid 5903] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5903] munmap(0x7f250f000000, 138412032) = 0 [pid 5903] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5903] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5903] close(3) = 0 [pid 5903] close(4) = 0 [pid 5903] mkdir("./file0", 0777) = 0 [ 120.711552][ T5903] loop0: detected capacity change from 0 to 32768 [ 120.734476][ T5903] (syz-executor852,5903,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 120.750964][ T5903] (syz-executor852,5903,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 120.775064][ T5903] JBD2: Ignoring recovery information on journal [pid 5903] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5903] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5903] chdir("./file0") = 0 [pid 5903] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 120.814870][ T5903] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5903] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 5903] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5903] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 5903] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY) = 5 [ 120.882782][ T30] audit: type=1800 audit(1749089708.071:19): pid=5903 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor852" name="file1" dev="loop0" ino=16978 res=0 errno=0 [pid 5903] sendfile(4, 5, NULL, 16776834) = 5963776 [pid 5903] exit_group(0) = ? [pid 5903] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5903, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=85 /* 0.85 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555695316f0 /* 4 entries */, 32768) = 112 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 121.592398][ T5903] (syz-executor852,5903,1):ocfs2_dio_end_io:2398 ERROR: Direct IO failed, bytes = -28 [ 121.726543][ T5826] ocfs2: Unmounting device (7,0) on (node local) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555569539730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555569539730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 getdents64(3, 0x5555695316f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5907 attached , child_tidptr=0x555569530650) = 5907 [pid 5907] set_robust_list(0x555569530660, 24) = 0 [pid 5907] chdir("./18") = 0 [pid 5907] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5907] setpgid(0, 0) = 0 [pid 5907] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5907] write(3, "1000", 4) = 4 [pid 5907] close(3) = 0 [pid 5907] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5907] write(1, "executing program\n", 18) = 18 [pid 5907] memfd_create("syzkaller", 0) = 3 [pid 5907] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f250f000000 [pid 5907] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5907] munmap(0x7f250f000000, 138412032) = 0 [pid 5907] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5907] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5907] close(3) = 0 [pid 5907] close(4) = 0 [pid 5907] mkdir("./file0", 0777) = 0 [ 122.342279][ T5907] loop0: detected capacity change from 0 to 32768 [ 122.378432][ T5907] (syz-executor852,5907,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 122.394340][ T5907] (syz-executor852,5907,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 122.420027][ T5907] JBD2: Ignoring recovery information on journal [pid 5907] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5907] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5907] chdir("./file0") = 0 [pid 5907] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 122.455172][ T5907] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5907] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 5907] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5907] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 5907] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY) = 5 [ 122.540144][ T30] audit: type=1800 audit(1749089709.721:20): pid=5907 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor852" name="file1" dev="loop0" ino=16978 res=0 errno=0 [pid 5907] sendfile(4, 5, NULL, 16776834) = 5963776 [pid 5907] exit_group(0) = ? [pid 5907] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5907, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=80 /* 0.80 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555695316f0 /* 4 entries */, 32768) = 112 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 123.246644][ T5907] (syz-executor852,5907,0):ocfs2_dio_end_io:2398 ERROR: Direct IO failed, bytes = -28 [ 123.302683][ T5826] ocfs2: Unmounting device (7,0) on (node local) umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555569539730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555569539730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 getdents64(3, 0x5555695316f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5911 attached , child_tidptr=0x555569530650) = 5911 [pid 5911] set_robust_list(0x555569530660, 24) = 0 [pid 5911] chdir("./19") = 0 [pid 5911] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5911] setpgid(0, 0) = 0 [pid 5911] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5911] write(3, "1000", 4) = 4 [pid 5911] close(3) = 0 [pid 5911] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5911] write(1, "executing program\n", 18executing program ) = 18 [pid 5911] memfd_create("syzkaller", 0) = 3 [pid 5911] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f250f000000 [pid 5911] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5911] munmap(0x7f250f000000, 138412032) = 0 [pid 5911] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5911] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5911] close(3) = 0 [pid 5911] close(4) = 0 [pid 5911] mkdir("./file0", 0777) = 0 [ 123.926771][ T5911] loop0: detected capacity change from 0 to 32768 [ 123.956051][ T5911] (syz-executor852,5911,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 123.971822][ T5911] (syz-executor852,5911,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 124.003001][ T5911] JBD2: Ignoring recovery information on journal [pid 5911] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5911] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5911] chdir("./file0") = 0 [pid 5911] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 124.036170][ T5911] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5911] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 5911] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5911] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 5911] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY) = 5 [ 124.102123][ T30] audit: type=1800 audit(1749089711.291:21): pid=5911 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor852" name="file1" dev="loop0" ino=16978 res=0 errno=0 [pid 5911] sendfile(4, 5, NULL, 16776834) = 5963776 [pid 5911] exit_group(0) = ? [pid 5911] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5911, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=82 /* 0.82 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555695316f0 /* 4 entries */, 32768) = 112 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555569539730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555569539730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 124.813021][ T5911] (syz-executor852,5911,0):ocfs2_dio_end_io:2398 ERROR: Direct IO failed, bytes = -28 [ 124.914883][ T5826] ocfs2: Unmounting device (7,0) on (node local) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 getdents64(3, 0x5555695316f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5915 attached , child_tidptr=0x555569530650) = 5915 [pid 5915] set_robust_list(0x555569530660, 24) = 0 [pid 5915] chdir("./20") = 0 [pid 5915] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5915] setpgid(0, 0) = 0 [pid 5915] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5915] write(3, "1000", 4) = 4 [pid 5915] close(3) = 0 [pid 5915] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5915] write(1, "executing program\n", 18executing program ) = 18 [pid 5915] memfd_create("syzkaller", 0) = 3 [pid 5915] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f250f000000 [pid 5915] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5915] munmap(0x7f250f000000, 138412032) = 0 [pid 5915] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5915] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5915] close(3) = 0 [pid 5915] close(4) = 0 [pid 5915] mkdir("./file0", 0777) = 0 [ 125.423298][ T5915] loop0: detected capacity change from 0 to 32768 [ 125.465872][ T5915] (syz-executor852,5915,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 125.481226][ T5915] (syz-executor852,5915,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 125.506946][ T5915] JBD2: Ignoring recovery information on journal [pid 5915] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5915] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5915] chdir("./file0") = 0 [pid 5915] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5915] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 5915] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 125.537761][ T5915] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5915] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 5915] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY) = 5 [ 125.579904][ T30] audit: type=1800 audit(1749089712.761:22): pid=5915 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor852" name="file1" dev="loop0" ino=16978 res=0 errno=0 [pid 5915] sendfile(4, 5, NULL, 16776834) = 5963776 [pid 5915] exit_group(0) = ? [pid 5915] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5915, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=82 /* 0.82 s */} --- umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555695316f0 /* 4 entries */, 32768) = 112 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 126.278922][ T5915] (syz-executor852,5915,0):ocfs2_dio_end_io:2398 ERROR: Direct IO failed, bytes = -28 [ 126.419605][ T5826] ocfs2: Unmounting device (7,0) on (node local) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555569539730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555569539730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 getdents64(3, 0x5555695316f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5919 attached [pid 5919] set_robust_list(0x555569530660, 24 [pid 5826] <... clone resumed>, child_tidptr=0x555569530650) = 5919 [pid 5919] <... set_robust_list resumed>) = 0 [pid 5919] chdir("./21") = 0 [pid 5919] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5919] setpgid(0, 0) = 0 [pid 5919] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5919] write(3, "1000", 4) = 4 [pid 5919] close(3) = 0 [pid 5919] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5919] write(1, "executing program\n", 18executing program ) = 18 [pid 5919] memfd_create("syzkaller", 0) = 3 [pid 5919] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f250f000000 [pid 5919] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5919] munmap(0x7f250f000000, 138412032) = 0 [pid 5919] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5919] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5919] close(3) = 0 [pid 5919] close(4) = 0 [pid 5919] mkdir("./file0", 0777) = 0 [ 126.965763][ T5919] loop0: detected capacity change from 0 to 32768 [ 126.987728][ T5919] (syz-executor852,5919,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 127.003046][ T5919] (syz-executor852,5919,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 127.029346][ T5919] JBD2: Ignoring recovery information on journal [pid 5919] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5919] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5919] chdir("./file0") = 0 [pid 5919] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5919] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [ 127.075155][ T5919] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5919] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5919] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 5919] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY) = 5 [ 127.147713][ T30] audit: type=1800 audit(1749089714.331:23): pid=5919 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor852" name="file1" dev="loop0" ino=16978 res=0 errno=0 [pid 5919] sendfile(4, 5, NULL, 16776834) = 5963776 [pid 5919] exit_group(0) = ? [pid 5919] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5919, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=82 /* 0.82 s */} --- umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555695316f0 /* 4 entries */, 32768) = 112 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 127.857956][ T5919] (syz-executor852,5919,1):ocfs2_dio_end_io:2398 ERROR: Direct IO failed, bytes = -28 [ 127.954470][ T5826] ocfs2: Unmounting device (7,0) on (node local) umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555569539730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555569539730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 getdents64(3, 0x5555695316f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5924 attached , child_tidptr=0x555569530650) = 5924 [pid 5924] set_robust_list(0x555569530660, 24) = 0 [pid 5924] chdir("./22") = 0 [pid 5924] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5924] setpgid(0, 0) = 0 [pid 5924] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5924] write(3, "1000", 4) = 4 [pid 5924] close(3) = 0 [pid 5924] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5924] write(1, "executing program\n", 18executing program ) = 18 [pid 5924] memfd_create("syzkaller", 0) = 3 [pid 5924] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f250f000000 [pid 5924] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5924] munmap(0x7f250f000000, 138412032) = 0 [pid 5924] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5924] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5924] close(3) = 0 [pid 5924] close(4) = 0 [pid 5924] mkdir("./file0", 0777) = 0 [ 128.659427][ T5924] loop0: detected capacity change from 0 to 32768 [ 128.703319][ T5924] (syz-executor852,5924,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 128.721406][ T5924] (syz-executor852,5924,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 128.745842][ T5924] JBD2: Ignoring recovery information on journal [pid 5924] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5924] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5924] chdir("./file0") = 0 [pid 5924] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 128.779706][ T5924] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5924] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 5924] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5924] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 5924] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY) = 5 [ 128.849391][ T30] audit: type=1800 audit(1749089716.031:24): pid=5924 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor852" name="file1" dev="loop0" ino=16978 res=0 errno=0 [pid 5924] sendfile(4, 5, NULL, 16776834) = 5963776 [pid 5924] exit_group(0) = ? [pid 5924] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5924, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=82 /* 0.82 s */} --- umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555695316f0 /* 4 entries */, 32768) = 112 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555569539730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555569539730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 getdents64(3, 0x5555695316f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 129.563831][ T5924] (syz-executor852,5924,0):ocfs2_dio_end_io:2398 ERROR: Direct IO failed, bytes = -28 [ 129.688690][ T5826] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5931 attached , child_tidptr=0x555569530650) = 5931 [pid 5931] set_robust_list(0x555569530660, 24) = 0 [pid 5931] chdir("./23") = 0 [pid 5931] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5931] setpgid(0, 0) = 0 [pid 5931] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5931] write(3, "1000", 4) = 4 [pid 5931] close(3) = 0 [pid 5931] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5931] write(1, "executing program\n", 18executing program ) = 18 [pid 5931] memfd_create("syzkaller", 0) = 3 [pid 5931] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f250f000000 [pid 5931] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5931] munmap(0x7f250f000000, 138412032) = 0 [pid 5931] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5931] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5931] close(3) = 0 [pid 5931] close(4) = 0 [pid 5931] mkdir("./file0", 0777) = 0 [ 130.109145][ T5931] loop0: detected capacity change from 0 to 32768 [ 130.144054][ T5931] (syz-executor852,5931,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 130.160895][ T5931] (syz-executor852,5931,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 130.183717][ T5931] JBD2: Ignoring recovery information on journal [pid 5931] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5931] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5931] chdir("./file0") = 0 [pid 5931] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 130.217913][ T5931] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5931] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 5931] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5931] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 5931] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY) = 5 [ 130.292367][ T30] audit: type=1800 audit(1749089717.481:25): pid=5931 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor852" name="file1" dev="loop0" ino=16978 res=0 errno=0 [pid 5931] sendfile(4, 5, NULL, 16776834) = 5963776 [pid 5931] exit_group(0) = ? [pid 5931] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5931, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=80 /* 0.80 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555695316f0 /* 4 entries */, 32768) = 112 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 130.989983][ T5931] (syz-executor852,5931,0):ocfs2_dio_end_io:2398 ERROR: Direct IO failed, bytes = -28 [ 131.109303][ T5826] ocfs2: Unmounting device (7,0) on (node local) newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555569539730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555569539730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 getdents64(3, 0x5555695316f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5937 attached , child_tidptr=0x555569530650) = 5937 [pid 5937] set_robust_list(0x555569530660, 24) = 0 [pid 5937] chdir("./24") = 0 [pid 5937] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5937] setpgid(0, 0) = 0 [pid 5937] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5937] write(3, "1000", 4) = 4 [pid 5937] close(3) = 0 [pid 5937] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5937] write(1, "executing program\n", 18) = 18 [pid 5937] memfd_create("syzkaller", 0) = 3 [pid 5937] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f250f000000 [pid 5937] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5937] munmap(0x7f250f000000, 138412032) = 0 [pid 5937] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5937] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5937] close(3) = 0 [pid 5937] close(4) = 0 [pid 5937] mkdir("./file0", 0777) = 0 [ 131.695037][ T5937] loop0: detected capacity change from 0 to 32768 [ 131.722016][ T5937] (syz-executor852,5937,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 131.737228][ T5937] (syz-executor852,5937,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 131.769511][ T5937] JBD2: Ignoring recovery information on journal [pid 5937] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5937] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5937] chdir("./file0") = 0 [pid 5937] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5937] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 5937] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5937] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [ 131.804434][ T5937] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5937] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY) = 5 [ 131.855711][ T30] audit: type=1800 audit(1749089719.041:26): pid=5937 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor852" name="file1" dev="loop0" ino=16978 res=0 errno=0 [pid 5937] sendfile(4, 5, NULL, 16776834) = 5963776 [pid 5937] exit_group(0) = ? [pid 5937] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5937, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=75 /* 0.75 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555695316f0 /* 4 entries */, 32768) = 112 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 132.558653][ T5937] (syz-executor852,5937,0):ocfs2_dio_end_io:2398 ERROR: Direct IO failed, bytes = -28 [ 132.696727][ T5826] ocfs2: Unmounting device (7,0) on (node local) umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555569539730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555569539730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 getdents64(3, 0x5555695316f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5941 attached , child_tidptr=0x555569530650) = 5941 [pid 5941] set_robust_list(0x555569530660, 24) = 0 [pid 5941] chdir("./25") = 0 [pid 5941] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5941] setpgid(0, 0) = 0 [pid 5941] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5941] write(3, "1000", 4) = 4 [pid 5941] close(3) = 0 [pid 5941] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5941] write(1, "executing program\n", 18) = 18 [pid 5941] memfd_create("syzkaller", 0) = 3 [pid 5941] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f250f000000 [pid 5941] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5941] munmap(0x7f250f000000, 138412032) = 0 [pid 5941] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5941] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5941] close(3) = 0 [pid 5941] close(4) = 0 [pid 5941] mkdir("./file0", 0777) = 0 [ 133.336333][ T5941] loop0: detected capacity change from 0 to 32768 [ 133.366262][ T5941] (syz-executor852,5941,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 133.382149][ T5941] (syz-executor852,5941,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 133.406022][ T5941] JBD2: Ignoring recovery information on journal [pid 5941] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5941] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5941] chdir("./file0") = 0 [pid 5941] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5941] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 5941] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5941] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [ 133.449727][ T5941] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5941] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY) = 5 [ 133.493887][ T30] audit: type=1800 audit(1749089720.681:27): pid=5941 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor852" name="file1" dev="loop0" ino=16978 res=0 errno=0 [pid 5941] sendfile(4, 5, NULL, 16776834) = 5963776 [pid 5941] exit_group(0) = ? [pid 5941] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5941, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=82 /* 0.82 s */} --- umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555695316f0 /* 4 entries */, 32768) = 112 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 134.212721][ T5941] (syz-executor852,5941,0):ocfs2_dio_end_io:2398 ERROR: Direct IO failed, bytes = -28 [ 134.335880][ T5826] ocfs2: Unmounting device (7,0) on (node local) umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555569539730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555569539730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 getdents64(3, 0x5555695316f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5945 attached , child_tidptr=0x555569530650) = 5945 [pid 5945] set_robust_list(0x555569530660, 24) = 0 [pid 5945] chdir("./26") = 0 [pid 5945] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5945] setpgid(0, 0) = 0 [pid 5945] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5945] write(3, "1000", 4) = 4 [pid 5945] close(3) = 0 [pid 5945] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5945] write(1, "executing program\n", 18) = 18 [pid 5945] memfd_create("syzkaller", 0) = 3 [pid 5945] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f250f000000 [pid 5945] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5945] munmap(0x7f250f000000, 138412032) = 0 [pid 5945] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5945] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5945] close(3) = 0 [pid 5945] close(4) = 0 [pid 5945] mkdir("./file0", 0777) = 0 [ 134.959474][ T5945] loop0: detected capacity change from 0 to 32768 [ 134.997760][ T5945] (syz-executor852,5945,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 135.013462][ T5945] (syz-executor852,5945,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 135.040240][ T5945] JBD2: Ignoring recovery information on journal [pid 5945] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5945] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5945] chdir("./file0") = 0 [pid 5945] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5945] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 5945] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 135.073825][ T5945] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5945] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 5945] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY) = 5 [ 135.117442][ T30] audit: type=1800 audit(1749089722.301:28): pid=5945 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor852" name="file1" dev="loop0" ino=16978 res=0 errno=0 [pid 5945] sendfile(4, 5, NULL, 16776834) = 5963776 [pid 5945] exit_group(0) = ? [pid 5945] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5945, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=77 /* 0.77 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555695316f0 /* 4 entries */, 32768) = 112 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 135.829402][ T5945] (syz-executor852,5945,1):ocfs2_dio_end_io:2398 ERROR: Direct IO failed, bytes = -28 [ 135.986467][ T5826] ocfs2: Unmounting device (7,0) on (node local) newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555569539730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555569539730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 getdents64(3, 0x5555695316f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5949 attached [pid 5949] set_robust_list(0x555569530660, 24 [pid 5826] <... clone resumed>, child_tidptr=0x555569530650) = 5949 [pid 5949] <... set_robust_list resumed>) = 0 [pid 5949] chdir("./27") = 0 [pid 5949] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5949] setpgid(0, 0) = 0 [pid 5949] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5949] write(3, "1000", 4) = 4 [pid 5949] close(3) = 0 [pid 5949] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5949] write(1, "executing program\n", 18) = 18 [pid 5949] memfd_create("syzkaller", 0) = 3 [pid 5949] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f250f000000 [pid 5949] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5949] munmap(0x7f250f000000, 138412032) = 0 [pid 5949] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5949] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5949] close(3) = 0 [pid 5949] close(4) = 0 [pid 5949] mkdir("./file0", 0777) = 0 [ 136.579083][ T5949] loop0: detected capacity change from 0 to 32768 [ 136.609764][ T5949] (syz-executor852,5949,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 136.624663][ T5949] (syz-executor852,5949,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 136.660681][ T5949] JBD2: Ignoring recovery information on journal [pid 5949] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5949] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5949] chdir("./file0") = 0 [pid 5949] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5949] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 5949] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5949] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 5949] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY) = 5 [ 136.693939][ T5949] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 136.727678][ T30] audit: type=1800 audit(1749089723.911:29): pid=5949 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor852" name="file1" dev="loop0" ino=16978 res=0 errno=0 [pid 5949] sendfile(4, 5, NULL, 16776834) = 5963776 [pid 5949] exit_group(0) = ? [pid 5949] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5949, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=78 /* 0.78 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555695316f0 /* 4 entries */, 32768) = 112 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 137.428133][ T5949] (syz-executor852,5949,0):ocfs2_dio_end_io:2398 ERROR: Direct IO failed, bytes = -28 [ 137.582359][ T5826] ocfs2: Unmounting device (7,0) on (node local) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555569539730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555569539730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 getdents64(3, 0x5555695316f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5953 attached , child_tidptr=0x555569530650) = 5953 [pid 5953] set_robust_list(0x555569530660, 24) = 0 [pid 5953] chdir("./28") = 0 [pid 5953] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5953] setpgid(0, 0) = 0 [pid 5953] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5953] write(3, "1000", 4) = 4 [pid 5953] close(3) = 0 [pid 5953] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5953] write(1, "executing program\n", 18executing program ) = 18 [pid 5953] memfd_create("syzkaller", 0) = 3 [pid 5953] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f250f000000 [pid 5953] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5953] munmap(0x7f250f000000, 138412032) = 0 [pid 5953] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5953] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5953] close(3) = 0 [pid 5953] close(4) = 0 [pid 5953] mkdir("./file0", 0777) = 0 [ 138.174136][ T5953] loop0: detected capacity change from 0 to 32768 [ 138.200259][ T5953] (syz-executor852,5953,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 138.216068][ T5953] (syz-executor852,5953,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 138.254156][ T5953] JBD2: Ignoring recovery information on journal [pid 5953] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5953] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5953] chdir("./file0") = 0 [pid 5953] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 138.292659][ T5953] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5953] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 5953] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5953] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 5953] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY) = 5 [ 138.393748][ T30] audit: type=1800 audit(1749089725.581:30): pid=5953 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor852" name="file1" dev="loop0" ino=16978 res=0 errno=0 [pid 5953] sendfile(4, 5, NULL, 16776834) = 5963776 [pid 5953] exit_group(0) = ? [pid 5953] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5953, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=81 /* 0.81 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555695316f0 /* 4 entries */, 32768) = 112 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 139.101374][ T5953] (syz-executor852,5953,0):ocfs2_dio_end_io:2398 ERROR: Direct IO failed, bytes = -28 [ 139.265096][ T5826] ocfs2: Unmounting device (7,0) on (node local) umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555569539730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555569539730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 getdents64(3, 0x5555695316f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5957 attached , child_tidptr=0x555569530650) = 5957 [pid 5957] set_robust_list(0x555569530660, 24) = 0 [pid 5957] chdir("./29") = 0 [pid 5957] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5957] setpgid(0, 0) = 0 [pid 5957] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5957] write(3, "1000", 4) = 4 [pid 5957] close(3) = 0 [pid 5957] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5957] write(1, "executing program\n", 18) = 18 [pid 5957] memfd_create("syzkaller", 0) = 3 [pid 5957] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f250f000000 [pid 5957] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5957] munmap(0x7f250f000000, 138412032) = 0 [pid 5957] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5957] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5957] close(3) = 0 [pid 5957] close(4) = 0 [pid 5957] mkdir("./file0", 0777) = 0 [ 139.869308][ T5957] loop0: detected capacity change from 0 to 32768 [ 139.898047][ T5957] (syz-executor852,5957,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 139.913322][ T5957] (syz-executor852,5957,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 139.939330][ T5957] JBD2: Ignoring recovery information on journal [pid 5957] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5957] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5957] chdir("./file0") = 0 [pid 5957] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5957] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [ 139.973481][ T5957] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5957] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5957] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 5957] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY) = 5 [ 140.046952][ T30] audit: type=1800 audit(1749089727.231:31): pid=5957 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor852" name="file1" dev="loop0" ino=16978 res=0 errno=0 [pid 5957] sendfile(4, 5, NULL, 16776834) = 5963776 [pid 5957] exit_group(0) = ? [pid 5957] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5957, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=78 /* 0.78 s */} --- umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555695316f0 /* 4 entries */, 32768) = 112 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 140.742543][ T5957] (syz-executor852,5957,0):ocfs2_dio_end_io:2398 ERROR: Direct IO failed, bytes = -28 [ 140.886478][ T5826] ocfs2: Unmounting device (7,0) on (node local) umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555569539730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555569539730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 getdents64(3, 0x5555695316f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5961 attached , child_tidptr=0x555569530650) = 5961 [pid 5961] set_robust_list(0x555569530660, 24) = 0 [pid 5961] chdir("./30") = 0 [pid 5961] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5961] setpgid(0, 0) = 0 [pid 5961] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5961] write(3, "1000", 4) = 4 [pid 5961] close(3) = 0 [pid 5961] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5961] write(1, "executing program\n", 18) = 18 [pid 5961] memfd_create("syzkaller", 0) = 3 [pid 5961] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f250f000000 [pid 5961] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5961] munmap(0x7f250f000000, 138412032) = 0 [pid 5961] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5961] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5961] close(3) = 0 [pid 5961] close(4) = 0 [pid 5961] mkdir("./file0", 0777) = 0 [ 141.465071][ T5961] loop0: detected capacity change from 0 to 32768 [ 141.489745][ T5961] (syz-executor852,5961,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 141.504856][ T5961] (syz-executor852,5961,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [pid 5961] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5961] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5961] chdir("./file0") = 0 [pid 5961] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 141.536325][ T5961] JBD2: Ignoring recovery information on journal [ 141.575966][ T5961] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5961] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 5961] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5961] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 5961] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY) = 5 [ 141.632480][ T30] audit: type=1800 audit(1749089728.821:32): pid=5961 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor852" name="file1" dev="loop0" ino=16978 res=0 errno=0 [pid 5961] sendfile(4, 5, NULL, 16776834) = 5963776 [pid 5961] exit_group(0) = ? [pid 5961] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5961, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=79 /* 0.79 s */} --- umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555695316f0 /* 4 entries */, 32768) = 112 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555569539730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555569539730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 getdents64(3, 0x5555695316f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 142.318970][ T5961] (syz-executor852,5961,1):ocfs2_dio_end_io:2398 ERROR: Direct IO failed, bytes = -28 [ 142.463471][ T5826] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5965 attached , child_tidptr=0x555569530650) = 5965 [pid 5965] set_robust_list(0x555569530660, 24) = 0 [pid 5965] chdir("./31") = 0 [pid 5965] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5965] setpgid(0, 0) = 0 [pid 5965] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5965] write(3, "1000", 4) = 4 [pid 5965] close(3) = 0 [pid 5965] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5965] write(1, "executing program\n", 18executing program ) = 18 [pid 5965] memfd_create("syzkaller", 0) = 3 [pid 5965] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f250f000000 [pid 5965] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5965] munmap(0x7f250f000000, 138412032) = 0 [pid 5965] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5965] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5965] close(3) = 0 [pid 5965] close(4) = 0 [pid 5965] mkdir("./file0", 0777) = 0 [ 142.885256][ T5965] loop0: detected capacity change from 0 to 32768 [ 142.904690][ T5965] (syz-executor852,5965,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 142.921219][ T5965] (syz-executor852,5965,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [pid 5965] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5965] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5965] chdir("./file0") = 0 [pid 5965] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 142.945805][ T5965] JBD2: Ignoring recovery information on journal [ 142.985672][ T5965] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5965] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 5965] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5965] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 5965] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY) = 5 [ 143.044240][ T30] audit: type=1800 audit(1749089730.231:33): pid=5965 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor852" name="file1" dev="loop0" ino=16978 res=0 errno=0 [pid 5965] sendfile(4, 5, NULL, 16776834) = 5963776 [pid 5965] exit_group(0) = ? [pid 5965] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5965, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=86 /* 0.86 s */} --- umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555695316f0 /* 4 entries */, 32768) = 112 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 143.754466][ T5965] (syz-executor852,5965,0):ocfs2_dio_end_io:2398 ERROR: Direct IO failed, bytes = -28 [ 143.869773][ T5826] ocfs2: Unmounting device (7,0) on (node local) umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555569539730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555569539730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 getdents64(3, 0x5555695316f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5969 attached [pid 5969] set_robust_list(0x555569530660, 24 [pid 5826] <... clone resumed>, child_tidptr=0x555569530650) = 5969 [pid 5969] <... set_robust_list resumed>) = 0 [pid 5969] chdir("./32") = 0 [pid 5969] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5969] setpgid(0, 0) = 0 [pid 5969] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5969] write(3, "1000", 4) = 4 [pid 5969] close(3) = 0 [pid 5969] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5969] write(1, "executing program\n", 18) = 18 [pid 5969] memfd_create("syzkaller", 0) = 3 [pid 5969] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f250f000000 [pid 5969] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5969] munmap(0x7f250f000000, 138412032) = 0 [pid 5969] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5969] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5969] close(3) = 0 [pid 5969] close(4) = 0 [pid 5969] mkdir("./file0", 0777) = 0 [ 144.523179][ T5969] loop0: detected capacity change from 0 to 32768 [ 144.558529][ T5969] (syz-executor852,5969,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 144.573442][ T5969] (syz-executor852,5969,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 144.602489][ T5969] JBD2: Ignoring recovery information on journal [pid 5969] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5969] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5969] chdir("./file0") = 0 [pid 5969] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 144.636589][ T5969] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5969] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 5969] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5969] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 5969] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY) = 5 [ 144.702726][ T30] audit: type=1800 audit(1749089731.891:34): pid=5969 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor852" name="file1" dev="loop0" ino=16978 res=0 errno=0 [pid 5969] sendfile(4, 5, NULL, 16776834) = 5963776 [pid 5969] exit_group(0) = ? [pid 5969] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5969, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=78 /* 0.78 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555695316f0 /* 4 entries */, 32768) = 112 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 145.405947][ T5969] (syz-executor852,5969,1):ocfs2_dio_end_io:2398 ERROR: Direct IO failed, bytes = -28 [ 145.553070][ T5826] ocfs2: Unmounting device (7,0) on (node local) umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555569539730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555569539730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = 0 umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 getdents64(3, 0x5555695316f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5973 attached , child_tidptr=0x555569530650) = 5973 [pid 5973] set_robust_list(0x555569530660, 24) = 0 [pid 5973] chdir("./33") = 0 [pid 5973] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5973] setpgid(0, 0) = 0 [pid 5973] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5973] write(3, "1000", 4) = 4 [pid 5973] close(3) = 0 [pid 5973] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5973] write(1, "executing program\n", 18executing program ) = 18 [pid 5973] memfd_create("syzkaller", 0) = 3 [pid 5973] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f250f000000 [pid 5973] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5973] munmap(0x7f250f000000, 138412032) = 0 [pid 5973] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5973] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5973] close(3) = 0 [pid 5973] close(4) = 0 [pid 5973] mkdir("./file0", 0777) = 0 [ 146.197517][ T5973] loop0: detected capacity change from 0 to 32768 [ 146.230035][ T5973] (syz-executor852,5973,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 146.245051][ T5973] (syz-executor852,5973,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 146.271803][ T5973] JBD2: Ignoring recovery information on journal [pid 5973] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5973] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5973] chdir("./file0") = 0 [pid 5973] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 146.313028][ T5973] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5973] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 5973] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5973] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 5973] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY) = 5 [ 146.387382][ T30] audit: type=1800 audit(1749089733.571:35): pid=5973 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor852" name="file1" dev="loop0" ino=16978 res=0 errno=0 [pid 5973] sendfile(4, 5, NULL, 16776834) = 5963776 [pid 5973] exit_group(0) = ? [pid 5973] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5973, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=75 /* 0.75 s */} --- umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555695316f0 /* 4 entries */, 32768) = 112 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 147.084337][ T5973] (syz-executor852,5973,0):ocfs2_dio_end_io:2398 ERROR: Direct IO failed, bytes = -28 [ 147.219516][ T5826] ocfs2: Unmounting device (7,0) on (node local) newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555569539730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555569539730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file0") = 0 umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 getdents64(3, 0x5555695316f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5977 attached , child_tidptr=0x555569530650) = 5977 [pid 5977] set_robust_list(0x555569530660, 24) = 0 [pid 5977] chdir("./34") = 0 [pid 5977] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5977] setpgid(0, 0) = 0 [pid 5977] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5977] write(3, "1000", 4) = 4 [pid 5977] close(3) = 0 [pid 5977] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5977] write(1, "executing program\n", 18) = 18 [pid 5977] memfd_create("syzkaller", 0) = 3 [pid 5977] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f250f000000 [pid 5977] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5977] munmap(0x7f250f000000, 138412032) = 0 [pid 5977] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5977] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5977] close(3) = 0 [pid 5977] close(4) = 0 [pid 5977] mkdir("./file0", 0777) = 0 [ 147.798022][ T5977] loop0: detected capacity change from 0 to 32768 [ 147.834417][ T5977] (syz-executor852,5977,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 147.850088][ T5977] (syz-executor852,5977,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 147.874297][ T5977] JBD2: Ignoring recovery information on journal [pid 5977] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5977] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5977] chdir("./file0") = 0 [pid 5977] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5977] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [ 147.912308][ T5977] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5977] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5977] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 5977] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY) = 5 [ 147.984550][ T30] audit: type=1800 audit(1749089735.171:36): pid=5977 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor852" name="file1" dev="loop0" ino=16978 res=0 errno=0 [pid 5977] sendfile(4, 5, NULL, 16776834) = 5963776 [pid 5977] exit_group(0) = ? [pid 5977] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5977, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=79 /* 0.79 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555695316f0 /* 4 entries */, 32768) = 112 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 148.702406][ T5977] (syz-executor852,5977,0):ocfs2_dio_end_io:2398 ERROR: Direct IO failed, bytes = -28 [ 148.816415][ T5826] ocfs2: Unmounting device (7,0) on (node local) umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555569539730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555569539730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file0") = 0 umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 getdents64(3, 0x5555695316f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5981 attached , child_tidptr=0x555569530650) = 5981 [pid 5981] set_robust_list(0x555569530660, 24) = 0 [pid 5981] chdir("./35") = 0 [pid 5981] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5981] setpgid(0, 0) = 0 [pid 5981] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5981] write(3, "1000", 4) = 4 [pid 5981] close(3) = 0 [pid 5981] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5981] write(1, "executing program\n", 18) = 18 [pid 5981] memfd_create("syzkaller", 0) = 3 [pid 5981] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f250f000000 [pid 5981] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5981] munmap(0x7f250f000000, 138412032) = 0 [pid 5981] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5981] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5981] close(3) = 0 [pid 5981] close(4) = 0 [pid 5981] mkdir("./file0", 0777) = 0 [ 149.402022][ T5981] loop0: detected capacity change from 0 to 32768 [ 149.446589][ T5981] (syz-executor852,5981,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 149.461644][ T5981] (syz-executor852,5981,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 149.491726][ T5981] JBD2: Ignoring recovery information on journal [pid 5981] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5981] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5981] chdir("./file0") = 0 [pid 5981] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5981] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [ 149.521787][ T5981] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5981] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5981] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 5981] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY) = 5 [ 149.589141][ T30] audit: type=1800 audit(1749089736.771:37): pid=5981 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor852" name="file1" dev="loop0" ino=16978 res=0 errno=0 [pid 5981] sendfile(4, 5, NULL, 16776834) = 5963776 [pid 5981] exit_group(0) = ? [pid 5981] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5981, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=79 /* 0.79 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555695316f0 /* 4 entries */, 32768) = 112 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 150.275201][ T5981] (syz-executor852,5981,1):ocfs2_dio_end_io:2398 ERROR: Direct IO failed, bytes = -28 [ 150.397816][ T5826] ocfs2: Unmounting device (7,0) on (node local) newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555569539730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555569539730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file0") = 0 umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 getdents64(3, 0x5555695316f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5985 attached , child_tidptr=0x555569530650) = 5985 [pid 5985] set_robust_list(0x555569530660, 24) = 0 [pid 5985] chdir("./36") = 0 [pid 5985] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5985] setpgid(0, 0) = 0 [pid 5985] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5985] write(3, "1000", 4) = 4 [pid 5985] close(3) = 0 [pid 5985] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5985] write(1, "executing program\n", 18) = 18 [pid 5985] memfd_create("syzkaller", 0) = 3 [pid 5985] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f250f000000 [pid 5985] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5985] munmap(0x7f250f000000, 138412032) = 0 [pid 5985] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5985] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5985] close(3) = 0 [pid 5985] close(4) = 0 [pid 5985] mkdir("./file0", 0777) = 0 [ 151.064158][ T5985] loop0: detected capacity change from 0 to 32768 [ 151.089923][ T5985] (syz-executor852,5985,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 151.105166][ T5985] (syz-executor852,5985,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 151.131031][ T5985] JBD2: Ignoring recovery information on journal [pid 5985] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5985] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5985] chdir("./file0") = 0 [pid 5985] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5985] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 5985] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 151.177039][ T5985] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5985] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 5985] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY) = 5 [ 151.223738][ T30] audit: type=1800 audit(1749089738.411:38): pid=5985 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor852" name="file1" dev="loop0" ino=16978 res=0 errno=0 [pid 5985] sendfile(4, 5, NULL, 16776834) = 5963776 [pid 5985] exit_group(0) = ? [pid 5985] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5985, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=79 /* 0.79 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555695316f0 /* 4 entries */, 32768) = 112 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 151.930029][ T5985] (syz-executor852,5985,1):ocfs2_dio_end_io:2398 ERROR: Direct IO failed, bytes = -28 [ 152.076988][ T5826] ocfs2: Unmounting device (7,0) on (node local) newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555569539730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555569539730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file0") = 0 umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 getdents64(3, 0x5555695316f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5989 attached , child_tidptr=0x555569530650) = 5989 [pid 5989] set_robust_list(0x555569530660, 24) = 0 [pid 5989] chdir("./37") = 0 [pid 5989] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5989] setpgid(0, 0) = 0 [pid 5989] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5989] write(3, "1000", 4) = 4 [pid 5989] close(3) = 0 [pid 5989] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5989] write(1, "executing program\n", 18) = 18 [pid 5989] memfd_create("syzkaller", 0) = 3 [pid 5989] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f250f000000 [pid 5989] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5989] munmap(0x7f250f000000, 138412032) = 0 [pid 5989] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5989] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5989] close(3) = 0 [pid 5989] close(4) = 0 [pid 5989] mkdir("./file0", 0777) = 0 [ 152.683124][ T5989] loop0: detected capacity change from 0 to 32768 [ 152.727646][ T5989] (syz-executor852,5989,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 152.755996][ T5989] (syz-executor852,5989,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [pid 5989] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5989] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5989] chdir("./file0") = 0 [pid 5989] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5989] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 5989] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 152.779052][ T5989] JBD2: Ignoring recovery information on journal [ 152.808811][ T5989] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5989] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 5989] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY) = 5 [ 152.846496][ T30] audit: type=1800 audit(1749089740.031:39): pid=5989 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor852" name="file1" dev="loop0" ino=16978 res=0 errno=0 [pid 5989] sendfile(4, 5, NULL, 16776834) = 5963776 [pid 5989] exit_group(0) = ? [pid 5989] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5989, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=77 /* 0.77 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555695316f0 /* 4 entries */, 32768) = 112 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 153.544767][ T5989] (syz-executor852,5989,1):ocfs2_dio_end_io:2398 ERROR: Direct IO failed, bytes = -28 [ 153.711393][ T5826] ocfs2: Unmounting device (7,0) on (node local) umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555569539730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555569539730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file0") = 0 umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 getdents64(3, 0x5555695316f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5993 attached , child_tidptr=0x555569530650) = 5993 [pid 5993] set_robust_list(0x555569530660, 24) = 0 [pid 5993] chdir("./38") = 0 [pid 5993] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5993] setpgid(0, 0) = 0 [pid 5993] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5993] write(3, "1000", 4) = 4 [pid 5993] close(3) = 0 [pid 5993] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5993] write(1, "executing program\n", 18executing program ) = 18 [pid 5993] memfd_create("syzkaller", 0) = 3 [pid 5993] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f250f000000 [pid 5993] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5993] munmap(0x7f250f000000, 138412032) = 0 [pid 5993] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5993] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5993] close(3) = 0 [pid 5993] close(4) = 0 [pid 5993] mkdir("./file0", 0777) = 0 [ 154.354783][ T5993] loop0: detected capacity change from 0 to 32768 [ 154.382672][ T5993] (syz-executor852,5993,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 154.397507][ T5993] (syz-executor852,5993,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 154.431465][ T5993] JBD2: Ignoring recovery information on journal [pid 5993] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5993] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5993] chdir("./file0") = 0 [pid 5993] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5993] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 5993] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 154.462417][ T5993] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5993] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 5993] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY) = 5 [ 154.497140][ T30] audit: type=1800 audit(1749089741.681:40): pid=5993 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor852" name="file1" dev="loop0" ino=16978 res=0 errno=0 [pid 5993] sendfile(4, 5, NULL, 16776834) = 5963776 [pid 5993] exit_group(0) = ? [pid 5993] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5993, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=81 /* 0.81 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555695316f0 /* 4 entries */, 32768) = 112 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 155.189526][ T5993] (syz-executor852,5993,0):ocfs2_dio_end_io:2398 ERROR: Direct IO failed, bytes = -28 [ 155.347322][ T5826] ocfs2: Unmounting device (7,0) on (node local) umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555569539730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555569539730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file0") = 0 umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 getdents64(3, 0x5555695316f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5997 attached , child_tidptr=0x555569530650) = 5997 [pid 5997] set_robust_list(0x555569530660, 24) = 0 [pid 5997] chdir("./39") = 0 [pid 5997] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5997] setpgid(0, 0) = 0 [pid 5997] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5997] write(3, "1000", 4) = 4 [pid 5997] close(3) = 0 [pid 5997] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5997] write(1, "executing program\n", 18) = 18 [pid 5997] memfd_create("syzkaller", 0) = 3 [pid 5997] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f250f000000 [pid 5997] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5997] munmap(0x7f250f000000, 138412032) = 0 [pid 5997] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5997] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5997] close(3) = 0 [pid 5997] close(4) = 0 [pid 5997] mkdir("./file0", 0777) = 0 [ 156.003082][ T5997] loop0: detected capacity change from 0 to 32768 [ 156.039057][ T5997] (syz-executor852,5997,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 156.054446][ T5997] (syz-executor852,5997,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 156.084870][ T5997] JBD2: Ignoring recovery information on journal [pid 5997] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 5997] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5997] chdir("./file0") = 0 [pid 5997] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5997] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [ 156.114206][ T5997] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5997] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5997] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 5997] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY) = 5 [ 156.198394][ T30] audit: type=1800 audit(1749089743.381:41): pid=5997 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor852" name="file1" dev="loop0" ino=16978 res=0 errno=0 [pid 5997] sendfile(4, 5, NULL, 16776834) = 5963776 [pid 5997] exit_group(0) = ? [pid 5997] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5997, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=79 /* 0.79 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555695316f0 /* 4 entries */, 32768) = 112 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 156.892686][ T5997] (syz-executor852,5997,1):ocfs2_dio_end_io:2398 ERROR: Direct IO failed, bytes = -28 [ 157.016102][ T5826] ocfs2: Unmounting device (7,0) on (node local) umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555569539730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555569539730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file0") = 0 umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 getdents64(3, 0x5555695316f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6001 attached , child_tidptr=0x555569530650) = 6001 [pid 6001] set_robust_list(0x555569530660, 24) = 0 [pid 6001] chdir("./40") = 0 [pid 6001] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6001] setpgid(0, 0) = 0 [pid 6001] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6001] write(3, "1000", 4) = 4 [pid 6001] close(3) = 0 [pid 6001] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6001] write(1, "executing program\n", 18) = 18 [pid 6001] memfd_create("syzkaller", 0) = 3 [pid 6001] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f250f000000 [pid 6001] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 6001] munmap(0x7f250f000000, 138412032) = 0 [pid 6001] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6001] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6001] close(3) = 0 [pid 6001] close(4) = 0 [pid 6001] mkdir("./file0", 0777) = 0 [ 157.571516][ T6001] loop0: detected capacity change from 0 to 32768 [ 157.616467][ T6001] (syz-executor852,6001,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 157.631292][ T6001] (syz-executor852,6001,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [pid 6001] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 6001] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6001] chdir("./file0") = 0 [pid 6001] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 157.669166][ T6001] JBD2: Ignoring recovery information on journal [ 157.699905][ T6001] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 6001] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 6001] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6001] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 6001] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY) = 5 [ 157.758240][ T30] audit: type=1800 audit(1749089744.941:42): pid=6001 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor852" name="file1" dev="loop0" ino=16978 res=0 errno=0 [ 157.789346][ T6001] [ 157.792643][ T6001] ====================================================== [ 157.801157][ T6001] WARNING: possible circular locking dependency detected [ 157.808628][ T6001] 6.15.0-syzkaller-11802-g1af80d00e1e0 #0 Not tainted [ 157.816023][ T6001] ------------------------------------------------------ [ 157.823212][ T6001] syz-executor852/6001 is trying to acquire lock: [ 157.830009][ T6001] ffff8880772942c0 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]){+.+.}-{4:4}, at: ocfs2_del_inode_from_orphan+0x134/0x740 [ 157.843539][ T6001] [ 157.843539][ T6001] but task is already holding lock: [ 157.851313][ T6001] ffff888077353f60 (&ocfs2_quota_ip_alloc_sem_key){++++}-{4:4}, at: ocfs2_dio_end_io+0x389/0x10f0 [ 157.862405][ T6001] [ 157.862405][ T6001] which lock already depends on the new lock. [ 157.862405][ T6001] [ 157.873345][ T6001] [ 157.873345][ T6001] the existing dependency chain (in reverse order) is: [ 157.882536][ T6001] [ 157.882536][ T6001] -> #3 (&ocfs2_quota_ip_alloc_sem_key){++++}-{4:4}: [ 157.892449][ T6001] lock_acquire+0x120/0x360 [ 157.897688][ T6001] down_write+0x96/0x1f0 [ 157.902492][ T6001] ocfs2_create_local_dquot+0x19d/0x1a40 [ 157.908665][ T6001] ocfs2_acquire_dquot+0x80f/0xb30 [ 157.914321][ T6001] dqget+0x7b1/0xf10 [ 157.919189][ T6001] __dquot_initialize+0x3b3/0xcb0 [ 157.924937][ T6001] ocfs2_get_init_inode+0x13b/0x1b0 [ 157.931043][ T6001] ocfs2_mknod+0x863/0x2050 [ 157.936870][ T6001] ocfs2_mkdir+0x191/0x440 [ 157.942166][ T6001] vfs_mkdir+0x306/0x510 [ 157.946939][ T6001] do_mkdirat+0x247/0x590 [ 157.951795][ T6001] __x64_sys_mkdirat+0x87/0xa0 [ 157.957294][ T6001] do_syscall_64+0xfa/0x3b0 [ 157.962521][ T6001] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.969374][ T6001] [ 157.969374][ T6001] -> #2 (&dquot->dq_lock){+.+.}-{4:4}: [ 157.977328][ T6001] lock_acquire+0x120/0x360 [ 157.982798][ T6001] __mutex_lock+0x182/0xe80 [ 157.988011][ T6001] dqget+0x72a/0xf10 [ 157.992444][ T6001] __dquot_initialize+0x3b3/0xcb0 [ 157.998347][ T6001] ocfs2_get_init_inode+0x13b/0x1b0 [ 158.004078][ T6001] ocfs2_mknod+0x863/0x2050 [ 158.009371][ T6001] ocfs2_mkdir+0x191/0x440 [ 158.014317][ T6001] vfs_mkdir+0x306/0x510 [ 158.019097][ T6001] do_mkdirat+0x247/0x590 [ 158.024158][ T6001] __x64_sys_mkdirat+0x87/0xa0 [ 158.029626][ T6001] do_syscall_64+0xfa/0x3b0 [ 158.034793][ T6001] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.041423][ T6001] [ 158.041423][ T6001] -> #1 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#5){+.+.}-{4:4}: [ 158.052140][ T6001] lock_acquire+0x120/0x360 [ 158.057617][ T6001] down_write+0x96/0x1f0 [ 158.062562][ T6001] ocfs2_evict_inode+0x153d/0x40e0 [ 158.068393][ T6001] evict+0x504/0x9c0 [ 158.073009][ T6001] vfs_rmdir+0x3ec/0x520 [ 158.077781][ T6001] do_rmdir+0x2ac/0x630 [ 158.082561][ T6001] __x64_sys_rmdir+0x47/0x50 [ 158.087864][ T6001] do_syscall_64+0xfa/0x3b0 [ 158.092998][ T6001] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.099941][ T6001] [ 158.099941][ T6001] -> #0 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]){+.+.}-{4:4}: [ 158.110818][ T6001] validate_chain+0xb9b/0x2140 [ 158.116118][ T6001] __lock_acquire+0xab9/0xd20 [ 158.121758][ T6001] lock_acquire+0x120/0x360 [ 158.126874][ T6001] down_write+0x96/0x1f0 [ 158.132267][ T6001] ocfs2_del_inode_from_orphan+0x134/0x740 [ 158.138630][ T6001] ocfs2_dio_end_io+0x479/0x10f0 [ 158.144118][ T6001] dio_complete+0x25b/0x790 [ 158.149414][ T6001] __blockdev_direct_IO+0x2db6/0x33d0 [ 158.155662][ T6001] ocfs2_direct_IO+0x25f/0x2d0 [ 158.161228][ T6001] generic_file_direct_write+0x1d8/0x3e0 [ 158.167578][ T6001] __generic_file_write_iter+0x11d/0x230 [ 158.173844][ T6001] ocfs2_file_write_iter+0x157a/0x1d10 [ 158.180193][ T6001] iter_file_splice_write+0x93a/0x1000 [ 158.186530][ T6001] direct_splice_actor+0xfe/0x160 [ 158.192095][ T6001] splice_direct_to_actor+0x5a8/0xcc0 [ 158.198001][ T6001] do_splice_direct+0x181/0x270 [ 158.203692][ T6001] do_sendfile+0x4da/0x7e0 [ 158.208654][ T6001] __se_sys_sendfile64+0x13e/0x190 [ 158.214386][ T6001] do_syscall_64+0xfa/0x3b0 [ 158.219570][ T6001] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.226541][ T6001] [ 158.226541][ T6001] other info that might help us debug this: [ 158.226541][ T6001] [ 158.237294][ T6001] Chain exists of: [ 158.237294][ T6001] &ocfs2_sysfile_lock_key[args->fi_sysfile_type] --> &dquot->dq_lock --> &ocfs2_quota_ip_alloc_sem_key [ 158.237294][ T6001] [ 158.254955][ T6001] Possible unsafe locking scenario: [ 158.254955][ T6001] [ 158.262589][ T6001] CPU0 CPU1 [ 158.268142][ T6001] ---- ---- [ 158.273695][ T6001] lock(&ocfs2_quota_ip_alloc_sem_key); [ 158.279343][ T6001] lock(&dquot->dq_lock); [ 158.286286][ T6001] lock(&ocfs2_quota_ip_alloc_sem_key); [ 158.294919][ T6001] lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]); [ 158.302217][ T6001] [ 158.302217][ T6001] *** DEADLOCK *** [ 158.302217][ T6001] [ 158.311160][ T6001] 3 locks held by syz-executor852/6001: [ 158.316886][ T6001] #0: ffff888032006428 (sb_writers#8){.+.+}-{0:0}, at: direct_splice_actor+0x49/0x160 [ 158.326924][ T6001] #1: ffff8880773542c0 (&sb->s_type->i_mutex_key#14){+.+.}-{4:4}, at: ocfs2_file_write_iter+0x429/0x1d10 [ 158.338632][ T6001] #2: ffff888077353f60 (&ocfs2_quota_ip_alloc_sem_key){++++}-{4:4}, at: ocfs2_dio_end_io+0x389/0x10f0 [ 158.350407][ T6001] [ 158.350407][ T6001] stack backtrace: [ 158.356914][ T6001] CPU: 0 UID: 0 PID: 6001 Comm: syz-executor852 Not tainted 6.15.0-syzkaller-11802-g1af80d00e1e0 #0 PREEMPT(full) [ 158.356935][ T6001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 158.356944][ T6001] Call Trace: [ 158.356953][ T6001] [ 158.356961][ T6001] dump_stack_lvl+0x189/0x250 [ 158.356987][ T6001] ? __pfx_dump_stack_lvl+0x10/0x10 [ 158.357009][ T6001] ? __pfx__printk+0x10/0x10 [ 158.357024][ T6001] ? print_lock_name+0xde/0x100 [ 158.357048][ T6001] print_circular_bug+0x2ee/0x310 [ 158.357074][ T6001] check_noncircular+0x134/0x160 [ 158.357100][ T6001] validate_chain+0xb9b/0x2140 [ 158.357124][ T6001] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 158.357149][ T6001] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 158.357173][ T6001] __lock_acquire+0xab9/0xd20 [ 158.357195][ T6001] ? ocfs2_del_inode_from_orphan+0x134/0x740 [ 158.357215][ T6001] lock_acquire+0x120/0x360 [ 158.357234][ T6001] ? ocfs2_del_inode_from_orphan+0x134/0x740 [ 158.357256][ T6001] ? do_raw_spin_unlock+0x122/0x240 [ 158.357273][ T6001] down_write+0x96/0x1f0 [ 158.357286][ T6001] ? ocfs2_del_inode_from_orphan+0x134/0x740 [ 158.357305][ T6001] ? __pfx_down_write+0x10/0x10 [ 158.357321][ T6001] ocfs2_del_inode_from_orphan+0x134/0x740 [ 158.357343][ T6001] ? ocfs2_dio_end_io+0x389/0x10f0 [ 158.357365][ T6001] ? __pfx_ocfs2_del_inode_from_orphan+0x10/0x10 [ 158.357386][ T6001] ? kernel_text_address+0xa5/0xe0 [ 158.357406][ T6001] ? down_write+0x162/0x1f0 [ 158.357419][ T6001] ? __pfx_down_write+0x10/0x10 [ 158.357431][ T6001] ? kasan_record_aux_stack+0xbd/0xd0 [ 158.357454][ T6001] ? kmem_cache_free+0x309/0x400 [ 158.357472][ T6001] ? __blockdev_direct_IO+0x2c05/0x33d0 [ 158.357497][ T6001] ? ocfs2_direct_IO+0x25f/0x2d0 [ 158.357519][ T6001] ocfs2_dio_end_io+0x479/0x10f0 [ 158.357544][ T6001] ? __pfx_ocfs2_dio_end_io+0x10/0x10 [ 158.357571][ T6001] ? __lock_acquire+0xab9/0xd20 [ 158.357592][ T6001] ? do_raw_spin_lock+0x121/0x290 [ 158.357610][ T6001] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 158.357629][ T6001] ? lockdep_hardirqs_on+0x9c/0x150 [ 158.357651][ T6001] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 158.357670][ T6001] ? __pfx_ocfs2_dio_end_io+0x10/0x10 [ 158.357691][ T6001] dio_complete+0x25b/0x790 [ 158.357709][ T6001] __blockdev_direct_IO+0x2db6/0x33d0 [ 158.357737][ T6001] ? __pfx___blockdev_direct_IO+0x10/0x10 [ 158.357754][ T6001] ? __pfx_invalidate_inode_pages2_range+0x10/0x10 [ 158.357778][ T6001] ? __pfx_ocfs2_dio_wr_get_block+0x10/0x10 [ 158.357802][ T6001] ? filemap_write_and_wait_range+0x182/0x310 [ 158.357818][ T6001] ? __pfx_filemap_write_and_wait_range+0x10/0x10 [ 158.357843][ T6001] ? __pfx_queue_delayed_work_on+0x10/0x10 [ 158.357866][ T6001] ? _raw_spin_lock_irq+0xae/0xf0 [ 158.357885][ T6001] ? __pfx_ocfs2_dio_wr_get_block+0x10/0x10 [ 158.357907][ T6001] ocfs2_direct_IO+0x25f/0x2d0 [ 158.357931][ T6001] generic_file_direct_write+0x1d8/0x3e0 [ 158.357951][ T6001] ? file_update_time+0x416/0x490 [ 158.357967][ T6001] __generic_file_write_iter+0x11d/0x230 [ 158.357986][ T6001] ? ocfs2_file_write_iter+0x1551/0x1d10 [ 158.358006][ T6001] ocfs2_file_write_iter+0x157a/0x1d10 [ 158.358024][ T6001] ? kasan_save_track+0x3e/0x80 [ 158.358040][ T6001] ? __kasan_kmalloc+0x93/0xb0 [ 158.358056][ T6001] ? __kmalloc_noprof+0x27a/0x4f0 [ 158.358079][ T6001] ? __pfx_ocfs2_file_write_iter+0x10/0x10 [ 158.358105][ T6001] ? splice_from_pipe_next+0x608/0x660 [ 158.358124][ T6001] ? iter_file_splice_write+0x1cb/0x1000 [ 158.358144][ T6001] ? __asan_memset+0x22/0x50 [ 158.358160][ T6001] iter_file_splice_write+0x93a/0x1000 [ 158.358186][ T6001] ? __pfx_iter_file_splice_write+0x10/0x10 [ 158.358206][ T6001] ? rcu_read_lock_any_held+0xb3/0x120 [ 158.358233][ T6001] ? __pfx_iter_file_splice_write+0x10/0x10 [ 158.358252][ T6001] direct_splice_actor+0xfe/0x160 [ 158.358272][ T6001] splice_direct_to_actor+0x5a8/0xcc0 [ 158.358298][ T6001] ? __pfx_direct_splice_actor+0x10/0x10 [ 158.358316][ T6001] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 158.358339][ T6001] do_splice_direct+0x181/0x270 [ 158.358358][ T6001] ? __pfx_do_splice_direct+0x10/0x10 [ 158.358377][ T6001] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 158.358400][ T6001] ? rw_verify_area+0x258/0x650 [ 158.358417][ T6001] do_sendfile+0x4da/0x7e0 [ 158.358442][ T6001] ? __pfx_do_sendfile+0x10/0x10 [ 158.358464][ T6001] ? _raw_spin_unlock_irq+0x2e/0x50 [ 158.358481][ T6001] ? ptrace_notify+0x22d/0x2c0 [ 158.358510][ T6001] __se_sys_sendfile64+0x13e/0x190 [ 158.358532][ T6001] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 158.358552][ T6001] ? rcu_is_watching+0x15/0xb0 [ 158.358577][ T6001] do_syscall_64+0xfa/0x3b0 [ 158.358599][ T6001] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.358614][ T6001] ? asm_common_interrupt+0x26/0x40 [ 158.358627][ T6001] ? clear_bhb_loop+0x60/0xb0 [ 158.358644][ T6001] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.358658][ T6001] RIP: 0033:0x7f2517644329 [ 158.358673][ T6001] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 158.358686][ T6001] RSP: 002b:00007ffd46bda9d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 158.358702][ T6001] RAX: ffffffffffffffda RBX: 00007f25176917e8 RCX: 00007f2517644329 [ 158.358714][ T6001] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 158.358723][ T6001] RBP: 6165627472616568 R08: 00007ffd46bdaa10 R09: 00007ffd46bdaa10 [ 158.358733][ T6001] R10: 0000000000fffe82 R11: 0000000000000246 R12: 00007ffd46bda9fc [ 158.358744][ T6001] R13: 0000000000000028 R14: 431bde82d7b634db R15: 00007ffd46bdaa30 [ 158.358760][ T6001] [pid 6001] sendfile(4, 5, NULL, 16776834) = 5963776 [pid 6001] exit_group(0) = ? [pid 6001] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6001, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=52 /* 0.52 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555695316f0 /* 4 entries */, 32768) = 112 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 159.296551][ T6001] (syz-executor852,6001,1):ocfs2_dio_end_io:2398 ERROR: Direct IO failed, bytes = -28 [ 159.369349][ T5826] ocfs2: Unmounting device (7,0) on (node local) getdents64(4, 0x555569539730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555569539730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file0") = 0 umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 getdents64(3, 0x5555695316f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6005 attached [pid 6005] set_robust_list(0x555569530660, 24 [pid 5826] <... clone resumed>, child_tidptr=0x555569530650) = 6005 [pid 6005] <... set_robust_list resumed>) = 0 [pid 6005] chdir("./41") = 0 [pid 6005] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6005] setpgid(0, 0) = 0 [pid 6005] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6005] write(3, "1000", 4) = 4 [pid 6005] close(3) = 0 [pid 6005] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6005] write(1, "executing program\n", 18) = 18 [pid 6005] memfd_create("syzkaller", 0) = 3 [pid 6005] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f250f000000 [pid 6005] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 6005] munmap(0x7f250f000000, 138412032) = 0 [pid 6005] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6005] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6005] close(3) = 0 [pid 6005] close(4) = 0 [pid 6005] mkdir("./file0", 0777) = 0 [ 159.706745][ T6005] loop0: detected capacity change from 0 to 32768 [ 159.723640][ T6005] (syz-executor852,6005,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 159.738263][ T6005] (syz-executor852,6005,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [pid 6005] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 6005] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6005] chdir("./file0") = 0 [pid 6005] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 159.760021][ T6005] JBD2: Ignoring recovery information on journal [ 159.783751][ T6005] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 6005] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 6005] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6005] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 6005] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY) = 5 [ 159.866303][ T30] audit: type=1800 audit(1749089747.051:43): pid=6005 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor852" name="file1" dev="loop0" ino=16978 res=0 errno=0 [pid 6005] sendfile(4, 5, NULL, 16776834) = 5963776 [pid 6005] exit_group(0) = ? [pid 6005] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6005, si_uid=0, si_status=0, si_utime=0, si_stime=47 /* 0.47 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555695316f0 /* 4 entries */, 32768) = 112 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555569539730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555569539730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file0") = 0 umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 getdents64(3, 0x5555695316f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 160.249026][ T6005] (syz-executor852,6005,1):ocfs2_dio_end_io:2398 ERROR: Direct IO failed, bytes = -28 [ 160.312028][ T5826] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6009 attached [pid 6009] set_robust_list(0x555569530660, 24 [pid 5826] <... clone resumed>, child_tidptr=0x555569530650) = 6009 [pid 6009] <... set_robust_list resumed>) = 0 [pid 6009] chdir("./42") = 0 [pid 6009] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6009] setpgid(0, 0) = 0 [pid 6009] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6009] write(3, "1000", 4) = 4 [pid 6009] close(3) = 0 [pid 6009] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6009] write(1, "executing program\n", 18executing program ) = 18 [pid 6009] memfd_create("syzkaller", 0) = 3 [pid 6009] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f250f000000 [pid 6009] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 6009] munmap(0x7f250f000000, 138412032) = 0 [pid 6009] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6009] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6009] close(3) = 0 [pid 6009] close(4) = 0 [pid 6009] mkdir("./file0", 0777) = 0 [ 160.584786][ T6009] loop0: detected capacity change from 0 to 32768 [ 160.626766][ T6009] (syz-executor852,6009,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 160.641392][ T6009] (syz-executor852,6009,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 160.663999][ T6009] JBD2: Ignoring recovery information on journal [pid 6009] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 6009] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6009] chdir("./file0") = 0 [pid 6009] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6009] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 6009] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 160.684870][ T6009] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 6009] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 6009] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY) = 5 [ 160.735449][ T30] audit: type=1800 audit(1749089747.921:44): pid=6009 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor852" name="file1" dev="loop0" ino=16978 res=0 errno=0 [pid 6009] sendfile(4, 5, NULL, 16776834) = 5963776 [pid 6009] exit_group(0) = ? [pid 6009] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6009, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=45 /* 0.45 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555695316f0 /* 4 entries */, 32768) = 112 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 161.134322][ T6009] (syz-executor852,6009,1):ocfs2_dio_end_io:2398 ERROR: Direct IO failed, bytes = -28 [ 161.273095][ T5826] ocfs2: Unmounting device (7,0) on (node local) umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555569539730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555569539730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file0") = 0 umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 getdents64(3, 0x5555695316f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6013 attached , child_tidptr=0x555569530650) = 6013 [pid 6013] set_robust_list(0x555569530660, 24) = 0 [pid 6013] chdir("./43") = 0 [pid 6013] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6013] setpgid(0, 0) = 0 [pid 6013] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6013] write(3, "1000", 4) = 4 [pid 6013] close(3) = 0 [pid 6013] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6013] write(1, "executing program\n", 18executing program ) = 18 [pid 6013] memfd_create("syzkaller", 0) = 3 [pid 6013] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f250f000000 [pid 6013] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 6013] munmap(0x7f250f000000, 138412032) = 0 [pid 6013] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6013] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6013] close(3) = 0 [pid 6013] close(4) = 0 [pid 6013] mkdir("./file0", 0777) = 0 [ 161.846409][ T6013] loop0: detected capacity change from 0 to 32768 [ 161.862859][ T6013] (syz-executor852,6013,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 161.878418][ T6013] (syz-executor852,6013,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [pid 6013] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 6013] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6013] chdir("./file0") = 0 [pid 6013] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6013] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 6013] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 161.897710][ T6013] JBD2: Ignoring recovery information on journal [ 161.926009][ T6013] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 6013] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 6013] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY) = 5 [ 161.954364][ T30] audit: type=1800 audit(1749089749.141:45): pid=6013 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor852" name="file1" dev="loop0" ino=16978 res=0 errno=0 [pid 6013] sendfile(4, 5, NULL, 16776834) = 5963776 [pid 6013] exit_group(0) = ? [pid 6013] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6013, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=45 /* 0.45 s */} --- umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555695316f0 /* 4 entries */, 32768) = 112 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555569539730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555569539730 /* 0 entries */, 32768) = 0 close(4) = 0 [ 162.357815][ T6013] (syz-executor852,6013,0):ocfs2_dio_end_io:2398 ERROR: Direct IO failed, bytes = -28 [ 162.490369][ T5826] ocfs2: Unmounting device (7,0) on (node local) rmdir("./43/file0") = 0 umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 getdents64(3, 0x5555695316f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6017 attached , child_tidptr=0x555569530650) = 6017 [pid 6017] set_robust_list(0x555569530660, 24) = 0 [pid 6017] chdir("./44") = 0 [pid 6017] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6017] setpgid(0, 0) = 0 [pid 6017] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6017] write(3, "1000", 4) = 4 [pid 6017] close(3) = 0 [pid 6017] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6017] write(1, "executing program\n", 18) = 18 [pid 6017] memfd_create("syzkaller", 0) = 3 [pid 6017] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f250f000000 [pid 6017] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 6017] munmap(0x7f250f000000, 138412032) = 0 [pid 6017] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6017] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6017] close(3) = 0 [pid 6017] close(4) = 0 [pid 6017] mkdir("./file0", 0777) = 0 [ 162.826962][ T6017] loop0: detected capacity change from 0 to 32768 [ 162.849832][ T6017] (syz-executor852,6017,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [pid 6017] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 6017] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6017] chdir("./file0") = 0 [pid 6017] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6017] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [ 162.864687][ T6017] (syz-executor852,6017,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 162.884382][ T6017] JBD2: Ignoring recovery information on journal [ 162.909218][ T6017] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 6017] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6017] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 6017] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY) = 5 [ 162.968697][ T30] audit: type=1800 audit(1749089750.151:46): pid=6017 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor852" name="file1" dev="loop0" ino=16978 res=0 errno=0 [pid 6017] sendfile(4, 5, NULL, 16776834) = 5963776 [pid 6017] exit_group(0) = ? [pid 6017] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6017, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=45 /* 0.45 s */} --- umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555695316f0 /* 4 entries */, 32768) = 112 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 163.361618][ T6017] (syz-executor852,6017,1):ocfs2_dio_end_io:2398 ERROR: Direct IO failed, bytes = -28 [ 163.500327][ T5826] ocfs2: Unmounting device (7,0) on (node local) openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555569539730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555569539730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file0") = 0 umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 getdents64(3, 0x5555695316f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6021 attached [pid 6021] set_robust_list(0x555569530660, 24 [pid 5826] <... clone resumed>, child_tidptr=0x555569530650) = 6021 [pid 6021] <... set_robust_list resumed>) = 0 [pid 6021] chdir("./45") = 0 [pid 6021] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6021] setpgid(0, 0) = 0 [pid 6021] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6021] write(3, "1000", 4) = 4 [pid 6021] close(3) = 0 [pid 6021] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6021] write(1, "executing program\n", 18) = 18 [pid 6021] memfd_create("syzkaller", 0) = 3 [pid 6021] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f250f000000 [pid 6021] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 6021] munmap(0x7f250f000000, 138412032) = 0 [pid 6021] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6021] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6021] close(3) = 0 [pid 6021] close(4) = 0 [pid 6021] mkdir("./file0", 0777) = 0 [ 163.893624][ T6021] loop0: detected capacity change from 0 to 32768 [ 163.917334][ T6021] (syz-executor852,6021,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [pid 6021] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 6021] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6021] chdir("./file0") = 0 [ 163.932617][ T6021] (syz-executor852,6021,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 163.953853][ T6021] JBD2: Ignoring recovery information on journal [ 163.974371][ T6021] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 6021] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6021] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 6021] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6021] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 6021] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY) = 5 [ 164.035308][ T30] audit: type=1800 audit(1749089751.221:47): pid=6021 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor852" name="file1" dev="loop0" ino=16978 res=0 errno=0 [pid 6021] sendfile(4, 5, NULL, 16776834) = 5963776 [pid 6021] exit_group(0) = ? [pid 6021] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6021, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=44 /* 0.44 s */} --- umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555695316f0 /* 4 entries */, 32768) = 112 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555569539730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555569539730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file0") = 0 umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 getdents64(3, 0x5555695316f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 164.434642][ T6021] (syz-executor852,6021,1):ocfs2_dio_end_io:2398 ERROR: Direct IO failed, bytes = -28 [ 164.544699][ T5826] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555569530650) = 6025 ./strace-static-x86_64: Process 6025 attached [pid 6025] set_robust_list(0x555569530660, 24) = 0 [pid 6025] chdir("./46") = 0 [pid 6025] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6025] setpgid(0, 0) = 0 [pid 6025] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6025] write(3, "1000", 4) = 4 [pid 6025] close(3) = 0 [pid 6025] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6025] write(1, "executing program\n", 18) = 18 [pid 6025] memfd_create("syzkaller", 0) = 3 [pid 6025] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f250f000000 [pid 6025] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 6025] munmap(0x7f250f000000, 138412032) = 0 [pid 6025] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6025] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6025] close(3) = 0 [pid 6025] close(4) = 0 [pid 6025] mkdir("./file0", 0777) = 0 [ 164.816541][ T6025] loop0: detected capacity change from 0 to 32768 [ 164.839975][ T6025] (syz-executor852,6025,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [pid 6025] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 6025] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6025] chdir("./file0") = 0 [ 164.855241][ T6025] (syz-executor852,6025,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 164.876200][ T6025] JBD2: Ignoring recovery information on journal [ 164.901839][ T6025] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 6025] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6025] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 6025] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6025] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 6025] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY) = 5 [ 164.963569][ T30] audit: type=1800 audit(1749089752.151:48): pid=6025 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor852" name="file1" dev="loop0" ino=16978 res=0 errno=0 [pid 6025] sendfile(4, 5, NULL, 16776834) = 5963776 [pid 6025] exit_group(0) = ? [pid 6025] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6025, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=45 /* 0.45 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555695316f0 /* 4 entries */, 32768) = 112 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555569539730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555569539730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file0") = 0 umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 getdents64(3, 0x5555695316f0 /* 0 entries */, 32768) = 0 close(3) = 0 [ 165.359710][ T6025] (syz-executor852,6025,1):ocfs2_dio_end_io:2398 ERROR: Direct IO failed, bytes = -28 [ 165.458741][ T5826] ocfs2: Unmounting device (7,0) on (node local) rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6029 attached [pid 6029] set_robust_list(0x555569530660, 24 [pid 5826] <... clone resumed>, child_tidptr=0x555569530650) = 6029 [pid 6029] <... set_robust_list resumed>) = 0 [pid 6029] chdir("./47") = 0 [pid 6029] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6029] setpgid(0, 0) = 0 [pid 6029] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6029] write(3, "1000", 4) = 4 [pid 6029] close(3) = 0 [pid 6029] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6029] write(1, "executing program\n", 18) = 18 [pid 6029] memfd_create("syzkaller", 0) = 3 [pid 6029] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f250f000000 [pid 6029] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 6029] munmap(0x7f250f000000, 138412032) = 0 [pid 6029] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6029] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6029] close(3) = 0 [pid 6029] close(4) = 0 [pid 6029] mkdir("./file0", 0777) = 0 [ 165.827432][ T6029] loop0: detected capacity change from 0 to 32768 [ 165.851706][ T6029] (syz-executor852,6029,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [pid 6029] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 6029] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6029] chdir("./file0") = 0 [pid 6029] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6029] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 6029] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 165.866819][ T6029] (syz-executor852,6029,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 165.887351][ T6029] JBD2: Ignoring recovery information on journal [ 165.908077][ T6029] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 6029] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 6029] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY) = 5 [ 165.960112][ T30] audit: type=1800 audit(1749089753.141:49): pid=6029 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor852" name="file1" dev="loop0" ino=16978 res=0 errno=0 [pid 6029] sendfile(4, 5, NULL, 16776834) = 5963776 [pid 6029] exit_group(0) = ? [pid 6029] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6029, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=44 /* 0.44 s */} --- umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555695316f0 /* 4 entries */, 32768) = 112 umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555569539730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555569539730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file0") = 0 umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 getdents64(3, 0x5555695316f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 166.355509][ T6029] (syz-executor852,6029,1):ocfs2_dio_end_io:2398 ERROR: Direct IO failed, bytes = -28 [ 166.459602][ T5826] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555569530650) = 6033 ./strace-static-x86_64: Process 6033 attached [pid 6033] set_robust_list(0x555569530660, 24) = 0 [pid 6033] chdir("./48") = 0 [pid 6033] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6033] setpgid(0, 0) = 0 [pid 6033] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6033] write(3, "1000", 4) = 4 [pid 6033] close(3) = 0 [pid 6033] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6033] write(1, "executing program\n", 18) = 18 [pid 6033] memfd_create("syzkaller", 0) = 3 [pid 6033] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f250f000000 [pid 6033] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 6033] munmap(0x7f250f000000, 138412032) = 0 [pid 6033] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6033] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6033] close(3) = 0 [pid 6033] close(4) = 0 [pid 6033] mkdir("./file0", 0777) = 0 [ 166.788177][ T6033] loop0: detected capacity change from 0 to 32768 [ 166.811649][ T6033] (syz-executor852,6033,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [pid 6033] mount("/dev/loop0", "./file0", "ocfs2", MS_NOSUID|MS_NOEXEC|MS_STRICTATIME, "journal_async_commit,heartbeat=none,usrquota,barrier=00000000000000000007,heartbeat=none,inode64,") = 0 [pid 6033] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6033] chdir("./file0") = 0 [ 166.827451][ T6033] (syz-executor852,6033,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 166.847984][ T6033] JBD2: Ignoring recovery information on journal [ 166.869444][ T6033] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 6033] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6033] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 6033] rmdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6033] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 6033] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY) = 5 [ 166.941093][ T30] audit: type=1800 audit(1749089754.131:50): pid=6033 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor852" name="file1" dev="loop0" ino=16978 res=0 errno=0 [pid 6033] sendfile(4, 5, NULL, 16776834) = 5963776 [pid 6033] exit_group(0) = ? [pid 6033] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6033, si_uid=0, si_status=0, si_utime=0, si_stime=49 /* 0.49 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555695316f0 /* 4 entries */, 32768) = 112 umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555569539730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555569539730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file0") = 0 umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 getdents64(3, 0x5555695316f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 167.337225][ T6033] (syz-executor852,6033,0):ocfs2_dio_end_io:2398 ERROR: Direct IO failed, bytes = -28 [ 167.458017][ T5826] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6037 attached [pid 6037] set_robust_list(0x555569530660, 24 [pid 5826] <... clone resumed>, child_tidptr=0x555569530650) = 6037 [pid 6037] <... set_robust_list resumed>) = 0 [pid 6037] chdir("./49") = 0 [pid 6037] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6037] setpgid(0, 0) = 0 [pid 6037] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6037] write(3, "1000", 4) = 4 [pid 6037] close(3) = 0 [pid 6037] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6037] write(1, "executing program\n", 18) = 18 [pid 6037] memfd_create("syzkaller", 0) = 3 [pid 6037] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f250f000000 [pid 6037] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 6037] munmap(0x7f250f000000, 138412032) = 0 [pid 6037] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6037] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6037] close(3) = 0 [pid 6037] close(4) = 0 [pid 6037] mkdir("./file0", 0777) = 0 [ 167.757598][ T6037] loop0: detected capacity change from 0 to 32768 [ 167.773160][ T6037] (syz-executor852,6037,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 167.787832][ T6037] (syz-executor852,6037,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.