./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3271122371 <...> Warning: Permanently added '10.128.0.24' (ED25519) to the list of known hosts. execve("./syz-executor3271122371", ["./syz-executor3271122371"], 0x7ffda3ac03b0 /* 10 vars */) = 0 brk(NULL) = 0x555576187000 brk(0x555576187d00) = 0x555576187d00 arch_prctl(ARCH_SET_FS, 0x555576187380) = 0 set_tid_address(0x555576187650) = 357 set_robust_list(0x555576187660, 24) = 0 rseq(0x555576187ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3271122371", 4096) = 28 getrandom("\xee\xb4\x44\x69\x52\x00\x1f\x86", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555576187d00 brk(0x5555761a8d00) = 0x5555761a8d00 brk(0x5555761a9000) = 0x5555761a9000 mprotect(0x7f9afda6b000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 mkdir("./syzkaller.PB2ebR", 0700) = 0 chmod("./syzkaller.PB2ebR", 0777) = 0 chdir("./syzkaller.PB2ebR") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555576187650) = 359 ./strace-static-x86_64: Process 359 attached [pid 359] set_robust_list(0x555576187660, 24) = 0 [pid 359] chdir("./0") = 0 [pid 359] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 359] setpgid(0, 0) = 0 [pid 359] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 359] write(3, "1000", 4executing program ) = 4 [pid 359] close(3) = 0 [pid 359] symlink("/dev/binderfs", "./binderfs") = 0 [pid 359] write(1, "executing program\n", 18) = 18 [pid 359] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 359] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 359] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 359] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 359] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 359] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 359] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 359] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 359] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 359] memfd_create("syzkaller", 0) = 5 [pid 359] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9af55b8000 [ 22.990976][ T23] audit: type=1400 audit(1745262868.390:66): avc: denied { execmem } for pid=357 comm="syz-executor327" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 23.013808][ T23] audit: type=1400 audit(1745262868.410:67): avc: denied { read write } for pid=357 comm="syz-executor327" name="loop0" dev="devtmpfs" ino=9407 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 359] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 359] munmap(0x7f9af55b8000, 138412032) = 0 [pid 359] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 359] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 359] close(5) = 0 [ 23.044154][ T23] audit: type=1400 audit(1745262868.410:68): avc: denied { open } for pid=357 comm="syz-executor327" path="/dev/loop0" dev="devtmpfs" ino=9407 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 359] close(6) = 0 [pid 359] mkdir("./file0", 0777) = 0 [ 23.068921][ T23] audit: type=1400 audit(1745262868.420:69): avc: denied { ioctl } for pid=357 comm="syz-executor327" path="/dev/loop0" dev="devtmpfs" ino=9407 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 23.095910][ T23] audit: type=1400 audit(1745262868.430:70): avc: denied { read write } for pid=359 comm="syz-executor327" name="vhost-vsock" dev="devtmpfs" ino=10816 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 23.120175][ T23] audit: type=1400 audit(1745262868.430:71): avc: denied { open } for pid=359 comm="syz-executor327" path="/dev/vhost-vsock" dev="devtmpfs" ino=10816 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 23.155955][ T23] audit: type=1400 audit(1745262868.430:72): avc: denied { ioctl } for pid=359 comm="syz-executor327" path="/dev/vhost-vsock" dev="devtmpfs" ino=10816 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 23.181534][ T23] audit: type=1400 audit(1745262868.530:73): avc: denied { mounton } for pid=359 comm="syz-executor327" path="/root/syzkaller.PB2ebR/0/file0" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [pid 359] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 359] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 359] chdir("./file0") = 0 [pid 359] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 359] ioctl(6, LOOP_CLR_FD) = 0 [pid 359] close(6) = 0 [pid 359] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [ 23.207666][ T359] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 23.229326][ T23] audit: type=1400 audit(1745262868.630:74): avc: denied { mount } for pid=359 comm="syz-executor327" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [pid 359] write(6, "#! ./file1\n", 11) = 11 [pid 359] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 359] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=359, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555761886f0 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 [ 23.262960][ T23] audit: type=1400 audit(1745262868.660:75): avc: denied { write } for pid=359 comm="syz-executor327" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 23.285947][ T360] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-359: bg 0: block 234: padding at end of block bitmap is not set umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555576190730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555576190730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x5555761886f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555576187650) = 365 ./strace-static-x86_64: Process 365 attached [pid 365] set_robust_list(0x555576187660, 24) = 0 [pid 365] chdir("./1") = 0 [pid 365] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 365] setpgid(0, 0) = 0 [pid 365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 365] write(3, "1000", 4) = 4 [pid 365] close(3) = 0 [pid 365] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 365] write(1, "executing program\n", 18) = 18 [pid 365] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 365] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 365] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 365] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 365] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 365] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 365] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 365] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 365] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 365] memfd_create("syzkaller", 0) = 5 [pid 365] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9af55b8000 [pid 365] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 365] munmap(0x7f9af55b8000, 138412032) = 0 [pid 365] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 365] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 365] close(5) = 0 [pid 365] close(6) = 0 [pid 365] mkdir("./file0", 0777) = 0 [pid 365] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 365] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 365] chdir("./file0") = 0 [pid 365] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 365] ioctl(6, LOOP_CLR_FD) = 0 [pid 365] close(6) = 0 [pid 365] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 365] write(6, "#! ./file1\n", 11) = 11 [pid 365] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 365] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=365, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555761886f0 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 [ 23.440523][ T365] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 23.465740][ T365] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor327: bg 0: block 234: padding at end of block bitmap is not set umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555576190730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555576190730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x5555761886f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555576187650) = 370 ./strace-static-x86_64: Process 370 attached [pid 370] set_robust_list(0x555576187660, 24) = 0 [pid 370] chdir("./2") = 0 [pid 370] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 370] setpgid(0, 0) = 0 [pid 370] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 370] write(3, "1000", 4) = 4 [pid 370] close(3) = 0 [pid 370] symlink("/dev/binderfs", "./binderfs") = 0 [pid 370] write(1, "executing program\n", 18executing program ) = 18 [pid 370] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 370] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 370] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 370] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 370] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 370] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 370] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 370] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 370] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 370] memfd_create("syzkaller", 0) = 5 [pid 370] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9af55b8000 [pid 370] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 370] munmap(0x7f9af55b8000, 138412032) = 0 [pid 370] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 370] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 370] close(5) = 0 [pid 370] close(6) = 0 [pid 370] mkdir("./file0", 0777) = 0 [pid 370] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 370] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 370] chdir("./file0") = 0 [pid 370] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 370] ioctl(6, LOOP_CLR_FD) = 0 [pid 370] close(6) = 0 [pid 370] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 370] write(6, "#! ./file1\n", 11) = 11 [pid 370] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 370] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 370] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=370, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555761886f0 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 [ 23.650468][ T370] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 23.681615][ T371] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-370: bg 0: block 234: padding at end of block bitmap is not set umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555576190730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555576190730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x5555761886f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 375 attached [pid 375] set_robust_list(0x555576187660, 24) = 0 [pid 357] <... clone resumed>, child_tidptr=0x555576187650) = 375 [pid 375] chdir("./3") = 0 [pid 375] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 375] setpgid(0, 0) = 0 [pid 375] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 375] write(3, "1000", 4) = 4 [pid 375] close(3) = 0 [pid 375] symlink("/dev/binderfs", "./binderfs") = 0 [pid 375] write(1, "executing program\n", 18executing program ) = 18 [pid 375] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 375] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 375] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 375] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 375] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 375] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 375] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 375] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 375] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 375] memfd_create("syzkaller", 0) = 5 [pid 375] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9af55b8000 [pid 375] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 375] munmap(0x7f9af55b8000, 138412032) = 0 [pid 375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 375] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 375] close(5) = 0 [pid 375] close(6) = 0 [pid 375] mkdir("./file0", 0777) = 0 [pid 375] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 375] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 375] chdir("./file0") = 0 [pid 375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 375] ioctl(6, LOOP_CLR_FD) = 0 [pid 375] close(6) = 0 [pid 375] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 375] write(6, "#! ./file1\n", 11) = 11 [pid 375] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 375] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 375] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=375, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555761886f0 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 [ 23.820301][ T375] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 23.850128][ T376] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-375: bg 0: block 234: padding at end of block bitmap is not set umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555576190730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555576190730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x5555761886f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555576187650) = 380 ./strace-static-x86_64: Process 380 attached [pid 380] set_robust_list(0x555576187660, 24) = 0 [pid 380] chdir("./4") = 0 [pid 380] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 380] setpgid(0, 0) = 0 [pid 380] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 380] write(3, "1000", 4) = 4 [pid 380] close(3) = 0 [pid 380] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 380] write(1, "executing program\n", 18) = 18 [pid 380] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 380] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 380] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 380] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 380] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 380] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 380] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 380] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 380] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 380] memfd_create("syzkaller", 0) = 5 [pid 380] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9af55b8000 [pid 380] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 380] munmap(0x7f9af55b8000, 138412032) = 0 [pid 380] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 380] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 380] close(5) = 0 [pid 380] close(6) = 0 [pid 380] mkdir("./file0", 0777) = 0 [pid 380] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 380] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 380] chdir("./file0") = 0 [pid 380] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 380] ioctl(6, LOOP_CLR_FD) = 0 [pid 380] close(6) = 0 [pid 380] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 380] write(6, "#! ./file1\n", 11) = 11 [pid 380] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 23.970305][ T380] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 380] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 380] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=380, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555761886f0 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 [ 24.011376][ T381] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-380: bg 0: block 234: padding at end of block bitmap is not set umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555576190730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555576190730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x5555761886f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555576187650) = 385 ./strace-static-x86_64: Process 385 attached [pid 385] set_robust_list(0x555576187660, 24) = 0 [pid 385] chdir("./5") = 0 [pid 385] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 385] setpgid(0, 0) = 0 [pid 385] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 385] write(3, "1000", 4) = 4 [pid 385] close(3) = 0 [pid 385] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 385] write(1, "executing program\n", 18) = 18 [pid 385] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 385] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 385] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 385] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 385] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 385] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 385] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 385] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 385] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 385] memfd_create("syzkaller", 0) = 5 [pid 385] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9af55b8000 [pid 385] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 385] munmap(0x7f9af55b8000, 138412032) = 0 [pid 385] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 385] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 385] close(5) = 0 [pid 385] close(6) = 0 [pid 385] mkdir("./file0", 0777) = 0 [pid 385] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 385] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 385] chdir("./file0") = 0 [pid 385] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 385] ioctl(6, LOOP_CLR_FD) = 0 [pid 385] close(6) = 0 [pid 385] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 385] write(6, "#! ./file1\n", 11) = 11 [pid 385] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 385] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 385] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=385, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555761886f0 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 [ 24.169823][ T385] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 24.202328][ T386] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-385: bg 0: block 234: padding at end of block bitmap is not set umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555576190730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555576190730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x5555761886f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555576187650) = 390 ./strace-static-x86_64: Process 390 attached [pid 390] set_robust_list(0x555576187660, 24) = 0 [pid 390] chdir("./6") = 0 [pid 390] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 390] setpgid(0, 0) = 0 [pid 390] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 390] write(3, "1000", 4) = 4 [pid 390] close(3) = 0 [pid 390] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 390] write(1, "executing program\n", 18) = 18 [pid 390] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 390] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 390] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 390] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 390] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 390] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 390] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 390] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 390] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 390] memfd_create("syzkaller", 0) = 5 [pid 390] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9af55b8000 [pid 390] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 390] munmap(0x7f9af55b8000, 138412032) = 0 [pid 390] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 390] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 390] close(5) = 0 [pid 390] close(6) = 0 [pid 390] mkdir("./file0", 0777) = 0 [pid 390] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 390] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 390] chdir("./file0") = 0 [pid 390] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 390] ioctl(6, LOOP_CLR_FD) = 0 [pid 390] close(6) = 0 [pid 390] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 390] write(6, "#! ./file1\n", 11) = 11 [pid 390] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 390] setsockopt(-1, SOL_SOCKET, SO_REUSEADDR, [127], 4) = -1 EBADF (Bad file descriptor) [pid 390] exit_group(0) = ? [pid 390] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=390, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555761886f0 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 [ 24.329066][ T390] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 24.360178][ T391] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-390: bg 0: block 234: padding at end of block bitmap is not set [ 24.389035][ T7] ------------[ cut here ]------------ [ 24.394419][ T7] kernel BUG at fs/ext4/inode.c:2844! [ 24.399835][ T7] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 24.405659][ T7] CPU: 1 PID: 7 Comm: kworker/u4:0 Not tainted 5.4.290-syzkaller #0 [ 24.413612][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 24.423636][ T7] Workqueue: writeback wb_workfn (flush-7:0) [ 24.429547][ T7] RIP: 0010:ext4_writepages+0x3c96/0x3cc0 [ 24.435096][ T7] Code: 82 9a ff 31 ff 89 de e8 48 82 9a ff 45 84 f6 75 2e e8 fe 7f 9a ff 49 bf 00 00 00 00 00 fc ff df e9 1d f9 ff ff e8 ea 7f 9a ff <0f> 0b e8 e3 7f 9a ff 0f 0b e8 dc 7f 9a ff e8 c7 39 35 ff eb 99 e8 [ 24.454722][ T7] RSP: 0018:ffff8881f5db70c0 EFLAGS: 00010293 [ 24.460615][ T7] RAX: ffffffff81cb1ae6 RBX: 0000010000000000 RCX: ffff8881f5d6de80 [ 24.468441][ T7] RDX: 0000000000000000 RSI: 0000010000000000 RDI: 0000000000000000 [ 24.476352][ T7] RBP: ffff8881f5db74b0 R08: ffffffff81cae736 R09: ffffed103b96c29f [ 24.484146][ T7] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881dcb615a0 [ 24.491993][ T7] R13: 0000000000000001 R14: 0000010410000000 R15: dffffc0000000000 [ 24.499940][ T7] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 24.509042][ T7] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 24.515534][ T7] CR2: 0000000000000002 CR3: 00000001ef281000 CR4: 00000000003406a0 [ 24.523673][ T7] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 24.531480][ T7] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 24.539290][ T7] Call Trace: [ 24.542507][ T7] ? __die+0xbc/0x100 [ 24.546414][ T7] ? die+0x2a/0x50 [ 24.550054][ T7] ? do_trap+0x1a4/0x310 [ 24.554141][ T7] ? do_invalid_op+0x105/0x120 [ 24.558817][ T7] ? ext4_writepages+0x3c96/0x3cc0 [ 24.563766][ T7] ? ext4_writepages+0x3c96/0x3cc0 [ 24.568712][ T7] ? invalid_op+0x1e/0x30 [ 24.572880][ T7] ? ext4_writepages+0x8e6/0x3cc0 [ 24.577737][ T7] ? ext4_writepages+0x3c96/0x3cc0 [ 24.582697][ T7] ? ext4_writepages+0x3c96/0x3cc0 [ 24.587647][ T7] ? debug_smp_processor_id+0x20/0x20 [ 24.592933][ T7] ? __kasan_check_read+0x11/0x20 [ 24.597804][ T7] ? mark_page_accessed+0x280/0x670 [ 24.602933][ T7] ? write_boundary_block+0x150/0x150 [ 24.608131][ T7] ? check_preemption_disabled+0x9f/0x320 [ 24.613963][ T7] ? ext4_readpage+0x2d0/0x2d0 [ 24.618738][ T7] ? __getblk_gfp+0x3d/0x770 [ 24.623515][ T7] ? ext4_get_group_desc+0x253/0x2a0 [ 24.628630][ T7] ? __ext4_get_inode_loc+0x612/0xe40 [ 24.633847][ T7] ? check_preemption_disabled+0x9f/0x320 [ 24.639481][ T7] ? update_load_avg+0x43f/0x1250 [ 24.644420][ T7] ? check_preemption_disabled+0x9f/0x320 [ 24.650061][ T7] ? ext4_readpage+0x2d0/0x2d0 [ 24.654744][ T7] do_writepages+0x12b/0x270 [ 24.659264][ T7] ? __writepage+0x110/0x110 [ 24.663862][ T7] ? __kasan_check_write+0x14/0x20 [ 24.669097][ T7] ? _raw_spin_lock+0xa4/0x1b0 [ 24.674378][ T7] ? _raw_spin_trylock_bh+0x190/0x190 [ 24.679685][ T7] __writeback_single_inode+0xdb/0xc80 [ 24.685064][ T7] writeback_sb_inodes+0x9e0/0x1800 [ 24.690092][ T7] ? _raw_spin_lock+0xa4/0x1b0 [ 24.694705][ T7] ? queue_io+0x5b0/0x5b0 [ 24.698981][ T7] ? writeback_sb_inodes+0x1800/0x1800 [ 24.704393][ T7] ? queue_io+0x3f8/0x5b0 [ 24.708512][ T7] wb_writeback+0x403/0xd70 [ 24.712856][ T7] ? wb_io_lists_depopulated+0x170/0x170 [ 24.718321][ T7] ? check_preemption_disabled+0x9f/0x320 [ 24.723879][ T7] ? debug_smp_processor_id+0x20/0x20 [ 24.729550][ T7] ? __kasan_check_write+0x14/0x20 [ 24.734783][ T7] ? check_preemption_disabled+0x9f/0x320 [ 24.740425][ T7] wb_workfn+0x3b6/0x1230 [ 24.744615][ T7] ? inode_wait_for_writeback+0x280/0x280 [ 24.750489][ T7] ? find_next_bit+0xc7/0x100 [ 24.755043][ T7] ? _raw_spin_unlock_irq+0x4e/0x70 [ 24.760060][ T7] ? finish_task_switch+0x130/0x590 [ 24.765358][ T7] ? __schedule+0xb0d/0x1320 [ 24.769762][ T7] ? __kasan_check_read+0x11/0x20 [ 24.774702][ T7] ? strscpy+0x9c/0x260 [ 24.778913][ T7] process_one_work+0x781/0xd50 [ 24.783575][ T7] worker_thread+0xa27/0x1360 [ 24.788081][ T7] kthread+0x321/0x3a0 [ 24.791983][ T7] ? worker_clr_flags+0x180/0x180 [ 24.796931][ T7] ? kthread_blkcg+0xd0/0xd0 [ 24.801358][ T7] ret_from_fork+0x1f/0x30 [ 24.805804][ T7] Modules linked in: [ 24.809740][ T7] ---[ end trace d35401b371997dee ]--- [ 24.815085][ T7] RIP: 0010:ext4_writepages+0x3c96/0x3cc0 [ 24.820651][ T7] Code: 82 9a ff 31 ff 89 de e8 48 82 9a ff 45 84 f6 75 2e e8 fe 7f 9a ff 49 bf 00 00 00 00 00 fc ff df e9 1d f9 ff ff e8 ea 7f 9a ff <0f> 0b e8 e3 7f 9a ff 0f 0b e8 dc 7f 9a ff e8 c7 39 35 ff eb 99 e8 [ 24.840946][ T7] RSP: 0018:ffff8881f5db70c0 EFLAGS: 00010293 [ 24.846930][ T7] RAX: ffffffff81cb1ae6 RBX: 0000010000000000 RCX: ffff8881f5d6de80 [ 24.854792][ T7] RDX: 0000000000000000 RSI: 0000010000000000 RDI: 0000000000000000 [ 24.862676][ T7] RBP: ffff8881f5db74b0 R08: ffffffff81cae736 R09: ffffed103b96c29f [ 24.870616][ T7] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881dcb615a0 [ 24.878560][ T7] R13: 0000000000000001 R14: 0000010410000000 R15: dffffc0000000000 [ 24.886402][ T7] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 24.895222][ T7] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 24.901720][ T7] CR2: 0000000000000002 CR3: 000000000600e000 CR4: 00000000003406a0 [ 24.909526][ T7] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 24.917404][ T7] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 24.925467][ T7] Kernel panic - not syncing: Fatal exception [ 24.931580][ T7] Kernel Offset: disabled [ 24.935808][ T7] Rebooting in 86400 seconds..