./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1349958068 <...> Warning: Permanently added '10.128.0.60' (ED25519) to the list of known hosts. execve("./syz-executor1349958068", ["./syz-executor1349958068"], 0x7ffddc3a6b90 /* 10 vars */) = 0 brk(NULL) = 0x5555664fb000 brk(0x5555664fbd40) = 0x5555664fbd40 arch_prctl(ARCH_SET_FS, 0x5555664fb3c0) = 0 set_tid_address(0x5555664fb690) = 361 set_robust_list(0x5555664fb6a0, 24) = 0 rseq(0x5555664fbce0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1349958068", 4096) = 28 getrandom("\x24\xc9\xfc\xcf\x24\xa9\x3a\x10", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555664fbd40 brk(0x55556651cd40) = 0x55556651cd40 brk(0x55556651d000) = 0x55556651d000 mprotect(0x7fb8e98cb000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 [ 26.949671][ T23] audit: type=1400 audit(1745256746.500:66): avc: denied { execmem } for pid=361 comm="syz-executor134" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 mkdir("./syzkaller.1WkNTK", 0700) = 0 chmod("./syzkaller.1WkNTK", 0777) = 0 chdir("./syzkaller.1WkNTK") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555664fb690) = 363 ./strace-static-x86_64: Process 363 attached [pid 363] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 363] chdir("./0") = 0 [pid 363] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 363] setpgid(0, 0) = 0 [pid 363] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 363] write(3, "1000", 4) = 4 [pid 363] close(3) = 0 [pid 363] symlink("/dev/binderfs", "./binderfs") = 0 [pid 363] write(1, "executing program\n", 18executing program ) = 18 [pid 363] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 363] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 363] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 363] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 363] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 363] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0} => {parent_tid=[365]}, 88) = 365 [pid 363] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 363] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 365 attached [pid 365] set_robust_list(0x7fb8e98059a0, 24) = 0 [pid 365] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 365] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 365] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 363] <... futex resumed>) = 0 [pid 363] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 365] <... futex resumed>) = 1 [pid 365] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 365] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 363] <... futex resumed>) = 0 [pid 363] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 365] <... futex resumed>) = 1 [pid 365] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 365] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 363] <... futex resumed>) = 0 [pid 363] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 365] <... futex resumed>) = 1 [pid 365] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 365] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 363] <... futex resumed>) = 0 [pid 363] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 365] <... futex resumed>) = 1 [pid 365] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 365] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 363] <... futex resumed>) = 0 [pid 363] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 365] <... futex resumed>) = 1 [pid 365] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 365] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 363] <... futex resumed>) = 0 [pid 363] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 365] <... futex resumed>) = 1 [pid 365] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 365] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 363] <... futex resumed>) = 0 [pid 363] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 365] <... futex resumed>) = 1 [pid 365] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 365] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 363] <... futex resumed>) = 0 [pid 363] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 365] <... futex resumed>) = 1 [pid 365] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 365] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 363] <... futex resumed>) = 0 [pid 363] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 365] <... futex resumed>) = 1 [pid 365] memfd_create("syzkaller", 0) = 5 [pid 365] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb8e13e5000 [ 27.045334][ T23] audit: type=1400 audit(1745256746.590:67): avc: denied { read write } for pid=361 comm="syz-executor134" name="loop0" dev="devtmpfs" ino=9423 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 365] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 365] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 365] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 365] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 365] close(5) = 0 [pid 365] close(6) = 0 [pid 365] mkdir("./file0", 0777) = 0 [ 27.090765][ T23] audit: type=1400 audit(1745256746.590:68): avc: denied { open } for pid=361 comm="syz-executor134" path="/dev/loop0" dev="devtmpfs" ino=9423 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 27.126249][ T23] audit: type=1400 audit(1745256746.590:69): avc: denied { ioctl } for pid=361 comm="syz-executor134" path="/dev/loop0" dev="devtmpfs" ino=9423 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 27.160793][ T23] audit: type=1400 audit(1745256746.620:70): avc: denied { read write } for pid=363 comm="syz-executor134" name="vhost-vsock" dev="devtmpfs" ino=9564 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 27.189019][ T23] audit: type=1400 audit(1745256746.620:71): avc: denied { open } for pid=363 comm="syz-executor134" path="/dev/vhost-vsock" dev="devtmpfs" ino=9564 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 27.214768][ T23] audit: type=1400 audit(1745256746.620:72): avc: denied { ioctl } for pid=363 comm="syz-executor134" path="/dev/vhost-vsock" dev="devtmpfs" ino=9564 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 27.241866][ T23] audit: type=1400 audit(1745256746.680:73): avc: denied { mounton } for pid=363 comm="syz-executor134" path="/root/syzkaller.1WkNTK/0/file0" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 27.270692][ T365] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 365] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 365] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 365] chdir("./file0") = 0 [pid 365] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 365] ioctl(6, LOOP_CLR_FD) = 0 [pid 365] close(6) = 0 [pid 365] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 363] <... futex resumed>) = 0 [pid 363] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 365] <... futex resumed>) = 1 [pid 365] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [ 27.292481][ T23] audit: type=1400 audit(1745256746.840:74): avc: denied { mount } for pid=363 comm="syz-executor134" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [pid 365] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 363] <... futex resumed>) = 0 [pid 363] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 365] <... futex resumed>) = 1 [pid 365] write(6, "#! ./file1\n", 11) = 11 [pid 365] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 363] <... futex resumed>) = 0 [pid 363] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 365] <... futex resumed>) = 1 [pid 365] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 365] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 363] <... futex resumed>) = 0 [pid 363] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 365] <... futex resumed>) = 1 [pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 363] <... futex resumed>) = ? [pid 365] +++ killed by SIGBUS +++ [pid 363] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=363, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=9} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 [ 27.338475][ T23] audit: type=1400 audit(1745256746.880:75): avc: denied { write } for pid=363 comm="syz-executor134" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 27.362683][ T366] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-365: bg 0: block 234: padding at end of block bitmap is not set umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555664fb690) = 370 ./strace-static-x86_64: Process 370 attached [pid 370] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 370] chdir("./1") = 0 [pid 370] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 370] setpgid(0, 0) = 0 [pid 370] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 370] write(3, "1000", 4) = 4 [pid 370] close(3) = 0 [pid 370] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 370] write(1, "executing program\n", 18) = 18 [pid 370] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 370] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 370] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 370] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 370] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 370] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 370] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0} => {parent_tid=[371]}, 88) = 371 [pid 370] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 370] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 370] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 371 attached [pid 371] set_robust_list(0x7fb8e98059a0, 24) = 0 [pid 371] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 371] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 371] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 370] <... futex resumed>) = 0 [pid 370] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 370] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 371] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 371] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 370] <... futex resumed>) = 0 [pid 370] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 370] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 371] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 371] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 370] <... futex resumed>) = 0 [pid 370] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 370] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 371] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 371] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 370] <... futex resumed>) = 0 [pid 370] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 370] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 371] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 371] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 370] <... futex resumed>) = 0 [pid 370] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 370] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 371] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 371] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 370] <... futex resumed>) = 0 [pid 370] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 370] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 371] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 371] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 370] <... futex resumed>) = 0 [pid 370] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 370] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 371] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 371] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 370] <... futex resumed>) = 0 [pid 370] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 370] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 371] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 371] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 370] <... futex resumed>) = 0 [pid 370] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 370] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 371] memfd_create("syzkaller", 0) = 5 [pid 371] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb8e13e5000 [pid 371] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 371] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 371] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 371] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 371] close(5) = 0 [pid 371] close(6) = 0 [pid 371] mkdir("./file0", 0777) = 0 [pid 371] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 371] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 371] chdir("./file0") = 0 [pid 371] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 371] ioctl(6, LOOP_CLR_FD) = 0 [pid 371] close(6) = 0 [pid 371] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 370] <... futex resumed>) = 0 [pid 370] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 370] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 371] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 371] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 370] <... futex resumed>) = 0 [pid 370] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 370] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 371] write(6, "#! ./file1\n", 11) = 11 [pid 371] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 370] <... futex resumed>) = 0 [pid 370] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 370] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 371] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 371] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 371] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 370] <... futex resumed>) = 0 [pid 370] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 370] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 371] <... futex resumed>) = 0 [pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 370] <... futex resumed>) = ? [pid 371] +++ killed by SIGBUS +++ [pid 370] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=370, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 [ 27.564654][ T371] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.599929][ T372] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-371: bg 0: block 234: padding at end of block bitmap is not set umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 376 attached [pid 376] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 361] <... clone resumed>, child_tidptr=0x5555664fb690) = 376 [pid 376] chdir("./2") = 0 [pid 376] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 376] setpgid(0, 0) = 0 [pid 376] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 376] write(3, "1000", 4) = 4 [pid 376] close(3) = 0 [pid 376] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 376] write(1, "executing program\n", 18) = 18 [pid 376] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 376] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 376] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 376] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 376] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 376] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 376] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0}./strace-static-x86_64: Process 377 attached [pid 377] set_robust_list(0x7fb8e98059a0, 24) = 0 [pid 377] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 377] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 376] <... clone3 resumed> => {parent_tid=[377]}, 88) = 377 [pid 376] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 376] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 377] <... futex resumed>) = 0 [pid 377] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 377] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 377] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 376] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 376] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 376] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 377] <... futex resumed>) = 0 [pid 377] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 377] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 376] <... futex resumed>) = 0 [pid 376] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 376] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 377] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 377] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 376] <... futex resumed>) = 0 [pid 376] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 376] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 377] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 377] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 376] <... futex resumed>) = 0 [pid 376] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 376] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 377] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 377] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 376] <... futex resumed>) = 0 [pid 376] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 376] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 377] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 377] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 376] <... futex resumed>) = 0 [pid 376] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 376] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 377] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 377] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 376] <... futex resumed>) = 0 [pid 376] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 376] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 377] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 377] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 376] <... futex resumed>) = 0 [pid 377] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 376] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 376] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 377] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 377] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 377] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 376] <... futex resumed>) = 0 [pid 377] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 376] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 377] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 376] <... futex resumed>) = 0 [pid 376] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 377] memfd_create("syzkaller", 0) = 5 [pid 377] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb8e13e5000 [pid 377] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 377] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 377] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 377] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 377] close(5) = 0 [pid 377] close(6) = 0 [pid 377] mkdir("./file0", 0777) = 0 [pid 377] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 377] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 377] chdir("./file0") = 0 [pid 377] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 377] ioctl(6, LOOP_CLR_FD) = 0 [pid 377] close(6) = 0 [pid 377] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 376] <... futex resumed>) = 0 [pid 376] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 376] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 377] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 377] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 376] <... futex resumed>) = 0 [pid 376] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 376] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 377] write(6, "#! ./file1\n", 11) = 11 [pid 377] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 376] <... futex resumed>) = 0 [pid 376] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 376] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 377] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 377] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 377] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 376] <... futex resumed>) = 0 [pid 376] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 376] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 377] <... futex resumed>) = 0 [pid 377] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 376] <... futex resumed>) = ? [pid 377] +++ killed by SIGBUS +++ [pid 376] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=376, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 [ 27.760075][ T377] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.793986][ T378] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-377: bg 0: block 234: padding at end of block bitmap is not set umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555664fb690) = 382 ./strace-static-x86_64: Process 382 attached [pid 382] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 382] chdir("./3") = 0 [pid 382] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 382] setpgid(0, 0) = 0 [pid 382] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 382] write(3, "1000", 4) = 4 [pid 382] close(3) = 0 [pid 382] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 382] write(1, "executing program\n", 18) = 18 [pid 382] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 382] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 382] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 382] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 382] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 382] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0} => {parent_tid=[383]}, 88) = 383 [pid 382] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 382] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 383 attached [pid 383] set_robust_list(0x7fb8e98059a0, 24) = 0 [pid 383] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 383] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 383] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 382] <... futex resumed>) = 0 [pid 382] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 383] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 383] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 382] <... futex resumed>) = 0 [pid 382] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 383] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 383] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 382] <... futex resumed>) = 0 [pid 382] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 383] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 383] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 382] <... futex resumed>) = 0 [pid 382] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 383] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 383] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 382] <... futex resumed>) = 0 [pid 382] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 383] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 383] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 382] <... futex resumed>) = 0 [pid 382] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 383] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 383] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 382] <... futex resumed>) = 0 [pid 382] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 383] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 383] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 382] <... futex resumed>) = 0 [pid 382] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 383] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 383] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 382] <... futex resumed>) = 0 [pid 382] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 383] memfd_create("syzkaller", 0) = 5 [pid 383] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb8e13e5000 [pid 383] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 383] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 383] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 383] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 383] close(5) = 0 [pid 383] close(6) = 0 [pid 383] mkdir("./file0", 0777) = 0 [pid 383] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 383] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 383] chdir("./file0") = 0 [pid 383] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 383] ioctl(6, LOOP_CLR_FD) = 0 [pid 383] close(6) = 0 [pid 383] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 382] <... futex resumed>) = 0 [pid 383] <... futex resumed>) = 1 [pid 382] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 383] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 383] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 382] <... futex resumed>) = 0 [pid 382] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 383] write(6, "#! ./file1\n", 11) = 11 [pid 383] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 382] <... futex resumed>) = 0 [pid 382] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 383] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 27.969516][ T383] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 383] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 382] <... futex resumed>) = 0 [pid 383] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 382] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 383] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 382] <... futex resumed>) = 0 [pid 382] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 383] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 382] <... futex resumed>) = ? [pid 383] +++ killed by SIGBUS +++ [pid 382] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=382, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 [ 28.010626][ T384] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-383: bg 0: block 234: padding at end of block bitmap is not set umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555664fb690) = 389 ./strace-static-x86_64: Process 389 attached [pid 389] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 389] chdir("./4") = 0 [pid 389] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 389] setpgid(0, 0) = 0 [pid 389] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 389] write(3, "1000", 4) = 4 [pid 389] close(3) = 0 [pid 389] symlink("/dev/binderfs", "./binderfs") = 0 [pid 389] write(1, "executing program\n", 18executing program ) = 18 [pid 389] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 389] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 389] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 389] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 389] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 389] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 389] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0}./strace-static-x86_64: Process 390 attached [pid 390] set_robust_list(0x7fb8e98059a0, 24) = 0 [pid 390] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 390] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 389] <... clone3 resumed> => {parent_tid=[390]}, 88) = 390 [pid 389] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 389] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 390] <... futex resumed>) = 0 [pid 390] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 390] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 390] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 389] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 389] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 390] <... futex resumed>) = 0 [pid 390] ioctl(3, VHOST_SET_OWNER [pid 389] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 390] <... ioctl resumed>, 0) = 0 [pid 390] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 390] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 389] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 389] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 390] <... futex resumed>) = 0 [pid 390] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 390] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 390] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 389] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 389] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 390] <... futex resumed>) = 0 [pid 390] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 390] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 390] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 389] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 389] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 390] <... futex resumed>) = 0 [pid 390] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 390] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 390] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 389] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 389] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 390] <... futex resumed>) = 0 [pid 389] <... futex resumed>) = 1 [pid 390] ioctl(3, VHOST_SET_VRING_ERR [pid 389] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 390] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 390] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 390] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 389] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 389] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 390] <... futex resumed>) = 0 [pid 389] <... futex resumed>) = 1 [pid 390] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 390] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 390] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 389] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 389] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 390] <... futex resumed>) = 0 [pid 389] <... futex resumed>) = 1 [pid 390] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 390] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 390] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 389] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 389] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 390] <... futex resumed>) = 0 [pid 389] <... futex resumed>) = 1 [pid 390] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 389] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 390] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 389] <... futex resumed>) = 0 [pid 390] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 389] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 389] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 390] <... futex resumed>) = 0 [pid 390] memfd_create("syzkaller", 0) = 5 [pid 390] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb8e13e5000 [pid 390] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 390] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 390] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 390] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 390] close(5) = 0 [pid 390] close(6) = 0 [pid 390] mkdir("./file0", 0777) = 0 [pid 390] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 390] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 390] chdir("./file0") = 0 [pid 390] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 390] ioctl(6, LOOP_CLR_FD) = 0 [pid 390] close(6) = 0 [pid 390] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 390] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 389] <... futex resumed>) = 0 [pid 389] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 389] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 390] <... futex resumed>) = 0 [pid 390] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 390] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 389] <... futex resumed>) = 0 [pid 389] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 389] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 390] write(6, "#! ./file1\n", 11) = 11 [pid 390] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 389] <... futex resumed>) = 0 [pid 389] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 389] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 390] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 390] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 389] <... futex resumed>) = 0 [pid 389] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 28.189987][ T390] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 389] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 390] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 389] <... futex resumed>) = ? [pid 390] +++ killed by SIGBUS +++ [pid 389] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=389, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 [ 28.234515][ T391] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-390: bg 0: block 234: padding at end of block bitmap is not set umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 395 attached , child_tidptr=0x5555664fb690) = 395 [pid 395] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 395] chdir("./5") = 0 [pid 395] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 395] setpgid(0, 0) = 0 [pid 395] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 395] write(3, "1000", 4) = 4 [pid 395] close(3) = 0 [pid 395] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 395] write(1, "executing program\n", 18) = 18 [pid 395] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 395] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 395] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 395] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 395] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 395] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 395] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0}./strace-static-x86_64: Process 396 attached => {parent_tid=[396]}, 88) = 396 [pid 396] set_robust_list(0x7fb8e98059a0, 24 [pid 395] rt_sigprocmask(SIG_SETMASK, [], [pid 396] <... set_robust_list resumed>) = 0 [pid 395] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 396] rt_sigprocmask(SIG_SETMASK, [], [pid 395] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 396] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 395] <... futex resumed>) = 0 [pid 395] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 396] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 396] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 396] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 395] <... futex resumed>) = 0 [pid 395] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 396] <... futex resumed>) = 0 [pid 395] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 396] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 396] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 395] <... futex resumed>) = 0 [pid 395] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 395] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 396] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 396] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 395] <... futex resumed>) = 0 [pid 395] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 396] ioctl(3, VHOST_SET_MEM_TABLE [pid 395] <... futex resumed>) = 0 [pid 395] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 396] <... ioctl resumed>, 0x200000003380) = 0 [pid 396] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 395] <... futex resumed>) = 0 [pid 395] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 395] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 396] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 396] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 395] <... futex resumed>) = 0 [pid 395] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 395] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 396] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 396] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 395] <... futex resumed>) = 0 [pid 395] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 395] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 396] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 396] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 395] <... futex resumed>) = 0 [pid 396] ioctl(3, VHOST_SET_VRING_KICK [pid 395] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 395] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 396] <... ioctl resumed>, 0x200000000000) = 0 [pid 396] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 395] <... futex resumed>) = 0 [pid 396] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 395] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 395] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 396] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 396] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 396] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 395] <... futex resumed>) = 0 [pid 396] memfd_create("syzkaller", 0 [pid 395] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 396] <... memfd_create resumed>) = 5 [pid 395] <... futex resumed>) = 0 [pid 396] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 395] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 396] <... mmap resumed>) = 0x7fb8e13e5000 [pid 396] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 396] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 396] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 396] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 396] close(5) = 0 [pid 396] close(6) = 0 [pid 396] mkdir("./file0", 0777) = 0 [pid 396] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 396] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 396] chdir("./file0") = 0 [pid 396] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 396] ioctl(6, LOOP_CLR_FD) = 0 [pid 396] close(6) = 0 [pid 396] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 395] <... futex resumed>) = 0 [pid 395] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 395] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 396] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 396] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 395] <... futex resumed>) = 0 [pid 395] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 395] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 396] write(6, "#! ./file1\n", 11) = 11 [pid 396] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 395] <... futex resumed>) = 0 [pid 395] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 395] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 396] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 396] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 395] <... futex resumed>) = 0 [ 28.399799][ T396] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 395] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 395] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 395] <... futex resumed>) = ? [pid 396] +++ killed by SIGBUS +++ [pid 395] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=395, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 [ 28.454315][ T397] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-396: bg 0: block 234: padding at end of block bitmap is not set umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 401 attached , child_tidptr=0x5555664fb690) = 401 [pid 401] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 401] chdir("./6") = 0 [pid 401] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 401] setpgid(0, 0) = 0 [pid 401] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 401] write(3, "1000", 4) = 4 [pid 401] close(3) = 0 [pid 401] symlink("/dev/binderfs", "./binderfs") = 0 [pid 401] write(1, "executing program\n", 18executing program ) = 18 [pid 401] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 401] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 401] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 401] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 401] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 401] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0} => {parent_tid=[402]}, 88) = 402 [pid 401] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 401] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 402 attached [pid 402] set_robust_list(0x7fb8e98059a0, 24) = 0 [pid 402] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 402] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 402] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 401] <... futex resumed>) = 0 [pid 401] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 402] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 402] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 401] <... futex resumed>) = 0 [pid 401] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 402] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 402] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 401] <... futex resumed>) = 0 [pid 401] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 402] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 402] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 401] <... futex resumed>) = 0 [pid 401] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 402] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 402] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 401] <... futex resumed>) = 0 [pid 401] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 402] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 402] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 401] <... futex resumed>) = 0 [pid 401] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 402] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 402] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 401] <... futex resumed>) = 0 [pid 401] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 402] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 402] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 401] <... futex resumed>) = 0 [pid 401] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 402] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 402] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 401] <... futex resumed>) = 0 [pid 401] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 402] memfd_create("syzkaller", 0) = 5 [pid 402] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb8e13e5000 [pid 402] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 402] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 402] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 402] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 402] close(5) = 0 [pid 402] close(6) = 0 [pid 402] mkdir("./file0", 0777) = 0 [pid 402] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 402] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 402] chdir("./file0") = 0 [pid 402] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 402] ioctl(6, LOOP_CLR_FD) = 0 [pid 402] close(6) = 0 [pid 402] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 401] <... futex resumed>) = 0 [pid 401] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 402] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 402] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 401] <... futex resumed>) = 0 [pid 401] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 402] write(6, "#! ./file1\n", 11) = 11 [pid 402] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 401] <... futex resumed>) = 0 [pid 401] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 402] <... futex resumed>) = 1 [pid 402] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 28.628006][ T402] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 402] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 401] <... futex resumed>) = 0 [pid 401] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 401] <... futex resumed>) = ? [pid 402] +++ killed by SIGBUS +++ [pid 401] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=401, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 [ 28.669966][ T403] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-402: bg 0: block 234: padding at end of block bitmap is not set umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555664fb690) = 407 ./strace-static-x86_64: Process 407 attached [pid 407] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 407] chdir("./7") = 0 [pid 407] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 407] setpgid(0, 0) = 0 [pid 407] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 407] write(3, "1000", 4) = 4 [pid 407] close(3) = 0 [pid 407] symlink("/dev/binderfs", "./binderfs") = 0 [pid 407] write(1, "executing program\n", 18executing program ) = 18 [pid 407] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 407] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 407] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 407] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 407] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 407] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0}./strace-static-x86_64: Process 408 attached => {parent_tid=[408]}, 88) = 408 [pid 408] set_robust_list(0x7fb8e98059a0, 24) = 0 [pid 408] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 408] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 407] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 407] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 408] <... futex resumed>) = 0 [pid 407] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 408] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 408] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 408] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 407] <... futex resumed>) = 0 [pid 407] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 408] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 408] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 408] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 407] <... futex resumed>) = 0 [pid 407] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] ioctl(3, VHOST_SET_VRING_ADDR [pid 407] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 408] <... ioctl resumed>, 0x200000000300) = 0 [pid 408] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 407] <... futex resumed>) = 0 [pid 407] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 408] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 408] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 407] <... futex resumed>) = 0 [pid 407] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 408] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 408] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 407] <... futex resumed>) = 0 [pid 408] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 407] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 408] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 407] <... futex resumed>) = 0 [pid 407] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 408] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 408] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 407] <... futex resumed>) = 0 [pid 408] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 407] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 408] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 407] <... futex resumed>) = 0 [pid 408] ioctl(3, VHOST_SET_VRING_ADDR [pid 407] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 408] <... ioctl resumed>, 0x200000000240) = 0 [pid 408] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 407] <... futex resumed>) = 0 [pid 408] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 407] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 408] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 408] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 408] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 407] <... futex resumed>) = 0 [pid 407] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 408] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 407] <... futex resumed>) = 0 [pid 408] <... ioctl resumed>, 0x200000000140) = 0 [pid 407] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 408] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 407] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 408] <... futex resumed>) = 0 [pid 407] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 408] memfd_create("syzkaller", 0) = 5 [pid 408] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb8e13e5000 [pid 408] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 408] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 408] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 408] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 408] close(5) = 0 [pid 408] close(6) = 0 [pid 408] mkdir("./file0", 0777) = 0 [pid 408] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 408] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 408] chdir("./file0") = 0 [pid 408] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 408] ioctl(6, LOOP_CLR_FD) = 0 [pid 408] close(6) = 0 [pid 408] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 407] <... futex resumed>) = 0 [pid 407] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 408] <... futex resumed>) = 1 [pid 408] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 408] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 407] <... futex resumed>) = 0 [pid 408] write(6, "#! ./file1\n", 11 [pid 407] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 408] <... write resumed>) = 11 [pid 408] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 407] <... futex resumed>) = 0 [pid 408] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 407] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 408] <... mmap resumed>) = 0x200000000000 [pid 407] <... futex resumed>) = 0 [pid 408] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 407] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 408] <... futex resumed>) = 0 [pid 407] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 28.921761][ T408] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 407] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 408] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 407] <... futex resumed>) = ? [pid 408] +++ killed by SIGBUS +++ [pid 407] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=407, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 [ 28.968064][ T408] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor134: bg 0: block 234: padding at end of block bitmap is not set umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555664fb690) = 414 ./strace-static-x86_64: Process 414 attached [pid 414] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 414] chdir("./8") = 0 [pid 414] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 414] setpgid(0, 0) = 0 [pid 414] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 414] write(3, "1000", 4) = 4 [pid 414] close(3) = 0 [pid 414] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 414] write(1, "executing program\n", 18) = 18 [pid 414] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 414] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 414] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 414] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 414] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 414] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0}./strace-static-x86_64: Process 415 attached [pid 415] set_robust_list(0x7fb8e98059a0, 24) = 0 [pid 415] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 415] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 414] <... clone3 resumed> => {parent_tid=[415]}, 88) = 415 [pid 414] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 414] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 415] <... futex resumed>) = 0 [pid 415] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 414] <... futex resumed>) = 1 [pid 414] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] <... openat resumed>) = 3 [pid 415] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 414] <... futex resumed>) = 0 [pid 415] ioctl(3, VHOST_SET_OWNER [pid 414] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] <... ioctl resumed>, 0) = 0 [pid 415] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 414] <... futex resumed>) = 0 [pid 414] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 415] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 414] <... futex resumed>) = 0 [pid 414] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 415] ioctl(3, VHOST_SET_MEM_TABLE [pid 414] <... futex resumed>) = 0 [pid 414] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] <... ioctl resumed>, 0x200000003380) = 0 [pid 415] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 414] <... futex resumed>) = 0 [pid 414] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 415] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 414] <... futex resumed>) = 0 [pid 414] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 415] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 414] <... futex resumed>) = 0 [pid 414] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 415] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 414] <... futex resumed>) = 0 [pid 415] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 414] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 415] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 415] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 414] <... futex resumed>) = 0 [pid 414] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 415] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 414] <... futex resumed>) = 0 [pid 415] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 414] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 415] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 414] <... futex resumed>) = 0 [pid 415] memfd_create("syzkaller", 0 [pid 414] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 415] <... memfd_create resumed>) = 5 [pid 415] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb8e13e5000 [pid 415] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 415] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 415] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 415] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 415] close(5) = 0 [pid 415] close(6) = 0 [pid 415] mkdir("./file0", 0777) = 0 [pid 415] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 415] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 415] chdir("./file0") = 0 [pid 415] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 415] ioctl(6, LOOP_CLR_FD) = 0 [pid 415] close(6) = 0 [pid 415] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 414] <... futex resumed>) = 0 [pid 414] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 415] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 414] <... futex resumed>) = 0 [pid 414] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] write(6, "#! ./file1\n", 11) = 11 [pid 415] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 414] <... futex resumed>) = 0 [pid 414] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 415] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 414] <... futex resumed>) = 0 [pid 415] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 414] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 29.160136][ T415] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 415] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 415] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 414] <... futex resumed>) = ? [pid 415] +++ killed by SIGBUS +++ [pid 414] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=414, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 [ 29.214267][ T416] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-415: bg 0: block 234: padding at end of block bitmap is not set umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555664fb690) = 420 ./strace-static-x86_64: Process 420 attached [pid 420] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 420] chdir("./9") = 0 [pid 420] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 420] setpgid(0, 0) = 0 [pid 420] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 420] write(3, "1000", 4) = 4 [pid 420] close(3) = 0 [pid 420] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 420] write(1, "executing program\n", 18) = 18 [pid 420] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 420] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 420] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 420] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 420] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 420] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0}./strace-static-x86_64: Process 421 attached => {parent_tid=[421]}, 88) = 421 [pid 421] set_robust_list(0x7fb8e98059a0, 24) = 0 [pid 421] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 421] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 420] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 420] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 421] <... futex resumed>) = 0 [pid 420] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 421] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 420] <... futex resumed>) = 0 [pid 420] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 421] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 420] <... futex resumed>) = 0 [pid 420] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 421] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 420] <... futex resumed>) = 0 [pid 420] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 421] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 420] <... futex resumed>) = 0 [pid 420] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 421] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 420] <... futex resumed>) = 0 [pid 420] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 421] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 420] <... futex resumed>) = 0 [pid 421] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 420] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] <... futex resumed>) = 0 [pid 421] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 420] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 420] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 421] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 421] ioctl(3, VHOST_SET_VRING_ADDR [pid 420] <... futex resumed>) = 0 [pid 421] <... ioctl resumed>, 0x200000000240) = 0 [pid 421] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 420] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] <... futex resumed>) = 0 [pid 420] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 421] ioctl(3, VHOST_SET_VRING_KICK [pid 420] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 421] <... ioctl resumed>, 0x200000000000) = 0 [pid 421] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 420] <... futex resumed>) = 0 [pid 420] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] <... futex resumed>) = 0 [pid 421] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 420] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 420] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 421] <... futex resumed>) = 0 [pid 420] <... futex resumed>) = 1 [pid 421] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 420] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] <... ioctl resumed>, 0x200000000140) = 0 [pid 421] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 420] <... futex resumed>) = 0 [pid 421] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 420] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 421] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 420] <... futex resumed>) = 0 [pid 420] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 421] memfd_create("syzkaller", 0) = 5 [pid 421] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb8e13e5000 [pid 421] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 421] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 421] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 421] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 421] close(5) = 0 [pid 421] close(6) = 0 [pid 421] mkdir("./file0", 0777) = 0 [pid 421] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 421] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 421] chdir("./file0") = 0 [pid 421] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 421] ioctl(6, LOOP_CLR_FD) = 0 [pid 421] close(6) = 0 [pid 421] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 420] <... futex resumed>) = 0 [pid 420] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] <... futex resumed>) = 1 [pid 421] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 421] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 420] <... futex resumed>) = 0 [pid 420] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] <... futex resumed>) = 1 [pid 421] write(6, "#! ./file1\n", 11) = 11 [pid 421] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 420] <... futex resumed>) = 0 [pid 420] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] <... futex resumed>) = 1 [pid 421] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 421] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 420] <... futex resumed>) = 0 [pid 420] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] <... futex resumed>) = 1 [pid 421] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 420] <... futex resumed>) = ? [pid 421] +++ killed by SIGBUS +++ [pid 420] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=420, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 [ 29.435832][ T421] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 29.463673][ T421] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor134: bg 0: block 234: padding at end of block bitmap is not set umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 426 attached , child_tidptr=0x5555664fb690) = 426 [pid 426] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 426] chdir("./10") = 0 [pid 426] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 426] setpgid(0, 0) = 0 [pid 426] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 426] write(3, "1000", 4) = 4 [pid 426] close(3) = 0 [pid 426] symlink("/dev/binderfs", "./binderfs") = 0 [pid 426] write(1, "executing program\n", 18executing program ) = 18 [pid 426] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 426] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 426] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 426] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 426] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 426] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 426] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0}./strace-static-x86_64: Process 427 attached [pid 427] set_robust_list(0x7fb8e98059a0, 24 [pid 426] <... clone3 resumed> => {parent_tid=[427]}, 88) = 427 [pid 427] <... set_robust_list resumed>) = 0 [pid 426] rt_sigprocmask(SIG_SETMASK, [], [pid 427] rt_sigprocmask(SIG_SETMASK, [], [pid 426] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 427] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 426] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 427] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 426] <... futex resumed>) = 0 [pid 426] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 427] <... openat resumed>) = 3 [pid 427] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 426] <... futex resumed>) = 0 [pid 427] ioctl(3, VHOST_SET_OWNER [pid 426] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 426] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 427] <... ioctl resumed>, 0) = 0 [pid 427] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 426] <... futex resumed>) = 0 [pid 426] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 426] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 427] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 427] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 426] <... futex resumed>) = 0 [pid 426] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 426] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 427] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 427] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 426] <... futex resumed>) = 0 [pid 427] eventfd2(118, EFD_SEMAPHORE [pid 426] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 427] <... eventfd2 resumed>) = 4 [pid 426] <... futex resumed>) = 0 [pid 427] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 426] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 427] <... futex resumed>) = 0 [pid 427] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 426] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 426] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 427] <... futex resumed>) = 0 [pid 426] <... futex resumed>) = 1 [pid 427] ioctl(3, VHOST_SET_VRING_ERR [pid 426] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 427] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 427] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 426] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 426] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 427] <... futex resumed>) = 0 [pid 426] <... futex resumed>) = 1 [pid 427] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 427] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 426] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 427] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 426] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 426] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 427] <... futex resumed>) = 0 [pid 426] <... futex resumed>) = 1 [pid 427] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 426] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 427] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 426] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 427] <... futex resumed>) = 0 [pid 426] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 427] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 426] <... futex resumed>) = 0 [pid 427] <... ioctl resumed>, 0x200000000140) = 0 [pid 426] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 427] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 427] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 426] <... futex resumed>) = 0 [pid 426] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 427] <... futex resumed>) = 0 [pid 426] <... futex resumed>) = 1 [pid 427] memfd_create("syzkaller", 0) = 5 [pid 426] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 427] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb8e13e5000 [pid 427] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 427] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 427] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 427] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 427] close(5) = 0 [pid 427] close(6) = 0 [pid 427] mkdir("./file0", 0777) = 0 [pid 427] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 427] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 427] chdir("./file0") = 0 [pid 427] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 427] ioctl(6, LOOP_CLR_FD) = 0 [pid 427] close(6) = 0 [pid 427] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 427] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 426] <... futex resumed>) = 0 [pid 426] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 427] <... futex resumed>) = 0 [pid 426] <... futex resumed>) = 1 [pid 427] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 426] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 427] <... openat resumed>) = 6 [pid 427] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 427] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 426] <... futex resumed>) = 0 [pid 426] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 427] <... futex resumed>) = 0 [pid 426] <... futex resumed>) = 1 [pid 427] write(6, "#! ./file1\n", 11 [pid 426] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 427] <... write resumed>) = 11 [pid 427] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 426] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 427] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 426] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 427] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 426] <... futex resumed>) = 0 [pid 426] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 427] <... mmap resumed>) = 0x200000000000 [pid 427] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 426] <... futex resumed>) = 0 [pid 426] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 29.643010][ T427] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 426] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 426] <... futex resumed>) = ? [pid 427] +++ killed by SIGBUS +++ [pid 426] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=426, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 [ 29.681814][ T427] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor134: bg 0: block 234: padding at end of block bitmap is not set umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 432 attached , child_tidptr=0x5555664fb690) = 432 [pid 432] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 432] chdir("./11") = 0 [pid 432] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 432] setpgid(0, 0) = 0 [pid 432] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 432] write(3, "1000", 4) = 4 [pid 432] close(3) = 0 [pid 432] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 432] write(1, "executing program\n", 18) = 18 [pid 432] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 432] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 432] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 432] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 432] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 432] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 432] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0}./strace-static-x86_64: Process 433 attached => {parent_tid=[433]}, 88) = 433 [pid 433] set_robust_list(0x7fb8e98059a0, 24 [pid 432] rt_sigprocmask(SIG_SETMASK, [], [pid 433] <... set_robust_list resumed>) = 0 [pid 432] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 433] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 432] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 433] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 432] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 433] <... openat resumed>) = 3 [pid 433] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 433] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 432] <... futex resumed>) = 0 [pid 432] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 433] <... futex resumed>) = 0 [pid 432] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 433] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 433] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 432] <... futex resumed>) = 0 [pid 432] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 432] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 433] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 433] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 432] <... futex resumed>) = 0 [pid 432] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 432] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 433] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 433] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 432] <... futex resumed>) = 0 [pid 432] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 432] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 433] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 433] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 432] <... futex resumed>) = 0 [pid 432] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 432] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 433] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 433] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 432] <... futex resumed>) = 0 [pid 432] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 432] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 433] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 433] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 432] <... futex resumed>) = 0 [pid 433] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 432] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 433] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 432] <... futex resumed>) = 0 [pid 433] ioctl(3, VHOST_SET_VRING_KICK [pid 432] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 433] <... ioctl resumed>, 0x200000000000) = 0 [pid 433] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 432] <... futex resumed>) = 0 [pid 433] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 432] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 433] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 432] <... futex resumed>) = 0 [pid 433] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 432] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 433] <... ioctl resumed>, 0x200000000140) = 0 [pid 433] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 433] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 432] <... futex resumed>) = 0 [pid 432] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 433] <... futex resumed>) = 0 [pid 432] <... futex resumed>) = 1 [pid 433] memfd_create("syzkaller", 0) = 5 [pid 432] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 433] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb8e13e5000 [pid 433] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 433] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 433] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 433] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 433] close(5) = 0 [pid 433] close(6) = 0 [pid 433] mkdir("./file0", 0777) = 0 [pid 433] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 433] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 433] chdir("./file0") = 0 [pid 433] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 433] ioctl(6, LOOP_CLR_FD) = 0 [pid 433] close(6) = 0 [pid 433] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 432] <... futex resumed>) = 0 [pid 432] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 432] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 433] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 433] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 432] <... futex resumed>) = 0 [pid 432] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 432] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 433] write(6, "#! ./file1\n", 11) = 11 [pid 433] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 432] <... futex resumed>) = 0 [pid 432] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 432] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 433] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 433] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 433] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 432] <... futex resumed>) = 0 [pid 432] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 29.880032][ T433] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 432] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 433] <... futex resumed>) = 0 [pid 433] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 432] <... futex resumed>) = ? [pid 433] +++ killed by SIGBUS +++ [pid 432] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=432, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 [ 29.932447][ T434] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-433: bg 0: block 234: padding at end of block bitmap is not set umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555664fb690) = 439 ./strace-static-x86_64: Process 439 attached [pid 439] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 439] chdir("./12") = 0 [pid 439] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 439] setpgid(0, 0) = 0 [pid 439] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 439] write(3, "1000", 4) = 4 [pid 439] close(3) = 0 [pid 439] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 439] write(1, "executing program\n", 18) = 18 [pid 439] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 439] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 439] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 439] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 439] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 439] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0}./strace-static-x86_64: Process 440 attached => {parent_tid=[440]}, 88) = 440 [pid 440] set_robust_list(0x7fb8e98059a0, 24) = 0 [pid 440] rt_sigprocmask(SIG_SETMASK, [], [pid 439] rt_sigprocmask(SIG_SETMASK, [], [pid 440] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 440] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 439] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 439] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 440] <... futex resumed>) = 0 [pid 439] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 440] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 440] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 439] <... futex resumed>) = 0 [pid 439] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 440] <... futex resumed>) = 0 [pid 439] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 440] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 439] <... futex resumed>) = 0 [pid 440] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 439] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 439] <... futex resumed>) = 0 [pid 440] ioctl(3, VHOST_SET_VRING_ADDR [pid 439] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] <... ioctl resumed>, 0x200000000300) = 0 [pid 440] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 440] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 439] <... futex resumed>) = 0 [pid 439] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 439] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 440] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 440] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 439] <... futex resumed>) = 0 [pid 439] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 439] <... futex resumed>) = 0 [pid 440] eventfd2(118, EFD_SEMAPHORE [pid 439] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] <... eventfd2 resumed>) = 4 [pid 440] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 440] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 439] <... futex resumed>) = 0 [pid 439] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] <... futex resumed>) = 0 [pid 439] <... futex resumed>) = 1 [pid 440] ioctl(3, VHOST_SET_VRING_ERR [pid 439] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 440] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 440] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 439] <... futex resumed>) = 0 [pid 439] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 440] ioctl(3, VHOST_SET_VRING_ADDR [pid 439] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] <... ioctl resumed>, 0x200000000240) = 0 [pid 440] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 439] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 440] <... futex resumed>) = 0 [pid 439] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 440] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 439] <... futex resumed>) = 0 [pid 439] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 439] <... futex resumed>) = 0 [pid 440] <... ioctl resumed>, 0x200000000140) = 0 [pid 439] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 439] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 440] memfd_create("syzkaller", 0) = 5 [pid 440] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb8e13e5000 [pid 440] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 440] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 440] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 440] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 440] close(5) = 0 [pid 440] close(6) = 0 [pid 440] mkdir("./file0", 0777) = 0 [pid 440] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 440] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 440] chdir("./file0") = 0 [pid 440] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 440] ioctl(6, LOOP_CLR_FD) = 0 [pid 440] close(6) = 0 [pid 440] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 439] <... futex resumed>) = 0 [pid 439] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 440] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 439] <... futex resumed>) = 0 [pid 439] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] <... futex resumed>) = 1 [pid 440] write(6, "#! ./file1\n", 11) = 11 [pid 440] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 439] <... futex resumed>) = 0 [pid 439] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] <... futex resumed>) = 1 [pid 440] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 440] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 439] <... futex resumed>) = 0 [pid 439] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] <... futex resumed>) = 1 [ 30.107564][ T440] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 440] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 439] <... futex resumed>) = ? [pid 440] +++ killed by SIGBUS +++ [pid 439] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=439, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 [ 30.176503][ T441] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-440: bg 0: block 234: padding at end of block bitmap is not set umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555664fb690) = 445 ./strace-static-x86_64: Process 445 attached [pid 445] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 445] chdir("./13") = 0 [pid 445] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 445] setpgid(0, 0) = 0 [pid 445] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 445] write(3, "1000", 4) = 4 [pid 445] close(3) = 0 [pid 445] symlink("/dev/binderfs", "./binderfs") = 0 [pid 445] write(1, "executing program\n", 18executing program ) = 18 [pid 445] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 445] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 445] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 445] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 445] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 445] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0}./strace-static-x86_64: Process 446 attached [pid 446] set_robust_list(0x7fb8e98059a0, 24) = 0 [pid 446] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 446] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 445] <... clone3 resumed> => {parent_tid=[446]}, 88) = 446 [pid 445] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 445] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 446] <... futex resumed>) = 0 [pid 446] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 445] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 446] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 445] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 445] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 446] <... futex resumed>) = 0 [pid 446] ioctl(3, VHOST_SET_OWNER [pid 445] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] <... ioctl resumed>, 0) = 0 [pid 446] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 446] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 445] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 446] <... futex resumed>) = 0 [pid 446] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 446] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 446] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 445] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 445] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 446] <... futex resumed>) = 0 [pid 446] ioctl(3, VHOST_SET_MEM_TABLE [pid 445] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] <... ioctl resumed>, 0x200000003380) = 0 [pid 446] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 446] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 445] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 445] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 446] <... futex resumed>) = 0 [pid 446] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 446] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 446] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 445] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 445] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 446] <... futex resumed>) = 0 [pid 445] <... futex resumed>) = 1 [pid 446] ioctl(3, VHOST_SET_VRING_ERR [pid 445] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 446] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 446] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 446] <... futex resumed>) = 0 [pid 445] <... futex resumed>) = 1 [pid 446] ioctl(3, VHOST_SET_VRING_ADDR [pid 445] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] <... ioctl resumed>, 0x200000000240) = 0 [pid 446] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 445] <... futex resumed>) = 0 [pid 446] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 445] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 446] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 445] <... futex resumed>) = 0 [pid 446] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 445] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 445] <... futex resumed>) = 0 [pid 446] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 445] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 446] <... ioctl resumed>, 0x200000000140) = 0 [pid 446] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 445] <... futex resumed>) = 0 [pid 446] <... futex resumed>) = 0 [pid 445] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 445] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 446] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 445] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 446] memfd_create("syzkaller", 0 [pid 445] <... futex resumed>) = 0 [pid 446] <... memfd_create resumed>) = 5 [pid 445] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 446] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb8e13e5000 [pid 446] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 446] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 446] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 446] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 446] close(5) = 0 [pid 446] close(6) = 0 [pid 446] mkdir("./file0", 0777) = 0 [pid 446] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 446] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 446] chdir("./file0") = 0 [pid 446] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 446] ioctl(6, LOOP_CLR_FD) = 0 [pid 446] close(6) = 0 [pid 446] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] <... futex resumed>) = 1 [pid 446] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 446] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] <... futex resumed>) = 1 [pid 446] write(6, "#! ./file1\n", 11) = 11 [pid 446] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] <... futex resumed>) = 1 [pid 446] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 446] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] <... futex resumed>) = 1 [ 30.400872][ T446] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 446] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 445] <... futex resumed>) = ? [pid 446] +++ killed by SIGBUS +++ [pid 445] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=445, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 [ 30.442369][ T447] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-446: bg 0: block 234: padding at end of block bitmap is not set umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555664fb690) = 451 ./strace-static-x86_64: Process 451 attached [pid 451] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 451] chdir("./14") = 0 [pid 451] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 451] setpgid(0, 0) = 0 [pid 451] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 451] write(3, "1000", 4) = 4 [pid 451] close(3) = 0 [pid 451] symlink("/dev/binderfs", "./binderfs") = 0 [pid 451] write(1, "executing program\n", 18executing program ) = 18 [pid 451] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 451] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 451] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 451] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 451] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 451] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0}./strace-static-x86_64: Process 452 attached [pid 452] set_robust_list(0x7fb8e98059a0, 24) = 0 [pid 452] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 452] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 451] <... clone3 resumed> => {parent_tid=[452]}, 88) = 452 [pid 451] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 451] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 452] <... futex resumed>) = 0 [pid 451] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 452] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 452] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 452] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 452] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 452] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 451] <... futex resumed>) = 0 [pid 452] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 451] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 452] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 451] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 452] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 451] <... futex resumed>) = 0 [pid 452] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 451] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 452] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 451] <... futex resumed>) = 0 [pid 452] ioctl(3, VHOST_SET_VRING_ADDR [pid 451] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] <... ioctl resumed>, 0x200000000240) = 0 [pid 452] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 451] <... futex resumed>) = 0 [pid 452] <... futex resumed>) = 1 [pid 451] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 452] ioctl(3, VHOST_SET_VRING_KICK [pid 451] <... futex resumed>) = 0 [pid 452] <... ioctl resumed>, 0x200000000000) = 0 [pid 451] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 451] <... futex resumed>) = 0 [pid 452] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 451] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 452] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 452] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 451] <... futex resumed>) = 0 [pid 452] memfd_create("syzkaller", 0 [pid 451] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 452] <... memfd_create resumed>) = 5 [pid 451] <... futex resumed>) = 0 [pid 452] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 451] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 452] <... mmap resumed>) = 0x7fb8e13e5000 [pid 452] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 452] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 452] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 452] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 452] close(5) = 0 [pid 452] close(6) = 0 [pid 452] mkdir("./file0", 0777) = 0 [pid 452] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 452] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 452] chdir("./file0") = 0 [pid 452] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 452] ioctl(6, LOOP_CLR_FD) = 0 [pid 452] close(6) = 0 [pid 452] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 452] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 451] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] <... futex resumed>) = 0 [pid 452] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 452] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 452] write(6, "#! ./file1\n", 11 [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] <... write resumed>) = 11 [pid 452] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 451] <... futex resumed>) = 0 [pid 452] <... futex resumed>) = 1 [pid 452] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 451] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] <... mmap resumed>) = 0x200000000000 [ 30.650053][ T452] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 452] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 451] <... futex resumed>) = ? [pid 452] +++ killed by SIGBUS +++ [pid 451] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=451, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 [ 30.694125][ T453] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-452: bg 0: block 234: padding at end of block bitmap is not set umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 457 attached , child_tidptr=0x5555664fb690) = 457 [pid 457] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 457] chdir("./15") = 0 [pid 457] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 457] setpgid(0, 0) = 0 [pid 457] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 457] write(3, "1000", 4) = 4 [pid 457] close(3) = 0 [pid 457] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 457] write(1, "executing program\n", 18) = 18 [pid 457] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 457] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 457] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 457] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 457] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 457] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 457] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0}./strace-static-x86_64: Process 458 attached => {parent_tid=[458]}, 88) = 458 [pid 458] set_robust_list(0x7fb8e98059a0, 24 [pid 457] rt_sigprocmask(SIG_SETMASK, [], [pid 458] <... set_robust_list resumed>) = 0 [pid 457] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 458] rt_sigprocmask(SIG_SETMASK, [], [pid 457] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 458] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 457] <... futex resumed>) = 0 [pid 457] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 458] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 457] <... futex resumed>) = 0 [pid 457] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 457] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 458] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 457] <... futex resumed>) = 0 [pid 457] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 457] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 458] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 457] <... futex resumed>) = 0 [pid 457] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 457] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 458] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 457] <... futex resumed>) = 0 [pid 458] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 457] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 458] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 457] <... futex resumed>) = 0 [pid 457] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 458] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 457] <... futex resumed>) = 0 [pid 458] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 457] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 458] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 457] <... futex resumed>) = 0 [pid 458] ioctl(3, VHOST_SET_VRING_ERR [pid 457] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 458] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 457] <... futex resumed>) = 0 [pid 457] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 458] ioctl(3, VHOST_SET_VRING_ADDR [pid 457] <... futex resumed>) = 0 [pid 458] <... ioctl resumed>, 0x200000000240) = 0 [pid 457] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 457] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 457] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 458] <... futex resumed>) = 0 [pid 457] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 458] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 457] <... futex resumed>) = 0 [pid 458] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 457] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 458] <... ioctl resumed>, 0x200000000140) = 0 [pid 457] <... futex resumed>) = 0 [pid 457] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 457] <... futex resumed>) = 0 [pid 458] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 457] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 458] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 457] <... futex resumed>) = 0 [pid 457] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 458] memfd_create("syzkaller", 0) = 5 [pid 458] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb8e13e5000 [pid 458] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 458] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 458] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 458] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 458] close(5) = 0 [pid 458] close(6) = 0 [pid 458] mkdir("./file0", 0777) = 0 [pid 458] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 458] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 458] chdir("./file0") = 0 [pid 458] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 458] ioctl(6, LOOP_CLR_FD) = 0 [pid 458] close(6) = 0 [pid 458] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 457] <... futex resumed>) = 0 [pid 457] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 457] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 458] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 457] <... futex resumed>) = 0 [pid 457] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 457] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] <... futex resumed>) = 1 [pid 458] write(6, "#! ./file1\n", 11) = 11 [pid 458] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 457] <... futex resumed>) = 0 [pid 457] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 457] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] <... futex resumed>) = 1 [pid 458] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 458] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 457] <... futex resumed>) = 0 [pid 457] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 457] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] <... futex resumed>) = 1 [ 30.886341][ T458] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 458] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 457] <... futex resumed>) = ? [pid 458] +++ killed by SIGBUS +++ [pid 457] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=457, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 [ 30.940611][ T458] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor134: bg 0: block 234: padding at end of block bitmap is not set umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555664fb690) = 464 ./strace-static-x86_64: Process 464 attached [pid 464] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 464] chdir("./16") = 0 [pid 464] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 464] setpgid(0, 0) = 0 [pid 464] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 464] write(3, "1000", 4) = 4 [pid 464] close(3) = 0 [pid 464] symlink("/dev/binderfs", "./binderfs") = 0 [pid 464] write(1, "executing program\n", 18executing program ) = 18 [pid 464] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 464] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 464] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 464] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 464] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 464] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0} => {parent_tid=[465]}, 88) = 465 [pid 464] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 464] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 465 attached [pid 465] set_robust_list(0x7fb8e98059a0, 24) = 0 [pid 465] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 465] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 465] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 465] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 465] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 465] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 465] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 465] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 465] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 465] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 465] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 465] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 465] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 465] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 465] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 465] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 465] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 465] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 465] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 465] memfd_create("syzkaller", 0 [pid 464] <... futex resumed>) = 0 [pid 465] <... memfd_create resumed>) = 5 [pid 464] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 465] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb8e13e5000 [pid 465] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 465] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 465] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 465] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 465] close(5) = 0 [pid 465] close(6) = 0 [pid 465] mkdir("./file0", 0777) = 0 [pid 465] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 465] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 465] chdir("./file0") = 0 [pid 465] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 465] ioctl(6, LOOP_CLR_FD) = 0 [pid 465] close(6) = 0 [pid 465] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 465] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 464] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 465] <... futex resumed>) = 0 [pid 465] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 465] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 464] <... futex resumed>) = 0 [pid 465] <... futex resumed>) = 1 [pid 464] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 465] write(6, "#! ./file1\n", 11 [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 465] <... write resumed>) = 11 [pid 465] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 464] <... futex resumed>) = 0 [pid 465] <... futex resumed>) = 1 [pid 464] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 465] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 465] <... mmap resumed>) = 0x200000000000 [ 31.150397][ T465] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 465] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 465] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 464] <... futex resumed>) = ? [pid 465] +++ killed by SIGBUS +++ [pid 464] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=464, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 [ 31.192232][ T466] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-465: bg 0: block 234: padding at end of block bitmap is not set umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555664fb690) = 470 ./strace-static-x86_64: Process 470 attached [pid 470] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 470] chdir("./17") = 0 [pid 470] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 470] setpgid(0, 0) = 0 [pid 470] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 470] write(3, "1000", 4) = 4 [pid 470] close(3) = 0 [pid 470] symlink("/dev/binderfs", "./binderfs") = 0 [pid 470] write(1, "executing program\n", 18executing program ) = 18 [pid 470] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 470] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 470] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 470] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 470] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 470] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0} => {parent_tid=[471]}, 88) = 471 [pid 470] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 470] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 471 attached [pid 471] set_robust_list(0x7fb8e98059a0, 24) = 0 [pid 471] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 471] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 471] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 470] <... futex resumed>) = 0 [pid 470] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 471] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 470] <... futex resumed>) = 0 [pid 470] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 471] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 470] <... futex resumed>) = 0 [pid 470] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 471] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 470] <... futex resumed>) = 0 [pid 470] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 471] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 470] <... futex resumed>) = 0 [pid 470] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 471] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 470] <... futex resumed>) = 0 [pid 470] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 471] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 470] <... futex resumed>) = 0 [pid 470] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 471] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 470] <... futex resumed>) = 0 [pid 470] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 471] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 470] <... futex resumed>) = 0 [pid 471] memfd_create("syzkaller", 0 [pid 470] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 471] <... memfd_create resumed>) = 5 [pid 470] <... futex resumed>) = 0 [pid 471] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 470] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 471] <... mmap resumed>) = 0x7fb8e13e5000 [pid 471] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 471] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 471] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 471] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 471] close(5) = 0 [pid 471] close(6) = 0 [pid 471] mkdir("./file0", 0777) = 0 [pid 471] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 471] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 471] chdir("./file0") = 0 [pid 471] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 471] ioctl(6, LOOP_CLR_FD) = 0 [pid 471] close(6) = 0 [pid 471] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 471] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 470] <... futex resumed>) = 0 [pid 470] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 470] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] <... futex resumed>) = 0 [pid 471] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 471] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 470] <... futex resumed>) = 0 [pid 470] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 471] write(6, "#! ./file1\n", 11 [pid 470] <... futex resumed>) = 0 [pid 470] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] <... write resumed>) = 11 [pid 471] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 470] <... futex resumed>) = 0 [pid 470] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 31.370387][ T471] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 471] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 470] <... futex resumed>) = 0 [pid 470] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] <... futex resumed>) = 1 [pid 471] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 470] <... futex resumed>) = ? [pid 471] +++ killed by SIGBUS +++ [pid 470] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=470, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 [ 31.417307][ T472] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-471: bg 0: block 234: padding at end of block bitmap is not set umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555664fb690) = 476 ./strace-static-x86_64: Process 476 attached [pid 476] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 476] chdir("./18") = 0 [pid 476] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 476] setpgid(0, 0) = 0 [pid 476] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 476] write(3, "1000", 4) = 4 [pid 476] close(3) = 0 [pid 476] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 476] write(1, "executing program\n", 18) = 18 [pid 476] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 476] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 476] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 476] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 476] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 476] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 476] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0} => {parent_tid=[477]}, 88) = 477 [pid 476] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 476] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 476] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 477 attached [pid 477] set_robust_list(0x7fb8e98059a0, 24) = 0 [pid 477] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 477] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 477] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 476] <... futex resumed>) = 0 [pid 476] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 476] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 477] <... futex resumed>) = 1 [pid 477] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 477] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 476] <... futex resumed>) = 0 [pid 476] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 476] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 477] <... futex resumed>) = 1 [pid 477] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 477] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 476] <... futex resumed>) = 0 [pid 476] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 476] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 477] <... futex resumed>) = 1 [pid 477] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 477] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 476] <... futex resumed>) = 0 [pid 476] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 476] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 477] <... futex resumed>) = 1 [pid 477] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 477] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 476] <... futex resumed>) = 0 [pid 476] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 476] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 477] <... futex resumed>) = 1 [pid 477] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 477] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 476] <... futex resumed>) = 0 [pid 476] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 476] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 477] <... futex resumed>) = 1 [pid 477] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 477] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 476] <... futex resumed>) = 0 [pid 476] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 476] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 477] <... futex resumed>) = 1 [pid 477] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 477] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 476] <... futex resumed>) = 0 [pid 476] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 476] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 477] <... futex resumed>) = 1 [pid 477] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 477] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 476] <... futex resumed>) = 0 [pid 476] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 476] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 477] <... futex resumed>) = 1 [pid 477] memfd_create("syzkaller", 0) = 5 [pid 477] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb8e13e5000 [pid 477] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 477] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 477] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 477] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 477] close(5) = 0 [pid 477] close(6) = 0 [pid 477] mkdir("./file0", 0777) = 0 [pid 477] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 477] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 477] chdir("./file0") = 0 [pid 477] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 477] ioctl(6, LOOP_CLR_FD) = 0 [pid 477] close(6) = 0 [pid 477] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 476] <... futex resumed>) = 0 [pid 476] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 476] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 477] <... futex resumed>) = 1 [pid 477] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 477] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 476] <... futex resumed>) = 0 [pid 476] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 476] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 477] <... futex resumed>) = 1 [pid 477] write(6, "#! ./file1\n", 11) = 11 [pid 477] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 476] <... futex resumed>) = 0 [pid 476] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 476] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 477] <... futex resumed>) = 1 [pid 477] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 477] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 476] <... futex resumed>) = 0 [pid 476] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 476] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 477] <... futex resumed>) = 1 [ 31.623461][ T477] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 477] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 476] <... futex resumed>) = ? [pid 477] +++ killed by SIGBUS +++ [pid 476] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=476, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 [ 31.661866][ T477] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor134: bg 0: block 234: padding at end of block bitmap is not set umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555664fb690) = 482 ./strace-static-x86_64: Process 482 attached [pid 482] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 482] chdir("./19") = 0 [pid 482] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 482] setpgid(0, 0) = 0 [pid 482] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 482] write(3, "1000", 4) = 4 [pid 482] close(3) = 0 [pid 482] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 482] write(1, "executing program\n", 18) = 18 [pid 482] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 482] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 482] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 482] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 482] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 482] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0}./strace-static-x86_64: Process 483 attached => {parent_tid=[483]}, 88) = 483 [pid 482] rt_sigprocmask(SIG_SETMASK, [], [pid 483] set_robust_list(0x7fb8e98059a0, 24 [pid 482] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 482] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 483] <... set_robust_list resumed>) = 0 [pid 482] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 483] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 483] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 483] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 482] <... futex resumed>) = 0 [pid 483] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 482] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 483] ioctl(3, VHOST_SET_OWNER [pid 482] <... futex resumed>) = 0 [pid 482] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 483] <... ioctl resumed>, 0) = 0 [pid 483] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 482] <... futex resumed>) = 0 [pid 482] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 483] ioctl(3, VHOST_SET_VRING_ADDR [pid 482] <... futex resumed>) = 0 [pid 483] <... ioctl resumed>, 0x200000000300) = 0 [pid 482] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 483] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 482] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 483] <... futex resumed>) = 0 [pid 482] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 483] ioctl(3, VHOST_SET_MEM_TABLE [pid 482] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 483] <... ioctl resumed>, 0x200000003380) = 0 [pid 483] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 482] <... futex resumed>) = 0 [pid 483] <... futex resumed>) = 1 [pid 482] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 483] eventfd2(118, EFD_SEMAPHORE [pid 482] <... futex resumed>) = 0 [pid 482] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 483] <... eventfd2 resumed>) = 4 [pid 483] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 482] <... futex resumed>) = 0 [pid 483] <... futex resumed>) = 1 [pid 483] ioctl(3, VHOST_SET_VRING_ERR [pid 482] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 483] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 482] <... futex resumed>) = 0 [pid 483] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 482] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 483] <... futex resumed>) = 0 [pid 483] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 482] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 482] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 483] <... futex resumed>) = 0 [pid 482] <... futex resumed>) = 1 [pid 483] ioctl(3, VHOST_SET_VRING_ADDR [pid 482] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 483] <... ioctl resumed>, 0x200000000240) = 0 [pid 483] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 482] <... futex resumed>) = 0 [pid 483] <... futex resumed>) = 1 [pid 482] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 483] ioctl(3, VHOST_SET_VRING_KICK [pid 482] <... futex resumed>) = 0 [pid 483] <... ioctl resumed>, 0x200000000000) = 0 [pid 482] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 483] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 482] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 483] <... futex resumed>) = 0 [pid 482] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 483] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 482] <... futex resumed>) = 0 [pid 483] <... ioctl resumed>, 0x200000000140) = 0 [pid 482] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 483] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 482] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 483] <... futex resumed>) = 0 [pid 482] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 483] memfd_create("syzkaller", 0) = 5 [pid 483] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb8e13e5000 [pid 483] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 483] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 483] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 483] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 483] close(5) = 0 [pid 483] close(6) = 0 [pid 483] mkdir("./file0", 0777) = 0 [pid 483] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 483] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 483] chdir("./file0") = 0 [pid 483] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 483] ioctl(6, LOOP_CLR_FD) = 0 [pid 483] close(6) = 0 [pid 483] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 482] <... futex resumed>) = 0 [pid 482] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 483] <... futex resumed>) = 1 [pid 483] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 483] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 482] <... futex resumed>) = 0 [pid 482] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 483] write(6, "#! ./file1\n", 11) = 11 [pid 483] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 482] <... futex resumed>) = 0 [pid 482] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 483] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 31.841684][ T483] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 483] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 482] <... futex resumed>) = 0 [pid 482] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 483] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 482] <... futex resumed>) = ? [pid 483] +++ killed by SIGBUS +++ [pid 482] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=482, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 [ 31.885965][ T484] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-483: bg 0: block 234: padding at end of block bitmap is not set umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555664fb690) = 488 ./strace-static-x86_64: Process 488 attached [pid 488] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 488] chdir("./20") = 0 [pid 488] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 488] setpgid(0, 0) = 0 [pid 488] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 488] write(3, "1000", 4) = 4 [pid 488] close(3) = 0 [pid 488] symlink("/dev/binderfs", "./binderfs") = 0 [pid 488] write(1, "executing program\n", 18executing program ) = 18 [pid 488] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 488] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 488] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 488] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 488] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 488] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 488] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0} => {parent_tid=[489]}, 88) = 489 ./strace-static-x86_64: Process 489 attached [pid 489] set_robust_list(0x7fb8e98059a0, 24) = 0 [pid 489] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 488] rt_sigprocmask(SIG_SETMASK, [], [pid 489] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 488] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 488] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 489] <... futex resumed>) = 0 [pid 489] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 488] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 489] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 488] <... futex resumed>) = 0 [pid 488] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 488] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 489] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 489] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 488] <... futex resumed>) = 0 [pid 488] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 488] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 489] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 489] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 488] <... futex resumed>) = 0 [pid 488] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 488] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 489] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 489] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 488] <... futex resumed>) = 0 [pid 488] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 488] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 489] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 489] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 488] <... futex resumed>) = 0 [pid 488] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 488] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 489] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 489] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 488] <... futex resumed>) = 0 [pid 488] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 488] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 489] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 489] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 488] <... futex resumed>) = 0 [pid 488] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 488] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 489] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 489] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 488] <... futex resumed>) = 0 [pid 488] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 488] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 489] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 489] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 488] <... futex resumed>) = 0 [pid 488] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 488] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 489] memfd_create("syzkaller", 0) = 5 [pid 489] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb8e13e5000 [pid 489] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 489] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 489] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 489] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 489] close(5) = 0 [pid 489] close(6) = 0 [pid 489] mkdir("./file0", 0777) = 0 [pid 489] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 489] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 489] chdir("./file0") = 0 [pid 489] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 489] ioctl(6, LOOP_CLR_FD) = 0 [pid 489] close(6) = 0 [pid 489] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 489] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 488] <... futex resumed>) = 0 [pid 488] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 488] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 489] <... futex resumed>) = 0 [pid 489] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 489] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 488] <... futex resumed>) = 0 [pid 488] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 488] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 489] <... futex resumed>) = 1 [pid 489] write(6, "#! ./file1\n", 11) = 11 [pid 489] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 488] <... futex resumed>) = 0 [pid 488] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 488] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 489] <... futex resumed>) = 1 [pid 489] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 489] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 488] <... futex resumed>) = 0 [pid 488] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 32.080167][ T489] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 488] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 489] <... futex resumed>) = 1 [pid 489] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 488] <... futex resumed>) = ? [pid 489] +++ killed by SIGBUS +++ [pid 488] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=488, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 [ 32.122411][ T490] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-489: bg 0: block 234: padding at end of block bitmap is not set umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 495 attached , child_tidptr=0x5555664fb690) = 495 [pid 495] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 495] chdir("./21") = 0 [pid 495] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 495] setpgid(0, 0) = 0 [pid 495] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 495] write(3, "1000", 4) = 4 [pid 495] close(3) = 0 [pid 495] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 495] write(1, "executing program\n", 18) = 18 [pid 495] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 495] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 495] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 495] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 495] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 495] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 495] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0}./strace-static-x86_64: Process 496 attached [pid 496] set_robust_list(0x7fb8e98059a0, 24) = 0 [pid 496] rt_sigprocmask(SIG_SETMASK, [], [pid 495] <... clone3 resumed> => {parent_tid=[496]}, 88) = 496 [pid 496] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 496] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 495] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 495] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 496] <... futex resumed>) = 0 [pid 495] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 496] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 496] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 495] <... futex resumed>) = 0 [pid 495] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 495] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 496] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 496] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 495] <... futex resumed>) = 0 [pid 495] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 495] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 496] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 496] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 495] <... futex resumed>) = 0 [pid 495] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 495] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 496] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 496] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 495] <... futex resumed>) = 0 [pid 496] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 495] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 495] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 496] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 496] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 496] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 495] <... futex resumed>) = 0 [pid 495] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 495] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 496] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 496] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 495] <... futex resumed>) = 0 [pid 496] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 495] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 496] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 495] <... futex resumed>) = 0 [pid 496] ioctl(3, VHOST_SET_VRING_ADDR [pid 495] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 496] <... ioctl resumed>, 0x200000000240) = 0 [pid 496] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 495] <... futex resumed>) = 0 [pid 495] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 496] ioctl(3, VHOST_SET_VRING_KICK [pid 495] <... futex resumed>) = 0 [pid 495] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 496] <... ioctl resumed>, 0x200000000000) = 0 [pid 496] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 495] <... futex resumed>) = 0 [pid 496] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 495] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 496] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 495] <... futex resumed>) = 0 [pid 496] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 495] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 496] <... ioctl resumed>, 0x200000000140) = 0 [pid 496] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 495] <... futex resumed>) = 0 [pid 496] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 495] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 496] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 495] <... futex resumed>) = 0 [pid 495] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 496] memfd_create("syzkaller", 0) = 5 [pid 496] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb8e13e5000 [pid 496] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 496] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 496] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 496] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 496] close(5) = 0 [pid 496] close(6) = 0 [pid 496] mkdir("./file0", 0777) = 0 [pid 496] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 496] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 496] chdir("./file0") = 0 [pid 496] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 496] ioctl(6, LOOP_CLR_FD) = 0 [pid 496] close(6) = 0 [pid 496] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 495] <... futex resumed>) = 0 [pid 495] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 495] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 496] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 496] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 495] <... futex resumed>) = 0 [pid 495] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 495] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 496] write(6, "#! ./file1\n", 11) = 11 [pid 496] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 495] <... futex resumed>) = 0 [pid 495] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 495] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 496] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 496] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 495] <... futex resumed>) = 0 [pid 495] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 32.324110][ T496] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 495] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 496] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 495] <... futex resumed>) = ? [pid 496] +++ killed by SIGBUS +++ [pid 495] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=495, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 32.363409][ T497] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-496: bg 0: block 234: padding at end of block bitmap is not set openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 501 attached , child_tidptr=0x5555664fb690) = 501 [pid 501] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 501] chdir("./22") = 0 [pid 501] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 501] setpgid(0, 0) = 0 [pid 501] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 501] write(3, "1000", 4) = 4 [pid 501] close(3) = 0 [pid 501] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 501] write(1, "executing program\n", 18) = 18 [pid 501] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 501] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 501] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 501] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 501] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 501] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 501] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0}./strace-static-x86_64: Process 502 attached [pid 502] set_robust_list(0x7fb8e98059a0, 24 [pid 501] <... clone3 resumed> => {parent_tid=[502]}, 88) = 502 [pid 502] <... set_robust_list resumed>) = 0 [pid 502] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 502] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 501] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 501] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 502] <... futex resumed>) = 0 [pid 501] <... futex resumed>) = 1 [pid 502] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 501] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 502] <... openat resumed>) = 3 [pid 502] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 501] <... futex resumed>) = 0 [pid 501] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 502] ioctl(3, VHOST_SET_OWNER [pid 501] <... futex resumed>) = 0 [pid 501] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 502] <... ioctl resumed>, 0) = 0 [pid 502] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 502] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 501] <... futex resumed>) = 0 [pid 501] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 502] <... futex resumed>) = 0 [pid 501] <... futex resumed>) = 1 [pid 502] ioctl(3, VHOST_SET_VRING_ADDR [pid 501] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 502] <... ioctl resumed>, 0x200000000300) = 0 [pid 502] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 501] <... futex resumed>) = 0 [pid 502] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 501] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 502] <... futex resumed>) = 0 [pid 501] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 502] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 502] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 502] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 501] <... futex resumed>) = 0 [pid 501] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 502] <... futex resumed>) = 0 [pid 501] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 502] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 502] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 501] <... futex resumed>) = 0 [pid 502] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 501] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 502] <... futex resumed>) = 0 [pid 501] <... futex resumed>) = 1 [pid 502] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 501] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 502] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 501] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 502] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 501] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 502] <... futex resumed>) = 0 [pid 501] <... futex resumed>) = 1 [pid 502] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 502] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 501] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 502] <... futex resumed>) = 0 [pid 501] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 502] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 501] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 502] <... futex resumed>) = 0 [pid 501] <... futex resumed>) = 1 [pid 502] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 501] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 502] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 501] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 502] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 501] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 502] <... futex resumed>) = 0 [pid 501] <... futex resumed>) = 1 [pid 502] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 501] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 502] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 501] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 502] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 501] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 502] <... futex resumed>) = 0 [pid 501] <... futex resumed>) = 1 [pid 501] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 502] memfd_create("syzkaller", 0) = 5 [pid 502] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb8e13e5000 [pid 502] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 502] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 502] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 502] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 502] close(5) = 0 [pid 502] close(6) = 0 [pid 502] mkdir("./file0", 0777) = 0 [pid 502] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 502] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 502] chdir("./file0") = 0 [pid 502] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 502] ioctl(6, LOOP_CLR_FD) = 0 [pid 502] close(6) = 0 [pid 502] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 501] <... futex resumed>) = 0 [pid 501] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 501] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 502] <... futex resumed>) = 1 [pid 502] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 502] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 501] <... futex resumed>) = 0 [pid 501] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 501] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 502] <... futex resumed>) = 1 [pid 502] write(6, "#! ./file1\n", 11) = 11 [pid 502] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 501] <... futex resumed>) = 0 [pid 501] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 501] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 502] <... futex resumed>) = 1 [pid 502] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 502] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 501] <... futex resumed>) = 0 [pid 501] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 501] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 502] <... futex resumed>) = 1 [ 32.505944][ T502] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 502] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 501] <... futex resumed>) = ? [pid 502] +++ killed by SIGBUS +++ [pid 501] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=501, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 [ 32.535100][ T502] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor134: bg 0: block 234: padding at end of block bitmap is not set umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555664fb690) = 507 ./strace-static-x86_64: Process 507 attached [pid 507] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 507] chdir("./23") = 0 [pid 507] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 507] setpgid(0, 0) = 0 [pid 507] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 507] write(3, "1000", 4) = 4 [pid 507] close(3) = 0 [pid 507] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 507] write(1, "executing program\n", 18) = 18 [pid 507] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 507] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 507] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 507] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 507] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 507] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 507] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0}./strace-static-x86_64: Process 508 attached => {parent_tid=[508]}, 88) = 508 [pid 507] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 508] set_robust_list(0x7fb8e98059a0, 24 [pid 507] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 508] <... set_robust_list resumed>) = 0 [pid 507] <... futex resumed>) = 0 [pid 508] rt_sigprocmask(SIG_SETMASK, [], [pid 507] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 508] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 508] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 508] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 507] <... futex resumed>) = 0 [pid 508] ioctl(3, VHOST_SET_OWNER [pid 507] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 507] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 508] <... ioctl resumed>, 0) = 0 [pid 508] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 507] <... futex resumed>) = 0 [pid 507] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 507] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 508] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 508] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 507] <... futex resumed>) = 0 [pid 507] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 507] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 508] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 508] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 507] <... futex resumed>) = 0 [pid 507] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 507] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 508] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 508] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 507] <... futex resumed>) = 0 [pid 507] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 507] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 508] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 508] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 507] <... futex resumed>) = 0 [pid 507] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 507] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 508] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 508] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 507] <... futex resumed>) = 0 [pid 507] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 507] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 508] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 508] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 507] <... futex resumed>) = 0 [pid 507] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 507] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 508] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 508] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 508] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 507] <... futex resumed>) = 0 [pid 507] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 507] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 508] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 508] memfd_create("syzkaller", 0) = 5 [pid 508] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb8e13e5000 [pid 508] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 508] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 508] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 508] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 508] close(5) = 0 [pid 508] close(6) = 0 [pid 508] mkdir("./file0", 0777) = 0 [pid 508] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 508] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 508] chdir("./file0") = 0 [pid 508] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 508] ioctl(6, LOOP_CLR_FD) = 0 [pid 508] close(6) = 0 [pid 508] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 507] <... futex resumed>) = 0 [pid 507] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 507] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 508] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 508] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 507] <... futex resumed>) = 0 [pid 507] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 507] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 508] <... futex resumed>) = 1 [pid 508] write(6, "#! ./file1\n", 11) = 11 [pid 508] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 507] <... futex resumed>) = 0 [pid 507] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 507] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 508] <... futex resumed>) = 1 [pid 508] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 508] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 507] <... futex resumed>) = 0 [pid 507] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 507] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 508] <... futex resumed>) = 1 [ 32.910000][ T508] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 508] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 507] <... futex resumed>) = ? [pid 508] +++ killed by SIGBUS +++ [pid 507] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=507, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 [ 32.961256][ T509] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-508: bg 0: block 234: padding at end of block bitmap is not set umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555664fb690) = 514 ./strace-static-x86_64: Process 514 attached [pid 514] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 514] chdir("./24") = 0 [pid 514] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 514] setpgid(0, 0) = 0 [pid 514] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 514] write(3, "1000", 4) = 4 [pid 514] close(3) = 0 [pid 514] symlink("/dev/binderfs", "./binderfs") = 0 [pid 514] write(1, "executing program\n", 18executing program ) = 18 [pid 514] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 514] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 514] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 514] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 514] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 514] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 514] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0} => {parent_tid=[515]}, 88) = 515 [pid 514] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 514] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 514] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 515 attached [pid 515] set_robust_list(0x7fb8e98059a0, 24) = 0 [pid 515] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 515] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 515] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 514] <... futex resumed>) = 0 [pid 514] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 514] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 515] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 515] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 514] <... futex resumed>) = 0 [pid 514] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 514] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 515] <... futex resumed>) = 1 [pid 515] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 515] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 514] <... futex resumed>) = 0 [pid 514] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 514] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 515] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 515] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 514] <... futex resumed>) = 0 [pid 514] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 514] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 515] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 515] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 514] <... futex resumed>) = 0 [pid 514] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 514] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 515] <... futex resumed>) = 1 [pid 515] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 515] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 514] <... futex resumed>) = 0 [pid 514] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 514] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 515] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 515] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 514] <... futex resumed>) = 0 [pid 514] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 514] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 515] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 515] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 514] <... futex resumed>) = 0 [pid 514] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 514] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 515] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 515] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 514] <... futex resumed>) = 0 [pid 514] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 514] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 515] memfd_create("syzkaller", 0) = 5 [pid 515] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb8e13e5000 [pid 515] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 515] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 515] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 515] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 515] close(5) = 0 [pid 515] close(6) = 0 [pid 515] mkdir("./file0", 0777) = 0 [pid 515] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 515] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 515] chdir("./file0") = 0 [pid 515] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 515] ioctl(6, LOOP_CLR_FD) = 0 [pid 515] close(6) = 0 [pid 515] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 514] <... futex resumed>) = 0 [pid 514] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 514] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 515] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 515] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 514] <... futex resumed>) = 0 [pid 514] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 514] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 515] write(6, "#! ./file1\n", 11) = 11 [pid 515] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 514] <... futex resumed>) = 0 [pid 514] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 514] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 515] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 515] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 515] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 514] <... futex resumed>) = 0 [pid 514] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 514] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 515] <... futex resumed>) = 0 [ 33.160118][ T515] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 515] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 514] <... futex resumed>) = ? [pid 515] +++ killed by SIGBUS +++ [pid 514] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=514, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 [ 33.196967][ T516] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-515: bg 0: block 234: padding at end of block bitmap is not set umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555664fb690) = 520 ./strace-static-x86_64: Process 520 attached [pid 520] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 520] chdir("./25") = 0 [pid 520] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 520] setpgid(0, 0) = 0 [pid 520] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 520] write(3, "1000", 4) = 4 [pid 520] close(3) = 0 [pid 520] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 520] write(1, "executing program\n", 18) = 18 [pid 520] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 520] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 520] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 520] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 520] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 520] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 520] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0}./strace-static-x86_64: Process 521 attached => {parent_tid=[521]}, 88) = 521 [pid 521] set_robust_list(0x7fb8e98059a0, 24 [pid 520] rt_sigprocmask(SIG_SETMASK, [], [pid 521] <... set_robust_list resumed>) = 0 [pid 520] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 520] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 521] rt_sigprocmask(SIG_SETMASK, [], [pid 520] <... futex resumed>) = 0 [pid 521] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 520] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 521] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 521] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 520] <... futex resumed>) = 0 [pid 520] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 520] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 521] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 521] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 520] <... futex resumed>) = 0 [pid 520] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 520] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 521] <... futex resumed>) = 1 [pid 521] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 521] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 520] <... futex resumed>) = 0 [pid 521] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 520] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 520] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 521] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 521] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 521] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 520] <... futex resumed>) = 0 [pid 520] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 520] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 521] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 521] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 520] <... futex resumed>) = 0 [pid 520] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 520] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 521] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 521] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 520] <... futex resumed>) = 0 [pid 521] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 520] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 521] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 520] <... futex resumed>) = 0 [pid 521] ioctl(3, VHOST_SET_VRING_ADDR [pid 520] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 521] <... ioctl resumed>, 0x200000000240) = 0 [pid 521] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 520] <... futex resumed>) = 0 [pid 521] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 520] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 521] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 520] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 521] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 521] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 520] <... futex resumed>) = 0 [pid 520] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 521] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 520] <... futex resumed>) = 0 [pid 521] <... ioctl resumed>, 0x200000000140) = 0 [pid 520] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 521] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 520] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 520] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 520] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 521] <... futex resumed>) = 0 [pid 521] memfd_create("syzkaller", 0) = 5 [pid 521] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb8e13e5000 [pid 521] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 521] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 521] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 521] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 521] close(5) = 0 [pid 521] close(6) = 0 [pid 521] mkdir("./file0", 0777) = 0 [pid 521] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 521] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 521] chdir("./file0") = 0 [pid 521] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 521] ioctl(6, LOOP_CLR_FD) = 0 [pid 521] close(6) = 0 [pid 521] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 520] <... futex resumed>) = 0 [pid 520] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 520] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 521] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 521] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 520] <... futex resumed>) = 0 [pid 520] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 520] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 521] <... futex resumed>) = 1 [pid 521] write(6, "#! ./file1\n", 11) = 11 [pid 521] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 520] <... futex resumed>) = 0 [pid 520] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 520] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 521] <... futex resumed>) = 1 [pid 521] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 521] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 520] <... futex resumed>) = 0 [pid 520] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 520] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 521] <... futex resumed>) = 1 [ 33.350299][ T521] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 521] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 520] <... futex resumed>) = ? [pid 521] +++ killed by SIGBUS +++ [pid 520] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=520, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 [ 33.403781][ T522] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-521: bg 0: block 234: padding at end of block bitmap is not set umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555664fb690) = 526 ./strace-static-x86_64: Process 526 attached [pid 526] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 526] chdir("./26") = 0 [pid 526] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 526] setpgid(0, 0) = 0 [pid 526] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 526] write(3, "1000", 4) = 4 [pid 526] close(3) = 0 [pid 526] symlink("/dev/binderfs", "./binderfs") = 0 [pid 526] write(1, "executing program\n", 18executing program ) = 18 [pid 526] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 526] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 526] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 526] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 526] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 526] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 526] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0} => {parent_tid=[527]}, 88) = 527 [pid 526] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 526] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 526] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 527 attached [pid 527] set_robust_list(0x7fb8e98059a0, 24) = 0 [pid 527] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 527] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 527] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 526] <... futex resumed>) = 0 [pid 526] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 526] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 527] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 527] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 526] <... futex resumed>) = 0 [pid 526] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 526] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 527] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 527] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 526] <... futex resumed>) = 0 [pid 526] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 526] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 527] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 527] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 526] <... futex resumed>) = 0 [pid 526] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 526] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 527] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 527] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 526] <... futex resumed>) = 0 [pid 526] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 526] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 527] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 527] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 526] <... futex resumed>) = 0 [pid 526] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 526] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 527] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 527] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 526] <... futex resumed>) = 0 [pid 526] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 526] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 527] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 527] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 526] <... futex resumed>) = 0 [pid 526] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 526] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 527] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 527] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 526] <... futex resumed>) = 0 [pid 526] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 526] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 527] memfd_create("syzkaller", 0) = 5 [pid 527] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb8e13e5000 [pid 527] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 527] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 527] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 527] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 527] close(5) = 0 [pid 527] close(6) = 0 [pid 527] mkdir("./file0", 0777) = 0 [pid 527] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 527] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 527] chdir("./file0") = 0 [pid 527] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 527] ioctl(6, LOOP_CLR_FD) = 0 [pid 527] close(6) = 0 [pid 527] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 527] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 526] <... futex resumed>) = 0 [pid 526] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 526] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 527] <... futex resumed>) = 0 [pid 527] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 527] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 526] <... futex resumed>) = 0 [pid 526] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 526] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 527] write(6, "#! ./file1\n", 11) = 11 [pid 527] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 526] <... futex resumed>) = 0 [pid 526] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 526] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 527] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 527] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 33.560787][ T527] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 527] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 526] <... futex resumed>) = 0 [pid 526] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 526] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 527] <... futex resumed>) = 0 [pid 527] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 526] <... futex resumed>) = ? [pid 527] +++ killed by SIGBUS +++ [pid 526] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=526, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 [ 33.611846][ T528] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-527: bg 0: block 234: padding at end of block bitmap is not set umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555664fb690) = 532 ./strace-static-x86_64: Process 532 attached [pid 532] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 532] chdir("./27") = 0 [pid 532] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 532] setpgid(0, 0) = 0 [pid 532] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 532] write(3, "1000", 4) = 4 [pid 532] close(3) = 0 [pid 532] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 532] write(1, "executing program\n", 18) = 18 [pid 532] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 532] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 532] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 532] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 532] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 532] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 532] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0}./strace-static-x86_64: Process 533 attached [pid 533] set_robust_list(0x7fb8e98059a0, 24) = 0 [pid 533] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 533] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 532] <... clone3 resumed> => {parent_tid=[533]}, 88) = 533 [pid 532] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 532] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 533] <... futex resumed>) = 0 [pid 532] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 533] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 533] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 533] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 532] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 532] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 533] <... futex resumed>) = 0 [pid 532] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 533] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 533] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 532] <... futex resumed>) = 0 [pid 533] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 532] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 533] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 532] <... futex resumed>) = 0 [pid 533] ioctl(3, VHOST_SET_VRING_ADDR [pid 532] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 533] <... ioctl resumed>, 0x200000000300) = 0 [pid 533] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 532] <... futex resumed>) = 0 [pid 532] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 532] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 533] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 533] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 532] <... futex resumed>) = 0 [pid 532] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 532] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 533] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 533] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 532] <... futex resumed>) = 0 [pid 532] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 532] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 533] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 533] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 532] <... futex resumed>) = 0 [pid 532] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 532] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 533] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 533] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 532] <... futex resumed>) = 0 [pid 533] ioctl(3, VHOST_SET_VRING_KICK [pid 532] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 532] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 533] <... ioctl resumed>, 0x200000000000) = 0 [pid 533] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 532] <... futex resumed>) = 0 [pid 532] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 533] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 532] <... futex resumed>) = 0 [pid 532] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 533] <... ioctl resumed>, 0x200000000140) = 0 [pid 533] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 532] <... futex resumed>) = 0 [pid 533] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 532] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 533] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 532] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 533] memfd_create("syzkaller", 0) = 5 [pid 533] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb8e13e5000 [pid 533] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 533] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 533] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 533] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 533] close(5) = 0 [pid 533] close(6) = 0 [pid 533] mkdir("./file0", 0777) = 0 [pid 533] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 533] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 533] chdir("./file0") = 0 [pid 533] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 533] ioctl(6, LOOP_CLR_FD) = 0 [pid 533] close(6) = 0 [pid 533] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 532] <... futex resumed>) = 0 [pid 533] <... futex resumed>) = 1 [pid 532] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 532] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 533] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 533] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 532] <... futex resumed>) = 0 [pid 533] <... futex resumed>) = 1 [pid 532] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 532] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 533] write(6, "#! ./file1\n", 11) = 11 [pid 533] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 532] <... futex resumed>) = 0 [pid 532] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 532] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 533] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 33.769793][ T533] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 533] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 532] <... futex resumed>) = 0 [pid 532] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 532] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 533] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 532] <... futex resumed>) = ? [pid 533] +++ killed by SIGBUS +++ [pid 532] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=532, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 [ 33.810220][ T534] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-533: bg 0: block 234: padding at end of block bitmap is not set umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 538 attached , child_tidptr=0x5555664fb690) = 538 [pid 538] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 538] chdir("./28") = 0 [pid 538] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 538] setpgid(0, 0) = 0 [pid 538] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 538] write(3, "1000", 4) = 4 [pid 538] close(3) = 0 [pid 538] symlink("/dev/binderfs", "./binderfs") = 0 [pid 538] write(1, "executing program\n", 18executing program ) = 18 [pid 538] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 538] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 538] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 538] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 538] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 538] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 538] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0} => {parent_tid=[539]}, 88) = 539 [pid 538] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 538] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 538] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 539 attached [pid 539] set_robust_list(0x7fb8e98059a0, 24) = 0 [pid 539] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 539] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 539] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 538] <... futex resumed>) = 0 [pid 538] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 538] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 539] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 539] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 538] <... futex resumed>) = 0 [pid 538] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 538] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 539] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 539] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 538] <... futex resumed>) = 0 [pid 538] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 538] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 539] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 539] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 538] <... futex resumed>) = 0 [pid 538] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 538] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 539] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 539] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 538] <... futex resumed>) = 0 [pid 538] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 538] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 539] <... futex resumed>) = 1 [pid 539] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 539] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 538] <... futex resumed>) = 0 [pid 538] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 538] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 539] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 539] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 538] <... futex resumed>) = 0 [pid 538] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 538] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 539] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 539] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 538] <... futex resumed>) = 0 [pid 538] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 538] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 539] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 539] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 538] <... futex resumed>) = 0 [pid 538] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 538] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 539] memfd_create("syzkaller", 0) = 5 [pid 539] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb8e13e5000 [pid 539] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 539] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 539] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 539] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 539] close(5) = 0 [pid 539] close(6) = 0 [pid 539] mkdir("./file0", 0777) = 0 [pid 539] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 539] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 539] chdir("./file0") = 0 [pid 539] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 539] ioctl(6, LOOP_CLR_FD) = 0 [pid 539] close(6) = 0 [pid 539] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 538] <... futex resumed>) = 0 [pid 538] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 538] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 539] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 539] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 538] <... futex resumed>) = 0 [pid 538] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 538] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 539] write(6, "#! ./file1\n", 11) = 11 [pid 539] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 538] <... futex resumed>) = 0 [pid 538] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 538] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 34.020743][ T539] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 539] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 539] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 538] <... futex resumed>) = 0 [pid 538] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 538] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 539] <... futex resumed>) = 1 [pid 539] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 538] <... futex resumed>) = ? [pid 539] +++ killed by SIGBUS +++ [pid 538] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=538, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 [ 34.067111][ T540] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-539: bg 0: block 234: padding at end of block bitmap is not set umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555664fb690) = 545 ./strace-static-x86_64: Process 545 attached [pid 545] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 545] chdir("./29") = 0 [pid 545] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 545] setpgid(0, 0) = 0 [pid 545] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 545] write(3, "1000", 4) = 4 [pid 545] close(3) = 0 [pid 545] symlink("/dev/binderfs", "./binderfs") = 0 [pid 545] write(1, "executing program\n", 18executing program ) = 18 [pid 545] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 545] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 545] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 545] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 545] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 545] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 545] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0} => {parent_tid=[546]}, 88) = 546 ./strace-static-x86_64: Process 546 attached [pid 545] rt_sigprocmask(SIG_SETMASK, [], [pid 546] set_robust_list(0x7fb8e98059a0, 24) = 0 [pid 546] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 546] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 545] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 545] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 546] <... futex resumed>) = 0 [pid 546] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 545] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 546] <... openat resumed>) = 3 [pid 546] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 546] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 545] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 545] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 546] <... futex resumed>) = 0 [pid 545] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 546] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 546] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 545] <... futex resumed>) = 0 [pid 546] ioctl(3, VHOST_SET_VRING_ADDR [pid 545] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 546] <... ioctl resumed>, 0x200000000300) = 0 [pid 545] <... futex resumed>) = 0 [pid 546] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 545] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 546] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 545] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 546] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 545] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 546] ioctl(3, VHOST_SET_MEM_TABLE [pid 545] <... futex resumed>) = 0 [pid 545] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 546] <... ioctl resumed>, 0x200000003380) = 0 [pid 546] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 545] <... futex resumed>) = 0 [pid 546] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 545] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 546] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 545] <... futex resumed>) = 0 [pid 546] eventfd2(118, EFD_SEMAPHORE [pid 545] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 546] <... eventfd2 resumed>) = 4 [pid 546] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 545] <... futex resumed>) = 0 [pid 546] ioctl(3, VHOST_SET_VRING_ERR [pid 545] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 546] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 545] <... futex resumed>) = 0 [pid 546] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 545] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 546] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 545] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 545] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 546] <... futex resumed>) = 0 [pid 545] <... futex resumed>) = 1 [pid 546] ioctl(3, VHOST_SET_VRING_ADDR [pid 545] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 546] <... ioctl resumed>, 0x200000000240) = 0 [pid 546] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 545] <... futex resumed>) = 0 [pid 545] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 546] ioctl(3, VHOST_SET_VRING_KICK [pid 545] <... futex resumed>) = 0 [pid 546] <... ioctl resumed>, 0x200000000000) = 0 [pid 545] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 546] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 545] <... futex resumed>) = 0 [pid 546] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 545] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 546] <... ioctl resumed>, 0x200000000140) = 0 [pid 545] <... futex resumed>) = 0 [pid 546] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 545] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 546] <... futex resumed>) = 0 [pid 545] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 546] memfd_create("syzkaller", 0 [pid 545] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 546] <... memfd_create resumed>) = 5 [pid 545] <... futex resumed>) = 0 [pid 545] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 546] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb8e13e5000 [pid 546] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 546] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 546] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 546] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 546] close(5) = 0 [pid 546] close(6) = 0 [pid 546] mkdir("./file0", 0777) = 0 [pid 546] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 546] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 546] chdir("./file0") = 0 [pid 546] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 546] ioctl(6, LOOP_CLR_FD) = 0 [pid 546] close(6) = 0 [pid 546] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 545] <... futex resumed>) = 0 [pid 545] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 545] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 546] <... futex resumed>) = 1 [pid 546] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 546] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 545] <... futex resumed>) = 0 [pid 545] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 545] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 546] <... futex resumed>) = 1 [pid 546] write(6, "#! ./file1\n", 11) = 11 [pid 546] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 545] <... futex resumed>) = 0 [pid 545] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 545] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 546] <... futex resumed>) = 1 [pid 546] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 546] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 545] <... futex resumed>) = 0 [pid 545] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 545] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 546] <... futex resumed>) = 1 [ 34.220195][ T546] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 546] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 545] <... futex resumed>) = ? [pid 546] +++ killed by SIGBUS +++ [pid 545] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=545, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 [ 34.263775][ T547] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-546: bg 0: block 234: padding at end of block bitmap is not set umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 551 attached , child_tidptr=0x5555664fb690) = 551 [pid 551] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 551] chdir("./30") = 0 [pid 551] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 551] setpgid(0, 0) = 0 [pid 551] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 551] write(3, "1000", 4) = 4 [pid 551] close(3) = 0 [pid 551] symlink("/dev/binderfs", "./binderfs") = 0 [pid 551] write(1, "executing program\n", 18) = 18 executing program [pid 551] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 551] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 551] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 551] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 551] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 551] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 551] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0}./strace-static-x86_64: Process 552 attached => {parent_tid=[552]}, 88) = 552 [pid 552] set_robust_list(0x7fb8e98059a0, 24 [pid 551] rt_sigprocmask(SIG_SETMASK, [], [pid 552] <... set_robust_list resumed>) = 0 [pid 551] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 552] rt_sigprocmask(SIG_SETMASK, [], [pid 551] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 552] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 551] <... futex resumed>) = 0 [pid 551] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 552] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 552] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 551] <... futex resumed>) = 0 [pid 552] <... futex resumed>) = 1 [pid 551] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 552] ioctl(3, VHOST_SET_OWNER [pid 551] <... futex resumed>) = 0 [pid 551] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 552] <... ioctl resumed>, 0) = 0 [pid 552] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 551] <... futex resumed>) = 0 [pid 551] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 551] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 552] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 552] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 551] <... futex resumed>) = 0 [pid 551] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 551] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 552] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 552] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 551] <... futex resumed>) = 0 [pid 551] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 551] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 552] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 552] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 551] <... futex resumed>) = 0 [pid 551] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 551] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 552] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 552] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 551] <... futex resumed>) = 0 [pid 551] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 551] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 552] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 552] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 551] <... futex resumed>) = 0 [pid 551] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 552] ioctl(3, VHOST_SET_VRING_KICK [pid 551] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 552] <... ioctl resumed>, 0x200000000000) = 0 [pid 552] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 551] <... futex resumed>) = 0 [pid 551] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 551] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 552] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 552] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 551] <... futex resumed>) = 0 [pid 552] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 551] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 552] <... futex resumed>) = 0 [pid 551] <... futex resumed>) = 1 [pid 551] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 552] memfd_create("syzkaller", 0) = 5 [pid 552] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb8e13e5000 [pid 552] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 552] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 552] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 552] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 552] close(5) = 0 [pid 552] close(6) = 0 [pid 552] mkdir("./file0", 0777) = 0 [pid 552] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 552] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 552] chdir("./file0") = 0 [pid 552] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 552] ioctl(6, LOOP_CLR_FD) = 0 [pid 552] close(6) = 0 [pid 552] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 551] <... futex resumed>) = 0 [pid 551] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 551] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 552] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 552] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 551] <... futex resumed>) = 0 [pid 551] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 551] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 552] write(6, "#! ./file1\n", 11) = 11 [pid 552] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 551] <... futex resumed>) = 0 [pid 552] <... futex resumed>) = 1 [pid 551] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 551] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 552] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 34.516199][ T552] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 552] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 551] <... futex resumed>) = 0 [pid 551] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 551] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 552] <... futex resumed>) = 1 [pid 552] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 551] <... futex resumed>) = ? [pid 552] +++ killed by SIGBUS +++ [pid 551] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=551, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 [ 34.574896][ T553] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-552: bg 0: block 234: padding at end of block bitmap is not set umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555664fb690) = 557 ./strace-static-x86_64: Process 557 attached [pid 557] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 557] chdir("./31") = 0 [pid 557] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 557] setpgid(0, 0) = 0 [pid 557] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 557] write(3, "1000", 4) = 4 [pid 557] close(3) = 0 [pid 557] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 557] write(1, "executing program\n", 18) = 18 [pid 557] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 557] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 557] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 557] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 557] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 557] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 557] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0} => {parent_tid=[558]}, 88) = 558 [pid 557] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 557] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 557] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 558 attached [pid 558] set_robust_list(0x7fb8e98059a0, 24) = 0 [pid 558] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 558] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 558] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 557] <... futex resumed>) = 0 [pid 557] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 557] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 558] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 558] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 557] <... futex resumed>) = 0 [pid 557] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 557] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 558] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 558] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 557] <... futex resumed>) = 0 [pid 557] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 557] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 558] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 558] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 557] <... futex resumed>) = 0 [pid 557] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 557] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 558] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 558] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 557] <... futex resumed>) = 0 [pid 557] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 557] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 558] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 558] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 557] <... futex resumed>) = 0 [pid 557] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 557] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 558] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 558] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 557] <... futex resumed>) = 0 [pid 558] <... futex resumed>) = 1 [pid 557] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 557] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 558] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 558] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 557] <... futex resumed>) = 0 [pid 557] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 557] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 558] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 558] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 557] <... futex resumed>) = 0 [pid 557] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 557] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 558] <... futex resumed>) = 1 [pid 558] memfd_create("syzkaller", 0) = 5 [pid 558] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb8e13e5000 [pid 558] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 558] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 558] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 558] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 558] close(5) = 0 [pid 558] close(6) = 0 [pid 558] mkdir("./file0", 0777) = 0 [pid 558] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 558] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 558] chdir("./file0") = 0 [pid 558] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 558] ioctl(6, LOOP_CLR_FD) = 0 [pid 558] close(6) = 0 [pid 558] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 557] <... futex resumed>) = 0 [pid 557] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 557] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 558] <... futex resumed>) = 1 [pid 558] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 558] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 557] <... futex resumed>) = 0 [pid 557] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 557] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 558] <... futex resumed>) = 1 [pid 558] write(6, "#! ./file1\n", 11) = 11 [pid 558] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 557] <... futex resumed>) = 0 [pid 557] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 557] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 558] <... futex resumed>) = 1 [pid 558] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 558] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 557] <... futex resumed>) = 0 [pid 557] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 557] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 558] <... futex resumed>) = 1 [ 34.759648][ T558] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 558] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 557] <... futex resumed>) = ? [pid 558] +++ killed by SIGBUS +++ [pid 557] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=557, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 [ 34.797235][ T558] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor134: bg 0: block 234: padding at end of block bitmap is not set umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555664fb690) = 563 ./strace-static-x86_64: Process 563 attached [pid 563] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 563] chdir("./32") = 0 [pid 563] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 563] setpgid(0, 0) = 0 [pid 563] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 563] write(3, "1000", 4) = 4 [pid 563] close(3) = 0 [pid 563] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 563] write(1, "executing program\n", 18) = 18 [pid 563] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 563] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 563] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 563] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 563] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 563] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 563] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0} => {parent_tid=[564]}, 88) = 564 ./strace-static-x86_64: Process 564 attached [pid 563] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 563] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 563] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 564] set_robust_list(0x7fb8e98059a0, 24) = 0 [pid 564] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 564] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 564] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 563] <... futex resumed>) = 0 [pid 563] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 563] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 564] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 564] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 563] <... futex resumed>) = 0 [pid 563] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 563] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 564] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 564] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 563] <... futex resumed>) = 0 [pid 563] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 563] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 564] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 564] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 563] <... futex resumed>) = 0 [pid 563] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 563] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 564] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 564] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 563] <... futex resumed>) = 0 [pid 563] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 563] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 564] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 564] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 563] <... futex resumed>) = 0 [pid 563] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 563] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 564] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 564] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 563] <... futex resumed>) = 0 [pid 563] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 563] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 564] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 564] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 563] <... futex resumed>) = 0 [pid 563] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 563] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 564] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 564] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 563] <... futex resumed>) = 0 [pid 563] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 563] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 564] memfd_create("syzkaller", 0) = 5 [pid 564] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb8e13e5000 [pid 564] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 564] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 564] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 564] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 564] close(5) = 0 [pid 564] close(6) = 0 [pid 564] mkdir("./file0", 0777) = 0 [pid 564] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 564] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 564] chdir("./file0") = 0 [pid 564] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 564] ioctl(6, LOOP_CLR_FD) = 0 [pid 564] close(6) = 0 [pid 564] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 563] <... futex resumed>) = 0 [pid 563] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 564] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 563] <... futex resumed>) = 0 [pid 563] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 564] <... openat resumed>) = 6 [pid 564] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 563] <... futex resumed>) = 0 [pid 563] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 563] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 564] write(6, "#! ./file1\n", 11) = 11 [pid 564] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 563] <... futex resumed>) = 0 [pid 564] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 563] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 563] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 564] <... futex resumed>) = 0 [pid 564] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 564] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 563] <... futex resumed>) = 0 [pid 564] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 563] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 564] <... futex resumed>) = 0 [ 35.000106][ T564] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 563] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 564] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 563] <... futex resumed>) = ? [pid 564] +++ killed by SIGBUS +++ [pid 563] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=563, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 [ 35.040712][ T564] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor134: bg 0: block 234: padding at end of block bitmap is not set umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555664fb690) = 570 ./strace-static-x86_64: Process 570 attached [pid 570] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 570] chdir("./33") = 0 [pid 570] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 570] setpgid(0, 0) = 0 [pid 570] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 570] write(3, "1000", 4) = 4 [pid 570] close(3) = 0 [pid 570] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 570] write(1, "executing program\n", 18) = 18 [pid 570] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 570] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 570] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 570] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 570] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 570] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 570] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0}./strace-static-x86_64: Process 571 attached [pid 571] set_robust_list(0x7fb8e98059a0, 24) = 0 [pid 571] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 571] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 570] <... clone3 resumed> => {parent_tid=[571]}, 88) = 571 [pid 570] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 570] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 571] <... futex resumed>) = 0 [pid 570] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 571] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 571] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 571] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 570] <... futex resumed>) = 0 [pid 570] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 571] <... futex resumed>) = 0 [pid 571] ioctl(3, VHOST_SET_OWNER [pid 570] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 571] <... ioctl resumed>, 0) = 0 [pid 571] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 570] <... futex resumed>) = 0 [pid 570] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 570] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 571] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 571] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 570] <... futex resumed>) = 0 [pid 570] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 570] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 571] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 571] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 570] <... futex resumed>) = 0 [pid 571] eventfd2(118, EFD_SEMAPHORE [pid 570] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 571] <... eventfd2 resumed>) = 4 [pid 570] <... futex resumed>) = 0 [pid 571] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 570] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 571] <... futex resumed>) = 0 [pid 571] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 570] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 570] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 571] <... futex resumed>) = 0 [pid 570] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 571] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 571] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 570] <... futex resumed>) = 0 [pid 571] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 570] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 571] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 570] <... futex resumed>) = 0 [pid 571] ioctl(3, VHOST_SET_VRING_ADDR [pid 570] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 571] <... ioctl resumed>, 0x200000000240) = 0 [pid 571] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 570] <... futex resumed>) = 0 [pid 571] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 570] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 571] <... futex resumed>) = 0 [pid 570] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 571] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 571] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 571] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 570] <... futex resumed>) = 0 [pid 571] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 570] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 571] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 570] <... futex resumed>) = 0 [pid 571] <... ioctl resumed>, 0x200000000140) = 0 [pid 570] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 571] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 570] <... futex resumed>) = 0 [pid 571] memfd_create("syzkaller", 0 [pid 570] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 571] <... memfd_create resumed>) = 5 [pid 570] <... futex resumed>) = 0 [pid 571] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 570] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 571] <... mmap resumed>) = 0x7fb8e13e5000 [pid 571] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 571] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 571] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 571] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 571] close(5) = 0 [pid 571] close(6) = 0 [pid 571] mkdir("./file0", 0777) = 0 [pid 571] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 571] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 571] chdir("./file0") = 0 [pid 571] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 571] ioctl(6, LOOP_CLR_FD) = 0 [pid 571] close(6) = 0 [pid 571] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 570] <... futex resumed>) = 0 [pid 571] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 570] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 571] <... futex resumed>) = 0 [pid 570] <... futex resumed>) = 1 [pid 571] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 570] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 571] <... openat resumed>) = 6 [pid 571] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 570] <... futex resumed>) = 0 [pid 571] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 570] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 571] <... futex resumed>) = 0 [pid 570] <... futex resumed>) = 1 [pid 571] write(6, "#! ./file1\n", 11 [pid 570] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 571] <... write resumed>) = 11 [pid 571] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 570] <... futex resumed>) = 0 [pid 571] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 570] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 571] <... futex resumed>) = 0 [pid 570] <... futex resumed>) = 1 [pid 571] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 570] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 571] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 570] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 570] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 35.239132][ T571] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 570] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 571] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 570] <... futex resumed>) = ? [pid 571] +++ killed by SIGBUS +++ [pid 570] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=570, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 [ 35.303398][ T572] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-571: bg 0: block 234: padding at end of block bitmap is not set umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 576 attached , child_tidptr=0x5555664fb690) = 576 [pid 576] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 576] chdir("./34") = 0 [pid 576] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 576] setpgid(0, 0) = 0 [pid 576] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 576] write(3, "1000", 4) = 4 [pid 576] close(3) = 0 [pid 576] symlink("/dev/binderfs", "./binderfs") = 0 [pid 576] write(1, "executing program\n", 18executing program ) = 18 [pid 576] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 576] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 576] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 576] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 576] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 576] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 576] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0}./strace-static-x86_64: Process 577 attached => {parent_tid=[577]}, 88) = 577 [pid 577] set_robust_list(0x7fb8e98059a0, 24 [pid 576] rt_sigprocmask(SIG_SETMASK, [], [pid 577] <... set_robust_list resumed>) = 0 [pid 577] rt_sigprocmask(SIG_SETMASK, [], [pid 576] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 577] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 576] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 576] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 577] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 577] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 576] <... futex resumed>) = 0 [pid 577] ioctl(3, VHOST_SET_OWNER [pid 576] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 576] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 577] <... ioctl resumed>, 0) = 0 [pid 577] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 576] <... futex resumed>) = 0 [pid 576] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 576] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 577] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 577] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 576] <... futex resumed>) = 0 [pid 576] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 576] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 577] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 577] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 576] <... futex resumed>) = 0 [pid 576] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 576] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 577] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 577] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 576] <... futex resumed>) = 0 [pid 576] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 576] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 577] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 577] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 576] <... futex resumed>) = 0 [pid 576] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 576] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 577] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 577] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 576] <... futex resumed>) = 0 [pid 576] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 576] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 577] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 577] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 576] <... futex resumed>) = 0 [pid 576] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 576] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 577] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 577] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 576] <... futex resumed>) = 0 [pid 576] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 576] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 577] memfd_create("syzkaller", 0) = 5 [pid 577] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb8e13e5000 [pid 577] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 577] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 577] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 577] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 577] close(5) = 0 [pid 577] close(6) = 0 [pid 577] mkdir("./file0", 0777) = 0 [pid 577] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 577] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 577] chdir("./file0") = 0 [pid 577] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 577] ioctl(6, LOOP_CLR_FD) = 0 [pid 577] close(6) = 0 [pid 577] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 576] <... futex resumed>) = 0 [pid 576] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 576] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 577] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 577] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 576] <... futex resumed>) = 0 [pid 576] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 576] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 577] write(6, "#! ./file1\n", 11) = 11 [pid 577] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 576] <... futex resumed>) = 0 [pid 576] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 576] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 577] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 577] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 35.570023][ T577] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 577] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 576] <... futex resumed>) = 0 [pid 576] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 576] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 577] <... futex resumed>) = 0 [pid 577] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 576] <... futex resumed>) = ? [pid 577] +++ killed by SIGBUS +++ [pid 576] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=576, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 [ 35.632367][ T578] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-577: bg 0: block 234: padding at end of block bitmap is not set umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 582 attached , child_tidptr=0x5555664fb690) = 582 [pid 582] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 582] chdir("./35") = 0 [pid 582] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 582] setpgid(0, 0) = 0 [pid 582] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 582] write(3, "1000", 4) = 4 [pid 582] close(3) = 0 [pid 582] symlink("/dev/binderfs", "./binderfs") = 0 [pid 582] write(1, "executing program\n", 18executing program ) = 18 [pid 582] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 582] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 582] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 582] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 582] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 582] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 582] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0} => {parent_tid=[583]}, 88) = 583 [pid 582] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 582] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 582] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 583 attached [pid 583] set_robust_list(0x7fb8e98059a0, 24) = 0 [pid 583] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 583] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 583] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 582] <... futex resumed>) = 0 [pid 582] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 582] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 583] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 583] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 582] <... futex resumed>) = 0 [pid 582] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 582] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 583] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 583] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 582] <... futex resumed>) = 0 [pid 582] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 582] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 583] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 583] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 582] <... futex resumed>) = 0 [pid 582] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 582] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 583] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 583] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 582] <... futex resumed>) = 0 [pid 582] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 582] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 583] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 583] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 582] <... futex resumed>) = 0 [pid 582] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 582] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 583] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 583] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 582] <... futex resumed>) = 0 [pid 582] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 582] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 583] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 583] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 582] <... futex resumed>) = 0 [pid 582] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 582] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 583] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 583] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 582] <... futex resumed>) = 0 [pid 582] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 583] memfd_create("syzkaller", 0 [pid 582] <... futex resumed>) = 0 [pid 582] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 583] <... memfd_create resumed>) = 5 [pid 583] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb8e13e5000 [pid 583] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 583] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 583] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 583] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 583] close(5) = 0 [pid 583] close(6) = 0 [pid 583] mkdir("./file0", 0777) = 0 [pid 583] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 583] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 583] chdir("./file0") = 0 [pid 583] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 583] ioctl(6, LOOP_CLR_FD) = 0 [pid 583] close(6) = 0 [pid 583] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 582] <... futex resumed>) = 0 [pid 583] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 582] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 583] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 582] <... futex resumed>) = 0 [pid 583] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 582] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 583] <... openat resumed>) = 6 [pid 583] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 582] <... futex resumed>) = 0 [pid 583] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 582] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 583] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 582] <... futex resumed>) = 0 [pid 583] write(6, "#! ./file1\n", 11 [pid 582] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 583] <... write resumed>) = 11 [pid 583] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 582] <... futex resumed>) = 0 [pid 583] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 582] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 583] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 582] <... futex resumed>) = 0 [pid 583] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 582] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 583] <... mmap resumed>) = 0x200000000000 [pid 583] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 582] <... futex resumed>) = 0 [pid 583] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 582] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 583] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 582] <... futex resumed>) = 0 [ 35.820192][ T583] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 582] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 583] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 582] <... futex resumed>) = ? [pid 583] +++ killed by SIGBUS +++ [pid 582] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=582, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 [ 35.871096][ T583] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor134: bg 0: block 234: padding at end of block bitmap is not set umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 588 attached , child_tidptr=0x5555664fb690) = 588 [pid 588] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 588] chdir("./36") = 0 [pid 588] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 588] setpgid(0, 0) = 0 [pid 588] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 588] write(3, "1000", 4) = 4 [pid 588] close(3) = 0 [pid 588] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 588] write(1, "executing program\n", 18) = 18 [pid 588] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 588] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 588] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 588] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 588] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 588] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 588] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0}./strace-static-x86_64: Process 589 attached [pid 589] set_robust_list(0x7fb8e98059a0, 24) = 0 [pid 589] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 589] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 588] <... clone3 resumed> => {parent_tid=[589]}, 88) = 589 [pid 588] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 588] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 589] <... futex resumed>) = 0 [pid 588] <... futex resumed>) = 1 [pid 588] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 589] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 589] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 588] <... futex resumed>) = 0 [pid 589] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 588] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 589] <... futex resumed>) = 0 [pid 588] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 589] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 589] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 588] <... futex resumed>) = 0 [pid 588] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 588] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 589] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 589] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 588] <... futex resumed>) = 0 [pid 588] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 588] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 589] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 589] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 588] <... futex resumed>) = 0 [pid 588] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 588] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 589] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 589] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 588] <... futex resumed>) = 0 [pid 589] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 588] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 588] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 589] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 589] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 589] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 588] <... futex resumed>) = 0 [pid 588] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 588] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 589] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 589] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 588] <... futex resumed>) = 0 [pid 589] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 588] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 589] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 588] <... futex resumed>) = 0 [pid 589] ioctl(3, VHOST_SET_VRING_KICK [pid 588] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 589] <... ioctl resumed>, 0x200000000000) = 0 [pid 589] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 588] <... futex resumed>) = 0 [pid 588] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 589] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 588] <... futex resumed>) = 0 [pid 589] <... ioctl resumed>, 0x200000000140) = 0 [pid 588] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 589] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 588] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 589] <... futex resumed>) = 0 [pid 588] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 588] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 589] memfd_create("syzkaller", 0) = 5 [pid 589] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb8e13e5000 [pid 589] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 589] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 589] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 589] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 589] close(5) = 0 [pid 589] close(6) = 0 [pid 589] mkdir("./file0", 0777) = 0 [pid 589] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 589] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 589] chdir("./file0") = 0 [pid 589] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 589] ioctl(6, LOOP_CLR_FD) = 0 [pid 589] close(6) = 0 [pid 589] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 588] <... futex resumed>) = 0 [pid 589] <... futex resumed>) = 1 [pid 588] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 589] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 588] <... futex resumed>) = 0 [pid 588] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 589] <... openat resumed>) = 6 [pid 589] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 588] <... futex resumed>) = 0 [pid 589] <... futex resumed>) = 1 [pid 588] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 589] write(6, "#! ./file1\n", 11 [pid 588] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 589] <... write resumed>) = 11 [pid 589] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 588] <... futex resumed>) = 0 [pid 589] <... futex resumed>) = 1 [pid 588] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 589] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 588] <... futex resumed>) = 0 [pid 588] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 589] <... mmap resumed>) = 0x200000000000 [ 36.087563][ T589] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 589] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 588] <... futex resumed>) = 0 [pid 588] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 588] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 589] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 588] <... futex resumed>) = ? [pid 589] +++ killed by SIGBUS +++ [pid 588] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=588, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 [ 36.132018][ T590] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-589: bg 0: block 234: padding at end of block bitmap is not set umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555664fb690) = 595 ./strace-static-x86_64: Process 595 attached [pid 595] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 595] chdir("./37") = 0 [pid 595] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 595] setpgid(0, 0) = 0 [pid 595] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 595] write(3, "1000", 4) = 4 [pid 595] close(3) = 0 [pid 595] symlink("/dev/binderfs", "./binderfs") = 0 [pid 595] write(1, "executing program\n", 18executing program ) = 18 [pid 595] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 595] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 595] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 595] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 595] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 595] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 595] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0}./strace-static-x86_64: Process 596 attached => {parent_tid=[596]}, 88) = 596 [pid 596] set_robust_list(0x7fb8e98059a0, 24) = 0 [pid 595] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 595] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 595] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 596] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 596] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 596] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 595] <... futex resumed>) = 0 [pid 596] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 595] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 596] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 595] <... futex resumed>) = 0 [pid 596] ioctl(3, VHOST_SET_OWNER [pid 595] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 596] <... ioctl resumed>, 0) = 0 [pid 596] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 595] <... futex resumed>) = 0 [pid 596] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 595] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 595] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 596] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 596] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 596] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 596] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 595] <... futex resumed>) = 0 [pid 595] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 595] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 596] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 596] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 596] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 596] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 595] <... futex resumed>) = 0 [pid 596] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 595] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 596] eventfd2(118, EFD_SEMAPHORE [pid 595] <... futex resumed>) = 0 [pid 596] <... eventfd2 resumed>) = 4 [pid 596] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 595] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 596] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 595] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 595] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 596] <... futex resumed>) = 0 [pid 595] <... futex resumed>) = 1 [pid 596] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 595] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 596] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 595] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 596] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 595] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 596] <... futex resumed>) = 0 [pid 595] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 596] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 596] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 595] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 596] <... futex resumed>) = 0 [pid 595] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 596] ioctl(3, VHOST_SET_VRING_KICK [pid 595] <... futex resumed>) = 0 [pid 596] <... ioctl resumed>, 0x200000000000) = 0 [pid 596] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 595] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 596] <... futex resumed>) = 0 [pid 596] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 595] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 595] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 596] <... futex resumed>) = 0 [pid 595] <... futex resumed>) = 1 [pid 596] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 595] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 596] <... ioctl resumed>, 0x200000000140) = 0 [pid 596] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 596] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 595] <... futex resumed>) = 0 [pid 595] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 596] <... futex resumed>) = 0 [pid 595] <... futex resumed>) = 1 [pid 595] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 596] memfd_create("syzkaller", 0) = 5 [pid 596] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb8e13e5000 [pid 596] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 596] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 596] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 596] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 596] close(5) = 0 [pid 596] close(6) = 0 [pid 596] mkdir("./file0", 0777) = 0 [pid 596] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 596] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 596] chdir("./file0") = 0 [pid 596] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 596] ioctl(6, LOOP_CLR_FD) = 0 [pid 596] close(6) = 0 [pid 596] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 596] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 595] <... futex resumed>) = 0 [pid 595] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 595] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 596] <... futex resumed>) = 0 [pid 596] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 596] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 595] <... futex resumed>) = 0 [pid 595] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 595] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 596] write(6, "#! ./file1\n", 11) = 11 [pid 596] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 595] <... futex resumed>) = 0 [pid 596] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 595] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 595] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 596] <... mmap resumed>) = 0x200000000000 [pid 596] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 595] <... futex resumed>) = 0 [pid 595] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 595] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 596] <... futex resumed>) = 1 [ 36.350291][ T596] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 596] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 595] <... futex resumed>) = ? [pid 596] +++ killed by SIGBUS +++ [pid 595] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=595, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 [ 36.404180][ T596] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor134: bg 0: block 234: padding at end of block bitmap is not set umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555664fb690) = 601 ./strace-static-x86_64: Process 601 attached [pid 601] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 601] chdir("./38") = 0 [pid 601] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 601] setpgid(0, 0) = 0 [pid 601] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 601] write(3, "1000", 4) = 4 [pid 601] close(3) = 0 [pid 601] symlink("/dev/binderfs", "./binderfs") = 0 [pid 601] write(1, "executing program\n", 18executing program ) = 18 [pid 601] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 601] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 601] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 601] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 601] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 601] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 601] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0} => {parent_tid=[602]}, 88) = 602 [pid 601] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 601] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 601] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 602 attached [pid 602] set_robust_list(0x7fb8e98059a0, 24) = 0 [pid 602] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 602] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 602] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 601] <... futex resumed>) = 0 [pid 601] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 601] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 602] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 602] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 601] <... futex resumed>) = 0 [pid 601] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 601] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 602] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 602] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 601] <... futex resumed>) = 0 [pid 601] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 601] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 602] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 602] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 601] <... futex resumed>) = 0 [pid 601] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 601] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 602] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 602] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 601] <... futex resumed>) = 0 [pid 602] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 601] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 601] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 602] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 602] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 602] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 601] <... futex resumed>) = 0 [pid 602] ioctl(3, VHOST_SET_VRING_ADDR [pid 601] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 602] <... ioctl resumed>, 0x200000000240) = 0 [pid 601] <... futex resumed>) = 0 [pid 602] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 601] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 602] <... futex resumed>) = 0 [pid 601] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 601] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 602] ioctl(3, VHOST_SET_VRING_KICK [pid 601] <... futex resumed>) = 0 [pid 602] <... ioctl resumed>, 0x200000000000) = 0 [pid 601] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 602] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 601] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 602] <... futex resumed>) = 0 [pid 601] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 602] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 601] <... futex resumed>) = 0 [pid 602] <... ioctl resumed>, 0x200000000140) = 0 [pid 601] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 602] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 601] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 602] <... futex resumed>) = 0 [pid 601] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 601] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 602] memfd_create("syzkaller", 0) = 5 [pid 602] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb8e13e5000 [pid 602] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 602] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 602] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 602] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 602] close(5) = 0 [pid 602] close(6) = 0 [pid 602] mkdir("./file0", 0777) = 0 [pid 602] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 602] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 602] chdir("./file0") = 0 [pid 602] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 602] ioctl(6, LOOP_CLR_FD) = 0 [pid 602] close(6) = 0 [pid 602] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 602] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 601] <... futex resumed>) = 0 [pid 601] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 601] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 602] <... futex resumed>) = 0 [pid 602] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 602] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 601] <... futex resumed>) = 0 [pid 601] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 601] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 602] write(6, "#! ./file1\n", 11) = 11 [pid 602] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 601] <... futex resumed>) = 0 [pid 601] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 601] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 602] <... futex resumed>) = 1 [pid 602] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 602] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 601] <... futex resumed>) = 0 [pid 601] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 601] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 602] <... futex resumed>) = 1 [ 36.650061][ T602] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 602] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 601] <... futex resumed>) = ? [pid 602] +++ killed by SIGBUS +++ [pid 601] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=601, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 [ 36.699306][ T602] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor134: bg 0: block 234: padding at end of block bitmap is not set umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555664fb690) = 607 ./strace-static-x86_64: Process 607 attached [pid 607] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 607] chdir("./39") = 0 [pid 607] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 607] setpgid(0, 0) = 0 [pid 607] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 607] write(3, "1000", 4) = 4 [pid 607] close(3) = 0 [pid 607] symlink("/dev/binderfs", "./binderfs") = 0 [pid 607] write(1, "executing program\n", 18executing program ) = 18 [pid 607] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 607] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 607] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 607] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 607] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 607] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 607] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0} => {parent_tid=[608]}, 88) = 608 [pid 607] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 607] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 607] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 608 attached [pid 608] set_robust_list(0x7fb8e98059a0, 24) = 0 [pid 608] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 608] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 608] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 607] <... futex resumed>) = 0 [pid 607] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 607] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 608] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 608] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 607] <... futex resumed>) = 0 [pid 607] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 607] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 608] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 608] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 607] <... futex resumed>) = 0 [pid 607] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 607] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 608] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 608] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 607] <... futex resumed>) = 0 [pid 607] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 607] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 608] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 608] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 607] <... futex resumed>) = 0 [pid 607] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 607] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 608] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 608] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 607] <... futex resumed>) = 0 [pid 607] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 607] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 608] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 608] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 607] <... futex resumed>) = 0 [pid 607] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 607] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 608] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 608] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 607] <... futex resumed>) = 0 [pid 607] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 607] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 608] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 608] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 607] <... futex resumed>) = 0 [pid 607] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 607] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 608] memfd_create("syzkaller", 0) = 5 [pid 608] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb8e13e5000 [pid 608] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 608] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 608] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 608] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 608] close(5) = 0 [pid 608] close(6) = 0 [pid 608] mkdir("./file0", 0777) = 0 [pid 608] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 608] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 608] chdir("./file0") = 0 [pid 608] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 608] ioctl(6, LOOP_CLR_FD) = 0 [pid 608] close(6) = 0 [pid 608] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 607] <... futex resumed>) = 0 [pid 607] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 607] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 608] <... futex resumed>) = 1 [pid 608] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 608] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 607] <... futex resumed>) = 0 [pid 607] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 607] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 608] <... futex resumed>) = 1 [pid 608] write(6, "#! ./file1\n", 11) = 11 [pid 608] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 607] <... futex resumed>) = 0 [pid 608] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 607] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 608] <... mmap resumed>) = 0x200000000000 [pid 607] <... futex resumed>) = 0 [pid 608] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 607] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 608] <... futex resumed>) = 0 [pid 607] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 37.000743][ T608] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 607] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 607] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 608] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 607] <... futex resumed>) = ? [pid 608] +++ killed by SIGBUS +++ [pid 607] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=607, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 [ 37.054277][ T608] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor134: bg 0: block 234: padding at end of block bitmap is not set umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 614 attached [pid 614] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 614] chdir("./40") = 0 [pid 614] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 361] <... clone resumed>, child_tidptr=0x5555664fb690) = 614 [pid 614] setpgid(0, 0) = 0 [pid 614] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 614] write(3, "1000", 4) = 4 [pid 614] close(3) = 0 [pid 614] symlink("/dev/binderfs", "./binderfs") = 0 [pid 614] write(1, "executing program\n", 18executing program ) = 18 [pid 614] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 614] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 614] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 614] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 614] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 614] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 614] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0}./strace-static-x86_64: Process 615 attached [pid 615] set_robust_list(0x7fb8e98059a0, 24) = 0 [pid 615] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 615] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 614] <... clone3 resumed> => {parent_tid=[615]}, 88) = 615 [pid 614] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 614] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 615] <... futex resumed>) = 0 [pid 614] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 615] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 615] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 614] <... futex resumed>) = 0 [pid 615] ioctl(3, VHOST_SET_OWNER [pid 614] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 614] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 615] <... ioctl resumed>, 0) = 0 [pid 615] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 614] <... futex resumed>) = 0 [pid 614] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 614] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 615] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 615] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 614] <... futex resumed>) = 0 [pid 614] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 614] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 615] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 615] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 614] <... futex resumed>) = 0 [pid 614] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 614] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 615] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 615] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 614] <... futex resumed>) = 0 [pid 614] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 614] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 615] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 615] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 614] <... futex resumed>) = 0 [pid 615] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 614] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 615] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 614] <... futex resumed>) = 0 [pid 615] ioctl(3, VHOST_SET_VRING_ADDR [pid 614] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 615] <... ioctl resumed>, 0x200000000240) = 0 [pid 615] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 614] <... futex resumed>) = 0 [pid 615] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 614] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 615] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 614] <... futex resumed>) = 0 [pid 615] ioctl(3, VHOST_SET_VRING_KICK [pid 614] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 615] <... ioctl resumed>, 0x200000000000) = 0 [pid 615] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 614] <... futex resumed>) = 0 [pid 615] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 614] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 615] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 614] <... futex resumed>) = 0 [pid 615] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 614] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 615] <... ioctl resumed>, 0x200000000140) = 0 [pid 615] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 614] <... futex resumed>) = 0 [pid 615] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 614] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 615] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 614] <... futex resumed>) = 0 [pid 614] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 615] memfd_create("syzkaller", 0) = 5 [pid 615] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb8e13e5000 [pid 615] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 615] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 615] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 615] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 615] close(5) = 0 [pid 615] close(6) = 0 [pid 615] mkdir("./file0", 0777) = 0 [pid 615] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 615] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 615] chdir("./file0") = 0 [pid 615] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 615] ioctl(6, LOOP_CLR_FD) = 0 [pid 615] close(6) = 0 [pid 615] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 615] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 614] <... futex resumed>) = 0 [pid 614] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 614] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 615] <... futex resumed>) = 0 [pid 615] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 615] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 614] <... futex resumed>) = 0 [pid 615] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 614] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 615] <... futex resumed>) = 0 [pid 614] <... futex resumed>) = 1 [pid 615] write(6, "#! ./file1\n", 11 [pid 614] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 615] <... write resumed>) = 11 [pid 615] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 614] <... futex resumed>) = 0 [pid 615] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 614] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 615] <... futex resumed>) = 0 [pid 614] <... futex resumed>) = 1 [pid 615] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 614] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 615] <... mmap resumed>) = 0x200000000000 [ 37.241322][ T615] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 615] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 614] <... futex resumed>) = 0 [pid 614] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 614] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 615] <... futex resumed>) = 1 [pid 615] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 614] <... futex resumed>) = ? [pid 615] +++ killed by SIGBUS +++ [pid 614] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=614, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 [ 37.293488][ T616] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-615: bg 0: block 234: padding at end of block bitmap is not set umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555664fb690) = 620 ./strace-static-x86_64: Process 620 attached [pid 620] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 620] chdir("./41") = 0 [pid 620] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 620] setpgid(0, 0) = 0 [pid 620] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 620] write(3, "1000", 4) = 4 [pid 620] close(3) = 0 [pid 620] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 620] write(1, "executing program\n", 18) = 18 [pid 620] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 620] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 620] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 620] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 620] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 620] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 620] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0}./strace-static-x86_64: Process 621 attached => {parent_tid=[621]}, 88) = 621 [pid 621] set_robust_list(0x7fb8e98059a0, 24 [pid 620] rt_sigprocmask(SIG_SETMASK, [], [pid 621] <... set_robust_list resumed>) = 0 [pid 620] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 621] rt_sigprocmask(SIG_SETMASK, [], [pid 620] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 621] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 620] <... futex resumed>) = 0 [pid 620] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 621] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 621] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 620] <... futex resumed>) = 0 [pid 620] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 620] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 621] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 621] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 620] <... futex resumed>) = 0 [pid 620] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 621] ioctl(3, VHOST_SET_VRING_ADDR [pid 620] <... futex resumed>) = 0 [pid 620] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 621] <... ioctl resumed>, 0x200000000300) = 0 [pid 621] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 620] <... futex resumed>) = 0 [pid 621] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 620] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 620] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 621] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 621] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 621] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 620] <... futex resumed>) = 0 [pid 620] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 620] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 621] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 621] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 620] <... futex resumed>) = 0 [pid 621] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 620] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 620] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 621] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 621] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 621] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 620] <... futex resumed>) = 0 [pid 621] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 620] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 621] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 621] ioctl(3, VHOST_SET_VRING_ADDR [pid 620] <... futex resumed>) = 0 [pid 621] <... ioctl resumed>, 0x200000000240) = 0 [pid 620] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 621] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 620] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 621] <... futex resumed>) = 0 [pid 620] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 620] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 621] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 621] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 620] <... futex resumed>) = 0 [pid 620] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 621] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 620] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 621] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 620] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 621] <... futex resumed>) = 0 [pid 620] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 620] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 621] memfd_create("syzkaller", 0) = 5 [pid 621] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb8e13e5000 [pid 621] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 621] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 621] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 621] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 621] close(5) = 0 [pid 621] close(6) = 0 [pid 621] mkdir("./file0", 0777) = 0 [pid 621] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 621] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 621] chdir("./file0") = 0 [pid 621] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 621] ioctl(6, LOOP_CLR_FD) = 0 [pid 621] close(6) = 0 [pid 621] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 620] <... futex resumed>) = 0 [pid 620] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 620] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 621] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 621] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 620] <... futex resumed>) = 0 [pid 620] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 620] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 621] <... futex resumed>) = 1 [pid 621] write(6, "#! ./file1\n", 11) = 11 [pid 621] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 620] <... futex resumed>) = 0 [pid 620] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 620] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 621] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 621] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 37.549568][ T621] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 621] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 620] <... futex resumed>) = 0 [pid 620] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 621] <... futex resumed>) = 0 [pid 620] <... futex resumed>) = 1 [pid 620] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 621] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 620] <... futex resumed>) = ? [pid 621] +++ killed by SIGBUS +++ [pid 620] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=620, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 [ 37.595391][ T622] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-621: bg 0: block 234: padding at end of block bitmap is not set umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 626 attached , child_tidptr=0x5555664fb690) = 626 [pid 626] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 626] chdir("./42") = 0 [pid 626] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 626] setpgid(0, 0) = 0 [pid 626] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 626] write(3, "1000", 4) = 4 [pid 626] close(3) = 0 [pid 626] symlink("/dev/binderfs", "./binderfs") = 0 [pid 626] write(1, "executing program\n", 18executing program ) = 18 [pid 626] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 626] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 626] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 626] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 626] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 626] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 626] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0}./strace-static-x86_64: Process 627 attached => {parent_tid=[627]}, 88) = 627 [pid 627] set_robust_list(0x7fb8e98059a0, 24 [pid 626] rt_sigprocmask(SIG_SETMASK, [], [pid 627] <... set_robust_list resumed>) = 0 [pid 626] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 627] rt_sigprocmask(SIG_SETMASK, [], [pid 626] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 627] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 626] <... futex resumed>) = 0 [pid 627] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 626] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 627] <... openat resumed>) = 3 [pid 627] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 626] <... futex resumed>) = 0 [pid 626] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 626] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 627] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 627] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 626] <... futex resumed>) = 0 [pid 626] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 626] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 627] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 627] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 626] <... futex resumed>) = 0 [pid 626] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 626] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 627] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 627] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 626] <... futex resumed>) = 0 [pid 626] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 626] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 627] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 627] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 626] <... futex resumed>) = 0 [pid 626] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 626] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 627] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 627] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 626] <... futex resumed>) = 0 [pid 626] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 626] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 627] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 627] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 626] <... futex resumed>) = 0 [pid 626] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 626] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 627] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 627] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 626] <... futex resumed>) = 0 [pid 626] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 626] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 627] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 627] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 626] <... futex resumed>) = 0 [pid 626] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 626] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 627] memfd_create("syzkaller", 0) = 5 [pid 627] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb8e13e5000 [pid 627] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 627] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 627] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 627] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 627] close(5) = 0 [pid 627] close(6) = 0 [pid 627] mkdir("./file0", 0777) = 0 [pid 627] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 627] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 627] chdir("./file0") = 0 [pid 627] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 627] ioctl(6, LOOP_CLR_FD) = 0 [pid 627] close(6) = 0 [pid 627] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 626] <... futex resumed>) = 0 [pid 627] <... futex resumed>) = 1 [pid 626] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 626] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 627] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 627] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 626] <... futex resumed>) = 0 [pid 626] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 626] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 627] write(6, "#! ./file1\n", 11) = 11 [pid 627] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 626] <... futex resumed>) = 0 [pid 626] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 626] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 627] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 37.809527][ T627] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 627] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 626] <... futex resumed>) = 0 [pid 626] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 626] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 627] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 626] <... futex resumed>) = ? [pid 627] +++ killed by SIGBUS +++ [pid 626] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=626, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 [ 37.852466][ T628] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-627: bg 0: block 234: padding at end of block bitmap is not set umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 632 attached , child_tidptr=0x5555664fb690) = 632 [pid 632] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 632] chdir("./43") = 0 [pid 632] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 632] setpgid(0, 0) = 0 [pid 632] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 632] write(3, "1000", 4) = 4 [pid 632] close(3) = 0 [pid 632] symlink("/dev/binderfs", "./binderfs") = 0 [pid 632] write(1, "executing program\n", 18executing program ) = 18 [pid 632] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 632] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 632] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 632] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 632] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 632] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 632] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0} => {parent_tid=[633]}, 88) = 633 [pid 632] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 632] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 632] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 633 attached [pid 633] set_robust_list(0x7fb8e98059a0, 24) = 0 [pid 633] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 633] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 633] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 632] <... futex resumed>) = 0 [pid 632] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 632] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 633] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 633] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 632] <... futex resumed>) = 0 [pid 632] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 632] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 633] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 633] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 632] <... futex resumed>) = 0 [pid 632] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 632] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 633] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 633] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 632] <... futex resumed>) = 0 [pid 633] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 632] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 632] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 633] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 633] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 633] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 632] <... futex resumed>) = 0 [pid 632] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 632] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 633] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 633] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 632] <... futex resumed>) = 0 [pid 632] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 632] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 633] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 633] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 632] <... futex resumed>) = 0 [pid 632] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 632] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 633] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 633] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 632] <... futex resumed>) = 0 [pid 632] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 632] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 633] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 633] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 632] <... futex resumed>) = 0 [pid 632] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 632] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 633] memfd_create("syzkaller", 0) = 5 [pid 633] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb8e13e5000 [pid 633] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 633] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 633] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 633] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 633] close(5) = 0 [pid 633] close(6) = 0 [pid 633] mkdir("./file0", 0777) = 0 [pid 633] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 633] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 633] chdir("./file0") = 0 [pid 633] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 633] ioctl(6, LOOP_CLR_FD) = 0 [pid 633] close(6) = 0 [pid 633] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 633] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 632] <... futex resumed>) = 0 [pid 632] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 632] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 633] <... futex resumed>) = 0 [pid 633] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 633] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 632] <... futex resumed>) = 0 [pid 632] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 632] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 633] <... futex resumed>) = 1 [pid 633] write(6, "#! ./file1\n", 11) = 11 [pid 633] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 632] <... futex resumed>) = 0 [pid 633] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 632] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 633] <... mmap resumed>) = 0x200000000000 [ 38.041103][ T633] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 632] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 633] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 632] <... futex resumed>) = 0 [pid 632] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 632] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 633] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 632] <... futex resumed>) = ? [pid 633] +++ killed by SIGBUS +++ [pid 632] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=632, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 38.121681][ T634] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-633: bg 0: block 234: padding at end of block bitmap is not set getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 639 attached , child_tidptr=0x5555664fb690) = 639 [pid 639] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 639] chdir("./44") = 0 [pid 639] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 639] setpgid(0, 0) = 0 [pid 639] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 639] write(3, "1000", 4) = 4 [pid 639] close(3) = 0 [pid 639] symlink("/dev/binderfs", "./binderfs") = 0 [pid 639] write(1, "executing program\n", 18executing program ) = 18 [pid 639] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 639] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 639] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 639] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 639] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 639] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 639] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0}./strace-static-x86_64: Process 640 attached => {parent_tid=[640]}, 88) = 640 [pid 640] set_robust_list(0x7fb8e98059a0, 24 [pid 639] rt_sigprocmask(SIG_SETMASK, [], [pid 640] <... set_robust_list resumed>) = 0 [pid 639] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 640] rt_sigprocmask(SIG_SETMASK, [], [pid 639] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 640] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 639] <... futex resumed>) = 0 [pid 639] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 640] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 640] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 639] <... futex resumed>) = 0 [pid 639] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 639] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 640] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 640] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 639] <... futex resumed>) = 0 [pid 639] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 639] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 640] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 640] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 639] <... futex resumed>) = 0 [pid 639] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 639] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 640] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 640] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 639] <... futex resumed>) = 0 [pid 639] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 640] eventfd2(118, EFD_SEMAPHORE [pid 639] <... futex resumed>) = 0 [pid 639] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 640] <... eventfd2 resumed>) = 4 [pid 640] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 639] <... futex resumed>) = 0 [pid 640] <... futex resumed>) = 1 [pid 639] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 639] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 640] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 640] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 639] <... futex resumed>) = 0 [pid 640] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 639] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 640] <... futex resumed>) = 0 [pid 639] <... futex resumed>) = 1 [pid 639] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 640] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 640] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 639] <... futex resumed>) = 0 [pid 639] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 639] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 640] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 640] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 639] <... futex resumed>) = 0 [pid 639] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 640] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 639] <... futex resumed>) = 0 [pid 640] <... ioctl resumed>, 0x200000000140) = 0 [pid 639] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 640] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 639] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 639] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 640] <... futex resumed>) = 0 [pid 639] <... futex resumed>) = 0 [pid 639] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 640] memfd_create("syzkaller", 0) = 5 [pid 640] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb8e13e5000 [pid 640] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 640] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 640] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 640] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 640] close(5) = 0 [pid 640] close(6) = 0 [pid 640] mkdir("./file0", 0777) = 0 [pid 640] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 640] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 640] chdir("./file0") = 0 [pid 640] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 640] ioctl(6, LOOP_CLR_FD) = 0 [pid 640] close(6) = 0 [pid 640] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 639] <... futex resumed>) = 0 [pid 639] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 639] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 640] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 640] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 639] <... futex resumed>) = 0 [pid 639] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 639] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 640] write(6, "#! ./file1\n", 11) = 11 [pid 640] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 639] <... futex resumed>) = 0 [pid 639] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 639] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 640] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 38.289621][ T640] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 640] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 640] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 639] <... futex resumed>) = 0 [pid 639] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 639] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 640] <... futex resumed>) = 0 [pid 640] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 639] <... futex resumed>) = ? [pid 640] +++ killed by SIGBUS +++ [pid 639] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=639, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 [ 38.336115][ T641] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-640: bg 0: block 234: padding at end of block bitmap is not set umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 645 attached , child_tidptr=0x5555664fb690) = 645 [pid 645] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 645] chdir("./45") = 0 [pid 645] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 645] setpgid(0, 0) = 0 [pid 645] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 645] write(3, "1000", 4) = 4 [pid 645] close(3) = 0 [pid 645] symlink("/dev/binderfs", "./binderfs") = 0 [pid 645] write(1, "executing program\n", 18executing program ) = 18 [pid 645] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 645] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 645] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 645] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 645] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 645] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 645] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0}./strace-static-x86_64: Process 646 attached => {parent_tid=[646]}, 88) = 646 [pid 646] set_robust_list(0x7fb8e98059a0, 24) = 0 [pid 646] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 646] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 645] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 645] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 646] <... futex resumed>) = 0 [pid 645] <... futex resumed>) = 1 [pid 646] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 645] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 646] <... openat resumed>) = 3 [pid 646] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 646] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 645] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 645] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 646] <... futex resumed>) = 0 [pid 645] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 646] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 646] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 645] <... futex resumed>) = 0 [pid 646] ioctl(3, VHOST_SET_VRING_ADDR [pid 645] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 646] <... ioctl resumed>, 0x200000000300) = 0 [pid 646] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 645] <... futex resumed>) = 0 [pid 646] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 645] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 645] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 646] <... futex resumed>) = 0 [pid 645] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 646] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 646] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 645] <... futex resumed>) = 0 [pid 646] eventfd2(118, EFD_SEMAPHORE [pid 645] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 646] <... eventfd2 resumed>) = 4 [pid 645] <... futex resumed>) = 0 [pid 646] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 645] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 646] <... futex resumed>) = 0 [pid 645] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 646] ioctl(3, VHOST_SET_VRING_ERR [pid 645] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 646] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 645] <... futex resumed>) = 0 [pid 646] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 645] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 646] <... futex resumed>) = 0 [pid 645] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 646] ioctl(3, VHOST_SET_VRING_ADDR [pid 645] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 646] <... ioctl resumed>, 0x200000000240) = 0 [pid 646] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 646] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL) = 0 [pid 645] <... futex resumed>) = 1 [pid 646] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 645] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 645] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 646] <... futex resumed>) = 0 [pid 645] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 646] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 646] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 646] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 645] <... futex resumed>) = 0 [pid 645] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 646] <... futex resumed>) = 0 [pid 645] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 646] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 646] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 645] <... futex resumed>) = 0 [pid 646] memfd_create("syzkaller", 0 [pid 645] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 646] <... memfd_create resumed>) = 5 [pid 645] <... futex resumed>) = 0 [pid 646] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 645] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 646] <... mmap resumed>) = 0x7fb8e13e5000 [pid 646] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 646] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 646] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 646] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 646] close(5) = 0 [pid 646] close(6) = 0 [pid 646] mkdir("./file0", 0777) = 0 [pid 646] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 646] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 646] chdir("./file0") = 0 [pid 646] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 646] ioctl(6, LOOP_CLR_FD) = 0 [pid 646] close(6) = 0 [pid 646] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 645] <... futex resumed>) = 0 [pid 645] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 645] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 646] <... futex resumed>) = 1 [pid 646] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 646] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 645] <... futex resumed>) = 0 [pid 646] <... futex resumed>) = 1 [pid 646] write(6, "#! ./file1\n", 11 [pid 645] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 645] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 646] <... write resumed>) = 11 [pid 646] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 645] <... futex resumed>) = 0 [pid 646] <... futex resumed>) = 1 [pid 645] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 646] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 645] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 646] <... mmap resumed>) = 0x200000000000 [pid 646] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 645] <... futex resumed>) = 0 [pid 645] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 645] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 646] <... futex resumed>) = 1 [ 38.523203][ T646] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 646] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 645] <... futex resumed>) = ? [pid 646] +++ killed by SIGBUS +++ [pid 645] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=645, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 [ 38.562761][ T647] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-646: bg 0: block 234: padding at end of block bitmap is not set umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555664fb690) = 651 ./strace-static-x86_64: Process 651 attached [pid 651] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 651] chdir("./46") = 0 [pid 651] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 651] setpgid(0, 0) = 0 [pid 651] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 651] write(3, "1000", 4) = 4 [pid 651] close(3) = 0 [pid 651] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 651] write(1, "executing program\n", 18) = 18 [pid 651] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 651] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 651] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 651] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 651] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 651] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 651] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0}./strace-static-x86_64: Process 652 attached [pid 652] set_robust_list(0x7fb8e98059a0, 24) = 0 [pid 652] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 651] <... clone3 resumed> => {parent_tid=[652]}, 88) = 652 [pid 652] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 651] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 651] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 652] <... futex resumed>) = 0 [pid 651] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 652] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 652] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 652] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 651] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 651] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 652] <... futex resumed>) = 0 [pid 651] <... futex resumed>) = 1 [pid 652] ioctl(3, VHOST_SET_OWNER [pid 651] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 652] <... ioctl resumed>, 0) = 0 [pid 652] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 651] <... futex resumed>) = 0 [pid 651] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 651] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 652] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 652] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 651] <... futex resumed>) = 0 [pid 651] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 651] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 652] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 652] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 651] <... futex resumed>) = 0 [pid 651] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 651] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 652] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 652] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 651] <... futex resumed>) = 0 [pid 651] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 651] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 652] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 652] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 651] <... futex resumed>) = 0 [pid 651] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 651] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 652] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 652] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 651] <... futex resumed>) = 0 [pid 651] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 651] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 652] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 652] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 651] <... futex resumed>) = 0 [pid 651] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 651] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 652] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 652] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 651] <... futex resumed>) = 0 [pid 651] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 651] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 652] memfd_create("syzkaller", 0) = 5 [pid 652] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb8e13e5000 [pid 652] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 652] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 652] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 652] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 652] close(5) = 0 [pid 652] close(6) = 0 [pid 652] mkdir("./file0", 0777) = 0 [pid 652] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 652] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 652] chdir("./file0") = 0 [pid 652] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 652] ioctl(6, LOOP_CLR_FD) = 0 [pid 652] close(6) = 0 [pid 652] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 651] <... futex resumed>) = 0 [pid 651] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 651] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 652] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 652] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 651] <... futex resumed>) = 0 [pid 652] <... futex resumed>) = 1 [pid 651] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 652] write(6, "#! ./file1\n", 11 [pid 651] <... futex resumed>) = 0 [pid 651] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 652] <... write resumed>) = 11 [pid 652] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 651] <... futex resumed>) = 0 [pid 652] <... futex resumed>) = 1 [pid 651] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 651] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 652] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 652] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 651] <... futex resumed>) = 0 [pid 651] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 651] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 652] <... futex resumed>) = 1 [ 38.770102][ T652] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 652] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 651] <... futex resumed>) = ? [pid 652] +++ killed by SIGBUS +++ [pid 651] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=651, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 [ 38.809309][ T653] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-652: bg 0: block 234: padding at end of block bitmap is not set umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555664fb690) = 657 ./strace-static-x86_64: Process 657 attached [pid 657] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 657] chdir("./47") = 0 [pid 657] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 657] setpgid(0, 0) = 0 [pid 657] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 657] write(3, "1000", 4) = 4 [pid 657] close(3) = 0 [pid 657] symlink("/dev/binderfs", "./binderfs") = 0 [pid 657] write(1, "executing program\n", 18executing program ) = 18 [pid 657] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 657] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 657] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 657] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 657] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 657] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 657] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0} => {parent_tid=[658]}, 88) = 658 [pid 657] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 657] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 657] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 658 attached [pid 658] set_robust_list(0x7fb8e98059a0, 24) = 0 [pid 658] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 658] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 658] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 657] <... futex resumed>) = 0 [pid 657] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 657] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 658] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 658] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 657] <... futex resumed>) = 0 [pid 657] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 657] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 658] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 658] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 657] <... futex resumed>) = 0 [pid 657] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 657] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 658] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 658] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 657] <... futex resumed>) = 0 [pid 657] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 657] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 658] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 658] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 657] <... futex resumed>) = 0 [pid 657] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 657] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 658] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 658] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 657] <... futex resumed>) = 0 [pid 657] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 657] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 658] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 658] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 657] <... futex resumed>) = 0 [pid 657] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 657] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 658] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 658] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 657] <... futex resumed>) = 0 [pid 657] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 657] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 658] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 658] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 657] <... futex resumed>) = 0 [pid 657] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 657] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 658] memfd_create("syzkaller", 0) = 5 [pid 658] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb8e13e5000 [pid 658] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 658] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 658] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 658] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 658] close(5) = 0 [pid 658] close(6) = 0 [pid 658] mkdir("./file0", 0777) = 0 [pid 658] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 658] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 658] chdir("./file0") = 0 [pid 658] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 658] ioctl(6, LOOP_CLR_FD) = 0 [pid 658] close(6) = 0 [pid 658] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 657] <... futex resumed>) = 0 [pid 657] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 657] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 658] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 658] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 657] <... futex resumed>) = 0 [pid 657] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 657] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 658] write(6, "#! ./file1\n", 11) = 11 [pid 658] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 657] <... futex resumed>) = 0 [pid 657] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 657] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 658] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 38.997800][ T658] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 658] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 657] <... futex resumed>) = 0 [pid 657] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 657] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 658] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 657] <... futex resumed>) = ? [pid 658] +++ killed by SIGBUS +++ [pid 657] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=657, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 [ 39.042177][ T659] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-658: bg 0: block 234: padding at end of block bitmap is not set umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555664fb690) = 664 ./strace-static-x86_64: Process 664 attached [pid 664] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 664] chdir("./48") = 0 [pid 664] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 664] setpgid(0, 0) = 0 [pid 664] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 664] write(3, "1000", 4) = 4 [pid 664] close(3) = 0 [pid 664] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 664] write(1, "executing program\n", 18) = 18 [pid 664] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 664] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 664] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 664] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 664] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 664] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 664] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0}./strace-static-x86_64: Process 665 attached [pid 665] set_robust_list(0x7fb8e98059a0, 24) = 0 [pid 665] rt_sigprocmask(SIG_SETMASK, [], [pid 664] <... clone3 resumed> => {parent_tid=[665]}, 88) = 665 [pid 664] rt_sigprocmask(SIG_SETMASK, [], [pid 665] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 664] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 665] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 664] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 665] <... futex resumed>) = 0 [pid 664] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 665] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 665] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 664] <... futex resumed>) = 0 [pid 664] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 664] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 665] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 665] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 664] <... futex resumed>) = 0 [pid 664] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 664] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 665] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 665] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 664] <... futex resumed>) = 0 [pid 664] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 664] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 665] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 665] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 664] <... futex resumed>) = 0 [pid 665] eventfd2(118, EFD_SEMAPHORE [pid 664] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 664] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 665] <... eventfd2 resumed>) = 4 [pid 665] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 664] <... futex resumed>) = 0 [pid 664] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 664] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 665] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 665] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 664] <... futex resumed>) = 0 [pid 665] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 664] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 665] <... futex resumed>) = 0 [pid 664] <... futex resumed>) = 1 [pid 665] ioctl(3, VHOST_SET_VRING_ADDR [pid 664] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 665] <... ioctl resumed>, 0x200000000240) = 0 [pid 665] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 664] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 665] <... futex resumed>) = 0 [pid 664] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 665] ioctl(3, VHOST_SET_VRING_KICK [pid 664] <... futex resumed>) = 0 [pid 664] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 665] <... ioctl resumed>, 0x200000000000) = 0 [pid 665] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 664] <... futex resumed>) = 0 [pid 665] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 664] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 665] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 664] <... futex resumed>) = 0 [pid 665] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 664] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 665] <... ioctl resumed>, 0x200000000140) = 0 [pid 665] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 664] <... futex resumed>) = 0 [pid 664] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 664] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 665] memfd_create("syzkaller", 0) = 5 [pid 665] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb8e13e5000 [pid 665] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 665] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 665] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 665] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 665] close(5) = 0 [pid 665] close(6) = 0 [pid 665] mkdir("./file0", 0777) = 0 [pid 665] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 665] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 665] chdir("./file0") = 0 [pid 665] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 665] ioctl(6, LOOP_CLR_FD) = 0 [pid 665] close(6) = 0 [pid 665] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 664] <... futex resumed>) = 0 [pid 664] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 664] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 665] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 665] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 664] <... futex resumed>) = 0 [pid 664] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 664] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 665] write(6, "#! ./file1\n", 11) = 11 [pid 665] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 664] <... futex resumed>) = 0 [pid 664] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 664] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 665] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 39.197686][ T665] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 665] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 665] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 664] <... futex resumed>) = 0 [pid 664] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 664] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 665] <... futex resumed>) = 0 [pid 665] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 664] <... futex resumed>) = ? [pid 665] +++ killed by SIGBUS +++ [pid 664] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=664, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 [ 39.238183][ T666] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-665: bg 0: block 234: padding at end of block bitmap is not set umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555664fb690) = 670 ./strace-static-x86_64: Process 670 attached [pid 670] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 670] chdir("./49") = 0 [pid 670] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 670] setpgid(0, 0) = 0 [pid 670] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 670] write(3, "1000", 4) = 4 [pid 670] close(3) = 0 [pid 670] symlink("/dev/binderfs", "./binderfs") = 0 [pid 670] write(1, "executing program\n", 18executing program ) = 18 [pid 670] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 670] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 670] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 670] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 670] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 670] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 670] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0}./strace-static-x86_64: Process 671 attached [pid 671] set_robust_list(0x7fb8e98059a0, 24) = 0 [pid 671] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 671] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 670] <... clone3 resumed> => {parent_tid=[671]}, 88) = 671 [pid 670] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 670] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 671] <... futex resumed>) = 0 [pid 670] <... futex resumed>) = 1 [pid 671] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 671] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 671] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 670] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 670] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 671] <... futex resumed>) = 0 [pid 670] <... futex resumed>) = 1 [pid 671] ioctl(3, VHOST_SET_OWNER [pid 670] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 671] <... ioctl resumed>, 0) = 0 [pid 671] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 670] <... futex resumed>) = 0 [pid 670] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 670] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 671] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 671] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 670] <... futex resumed>) = 0 [pid 670] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 670] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 671] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 671] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 670] <... futex resumed>) = 0 [pid 670] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 670] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 671] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 671] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 670] <... futex resumed>) = 0 [pid 670] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 670] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 671] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 671] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 670] <... futex resumed>) = 0 [pid 670] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 670] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 671] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 671] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 670] <... futex resumed>) = 0 [pid 671] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 670] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 670] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 671] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 671] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 671] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 670] <... futex resumed>) = 0 [pid 670] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 671] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 670] <... futex resumed>) = 0 [pid 670] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 671] <... ioctl resumed>, 0x200000000140) = 0 [pid 671] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 670] <... futex resumed>) = 0 [pid 671] memfd_create("syzkaller", 0 [pid 670] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 671] <... memfd_create resumed>) = 5 [pid 670] <... futex resumed>) = 0 [pid 671] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 670] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 671] <... mmap resumed>) = 0x7fb8e13e5000 [pid 671] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 671] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 671] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 671] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 671] close(5) = 0 [pid 671] close(6) = 0 [pid 671] mkdir("./file0", 0777) = 0 [pid 671] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 671] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 671] chdir("./file0") = 0 [pid 671] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 671] ioctl(6, LOOP_CLR_FD) = 0 [pid 671] close(6) = 0 [pid 671] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 670] <... futex resumed>) = 0 [pid 670] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 671] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 670] <... futex resumed>) = 0 [pid 670] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 671] <... openat resumed>) = 6 [pid 671] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 670] <... futex resumed>) = 0 [pid 670] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 671] write(6, "#! ./file1\n", 11 [pid 670] <... futex resumed>) = 0 [pid 670] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 671] <... write resumed>) = 11 [pid 671] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 670] <... futex resumed>) = 0 [pid 670] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 671] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 670] <... futex resumed>) = 0 [pid 670] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 671] <... mmap resumed>) = 0x200000000000 [ 39.496516][ T671] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 671] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 670] <... futex resumed>) = 0 [pid 671] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 670] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 671] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 670] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 671] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 670] <... futex resumed>) = ? [pid 671] +++ killed by SIGBUS +++ [pid 670] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=670, si_uid=0, si_status=SIGBUS, si_utime=1, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 [ 39.546864][ T672] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-671: bg 0: block 234: padding at end of block bitmap is not set umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 676 attached , child_tidptr=0x5555664fb690) = 676 [pid 676] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 676] chdir("./50") = 0 [pid 676] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 676] setpgid(0, 0) = 0 [pid 676] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 676] write(3, "1000", 4) = 4 [pid 676] close(3) = 0 [pid 676] symlink("/dev/binderfs", "./binderfs") = 0 [pid 676] write(1, "executing program\n", 18executing program ) = 18 [pid 676] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 676] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 676] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 676] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 676] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 676] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 676] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0} => {parent_tid=[677]}, 88) = 677 [pid 676] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 676] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 676] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 677 attached [pid 677] set_robust_list(0x7fb8e98059a0, 24) = 0 [pid 677] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 677] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 677] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 676] <... futex resumed>) = 0 [pid 676] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 676] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 677] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 677] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 676] <... futex resumed>) = 0 [pid 676] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 676] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 677] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 677] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 676] <... futex resumed>) = 0 [pid 676] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 676] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 677] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 677] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 676] <... futex resumed>) = 0 [pid 676] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 676] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 677] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 677] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 676] <... futex resumed>) = 0 [pid 676] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 676] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 677] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 677] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 676] <... futex resumed>) = 0 [pid 676] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 676] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 677] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 677] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 676] <... futex resumed>) = 0 [pid 676] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 676] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 677] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 677] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 676] <... futex resumed>) = 0 [pid 676] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 676] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 677] <... futex resumed>) = 1 [pid 677] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 677] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 676] <... futex resumed>) = 0 [pid 676] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 676] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 677] memfd_create("syzkaller", 0) = 5 [pid 677] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb8e13e5000 [pid 677] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 677] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 677] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 677] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 677] close(5) = 0 [pid 677] close(6) = 0 [pid 677] mkdir("./file0", 0777) = 0 [pid 677] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 677] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 677] chdir("./file0") = 0 [pid 677] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 677] ioctl(6, LOOP_CLR_FD) = 0 [pid 677] close(6) = 0 [pid 677] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 676] <... futex resumed>) = 0 [pid 676] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 676] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 677] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 677] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 676] <... futex resumed>) = 0 [pid 676] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 676] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 677] write(6, "#! ./file1\n", 11) = 11 [pid 677] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 676] <... futex resumed>) = 0 [pid 676] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 676] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 677] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 39.709520][ T677] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 677] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 676] <... futex resumed>) = 0 [pid 677] <... futex resumed>) = 1 [pid 676] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 676] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 677] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 676] <... futex resumed>) = ? [pid 677] +++ killed by SIGBUS +++ [pid 676] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=676, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 [ 39.750398][ T678] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-677: bg 0: block 234: padding at end of block bitmap is not set umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555664fb690) = 682 ./strace-static-x86_64: Process 682 attached [pid 682] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 682] chdir("./51") = 0 [pid 682] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 682] setpgid(0, 0) = 0 [pid 682] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 682] write(3, "1000", 4) = 4 [pid 682] close(3) = 0 [pid 682] symlink("/dev/binderfs", "./binderfs") = 0 [pid 682] write(1, "executing program\n", 18executing program ) = 18 [pid 682] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 682] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 682] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 682] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 682] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 682] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 682] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0}./strace-static-x86_64: Process 683 attached [pid 683] set_robust_list(0x7fb8e98059a0, 24) = 0 [pid 683] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 683] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 682] <... clone3 resumed> => {parent_tid=[683]}, 88) = 683 [pid 682] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 682] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 683] <... futex resumed>) = 0 [pid 683] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 683] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 683] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 682] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 682] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 683] <... futex resumed>) = 0 [pid 682] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 683] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 683] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 682] <... futex resumed>) = 0 [pid 683] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 682] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 683] <... futex resumed>) = 0 [pid 682] <... futex resumed>) = 1 [pid 683] ioctl(3, VHOST_SET_VRING_ADDR [pid 682] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 683] <... ioctl resumed>, 0x200000000300) = 0 [pid 683] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 682] <... futex resumed>) = 0 [pid 683] ioctl(3, VHOST_SET_MEM_TABLE [pid 682] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 682] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 683] <... ioctl resumed>, 0x200000003380) = 0 [pid 683] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 683] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 682] <... futex resumed>) = 0 [pid 682] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 683] <... futex resumed>) = 0 [pid 682] <... futex resumed>) = 1 [pid 683] eventfd2(118, EFD_SEMAPHORE [pid 682] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 683] <... eventfd2 resumed>) = 4 [pid 683] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 682] <... futex resumed>) = 0 [pid 683] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 682] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 683] <... futex resumed>) = 0 [pid 682] <... futex resumed>) = 1 [pid 683] ioctl(3, VHOST_SET_VRING_ERR [pid 682] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 683] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 683] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 682] <... futex resumed>) = 0 [pid 683] ioctl(3, VHOST_SET_VRING_ADDR [pid 682] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 683] <... ioctl resumed>, 0x200000000240) = 0 [pid 683] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 683] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 682] <... futex resumed>) = 0 [pid 682] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 682] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 683] <... futex resumed>) = 0 [pid 682] <... futex resumed>) = 1 [pid 683] ioctl(3, VHOST_SET_VRING_KICK [pid 682] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 683] <... ioctl resumed>, 0x200000000000) = 0 [pid 683] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 683] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 682] <... futex resumed>) = 0 [pid 682] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 683] <... futex resumed>) = 0 [pid 682] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 683] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 683] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 682] <... futex resumed>) = 0 [pid 683] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 682] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 683] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 682] <... futex resumed>) = 0 [pid 683] memfd_create("syzkaller", 0 [pid 682] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 683] <... memfd_create resumed>) = 5 [pid 683] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb8e13e5000 [pid 683] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 683] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 683] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 683] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 683] close(5) = 0 [pid 683] close(6) = 0 [pid 683] mkdir("./file0", 0777) = 0 [pid 683] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 683] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 683] chdir("./file0") = 0 [pid 683] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 683] ioctl(6, LOOP_CLR_FD) = 0 [pid 683] close(6) = 0 [pid 683] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 682] <... futex resumed>) = 0 [pid 682] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 682] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 683] <... futex resumed>) = 1 [pid 683] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 683] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 682] <... futex resumed>) = 0 [pid 682] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 682] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 683] <... futex resumed>) = 1 [pid 683] write(6, "#! ./file1\n", 11) = 11 [pid 683] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 682] <... futex resumed>) = 0 [pid 682] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 682] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 683] <... futex resumed>) = 1 [pid 683] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 683] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 682] <... futex resumed>) = 0 [pid 682] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 682] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 683] <... futex resumed>) = 1 [ 39.969761][ T683] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 683] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 682] <... futex resumed>) = ? [pid 683] +++ killed by SIGBUS +++ [pid 682] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=682, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 [ 40.008860][ T684] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-683: bg 0: block 234: padding at end of block bitmap is not set umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 689 attached , child_tidptr=0x5555664fb690) = 689 [pid 689] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 689] chdir("./52") = 0 [pid 689] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 689] setpgid(0, 0) = 0 [pid 689] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 689] write(3, "1000", 4) = 4 [pid 689] close(3) = 0 [pid 689] symlink("/dev/binderfs", "./binderfs") = 0 [pid 689] write(1, "executing program\n", 18executing program ) = 18 [pid 689] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 689] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 689] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 689] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 689] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 689] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 689] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0} => {parent_tid=[690]}, 88) = 690 [pid 689] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 689] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 689] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 690 attached [pid 690] set_robust_list(0x7fb8e98059a0, 24) = 0 [pid 690] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 690] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 690] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 689] <... futex resumed>) = 0 [pid 689] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 689] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 690] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 690] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 689] <... futex resumed>) = 0 [pid 689] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 689] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 690] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 690] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 689] <... futex resumed>) = 0 [pid 689] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 689] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 690] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 690] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 689] <... futex resumed>) = 0 [pid 689] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 689] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 690] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 690] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 689] <... futex resumed>) = 0 [pid 689] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 689] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 690] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 690] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 689] <... futex resumed>) = 0 [pid 689] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 689] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 690] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 690] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 689] <... futex resumed>) = 0 [pid 689] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 689] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 690] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 690] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 689] <... futex resumed>) = 0 [pid 689] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 689] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 690] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 690] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 689] <... futex resumed>) = 0 [pid 690] <... futex resumed>) = 1 [pid 689] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 689] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 690] memfd_create("syzkaller", 0) = 5 [pid 690] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb8e13e5000 [pid 690] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 690] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 690] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 690] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 690] close(5) = 0 [pid 690] close(6) = 0 [pid 690] mkdir("./file0", 0777) = 0 [pid 690] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 690] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 690] chdir("./file0") = 0 [pid 690] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 690] ioctl(6, LOOP_CLR_FD) = 0 [pid 690] close(6) = 0 [pid 690] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 689] <... futex resumed>) = 0 [pid 689] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 689] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 690] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 690] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 689] <... futex resumed>) = 0 [pid 689] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 689] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 690] write(6, "#! ./file1\n", 11) = 11 [pid 690] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 689] <... futex resumed>) = 0 [pid 689] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 689] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 690] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 690] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 689] <... futex resumed>) = 0 [pid 689] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 40.199713][ T690] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 689] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 690] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 689] <... futex resumed>) = ? [pid 690] +++ killed by SIGBUS +++ [pid 689] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=689, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/binderfs") = 0 [ 40.244111][ T691] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-690: bg 0: block 234: padding at end of block bitmap is not set umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555664fb690) = 695 ./strace-static-x86_64: Process 695 attached [pid 695] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 695] chdir("./53") = 0 [pid 695] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 695] setpgid(0, 0) = 0 [pid 695] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 695] write(3, "1000", 4) = 4 [pid 695] close(3) = 0 [pid 695] symlink("/dev/binderfs", "./binderfs") = 0 [pid 695] write(1, "executing program\n", 18executing program ) = 18 [pid 695] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 695] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 695] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 695] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 695] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 695] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 695] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0} => {parent_tid=[696]}, 88) = 696 [pid 695] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 695] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 695] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 696 attached [pid 696] set_robust_list(0x7fb8e98059a0, 24) = 0 [pid 696] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 696] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 696] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 695] <... futex resumed>) = 0 [pid 695] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 695] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 696] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 696] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 695] <... futex resumed>) = 0 [pid 695] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 695] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 696] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 696] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 695] <... futex resumed>) = 0 [pid 695] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 695] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 696] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 696] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 695] <... futex resumed>) = 0 [pid 695] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 695] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 696] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 696] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 695] <... futex resumed>) = 0 [pid 695] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 695] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 696] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 696] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 695] <... futex resumed>) = 0 [pid 695] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 695] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 696] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 696] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 695] <... futex resumed>) = 0 [pid 695] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 695] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 696] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 696] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 695] <... futex resumed>) = 0 [pid 695] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 695] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 696] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 696] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 695] <... futex resumed>) = 0 [pid 695] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 696] <... futex resumed>) = 1 [pid 695] <... futex resumed>) = 0 [pid 695] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 696] memfd_create("syzkaller", 0) = 5 [pid 696] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb8e13e5000 [pid 696] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 696] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 696] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 696] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 696] close(5) = 0 [pid 696] close(6) = 0 [pid 696] mkdir("./file0", 0777) = 0 [pid 696] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 696] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 696] chdir("./file0") = 0 [pid 696] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 696] ioctl(6, LOOP_CLR_FD) = 0 [pid 696] close(6) = 0 [pid 696] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 695] <... futex resumed>) = 0 [pid 695] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 695] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 696] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 696] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 695] <... futex resumed>) = 0 [pid 695] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 695] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 696] write(6, "#! ./file1\n", 11) = 11 [pid 696] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 695] <... futex resumed>) = 0 [pid 695] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 695] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 696] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 696] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 695] <... futex resumed>) = 0 [pid 695] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 40.419478][ T696] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 695] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 696] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 695] <... futex resumed>) = ? [pid 696] +++ killed by SIGBUS +++ [pid 695] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=695, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 [ 40.459206][ T697] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-696: bg 0: block 234: padding at end of block bitmap is not set umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 701 attached , child_tidptr=0x5555664fb690) = 701 [pid 701] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 701] chdir("./54") = 0 [pid 701] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 701] setpgid(0, 0) = 0 [pid 701] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 701] write(3, "1000", 4) = 4 [pid 701] close(3) = 0 [pid 701] symlink("/dev/binderfs", "./binderfs") = 0 [pid 701] write(1, "executing program\n", 18executing program ) = 18 [pid 701] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 701] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 701] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 701] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 701] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 701] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 701] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0}./strace-static-x86_64: Process 702 attached [pid 702] set_robust_list(0x7fb8e98059a0, 24) = 0 [pid 702] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 702] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 701] <... clone3 resumed> => {parent_tid=[702]}, 88) = 702 [pid 701] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 701] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 702] <... futex resumed>) = 0 [pid 701] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 702] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 702] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 702] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 701] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 701] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 702] <... futex resumed>) = 0 [pid 701] <... futex resumed>) = 1 [pid 702] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 702] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 702] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 701] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 701] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 702] <... futex resumed>) = 0 [pid 701] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 702] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 702] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 702] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 701] <... futex resumed>) = 0 [pid 701] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 702] <... futex resumed>) = 0 [pid 701] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 702] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 702] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 701] <... futex resumed>) = 0 [pid 702] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 701] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 702] <... futex resumed>) = 0 [pid 701] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 702] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 702] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 701] <... futex resumed>) = 0 [pid 702] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 701] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 702] ioctl(3, VHOST_SET_VRING_ERR [pid 701] <... futex resumed>) = 0 [pid 702] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 701] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 702] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 701] <... futex resumed>) = 0 [pid 702] ioctl(3, VHOST_SET_VRING_ADDR [pid 701] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 702] <... ioctl resumed>, 0x200000000240) = 0 [pid 701] <... futex resumed>) = 0 [pid 702] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 701] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 702] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 701] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 701] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 702] <... futex resumed>) = 0 [pid 701] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 702] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 702] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 701] <... futex resumed>) = 0 [pid 702] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 701] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 702] <... ioctl resumed>, 0x200000000140) = 0 [pid 701] <... futex resumed>) = 0 [pid 702] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 701] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 702] <... futex resumed>) = 0 [pid 702] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 701] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 701] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 702] <... futex resumed>) = 0 [pid 701] <... futex resumed>) = 1 [pid 702] memfd_create("syzkaller", 0 [pid 701] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 702] <... memfd_create resumed>) = 5 [pid 702] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb8e13e5000 [pid 702] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 702] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 702] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 702] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 702] close(5) = 0 [pid 702] close(6) = 0 [pid 702] mkdir("./file0", 0777) = 0 [pid 702] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 702] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 702] chdir("./file0") = 0 [pid 702] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 702] ioctl(6, LOOP_CLR_FD) = 0 [pid 702] close(6) = 0 [pid 702] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 701] <... futex resumed>) = 0 [pid 701] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 701] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 702] <... futex resumed>) = 1 [pid 702] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 702] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 701] <... futex resumed>) = 0 [pid 701] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 701] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 702] <... futex resumed>) = 1 [pid 702] write(6, "#! ./file1\n", 11) = 11 [pid 702] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 701] <... futex resumed>) = 0 [pid 701] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 701] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 702] <... futex resumed>) = 1 [pid 702] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 702] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 701] <... futex resumed>) = 0 [pid 701] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 701] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 702] <... futex resumed>) = 1 [ 40.639563][ T702] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 702] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 701] <... futex resumed>) = ? [pid 702] +++ killed by SIGBUS +++ [pid 701] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=701, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 [ 40.677608][ T703] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-702: bg 0: block 234: padding at end of block bitmap is not set umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555664fb690) = 707 ./strace-static-x86_64: Process 707 attached [pid 707] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 707] chdir("./55") = 0 [pid 707] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 707] setpgid(0, 0) = 0 [pid 707] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 707] write(3, "1000", 4) = 4 [pid 707] close(3) = 0 [pid 707] symlink("/dev/binderfs", "./binderfs") = 0 [pid 707] write(1, "executing program\n", 18) = 18 [pid 707] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000executing program ) = 0 [pid 707] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 707] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 707] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 707] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 707] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 707] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0} => {parent_tid=[708]}, 88) = 708 [pid 707] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 707] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 707] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 708 attached [pid 708] set_robust_list(0x7fb8e98059a0, 24) = 0 [pid 708] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 708] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 708] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 707] <... futex resumed>) = 0 [pid 707] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 707] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 708] <... futex resumed>) = 1 [pid 708] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 708] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 707] <... futex resumed>) = 0 [pid 707] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 707] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 708] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 708] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 707] <... futex resumed>) = 0 [pid 707] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 707] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 708] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 708] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 707] <... futex resumed>) = 0 [pid 707] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 707] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 708] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 708] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 707] <... futex resumed>) = 0 [pid 707] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 707] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 708] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 708] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 707] <... futex resumed>) = 0 [pid 707] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 707] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 708] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 708] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 707] <... futex resumed>) = 0 [pid 707] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 707] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 708] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 708] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 707] <... futex resumed>) = 0 [pid 707] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 707] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 708] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 708] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 707] <... futex resumed>) = 0 [pid 707] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 707] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 708] memfd_create("syzkaller", 0) = 5 [pid 708] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb8e13e5000 [pid 708] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 708] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 708] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 708] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 708] close(5) = 0 [pid 708] close(6) = 0 [pid 708] mkdir("./file0", 0777) = 0 [pid 708] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 708] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 708] chdir("./file0") = 0 [pid 708] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 708] ioctl(6, LOOP_CLR_FD) = 0 [pid 708] close(6) = 0 [pid 708] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 707] <... futex resumed>) = 0 [pid 707] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 707] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 708] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 708] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 707] <... futex resumed>) = 0 [pid 707] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 707] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 708] write(6, "#! ./file1\n", 11) = 11 [pid 708] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 707] <... futex resumed>) = 0 [pid 707] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 707] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 708] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 708] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 707] <... futex resumed>) = 0 [pid 707] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 40.819956][ T708] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 707] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 708] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 707] <... futex resumed>) = ? [pid 708] +++ killed by SIGBUS +++ [pid 707] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=707, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 [ 40.856059][ T709] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-708: bg 0: block 234: padding at end of block bitmap is not set umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566504770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566504770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file0") = 0 getdents64(3, 0x5555664fc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555664fb690) = 713 ./strace-static-x86_64: Process 713 attached [pid 713] set_robust_list(0x5555664fb6a0, 24) = 0 [pid 713] chdir("./56") = 0 [pid 713] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 713] setpgid(0, 0) = 0 [pid 713] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 713] write(3, "1000", 4) = 4 [pid 713] close(3) = 0 [pid 713] symlink("/dev/binderfs", "./binderfs") = 0 [pid 713] write(1, "executing program\n", 18executing program ) = 18 [pid 713] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 713] rt_sigaction(SIGRT_1, {sa_handler=0x7fb8e986f3f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb8e98605a0}, NULL, 8) = 0 [pid 713] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 713] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb8e97e5000 [pid 713] mprotect(0x7fb8e97e6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 713] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 713] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb8e9805990, parent_tid=0x7fb8e9805990, exit_signal=0, stack=0x7fb8e97e5000, stack_size=0x20300, tls=0x7fb8e98056c0} => {parent_tid=[714]}, 88) = 714 [pid 713] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 713] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 713] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 714 attached [pid 714] set_robust_list(0x7fb8e98059a0, 24) = 0 [pid 714] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 714] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 714] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 713] <... futex resumed>) = 0 [pid 713] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 713] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 714] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 714] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 713] <... futex resumed>) = 0 [pid 713] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 713] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 714] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 714] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 713] <... futex resumed>) = 0 [pid 713] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 713] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 714] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 714] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 713] <... futex resumed>) = 0 [pid 713] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 713] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 714] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 714] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 713] <... futex resumed>) = 0 [pid 713] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 713] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 714] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 714] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 713] <... futex resumed>) = 0 [pid 713] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 713] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 714] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 714] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 713] <... futex resumed>) = 0 [pid 713] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 713] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 714] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 714] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 713] <... futex resumed>) = 0 [pid 713] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 713] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 714] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 714] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 713] <... futex resumed>) = 0 [pid 714] futex(0x7fb8e98d16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 713] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 713] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 714] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 714] memfd_create("syzkaller", 0) = 5 [pid 714] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb8e13e5000 [pid 714] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 714] munmap(0x7fb8e13e5000, 138412032) = 0 [pid 714] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 714] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 714] close(5) = 0 [pid 714] close(6) = 0 [pid 714] mkdir("./file0", 0777) = 0 [pid 714] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 714] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 714] chdir("./file0") = 0 [pid 714] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 714] ioctl(6, LOOP_CLR_FD) = 0 [pid 714] close(6) = 0 [pid 714] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 713] <... futex resumed>) = 0 [pid 713] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 713] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 714] <... futex resumed>) = 1 [pid 714] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 714] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 713] <... futex resumed>) = 0 [pid 713] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 713] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 714] <... futex resumed>) = 1 [pid 714] write(6, "#! ./file1\n", 11) = 11 [pid 714] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 713] <... futex resumed>) = 0 [pid 713] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 713] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 714] <... futex resumed>) = 1 [pid 714] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 714] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 713] <... futex resumed>) = 0 [pid 713] futex(0x7fb8e98d16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 713] futex(0x7fb8e98d16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 714] <... futex resumed>) = 1 [pid 714] openat(AT_FDCWD, "/dev/rtc5", O_RDWR|O_NONBLOCK|O_DIRECT) = -1 ENOENT (No such file or directory) [pid 714] futex(0x7fb8e98d16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 713] <... futex resumed>) = 0 [pid 713] exit_group(0) = ? [ 41.055346][ T714] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 714] <... futex resumed>) = ? [pid 714] +++ exited with 0 +++ [pid 713] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=713, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555664fc730 /* 4 entries */, 32768) = 112 umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/binderfs") = 0 [ 41.101551][ T715] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-714: bg 0: block 234: padding at end of block bitmap is not set [ 41.133406][ T103] ------------[ cut here ]------------ [ 41.142279][ T103] kernel BUG at fs/ext4/inode.c:2844! [ 41.148983][ T103] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 41.155622][ T103] CPU: 0 PID: 103 Comm: kworker/u4:2 Not tainted 5.4.290-syzkaller #0 [ 41.166017][ T103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 41.177203][ T103] Workqueue: writeback wb_workfn (flush-7:0) [ 41.184641][ T103] RIP: 0010:ext4_writepages+0x3c96/0x3cc0 [ 41.190926][ T103] Code: 82 9a ff 31 ff 89 de e8 48 82 9a ff 45 84 f6 75 2e e8 fe 7f 9a ff 49 bf 00 00 00 00 00 fc ff df e9 1d f9 ff ff e8 ea 7f 9a ff <0f> 0b e8 e3 7f 9a ff 0f 0b e8 dc 7f 9a ff e8 c7 39 35 ff eb 99 e8 [ 41.214647][ T103] RSP: 0018:ffff8881ee9670c0 EFLAGS: 00010293 [ 41.222468][ T103] RAX: ffffffff81cb1ae6 RBX: 0000010000000000 RCX: ffff8881f0d58fc0 [ 41.230496][ T103] RDX: 0000000000000000 RSI: 0000010000000000 RDI: 0000000000000000 [ 41.238854][ T103] RBP: ffff8881ee9674b0 R08: ffffffff81cae736 R09: ffffed103b1a18b0 [ 41.248964][ T103] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881d8d0c628 [ 41.258149][ T103] R13: 0000000000000001 R14: 0000010410000000 R15: dffffc0000000000 [ 41.267296][ T103] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 41.278146][ T103] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 41.286204][ T103] CR2: 0000000000000002 CR3: 00000001ddda1000 CR4: 00000000003406b0 [ 41.295892][ T103] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 41.305940][ T103] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 41.317434][ T103] Call Trace: [ 41.322556][ T103] ? __die+0xbc/0x100 [ 41.328130][ T103] ? die+0x2a/0x50 [ 41.332323][ T103] ? do_trap+0x1a4/0x310 [ 41.339343][ T103] ? do_invalid_op+0x105/0x120 [ 41.344912][ T103] ? ext4_writepages+0x3c96/0x3cc0 [ 41.350286][ T103] ? ext4_writepages+0x3c96/0x3cc0 [ 41.356232][ T103] ? invalid_op+0x1e/0x30 [ 41.362034][ T103] ? ext4_writepages+0x8e6/0x3cc0 [ 41.370739][ T103] ? ext4_writepages+0x3c96/0x3cc0 [ 41.381004][ T103] ? ext4_writepages+0x3c96/0x3cc0 [ 41.388519][ T103] ? debug_smp_processor_id+0x20/0x20 [ 41.394382][ T103] ? __kasan_check_read+0x11/0x20 [ 41.400591][ T103] ? mark_page_accessed+0x280/0x670 [ 41.406479][ T103] ? write_boundary_block+0x150/0x150 [ 41.413999][ T103] ? check_preemption_disabled+0x9f/0x320 [ 41.423092][ T103] ? ext4_readpage+0x2d0/0x2d0 [ 41.429110][ T103] ? __getblk_gfp+0x3d/0x770 [ 41.435554][ T103] ? update_load_avg+0xc23/0x1250 [ 41.442017][ T103] ? enqueue_task_fair+0xa9c/0x1de0 [ 41.448001][ T103] ? ext4_readpage+0x2d0/0x2d0 [ 41.453545][ T103] do_writepages+0x12b/0x270 [ 41.458192][ T103] ? __writepage+0x110/0x110 [ 41.462992][ T103] ? __kasan_check_write+0x14/0x20 [ 41.469088][ T103] ? _raw_spin_lock+0xa4/0x1b0 [ 41.475086][ T103] ? _raw_spin_trylock_bh+0x190/0x190 [ 41.480890][ T103] __writeback_single_inode+0xdb/0xc80 [ 41.487360][ T103] writeback_sb_inodes+0x9e0/0x1800 [ 41.493160][ T103] ? _raw_spin_lock+0xa4/0x1b0 [ 41.500035][ T103] ? queue_io+0x5b0/0x5b0 [ 41.504513][ T103] ? writeback_sb_inodes+0x1800/0x1800 [ 41.510940][ T103] ? queue_io+0x3f8/0x5b0 [ 41.516008][ T103] wb_writeback+0x403/0xd70 [ 41.520751][ T103] ? wb_io_lists_depopulated+0x170/0x170 [ 41.527017][ T103] ? check_preemption_disabled+0x9f/0x320 [ 41.533135][ T103] ? debug_smp_processor_id+0x20/0x20 [ 41.540269][ T103] ? __kasan_check_write+0x14/0x20 [ 41.546159][ T103] wb_workfn+0x3b6/0x1230 [ 41.551739][ T103] ? inode_wait_for_writeback+0x280/0x280 [ 41.559192][ T103] ? __kasan_check_read+0x11/0x20 [ 41.564800][ T103] ? switch_mm_irqs_off+0x6b5/0xab0 [ 41.572015][ T103] ? _raw_spin_unlock_irq+0x4e/0x70 [ 41.582544][ T103] ? finish_task_switch+0x130/0x590 [ 41.592287][ T103] ? __schedule+0xb0d/0x1320 [ 41.604431][ T103] ? __kasan_check_read+0x11/0x20 [ 41.611502][ T103] ? strscpy+0x9c/0x260 [ 41.617490][ T103] process_one_work+0x781/0xd50 [ 41.624536][ T103] worker_thread+0xa27/0x1360 [ 41.630520][ T103] ? _raw_spin_lock+0x1b0/0x1b0 [ 41.640602][ T103] kthread+0x321/0x3a0 [ 41.647036][ T103] ? worker_clr_flags+0x180/0x180 [ 41.652655][ T103] ? kthread_blkcg+0xd0/0xd0 [ 41.658099][ T103] ret_from_fork+0x1f/0x30 [ 41.665294][ T103] Modules linked in: [ 41.669965][ T103] ---[ end trace 7e039b80d5241c37 ]--- [ 41.678220][ T103] RIP: 0010:ext4_writepages+0x3c96/0x3cc0 [ 41.684652][ T103] Code: 82 9a ff 31 ff 89 de e8 48 82 9a ff 45 84 f6 75 2e e8 fe 7f 9a ff 49 bf 00 00 00 00 00 fc ff df e9 1d f9 ff ff e8 ea 7f 9a ff <0f> 0b e8 e3 7f 9a ff 0f 0b e8 dc 7f 9a ff e8 c7 39 35 ff eb 99 e8 [ 41.718189][ T103] RSP: 0018:ffff8881ee9670c0 EFLAGS: 00010293 [ 41.727168][ T103] RAX: ffffffff81cb1ae6 RBX: 0000010000000000 RCX: ffff8881f0d58fc0 [ 41.739348][ T103] RDX: 0000000000000000 RSI: 0000010000000000 RDI: 0000000000000000 [ 41.750117][ T103] RBP: ffff8881ee9674b0 R08: ffffffff81cae736 R09: ffffed103b1a18b0 [ 41.759749][ T103] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881d8d0c628 [ 41.769325][ T103] R13: 0000000000000001 R14: 0000010410000000 R15: dffffc0000000000 [ 41.778338][ T103] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 41.788249][ T103] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 41.796848][ T103] CR2: 0000000000000002 CR3: 000000000600e000 CR4: 00000000003406b0 [ 41.809572][ T103] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 41.820320][ T103] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 41.833101][ T103] Kernel panic - not syncing: Fatal exception [ 41.851285][ T103] Kernel Offset: disabled [ 41.864147][ T103] Rebooting in 86400 seconds..