./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3713190400 <...> { transition } for pid=285 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 14.758802][ T23] audit: type=1400 audit(1743551608.340:62): avc: denied { noatsecure } for pid=285 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 14.763768][ T23] audit: type=1400 audit(1743551608.340:63): avc: denied { write } for pid=285 comm="sh" path="pipe:[11308]" dev="pipefs" ino=11308 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 14.770868][ T23] audit: type=1400 audit(1743551608.340:64): avc: denied { rlimitinh } for pid=285 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 14.789455][ T23] audit: type=1400 audit(1743551608.340:65): avc: denied { siginh } for pid=285 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.1.57' (ED25519) to the list of known hosts. execve("./syz-executor3713190400", ["./syz-executor3713190400"], 0x7ffc5c99b4d0 /* 10 vars */) = 0 brk(NULL) = 0x55555947f000 brk(0x55555947fd00) = 0x55555947fd00 arch_prctl(ARCH_SET_FS, 0x55555947f380) = 0 set_tid_address(0x55555947f650) = 356 set_robust_list(0x55555947f660, 24) = 0 rseq(0x55555947fca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3713190400", 4096) = 28 getrandom("\xdf\xc6\x4c\x5d\x98\x18\x58\x6f", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555947fd00 brk(0x5555594a0d00) = 0x5555594a0d00 brk(0x5555594a1000) = 0x5555594a1000 mprotect(0x7f55ca4c7000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 mkdir("./syzkaller.LGj3m4", 0700) = 0 chmod("./syzkaller.LGj3m4", 0777) = 0 chdir("./syzkaller.LGj3m4") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 24.418274][ T23] audit: type=1400 audit(1743551618.000:66): avc: denied { execmem } for pid=356 comm="syz-executor371" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 24.443538][ T23] audit: type=1400 audit(1743551618.030:67): avc: denied { read write } for pid=356 comm="syz-executor371" name="loop0" dev="devtmpfs" ino=9407 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555947f650) = 357 ./strace-static-x86_64: Process 357 attached [pid 357] set_robust_list(0x55555947f660, 24) = 0 [pid 357] chdir("./0") = 0 [pid 357] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 357] setpgid(0, 0) = 0 [pid 357] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 357] write(3, "1000", 4) = 4 [pid 357] close(3) = 0 [pid 357] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 357] write(1, "executing program\n", 18) = 18 [pid 357] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 357] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 357] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 357] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 357] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 357] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 357] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 357] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 357] memfd_create("syzkaller", 0) = 5 [pid 357] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55c2014000 [pid 357] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 357] munmap(0x7f55c2014000, 138412032) = 0 [pid 357] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 357] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 357] close(5) = 0 [pid 357] close(6) = 0 [pid 357] mkdir("./file0", 0777) = 0 [ 24.468526][ T23] audit: type=1400 audit(1743551618.030:68): avc: denied { open } for pid=356 comm="syz-executor371" path="/dev/loop0" dev="devtmpfs" ino=9407 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 24.493681][ T23] audit: type=1400 audit(1743551618.070:69): avc: denied { ioctl } for pid=356 comm="syz-executor371" path="/dev/loop0" dev="devtmpfs" ino=9407 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 24.520619][ T23] audit: type=1400 audit(1743551618.070:70): avc: denied { read write } for pid=357 comm="syz-executor371" name="vhost-vsock" dev="devtmpfs" ino=10816 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 24.523970][ T357] EXT4-fs (loop0): Ignoring removed nobh option [ 24.544458][ T23] audit: type=1400 audit(1743551618.070:71): avc: denied { open } for pid=357 comm="syz-executor371" path="/dev/vhost-vsock" dev="devtmpfs" ino=10816 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 24.574234][ T23] audit: type=1400 audit(1743551618.070:72): avc: denied { ioctl } for pid=357 comm="syz-executor371" path="/dev/vhost-vsock" dev="devtmpfs" ino=10816 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 24.584062][ T357] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a802c018, mo2=0002] [pid 357] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "nobh,debug,,errors=continue") = 0 [pid 357] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 357] chdir("./file0") = 0 [pid 357] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 357] ioctl(6, LOOP_CLR_FD) = 0 [pid 357] close(6) = 0 [pid 357] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 357] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 357] write(6, "#! ./file1\n", 11) = 11 [pid 357] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 24.599784][ T23] audit: type=1400 audit(1743551618.080:73): avc: denied { mounton } for pid=357 comm="syz-executor371" path="/root/syzkaller.LGj3m4/0/file0" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 24.607837][ T357] System zones: 0-7 [ 24.636798][ T357] EXT4-fs (loop0): mounted filesystem without journal. Opts: nobh,debug,,errors=continue [ 24.646760][ T23] audit: type=1400 audit(1743551618.230:74): avc: denied { mount } for pid=357 comm="syz-executor371" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [pid 357] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000140} --- [pid 357] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=357, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=6} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555594806f0 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 24.666189][ T357] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor371: bg 0: block 255: padding at end of block bitmap is not set [ 24.673887][ T23] audit: type=1400 audit(1743551618.250:75): avc: denied { write } for pid=357 comm="syz-executor371" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 getdents64(4, 0x555559488730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555559488730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x5555594806f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555947f650) = 364 ./strace-static-x86_64: Process 364 attached [pid 364] set_robust_list(0x55555947f660, 24) = 0 [pid 364] chdir("./1") = 0 [pid 364] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 364] setpgid(0, 0) = 0 [pid 364] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 364] write(3, "1000", 4) = 4 [pid 364] close(3) = 0 [pid 364] symlink("/dev/binderfs", "./binderfs") = 0 [pid 364] write(1, "executing program\n", 18executing program ) = 18 [pid 364] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 364] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 364] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 364] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 364] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 364] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 364] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 364] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 364] memfd_create("syzkaller", 0) = 5 [pid 364] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55c2014000 [pid 364] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 364] munmap(0x7f55c2014000, 138412032) = 0 [pid 364] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 364] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 364] close(5) = 0 [pid 364] close(6) = 0 [pid 364] mkdir("./file0", 0777) = 0 [pid 364] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "nobh,debug,,errors=continue") = 0 [pid 364] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 364] chdir("./file0") = 0 [pid 364] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 364] ioctl(6, LOOP_CLR_FD) = 0 [pid 364] close(6) = 0 [pid 364] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 364] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 364] write(6, "#! ./file1\n", 11) = 11 [pid 364] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 24.781699][ T364] EXT4-fs (loop0): Ignoring removed nobh option [ 24.794287][ T364] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a802c018, mo2=0002] [ 24.802254][ T364] System zones: 0-7 [ 24.806710][ T364] EXT4-fs (loop0): mounted filesystem without journal. Opts: nobh,debug,,errors=continue [pid 364] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000140} --- [pid 364] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=364, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555594806f0 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 [ 24.834529][ T364] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor371: bg 0: block 255: padding at end of block bitmap is not set umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555559488730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555559488730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x5555594806f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 369 attached , child_tidptr=0x55555947f650) = 369 [pid 369] set_robust_list(0x55555947f660, 24) = 0 [pid 369] chdir("./2") = 0 [pid 369] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 369] setpgid(0, 0) = 0 [pid 369] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 369] write(3, "1000", 4) = 4 [pid 369] close(3) = 0 [pid 369] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 369] write(1, "executing program\n", 18) = 18 [pid 369] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 369] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 369] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 369] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 369] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 369] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 369] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 369] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 369] memfd_create("syzkaller", 0) = 5 [pid 369] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55c2014000 [pid 369] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 369] munmap(0x7f55c2014000, 138412032) = 0 [pid 369] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 369] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 369] close(5) = 0 [pid 369] close(6) = 0 [pid 369] mkdir("./file0", 0777) = 0 [pid 369] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "nobh,debug,,errors=continue") = 0 [pid 369] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 369] chdir("./file0") = 0 [pid 369] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 369] ioctl(6, LOOP_CLR_FD) = 0 [pid 369] close(6) = 0 [pid 369] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 369] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 369] write(6, "#! ./file1\n", 11) = 11 [pid 369] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 24.994873][ T369] EXT4-fs (loop0): Ignoring removed nobh option [ 25.004189][ T369] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a802c018, mo2=0002] [ 25.012375][ T369] System zones: 0-7 [ 25.016535][ T369] EXT4-fs (loop0): mounted filesystem without journal. Opts: nobh,debug,,errors=continue [pid 369] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000140} --- [pid 369] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=369, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555594806f0 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 [ 25.038751][ T369] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor371: bg 0: block 255: padding at end of block bitmap is not set umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555559488730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555559488730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x5555594806f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 374 attached , child_tidptr=0x55555947f650) = 374 [pid 374] set_robust_list(0x55555947f660, 24) = 0 [pid 374] chdir("./3") = 0 [pid 374] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 374] setpgid(0, 0) = 0 [pid 374] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 374] write(3, "1000", 4) = 4 [pid 374] close(3) = 0 [pid 374] symlink("/dev/binderfs", "./binderfs") = 0 [pid 374] write(1, "executing program\n", 18executing program ) = 18 [pid 374] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 374] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 374] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 374] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 374] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 374] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 374] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 374] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 374] memfd_create("syzkaller", 0) = 5 [pid 374] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55c2014000 [pid 374] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 374] munmap(0x7f55c2014000, 138412032) = 0 [pid 374] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 374] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 374] close(5) = 0 [pid 374] close(6) = 0 [pid 374] mkdir("./file0", 0777) = 0 [pid 374] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "nobh,debug,,errors=continue") = 0 [pid 374] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 374] chdir("./file0") = 0 [pid 374] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 374] ioctl(6, LOOP_CLR_FD) = 0 [pid 374] close(6) = 0 [pid 374] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 374] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 374] write(6, "#! ./file1\n", 11) = 11 [pid 374] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 25.246032][ T374] EXT4-fs (loop0): Ignoring removed nobh option [ 25.253986][ T374] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a802c018, mo2=0002] [ 25.261968][ T374] System zones: 0-7 [ 25.266160][ T374] EXT4-fs (loop0): mounted filesystem without journal. Opts: nobh,debug,,errors=continue [pid 374] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000140} --- [pid 374] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=374, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555594806f0 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 [ 25.287729][ T374] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor371: bg 0: block 255: padding at end of block bitmap is not set umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555559488730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555559488730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x5555594806f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555947f650) = 379 ./strace-static-x86_64: Process 379 attached [pid 379] set_robust_list(0x55555947f660, 24) = 0 [pid 379] chdir("./4") = 0 [pid 379] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 379] setpgid(0, 0) = 0 [pid 379] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 379] write(3, "1000", 4) = 4 [pid 379] close(3) = 0 [pid 379] symlink("/dev/binderfs", "./binderfs") = 0 [pid 379] write(1, "executing program\n", 18executing program ) = 18 [pid 379] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 379] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 379] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 379] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 379] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 379] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 379] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 379] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 379] memfd_create("syzkaller", 0) = 5 [pid 379] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55c2014000 [pid 379] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 379] munmap(0x7f55c2014000, 138412032) = 0 [pid 379] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 379] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 379] close(5) = 0 [pid 379] close(6) = 0 [pid 379] mkdir("./file0", 0777) = 0 [pid 379] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "nobh,debug,,errors=continue") = 0 [pid 379] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 379] chdir("./file0") = 0 [pid 379] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 379] ioctl(6, LOOP_CLR_FD) = 0 [pid 379] close(6) = 0 [pid 379] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 379] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 379] write(6, "#! ./file1\n", 11) = 11 [pid 379] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 25.514985][ T379] EXT4-fs (loop0): Ignoring removed nobh option [ 25.524365][ T379] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a802c018, mo2=0002] [ 25.532323][ T379] System zones: 0-7 [ 25.536378][ T379] EXT4-fs (loop0): mounted filesystem without journal. Opts: nobh,debug,,errors=continue [pid 379] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000140} --- [pid 379] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=379, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555594806f0 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 [ 25.564642][ T379] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor371: bg 0: block 255: padding at end of block bitmap is not set umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555559488730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555559488730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x5555594806f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555947f650) = 384 ./strace-static-x86_64: Process 384 attached [pid 384] set_robust_list(0x55555947f660, 24) = 0 [pid 384] chdir("./5") = 0 [pid 384] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 384] setpgid(0, 0) = 0 [pid 384] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 384] write(3, "1000", 4) = 4 [pid 384] close(3) = 0 [pid 384] symlink("/dev/binderfs", "./binderfs") = 0 [pid 384] write(1, "executing program\n", 18executing program ) = 18 [pid 384] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 384] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 384] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 384] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 384] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 384] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 384] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 384] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 384] memfd_create("syzkaller", 0) = 5 [pid 384] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55c2014000 [pid 384] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 384] munmap(0x7f55c2014000, 138412032) = 0 [pid 384] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 384] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 384] close(5) = 0 [pid 384] close(6) = 0 [pid 384] mkdir("./file0", 0777) = 0 [pid 384] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "nobh,debug,,errors=continue") = 0 [pid 384] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 384] chdir("./file0") = 0 [pid 384] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 384] ioctl(6, LOOP_CLR_FD) = 0 [pid 384] close(6) = 0 [pid 384] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [ 25.716951][ T384] EXT4-fs (loop0): Ignoring removed nobh option [ 25.734157][ T384] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a802c018, mo2=0002] [ 25.742249][ T384] System zones: 0-7 [ 25.746524][ T384] EXT4-fs (loop0): mounted filesystem without journal. Opts: nobh,debug,,errors=continue [pid 384] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 384] write(6, "#! ./file1\n", 11) = 11 [pid 384] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 384] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000140} --- [pid 384] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=384, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555594806f0 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 [ 25.769861][ T384] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor371: bg 0: block 255: padding at end of block bitmap is not set umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555559488730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555559488730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x5555594806f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555947f650) = 390 ./strace-static-x86_64: Process 390 attached [pid 390] set_robust_list(0x55555947f660, 24) = 0 [pid 390] chdir("./6") = 0 [pid 390] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 390] setpgid(0, 0) = 0 [pid 390] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 390] write(3, "1000", 4) = 4 [pid 390] close(3) = 0 [pid 390] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 390] write(1, "executing program\n", 18) = 18 [pid 390] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 390] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 390] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 390] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 390] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 390] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 390] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 390] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 390] memfd_create("syzkaller", 0) = 5 [pid 390] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55c2014000 [pid 390] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 390] munmap(0x7f55c2014000, 138412032) = 0 [pid 390] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 390] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 390] close(5) = 0 [pid 390] close(6) = 0 [pid 390] mkdir("./file0", 0777) = 0 [pid 390] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "nobh,debug,,errors=continue") = 0 [pid 390] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 390] chdir("./file0") = 0 [pid 390] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 390] ioctl(6, LOOP_CLR_FD) = 0 [pid 390] close(6) = 0 [ 25.933445][ T390] EXT4-fs (loop0): Ignoring removed nobh option [ 25.944720][ T390] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a802c018, mo2=0002] [ 25.952687][ T390] System zones: 0-7 [ 25.957167][ T390] EXT4-fs (loop0): mounted filesystem without journal. Opts: nobh,debug,,errors=continue [pid 390] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 390] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 390] write(6, "#! ./file1\n", 11) = 11 [pid 390] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 390] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000140} --- [pid 390] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=390, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555594806f0 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 [ 25.978572][ T391] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-390: bg 0: block 255: padding at end of block bitmap is not set umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555559488730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555559488730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x5555594806f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555947f650) = 395 ./strace-static-x86_64: Process 395 attached [pid 395] set_robust_list(0x55555947f660, 24) = 0 [pid 395] chdir("./7") = 0 [pid 395] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 395] setpgid(0, 0) = 0 [pid 395] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 395] write(3, "1000", 4) = 4 [pid 395] close(3) = 0 [pid 395] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 395] write(1, "executing program\n", 18) = 18 [pid 395] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 395] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 395] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 395] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 395] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 395] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 395] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 395] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 395] memfd_create("syzkaller", 0) = 5 [pid 395] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55c2014000 [pid 395] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 395] munmap(0x7f55c2014000, 138412032) = 0 [pid 395] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 395] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 395] close(5) = 0 [pid 395] close(6) = 0 [pid 395] mkdir("./file0", 0777) = 0 [pid 395] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "nobh,debug,,errors=continue") = 0 [pid 395] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 395] chdir("./file0") = 0 [pid 395] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 395] ioctl(6, LOOP_CLR_FD) = 0 [pid 395] close(6) = 0 [pid 395] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 395] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 395] write(6, "#! ./file1\n", 11) = 11 [pid 395] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 26.104070][ T395] EXT4-fs (loop0): Ignoring removed nobh option [ 26.114155][ T395] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a802c018, mo2=0002] [ 26.122060][ T395] System zones: 0-7 [ 26.126125][ T395] EXT4-fs (loop0): mounted filesystem without journal. Opts: nobh,debug,,errors=continue [pid 395] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000140} --- [pid 395] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=395, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555594806f0 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 [ 26.154246][ T395] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor371: bg 0: block 255: padding at end of block bitmap is not set umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555559488730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555559488730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x5555594806f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWRexecuting program ) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555947f650) = 400 ./strace-static-x86_64: Process 400 attached [pid 400] set_robust_list(0x55555947f660, 24) = 0 [pid 400] chdir("./8") = 0 [pid 400] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 400] setpgid(0, 0) = 0 [pid 400] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 400] write(3, "1000", 4) = 4 [pid 400] close(3) = 0 [pid 400] symlink("/dev/binderfs", "./binderfs") = 0 [pid 400] write(1, "executing program\n", 18) = 18 [pid 400] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 400] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 400] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 400] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 400] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 400] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 400] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 400] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 400] memfd_create("syzkaller", 0) = 5 [pid 400] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55c2014000 [pid 400] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 400] munmap(0x7f55c2014000, 138412032) = 0 [pid 400] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 400] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 400] close(5) = 0 [pid 400] close(6) = 0 [pid 400] mkdir("./file0", 0777) = 0 [pid 400] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "nobh,debug,,errors=continue") = 0 [pid 400] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 400] chdir("./file0") = 0 [pid 400] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 400] ioctl(6, LOOP_CLR_FD) = 0 [pid 400] close(6) = 0 [pid 400] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 400] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 400] write(6, "#! ./file1\n", 11) = 11 [pid 400] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 26.298635][ T400] EXT4-fs (loop0): Ignoring removed nobh option [ 26.314108][ T400] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a802c018, mo2=0002] [ 26.322479][ T400] System zones: 0-7 [ 26.326822][ T400] EXT4-fs (loop0): mounted filesystem without journal. Opts: nobh,debug,,errors=continue [pid 400] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000140} --- [pid 400] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=400, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555594806f0 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 [ 26.354475][ T401] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-400: bg 0: block 255: padding at end of block bitmap is not set umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555559488730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555559488730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x5555594806f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555947f650) = 405 ./strace-static-x86_64: Process 405 attached [pid 405] set_robust_list(0x55555947f660, 24) = 0 [pid 405] chdir("./9") = 0 [pid 405] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 405] setpgid(0, 0) = 0 [pid 405] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 405] write(3, "1000", 4) = 4 [pid 405] close(3) = 0 [pid 405] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 405] write(1, "executing program\n", 18) = 18 [pid 405] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 405] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 405] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 405] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 405] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 405] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 405] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 405] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 405] memfd_create("syzkaller", 0) = 5 [pid 405] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55c2014000 [pid 405] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 405] munmap(0x7f55c2014000, 138412032) = 0 [pid 405] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 405] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 405] close(5) = 0 [pid 405] close(6) = 0 [pid 405] mkdir("./file0", 0777) = 0 [pid 405] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "nobh,debug,,errors=continue") = 0 [pid 405] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 405] chdir("./file0") = 0 [pid 405] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 405] ioctl(6, LOOP_CLR_FD) = 0 [pid 405] close(6) = 0 [pid 405] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 405] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 405] write(6, "#! ./file1\n", 11) = 11 [pid 405] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 26.588469][ T405] EXT4-fs (loop0): Ignoring removed nobh option [ 26.604186][ T405] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a802c018, mo2=0002] [ 26.612111][ T405] System zones: 0-7 [ 26.616631][ T405] EXT4-fs (loop0): mounted filesystem without journal. Opts: nobh,debug,,errors=continue [pid 405] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000140} --- [pid 405] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=405, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555594806f0 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 [ 26.646039][ T406] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-405: bg 0: block 255: padding at end of block bitmap is not set umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555559488730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555559488730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x5555594806f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 411 attached , child_tidptr=0x55555947f650) = 411 [pid 411] set_robust_list(0x55555947f660, 24) = 0 [pid 411] chdir("./10") = 0 [pid 411] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 411] setpgid(0, 0) = 0 [pid 411] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 411] write(3, "1000", 4) = 4 [pid 411] close(3) = 0 [pid 411] symlink("/dev/binderfs", "./binderfs") = 0 [pid 411] write(1, "executing program\n", 18executing program ) = 18 [pid 411] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 411] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 411] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 411] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 411] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 411] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 411] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 411] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 411] memfd_create("syzkaller", 0) = 5 [pid 411] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55c2014000 [pid 411] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 411] munmap(0x7f55c2014000, 138412032) = 0 [pid 411] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 411] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 411] close(5) = 0 [pid 411] close(6) = 0 [pid 411] mkdir("./file0", 0777) = 0 [pid 411] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "nobh,debug,,errors=continue") = 0 [pid 411] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 411] chdir("./file0") = 0 [pid 411] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 411] ioctl(6, LOOP_CLR_FD) = 0 [pid 411] close(6) = 0 [pid 411] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 411] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 411] write(6, "#! ./file1\n", 11) = 11 [pid 411] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 26.777918][ T411] EXT4-fs (loop0): Ignoring removed nobh option [ 26.794168][ T411] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a802c018, mo2=0002] [ 26.802177][ T411] System zones: 0-7 [ 26.806393][ T411] EXT4-fs (loop0): mounted filesystem without journal. Opts: nobh,debug,,errors=continue [pid 411] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000140} --- [pid 411] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=411, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555594806f0 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 [ 26.823358][ T412] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-411: bg 0: block 255: padding at end of block bitmap is not set [ 26.840621][ T412] vhost-411 (412) used greatest stack depth: 21656 bytes left umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555559488730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555559488730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x5555594806f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555947f650) = 416 ./strace-static-x86_64: Process 416 attached [pid 416] set_robust_list(0x55555947f660, 24) = 0 [pid 416] chdir("./11") = 0 [pid 416] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 416] setpgid(0, 0) = 0 [pid 416] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 416] write(3, "1000", 4) = 4 [pid 416] close(3) = 0 [pid 416] symlink("/dev/binderfs", "./binderfs") = 0 [pid 416] write(1, "executing program\n", 18executing program ) = 18 [pid 416] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 416] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 416] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 416] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 416] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 416] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 416] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 416] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 416] memfd_create("syzkaller", 0) = 5 [pid 416] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55c2014000 [pid 416] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 416] munmap(0x7f55c2014000, 138412032) = 0 [pid 416] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 416] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 416] close(5) = 0 [pid 416] close(6) = 0 [pid 416] mkdir("./file0", 0777) = 0 [pid 416] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "nobh,debug,,errors=continue") = 0 [pid 416] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 416] chdir("./file0") = 0 [pid 416] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 416] ioctl(6, LOOP_CLR_FD) = 0 [pid 416] close(6) = 0 [pid 416] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 416] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 416] write(6, "#! ./file1\n", 11) = 11 [pid 416] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 26.985362][ T416] EXT4-fs (loop0): Ignoring removed nobh option [ 26.994220][ T416] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a802c018, mo2=0002] [ 27.002237][ T416] System zones: 0-7 [ 27.006854][ T416] EXT4-fs (loop0): mounted filesystem without journal. Opts: nobh,debug,,errors=continue [pid 416] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000140} --- [pid 416] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=416, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555594806f0 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 [ 27.026794][ T417] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-416: bg 0: block 255: padding at end of block bitmap is not set umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555559488730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555559488730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x5555594806f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555947f650) = 421 ./strace-static-x86_64: Process 421 attached [pid 421] set_robust_list(0x55555947f660, 24) = 0 [pid 421] chdir("./12") = 0 [pid 421] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 421] setpgid(0, 0) = 0 [pid 421] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 421] write(3, "1000", 4) = 4 [pid 421] close(3) = 0 [pid 421] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 421] write(1, "executing program\n", 18) = 18 [pid 421] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 421] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 421] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 421] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 421] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 421] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 421] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 421] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 421] memfd_create("syzkaller", 0) = 5 [pid 421] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55c2014000 [pid 421] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 421] munmap(0x7f55c2014000, 138412032) = 0 [pid 421] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 421] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 421] close(5) = 0 [pid 421] close(6) = 0 [pid 421] mkdir("./file0", 0777) = 0 [pid 421] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "nobh,debug,,errors=continue") = 0 [pid 421] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 421] chdir("./file0") = 0 [pid 421] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 421] ioctl(6, LOOP_CLR_FD) = 0 [pid 421] close(6) = 0 [pid 421] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 421] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 421] write(6, "#! ./file1\n", 11) = 11 [pid 421] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 27.205896][ T421] EXT4-fs (loop0): Ignoring removed nobh option [ 27.213994][ T421] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a802c018, mo2=0002] [ 27.222118][ T421] System zones: 0-7 [ 27.226272][ T421] EXT4-fs (loop0): mounted filesystem without journal. Opts: nobh,debug,,errors=continue [pid 421] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000140} --- [pid 421] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=421, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555594806f0 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 [ 27.254646][ T421] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor371: bg 0: block 255: padding at end of block bitmap is not set umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555559488730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555559488730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x5555594806f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 426 attached , child_tidptr=0x55555947f650) = 426 [pid 426] set_robust_list(0x55555947f660, 24) = 0 [pid 426] chdir("./13") = 0 [pid 426] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 426] setpgid(0, 0) = 0 [pid 426] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 426] write(3, "1000", 4) = 4 [pid 426] close(3) = 0 [pid 426] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 426] write(1, "executing program\n", 18) = 18 [pid 426] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 426] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 426] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 426] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 426] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 426] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 426] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 426] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 426] memfd_create("syzkaller", 0) = 5 [pid 426] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55c2014000 [pid 426] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 426] munmap(0x7f55c2014000, 138412032) = 0 [pid 426] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 426] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 426] close(5) = 0 [pid 426] close(6) = 0 [pid 426] mkdir("./file0", 0777) = 0 [pid 426] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "nobh,debug,,errors=continue") = 0 [pid 426] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 426] chdir("./file0") = 0 [pid 426] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 426] ioctl(6, LOOP_CLR_FD) = 0 [pid 426] close(6) = 0 [pid 426] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [ 27.463173][ T426] EXT4-fs (loop0): Ignoring removed nobh option [ 27.474605][ T426] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a802c018, mo2=0002] [ 27.483103][ T426] System zones: 0-7 [ 27.486973][ T426] EXT4-fs (loop0): mounted filesystem without journal. Opts: nobh,debug,,errors=continue [pid 426] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 426] write(6, "#! ./file1\n", 11) = 11 [pid 426] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 426] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000140} --- [pid 426] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=426, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555594806f0 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 [ 27.515007][ T426] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor371: bg 0: block 255: padding at end of block bitmap is not set umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555559488730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555559488730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x5555594806f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555947f650) = 431 ./strace-static-x86_64: Process 431 attached [pid 431] set_robust_list(0x55555947f660, 24) = 0 [pid 431] chdir("./14") = 0 [pid 431] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 431] setpgid(0, 0) = 0 [pid 431] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 431] write(3, "1000", 4) = 4 [pid 431] close(3) = 0 [pid 431] symlink("/dev/binderfs", "./binderfs") = 0 [pid 431] write(1, "executing program\n", 18executing program ) = 18 [pid 431] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 431] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 431] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 431] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 431] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 431] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 431] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 431] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 431] memfd_create("syzkaller", 0) = 5 [pid 431] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55c2014000 [pid 431] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 431] munmap(0x7f55c2014000, 138412032) = 0 [pid 431] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 431] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 431] close(5) = 0 [pid 431] close(6) = 0 [pid 431] mkdir("./file0", 0777) = 0 [pid 431] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "nobh,debug,,errors=continue") = 0 [pid 431] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 431] chdir("./file0") = 0 [pid 431] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 431] ioctl(6, LOOP_CLR_FD) = 0 [pid 431] close(6) = 0 [pid 431] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [ 27.653268][ T431] EXT4-fs (loop0): Ignoring removed nobh option [ 27.664198][ T431] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a802c018, mo2=0002] [ 27.672106][ T431] System zones: 0-7 [ 27.676209][ T431] EXT4-fs (loop0): mounted filesystem without journal. Opts: nobh,debug,,errors=continue [pid 431] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 431] write(6, "#! ./file1\n", 11) = 11 [pid 431] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 431] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000140} --- [pid 431] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=431, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555594806f0 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 [ 27.704825][ T431] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor371: bg 0: block 255: padding at end of block bitmap is not set umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555559488730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555559488730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x5555594806f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 437 attached [pid 437] set_robust_list(0x55555947f660, 24) = 0 [pid 437] chdir("./15") = 0 [pid 437] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 437] setpgid(0, 0) = 0 [pid 437] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 437] write(3, "1000", 4) = 4 [pid 437] close(3) = 0 [pid 437] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 356] <... clone resumed>, child_tidptr=0x55555947f650) = 437 [pid 437] write(1, "executing program\n", 18) = 18 [pid 437] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 437] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 437] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 437] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 437] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 437] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 437] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 437] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 437] memfd_create("syzkaller", 0) = 5 [pid 437] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55c2014000 [pid 437] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 437] munmap(0x7f55c2014000, 138412032) = 0 [pid 437] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 437] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 437] close(5) = 0 [pid 437] close(6) = 0 [pid 437] mkdir("./file0", 0777) = 0 [pid 437] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "nobh,debug,,errors=continue") = 0 [pid 437] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 437] chdir("./file0") = 0 [pid 437] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 437] ioctl(6, LOOP_CLR_FD) = 0 [pid 437] close(6) = 0 [pid 437] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 437] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 437] write(6, "#! ./file1\n", 11) = 11 [pid 437] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 27.937462][ T437] EXT4-fs (loop0): Ignoring removed nobh option [ 27.954310][ T437] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a802c018, mo2=0002] [ 27.962356][ T437] System zones: 0-7 [ 27.966497][ T437] EXT4-fs (loop0): mounted filesystem without journal. Opts: nobh,debug,,errors=continue [pid 437] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000140} --- [pid 437] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=437, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555594806f0 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 [ 27.995686][ T438] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-437: bg 0: block 255: padding at end of block bitmap is not set umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555559488730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555559488730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x5555594806f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555947f650) = 442 ./strace-static-x86_64: Process 442 attached [pid 442] set_robust_list(0x55555947f660, 24) = 0 [pid 442] chdir("./16") = 0 [pid 442] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 442] setpgid(0, 0) = 0 [pid 442] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 442] write(3, "1000", 4) = 4 [pid 442] close(3) = 0 [pid 442] symlink("/dev/binderfs", "./binderfs") = 0 [pid 442] write(1, "executing program\n", 18executing program ) = 18 [pid 442] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 442] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 442] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 442] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 442] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 442] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 442] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 442] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 442] memfd_create("syzkaller", 0) = 5 [pid 442] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55c2014000 [pid 442] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 442] munmap(0x7f55c2014000, 138412032) = 0 [pid 442] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 442] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 442] close(5) = 0 [pid 442] close(6) = 0 [pid 442] mkdir("./file0", 0777) = 0 [pid 442] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "nobh,debug,,errors=continue") = 0 [pid 442] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 442] chdir("./file0") = 0 [pid 442] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 442] ioctl(6, LOOP_CLR_FD) = 0 [pid 442] close(6) = 0 [pid 442] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 442] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 442] write(6, "#! ./file1\n", 11) = 11 [pid 442] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 28.113584][ T442] EXT4-fs (loop0): Ignoring removed nobh option [ 28.124415][ T442] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a802c018, mo2=0002] [ 28.133087][ T442] System zones: 0-7 [ 28.137191][ T442] EXT4-fs (loop0): mounted filesystem without journal. Opts: nobh,debug,,errors=continue [pid 442] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000140} --- [pid 442] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=442, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555594806f0 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 [ 28.157217][ T443] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-442: bg 0: block 255: padding at end of block bitmap is not set umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555559488730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555559488730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 getdents64(3, 0x5555594806f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555947f650) = 447 ./strace-static-x86_64: Process 447 attached [pid 447] set_robust_list(0x55555947f660, 24) = 0 [pid 447] chdir("./17") = 0 [pid 447] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 447] setpgid(0, 0) = 0 [pid 447] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 447] write(3, "1000", 4) = 4 [pid 447] close(3) = 0 [pid 447] symlink("/dev/binderfs", "./binderfs") = 0 [pid 447] write(1, "executing program\n", 18executing program ) = 18 [pid 447] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 447] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 447] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 447] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 447] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 447] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 447] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 447] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 447] memfd_create("syzkaller", 0) = 5 [pid 447] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55c2014000 [pid 447] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 447] munmap(0x7f55c2014000, 138412032) = 0 [pid 447] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 447] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 447] close(5) = 0 [pid 447] close(6) = 0 [pid 447] mkdir("./file0", 0777) = 0 [pid 447] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "nobh,debug,,errors=continue") = 0 [pid 447] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 447] chdir("./file0") = 0 [pid 447] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 447] ioctl(6, LOOP_CLR_FD) = 0 [pid 447] close(6) = 0 [pid 447] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 447] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 447] write(6, "#! ./file1\n", 11) = 11 [pid 447] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 28.345744][ T447] EXT4-fs (loop0): Ignoring removed nobh option [ 28.354271][ T447] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a802c018, mo2=0002] [ 28.362354][ T447] System zones: 0-7 [ 28.366549][ T447] EXT4-fs (loop0): mounted filesystem without journal. Opts: nobh,debug,,errors=continue [pid 447] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000140} --- [pid 447] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=447, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555594806f0 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 [ 28.394630][ T447] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor371: bg 0: block 255: padding at end of block bitmap is not set umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555559488730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555559488730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 getdents64(3, 0x5555594806f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555947f650) = 452 ./strace-static-x86_64: Process 452 attached [pid 452] set_robust_list(0x55555947f660, 24) = 0 [pid 452] chdir("./18") = 0 [pid 452] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 452] setpgid(0, 0) = 0 [pid 452] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 452] write(3, "1000", 4) = 4 [pid 452] close(3) = 0 [pid 452] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 452] write(1, "executing program\n", 18) = 18 [pid 452] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 452] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 452] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 452] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 452] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 452] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 452] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 452] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 452] memfd_create("syzkaller", 0) = 5 [pid 452] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55c2014000 [pid 452] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 452] munmap(0x7f55c2014000, 138412032) = 0 [pid 452] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 452] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 452] close(5) = 0 [pid 452] close(6) = 0 [pid 452] mkdir("./file0", 0777) = 0 [pid 452] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "nobh,debug,,errors=continue") = 0 [pid 452] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 452] chdir("./file0") = 0 [pid 452] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 452] ioctl(6, LOOP_CLR_FD) = 0 [pid 452] close(6) = 0 [pid 452] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 452] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 452] write(6, "#! ./file1\n", 11) = 11 [pid 452] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 28.602138][ T452] EXT4-fs (loop0): Ignoring removed nobh option [ 28.614373][ T452] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a802c018, mo2=0002] [ 28.622359][ T452] System zones: 0-7 [ 28.626420][ T452] EXT4-fs (loop0): mounted filesystem without journal. Opts: nobh,debug,,errors=continue [pid 452] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000140} --- [pid 452] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=452, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555594806f0 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 [ 28.656373][ T453] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-452: bg 0: block 255: padding at end of block bitmap is not set umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555559488730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555559488730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 getdents64(3, 0x5555594806f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555947f650) = 458 ./strace-static-x86_64: Process 458 attached [pid 458] set_robust_list(0x55555947f660, 24) = 0 [pid 458] chdir("./19") = 0 [pid 458] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 458] setpgid(0, 0) = 0 [pid 458] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 458] write(3, "1000", 4) = 4 [pid 458] close(3) = 0 [pid 458] symlink("/dev/binderfs", "./binderfs") = 0 [pid 458] write(1, "executing program\n", 18executing program ) = 18 [pid 458] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 458] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 458] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 458] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 458] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 458] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 458] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 458] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 458] memfd_create("syzkaller", 0) = 5 [pid 458] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55c2014000 [pid 458] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 458] munmap(0x7f55c2014000, 138412032) = 0 [pid 458] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 458] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 458] close(5) = 0 [pid 458] close(6) = 0 [pid 458] mkdir("./file0", 0777) = 0 [pid 458] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "nobh,debug,,errors=continue") = 0 [pid 458] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 458] chdir("./file0") = 0 [pid 458] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 458] ioctl(6, LOOP_CLR_FD) = 0 [pid 458] close(6) = 0 [pid 458] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 458] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 458] write(6, "#! ./file1\n", 11) = 11 [ 28.796830][ T458] EXT4-fs (loop0): Ignoring removed nobh option [ 28.814207][ T458] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a802c018, mo2=0002] [ 28.822714][ T458] System zones: 0-7 [ 28.826842][ T458] EXT4-fs (loop0): mounted filesystem without journal. Opts: nobh,debug,,errors=continue [pid 458] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 458] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000140} --- [pid 458] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=458, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555594806f0 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 [ 28.849425][ T458] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor371: bg 0: block 255: padding at end of block bitmap is not set umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555559488730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555559488730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 getdents64(3, 0x5555594806f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555947f650) = 463 ./strace-static-x86_64: Process 463 attached [pid 463] set_robust_list(0x55555947f660, 24) = 0 [pid 463] chdir("./20") = 0 [pid 463] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 463] setpgid(0, 0) = 0 [pid 463] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 463] write(3, "1000", 4) = 4 [pid 463] close(3) = 0 [pid 463] symlink("/dev/binderfs", "./binderfs") = 0 [pid 463] write(1, "executing program\n", 18executing program ) = 18 [pid 463] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 463] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 463] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 463] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 463] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 463] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 463] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 463] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 463] memfd_create("syzkaller", 0) = 5 [pid 463] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55c2014000 [pid 463] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 463] munmap(0x7f55c2014000, 138412032) = 0 [pid 463] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 463] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 463] close(5) = 0 [pid 463] close(6) = 0 [pid 463] mkdir("./file0", 0777) = 0 [pid 463] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "nobh,debug,,errors=continue") = 0 [pid 463] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 463] chdir("./file0") = 0 [pid 463] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 463] ioctl(6, LOOP_CLR_FD) = 0 [pid 463] close(6) = 0 [pid 463] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 463] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 463] write(6, "#! ./file1\n", 11) = 11 [ 29.004532][ T463] EXT4-fs (loop0): Ignoring removed nobh option [ 29.014257][ T463] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a802c018, mo2=0002] [ 29.022162][ T463] System zones: 0-7 [ 29.026272][ T463] EXT4-fs (loop0): mounted filesystem without journal. Opts: nobh,debug,,errors=continue [pid 463] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 463] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000140} --- [pid 463] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=463, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555594806f0 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 [ 29.054841][ T463] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor371: bg 0: block 255: padding at end of block bitmap is not set umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555559488730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555559488730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 getdents64(3, 0x5555594806f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555947f650) = 468 ./strace-static-x86_64: Process 468 attached [pid 468] set_robust_list(0x55555947f660, 24) = 0 [pid 468] chdir("./21") = 0 [pid 468] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 468] setpgid(0, 0) = 0 [pid 468] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 468] write(3, "1000", 4) = 4 [pid 468] close(3) = 0 [pid 468] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 468] write(1, "executing program\n", 18) = 18 [pid 468] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 468] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 468] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 468] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 468] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 468] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 468] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 468] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 468] memfd_create("syzkaller", 0) = 5 [pid 468] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55c2014000 [pid 468] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 468] munmap(0x7f55c2014000, 138412032) = 0 [pid 468] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 468] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 468] close(5) = 0 [pid 468] close(6) = 0 [pid 468] mkdir("./file0", 0777) = 0 [pid 468] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "nobh,debug,,errors=continue") = 0 [pid 468] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 468] chdir("./file0") = 0 [pid 468] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 468] ioctl(6, LOOP_CLR_FD) = 0 [pid 468] close(6) = 0 [pid 468] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 468] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 468] write(6, "#! ./file1\n", 11) = 11 [pid 468] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 29.194459][ T468] EXT4-fs (loop0): Ignoring removed nobh option [ 29.204024][ T468] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a802c018, mo2=0002] [ 29.212019][ T468] System zones: 0-7 [ 29.216052][ T468] EXT4-fs (loop0): mounted filesystem without journal. Opts: nobh,debug,,errors=continue [pid 468] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000140} --- [pid 468] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=468, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555594806f0 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 [ 29.238277][ T468] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor371: bg 0: block 255: padding at end of block bitmap is not set umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555559488730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555559488730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 getdents64(3, 0x5555594806f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555947f650) = 473 ./strace-static-x86_64: Process 473 attached [pid 473] set_robust_list(0x55555947f660, 24) = 0 [pid 473] chdir("./22") = 0 [pid 473] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 473] setpgid(0, 0) = 0 [pid 473] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 473] write(3, "1000", 4) = 4 [pid 473] close(3) = 0 [pid 473] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 473] write(1, "executing program\n", 18) = 18 [pid 473] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 473] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 473] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 473] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 473] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 473] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 473] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 473] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 473] memfd_create("syzkaller", 0) = 5 [pid 473] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55c2014000 [pid 473] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 473] munmap(0x7f55c2014000, 138412032) = 0 [pid 473] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 473] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 473] close(5) = 0 [pid 473] close(6) = 0 [pid 473] mkdir("./file0", 0777) = 0 [pid 473] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "nobh,debug,,errors=continue") = 0 [pid 473] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 473] chdir("./file0") = 0 [pid 473] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 473] ioctl(6, LOOP_CLR_FD) = 0 [pid 473] close(6) = 0 [pid 473] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 473] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 473] write(6, "#! ./file1\n", 11) = 11 [pid 473] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 29.414467][ T473] EXT4-fs (loop0): Ignoring removed nobh option [ 29.424285][ T473] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a802c018, mo2=0002] [ 29.432252][ T473] System zones: 0-7 [ 29.436319][ T473] EXT4-fs (loop0): mounted filesystem without journal. Opts: nobh,debug,,errors=continue [pid 473] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000140} --- [pid 473] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=473, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555594806f0 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 [ 29.451963][ T473] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor371: bg 0: block 255: padding at end of block bitmap is not set umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555559488730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555559488730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 getdents64(3, 0x5555594806f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555947f650) = 478 ./strace-static-x86_64: Process 478 attached [pid 478] set_robust_list(0x55555947f660, 24) = 0 [pid 478] chdir("./23") = 0 [pid 478] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 478] setpgid(0, 0) = 0 [pid 478] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 478] write(3, "1000", 4) = 4 [pid 478] close(3) = 0 [pid 478] symlink("/dev/binderfs", "./binderfs") = 0 [pid 478] write(1, "executing program\n", 18executing program ) = 18 [pid 478] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 478] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 478] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 478] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 478] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 478] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 478] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 478] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 478] memfd_create("syzkaller", 0) = 5 [pid 478] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55c2014000 [pid 478] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 478] munmap(0x7f55c2014000, 138412032) = 0 [pid 478] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 478] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 478] close(5) = 0 [pid 478] close(6) = 0 [pid 478] mkdir("./file0", 0777) = 0 [pid 478] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "nobh,debug,,errors=continue") = 0 [pid 478] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 478] chdir("./file0") = 0 [pid 478] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 478] ioctl(6, LOOP_CLR_FD) = 0 [pid 478] close(6) = 0 [pid 478] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 478] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 478] write(6, "#! ./file1\n", 11) = 11 [pid 478] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 29.603197][ T478] EXT4-fs (loop0): Ignoring removed nobh option [ 29.614519][ T478] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a802c018, mo2=0002] [ 29.622550][ T478] System zones: 0-7 [ 29.626849][ T478] EXT4-fs (loop0): mounted filesystem without journal. Opts: nobh,debug,,errors=continue [pid 478] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000140} --- [pid 478] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=478, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555594806f0 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555559488730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555559488730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 getdents64(3, 0x5555594806f0 /* 0 entries */, 32768) = 0 close(3) = 0 [ 29.649327][ T478] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor371: bg 0: block 255: padding at end of block bitmap is not set rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555947f650) = 483 ./strace-static-x86_64: Process 483 attached [pid 483] set_robust_list(0x55555947f660, 24) = 0 [pid 483] chdir("./24") = 0 [pid 483] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 483] setpgid(0, 0) = 0 [pid 483] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 483] write(3, "1000", 4) = 4 [pid 483] close(3) = 0 [pid 483] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 483] write(1, "executing program\n", 18) = 18 [pid 483] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 483] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 483] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 483] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 483] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 483] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 483] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 483] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 483] memfd_create("syzkaller", 0) = 5 [pid 483] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55c2014000 [pid 483] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 483] munmap(0x7f55c2014000, 138412032) = 0 [pid 483] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 483] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 483] close(5) = 0 [pid 483] close(6) = 0 [pid 483] mkdir("./file0", 0777) = 0 [pid 483] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "nobh,debug,,errors=continue") = 0 [pid 483] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 483] chdir("./file0") = 0 [pid 483] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 483] ioctl(6, LOOP_CLR_FD) = 0 [pid 483] close(6) = 0 [pid 483] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 483] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 483] write(6, "#! ./file1\n", 11) = 11 [pid 483] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 29.773028][ T483] EXT4-fs (loop0): Ignoring removed nobh option [ 29.784297][ T483] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a802c018, mo2=0002] [ 29.792419][ T483] System zones: 0-7 [ 29.796716][ T483] EXT4-fs (loop0): mounted filesystem without journal. Opts: nobh,debug,,errors=continue [pid 483] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000140} --- [pid 483] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=483, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555594806f0 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 [ 29.819022][ T483] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor371: bg 0: block 255: padding at end of block bitmap is not set umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555559488730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555559488730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 getdents64(3, 0x5555594806f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555947f650) = 489 ./strace-static-x86_64: Process 489 attached [pid 489] set_robust_list(0x55555947f660, 24) = 0 [pid 489] chdir("./25") = 0 [pid 489] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 489] setpgid(0, 0) = 0 [pid 489] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 489] write(3, "1000", 4) = 4 [pid 489] close(3) = 0 [pid 489] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 489] write(1, "executing program\n", 18) = 18 [pid 489] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 489] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 489] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 489] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 489] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 489] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 489] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 489] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 489] memfd_create("syzkaller", 0) = 5 [pid 489] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55c2014000 [pid 489] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 489] munmap(0x7f55c2014000, 138412032) = 0 [pid 489] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 489] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 489] close(5) = 0 [pid 489] close(6) = 0 [pid 489] mkdir("./file0", 0777) = 0 [pid 489] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "nobh,debug,,errors=continue") = 0 [pid 489] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 489] chdir("./file0") = 0 [pid 489] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 489] ioctl(6, LOOP_CLR_FD) = 0 [pid 489] close(6) = 0 [pid 489] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 489] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 489] write(6, "#! ./file1\n", 11) = 11 [pid 489] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 29.987611][ T489] EXT4-fs (loop0): Ignoring removed nobh option [ 30.004381][ T489] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a802c018, mo2=0002] [ 30.012771][ T489] System zones: 0-7 [ 30.017302][ T489] EXT4-fs (loop0): mounted filesystem without journal. Opts: nobh,debug,,errors=continue [pid 489] sendmsg(-1, {msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=1, msg_controllen=0, msg_flags=MSG_OOB}, MSG_BATCH) = -1 EBADF (Bad file descriptor) [pid 489] exit_group(0) = ? [pid 489] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=489, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555594806f0 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 [ 30.047639][ T490] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-489: bg 0: block 255: padding at end of block bitmap is not set [ 30.068413][ T180] ------------[ cut here ]------------ [ 30.073681][ T180] kernel BUG at fs/ext4/inode.c:2844! [ 30.078980][ T180] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 30.084795][ T180] CPU: 0 PID: 180 Comm: kworker/u4:2 Not tainted 5.4.290-syzkaller-00002-g41adfeb3d639 #0 [ 30.094615][ T180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 30.104496][ T180] Workqueue: writeback wb_workfn (flush-7:0) [ 30.110336][ T180] RIP: 0010:ext4_writepages+0x3c96/0x3cc0 [ 30.115949][ T180] Code: 99 9b ff 31 ff 89 de e8 b8 99 9b ff 45 84 f6 75 2e e8 9e 97 9b ff 49 bf 00 00 00 00 00 fc ff df e9 1d f9 ff ff e8 8a 97 9b ff <0f> 0b e8 83 97 9b ff 0f 0b e8 7c 97 9b ff e8 b7 a0 37 ff eb 99 e8 [ 30.135478][ T180] RSP: 0018:ffff8881e27af0e0 EFLAGS: 00010293 [ 30.141469][ T180] RAX: ffffffff81c8b376 RBX: 0000010000000000 RCX: ffff8881ec1daf40 [ 30.149281][ T180] RDX: 0000000000000000 RSI: 0000010000000000 RDI: 0000000000000000 [ 30.157180][ T180] RBP: ffff8881e27af4d0 R08: ffffffff81c87fc6 R09: ffffed103b9e2be9 [ 30.165088][ T180] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881dcf15ff0 [ 30.173068][ T180] R13: 0000000000000001 R14: 0000018410000000 R15: dffffc0000000000 [ 30.180877][ T180] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 30.189818][ T180] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 30.196287][ T180] CR2: 00007ffcf19e7fd8 CR3: 00000001eeea3000 CR4: 00000000003406b0 [ 30.204141][ T180] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 30.212173][ T180] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 30.219951][ T180] Call Trace: [ 30.223108][ T180] ? __die+0xb4/0x100 [ 30.226895][ T180] ? die+0x26/0x50 [ 30.230454][ T180] ? do_trap+0x1e7/0x340 [ 30.234540][ T180] ? ext4_writepages+0x3c96/0x3cc0 [ 30.239484][ T180] ? ext4_writepages+0x3c96/0x3cc0 [ 30.244430][ T180] ? do_invalid_op+0xfb/0x110 [ 30.248944][ T180] ? ext4_writepages+0x3c96/0x3cc0 [ 30.253893][ T180] ? invalid_op+0x1e/0x30 [ 30.258157][ T180] ? ext4_writepages+0x8e6/0x3cc0 [ 30.263212][ T180] ? ext4_writepages+0x3c96/0x3cc0 [ 30.268170][ T180] ? ext4_writepages+0x3c96/0x3cc0 [ 30.273090][ T180] ? mark_page_accessed+0x26f/0x640 [ 30.278128][ T180] ? deref_stack_reg+0x15c/0x1f0 [ 30.282907][ T180] ? get_reg+0x220/0x220 [ 30.286977][ T180] ? unwind_next_frame+0x176a/0x1ea0 [ 30.292103][ T180] ? ext4_readpage+0x2e0/0x2e0 [ 30.296707][ T180] ? deref_stack_reg+0x15c/0x1f0 [ 30.301473][ T180] ? get_reg+0x220/0x220 [ 30.306097][ T180] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 30.312472][ T180] ? preempt_count_add+0x8f/0x180 [ 30.317330][ T180] ? ret_from_fork+0x1f/0x30 [ 30.321779][ T180] ? unwind_next_frame+0x176a/0x1ea0 [ 30.326959][ T180] ? ext4_readpage+0x2e0/0x2e0 [ 30.331639][ T180] do_writepages+0x12b/0x270 [ 30.336203][ T180] ? get_reg+0x220/0x220 [ 30.340356][ T180] ? __writepage+0x110/0x110 [ 30.344781][ T180] ? _raw_spin_lock+0xa4/0x1b0 [ 30.349470][ T180] ? _raw_spin_trylock_bh+0x190/0x190 [ 30.354675][ T180] ? unwind_next_frame+0x181e/0x1ea0 [ 30.359811][ T180] ? _raw_spin_lock+0xa4/0x1b0 [ 30.364412][ T180] __writeback_single_inode+0xd9/0xcc0 [ 30.370013][ T180] writeback_sb_inodes+0x9e0/0x1800 [ 30.375063][ T180] ? _raw_spin_lock+0xa4/0x1b0 [ 30.379708][ T180] ? check_preemption_disabled+0x9f/0x320 [ 30.385799][ T180] ? queue_io+0x500/0x500 [ 30.390049][ T180] ? writeback_sb_inodes+0x1800/0x1800 [ 30.395354][ T180] ? queue_io+0x358/0x500 [ 30.399514][ T180] wb_writeback+0x403/0xd70 [ 30.403851][ T180] ? wb_io_lists_depopulated+0x170/0x170 [ 30.409434][ T180] ? set_worker_desc+0x158/0x1c0 [ 30.414604][ T180] ? check_preemption_disabled+0x9f/0x320 [ 30.420146][ T180] ? __mod_timer+0x72b/0x13e0 [ 30.424670][ T180] ? kthread_data+0x4e/0xc0 [ 30.429009][ T180] wb_workfn+0x3b6/0x1230 [ 30.433262][ T180] ? inode_wait_for_writeback+0x280/0x280 [ 30.438809][ T180] ? switch_mm_irqs_off+0x6b5/0xab0 [ 30.443944][ T180] ? _raw_spin_unlock_irq+0x4a/0x60 [ 30.449326][ T180] ? finish_task_switch+0x130/0x590 [ 30.454328][ T180] ? __schedule+0xb0d/0x1320 [ 30.458749][ T180] ? _raw_spin_lock_irqsave+0x210/0x210 [ 30.464686][ T180] ? read_word_at_a_time+0xe/0x20 [ 30.469625][ T180] ? strscpy+0x89/0x220 [ 30.473635][ T180] process_one_work+0x765/0xd20 [ 30.478320][ T180] worker_thread+0xaef/0x1470 [ 30.482942][ T180] kthread+0x2da/0x360 [ 30.486845][ T180] ? worker_clr_flags+0x170/0x170 [ 30.491678][ T180] ? kthread_blkcg+0xd0/0xd0 [ 30.496107][ T180] ret_from_fork+0x1f/0x30 [ 30.500355][ T180] Modules linked in: [ 30.504343][ T180] ---[ end trace 2c28f99bd55dc4cd ]--- [ 30.509609][ T180] RIP: 0010:ext4_writepages+0x3c96/0x3cc0 [ 30.515206][ T180] Code: 99 9b ff 31 ff 89 de e8 b8 99 9b ff 45 84 f6 75 2e e8 9e 97 9b ff 49 bf 00 00 00 00 00 fc ff df e9 1d f9 ff ff e8 8a 97 9b ff <0f> 0b e8 83 97 9b ff 0f 0b e8 7c 97 9b ff e8 b7 a0 37 ff eb 99 e8 [ 30.534620][ T180] RSP: 0018:ffff8881e27af0e0 EFLAGS: 00010293 [ 30.540501][ T180] RAX: ffffffff81c8b376 RBX: 0000010000000000 RCX: ffff8881ec1daf40 [ 30.548581][ T180] RDX: 0000000000000000 RSI: 0000010000000000 RDI: 0000000000000000 [ 30.556427][ T180] RBP: ffff8881e27af4d0 R08: ffffffff81c87fc6 R09: ffffed103b9e2be9 [ 30.564232][ T180] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881dcf15ff0 [ 30.572201][ T180] R13: 0000000000000001 R14: 0000018410000000 R15: dffffc0000000000 [ 30.580637][ T180] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 30.589593][ T180] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 30.596102][ T180] CR2: 00007ffcf19e7fd8 CR3: 00000001eeea3000 CR4: 00000000003406b0 [ 30.603997][ T180] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 30.611780][ T180] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 30.619832][ T180] Kernel panic - not syncing: Fatal exception [ 30.625938][ T180] Kernel Offset: disabled [ 30.630155][ T180] Rebooting in 86400 seconds..