./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1634972909 <...> Warning: Permanently added '10.128.10.6' (ED25519) to the list of known hosts. execve("./syz-executor1634972909", ["./syz-executor1634972909"], 0x7ffeaa862c00 /* 10 vars */) = 0 brk(NULL) = 0x55558dca6000 brk(0x55558dca6d40) = 0x55558dca6d40 arch_prctl(ARCH_SET_FS, 0x55558dca63c0) = 0 set_tid_address(0x55558dca6690) = 356 set_robust_list(0x55558dca66a0, 24) = 0 rseq(0x55558dca6ce0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1634972909", 4096) = 28 getrandom("\x4e\x6a\x99\xc1\x8a\x52\x5c\xe4", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55558dca6d40 brk(0x55558dcc7d40) = 0x55558dcc7d40 brk(0x55558dcc8000) = 0x55558dcc8000 mprotect(0x7fc9dfb5c000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 mkdir("./syzkaller.fzdVch", 0700) = 0 chmod("./syzkaller.fzdVch", 0777) = 0 chdir("./syzkaller.fzdVch") = 0 mkdir("./0", 0777) = 0 [ 22.254660][ T23] audit: type=1400 audit(1745036998.700:66): avc: denied { execmem } for pid=356 comm="syz-executor163" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 22.280160][ T23] audit: type=1400 audit(1745036998.730:67): avc: denied { read write } for pid=356 comm="syz-executor163" name="loop0" dev="devtmpfs" ino=149 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558dca6690) = 358 ./strace-static-x86_64: Process 358 attached [pid 358] set_robust_list(0x55558dca66a0, 24) = 0 [pid 358] chdir("./0") = 0 [pid 358] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 358] setpgid(0, 0) = 0 [pid 358] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 358] write(3, "1000", 4) = 4 [pid 358] close(3) = 0 [pid 358] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 358] write(1, "executing program\n", 18) = 18 [pid 358] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 358] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 358] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 358] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 358] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 358] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 358] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0} => {parent_tid=[359]}, 88) = 359 [pid 358] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 358] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 358] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 359 attached [pid 359] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 359] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 359] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 359] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] <... futex resumed>) = 0 [pid 358] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 358] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 359] <... futex resumed>) = 1 [pid 359] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 359] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] <... futex resumed>) = 0 [pid 358] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 358] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 359] <... futex resumed>) = 1 [pid 359] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 359] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] <... futex resumed>) = 0 [pid 358] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 358] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 359] <... futex resumed>) = 1 [pid 359] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 359] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] <... futex resumed>) = 0 [pid 358] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 358] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 359] <... futex resumed>) = 1 [pid 359] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 359] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] <... futex resumed>) = 0 [pid 358] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 22.305059][ T23] audit: type=1400 audit(1745036998.730:68): avc: denied { open } for pid=356 comm="syz-executor163" path="/dev/loop0" dev="devtmpfs" ino=149 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 358] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 359] <... futex resumed>) = 1 [pid 359] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 359] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] <... futex resumed>) = 0 [pid 358] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 358] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 359] <... futex resumed>) = 1 [pid 359] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 359] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] <... futex resumed>) = 0 [pid 358] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 358] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 359] <... futex resumed>) = 1 [pid 359] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 359] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] <... futex resumed>) = 0 [pid 358] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 358] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 359] <... futex resumed>) = 1 [pid 359] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 359] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] <... futex resumed>) = 0 [pid 358] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 358] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 359] <... futex resumed>) = 1 [pid 359] memfd_create("syzkaller", 0) = 5 [pid 359] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 359] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 359] munmap(0x7fc9d7676000, 138412032) = 0 [pid 359] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 359] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 359] close(5) = 0 [pid 359] close(6) = 0 [pid 359] mkdir("./file0", 0777) = 0 [ 22.329894][ T23] audit: type=1400 audit(1745036998.770:69): avc: denied { ioctl } for pid=356 comm="syz-executor163" path="/dev/loop0" dev="devtmpfs" ino=149 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 22.357104][ T23] audit: type=1400 audit(1745036998.780:70): avc: denied { read write } for pid=358 comm="syz-executor163" name="vhost-vsock" dev="devtmpfs" ino=337 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 22.385703][ T23] audit: type=1400 audit(1745036998.780:71): avc: denied { open } for pid=358 comm="syz-executor163" path="/dev/vhost-vsock" dev="devtmpfs" ino=337 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 22.409990][ T23] audit: type=1400 audit(1745036998.780:72): avc: denied { ioctl } for pid=358 comm="syz-executor163" path="/dev/vhost-vsock" dev="devtmpfs" ino=337 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 22.436621][ T23] audit: type=1400 audit(1745036998.810:73): avc: denied { mounton } for pid=358 comm="syz-executor163" path="/root/syzkaller.fzdVch/0/file0" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 22.463177][ T359] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [pid 359] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 359] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 359] chdir("./file0") = 0 [pid 359] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 359] ioctl(6, LOOP_CLR_FD) = 0 [pid 359] close(6) = 0 [pid 359] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] <... futex resumed>) = 0 [pid 358] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 358] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 359] <... futex resumed>) = 1 [pid 359] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 359] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] <... futex resumed>) = 0 [pid 358] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 358] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 359] <... futex resumed>) = 1 [pid 359] write(6, "#! ./file1\n", 11) = 11 [pid 359] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] <... futex resumed>) = 0 [pid 358] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 358] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 359] <... futex resumed>) = 1 [pid 359] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 22.485238][ T23] audit: type=1400 audit(1745036998.930:74): avc: denied { mount } for pid=358 comm="syz-executor163" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 22.525650][ T360] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-359: bg 0: block 234: padding at end of block bitmap is not set [pid 359] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 358] <... futex resumed>) = 0 [pid 359] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 358] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] <... futex resumed>) = 0 [pid 358] <... futex resumed>) = 1 [pid 358] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 358] <... futex resumed>) = ? [pid 359] +++ killed by SIGBUS +++ [pid 358] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=358, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 [ 22.525718][ T23] audit: type=1400 audit(1745036998.970:75): avc: denied { write } for pid=358 comm="syz-executor163" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558dca6690) = 364 ./strace-static-x86_64: Process 364 attached [pid 364] set_robust_list(0x55558dca66a0, 24) = 0 [pid 364] chdir("./1") = 0 [pid 364] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 364] setpgid(0, 0) = 0 [pid 364] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 364] write(3, "1000", 4) = 4 [pid 364] close(3) = 0 [pid 364] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 364] write(1, "executing program\n", 18) = 18 [pid 364] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 364] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 364] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 364] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 364] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 364] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 364] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0}./strace-static-x86_64: Process 365 attached [pid 365] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 365] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 365] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 364] <... clone3 resumed> => {parent_tid=[365]}, 88) = 365 [pid 364] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 364] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 365] <... futex resumed>) = 0 [pid 364] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 365] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 365] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 365] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 364] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 364] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 365] <... futex resumed>) = 0 [pid 364] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 365] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 365] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 364] <... futex resumed>) = 0 [pid 365] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 364] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 364] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 365] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 365] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 365] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 364] <... futex resumed>) = 0 [pid 364] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 364] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 365] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 365] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 364] <... futex resumed>) = 0 [pid 364] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 364] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 365] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 365] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 364] <... futex resumed>) = 0 [pid 364] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 364] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 365] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 365] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 364] <... futex resumed>) = 0 [pid 364] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 365] ioctl(3, VHOST_SET_VRING_ADDR [pid 364] <... futex resumed>) = 0 [pid 364] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 365] <... ioctl resumed>, 0x200000000240) = 0 [pid 365] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 364] <... futex resumed>) = 0 [pid 364] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 365] ioctl(3, VHOST_SET_VRING_KICK [pid 364] <... futex resumed>) = 0 [pid 364] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 365] <... ioctl resumed>, 0x200000000000) = 0 [pid 365] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 364] <... futex resumed>) = 0 [pid 365] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 364] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 364] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 365] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 365] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 365] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 364] <... futex resumed>) = 0 [pid 365] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 364] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 365] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 364] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 365] memfd_create("syzkaller", 0) = 5 [pid 365] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 365] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 365] munmap(0x7fc9d7676000, 138412032) = 0 [pid 365] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 365] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 365] close(5) = 0 [pid 365] close(6) = 0 [pid 365] mkdir("./file0", 0777) = 0 [pid 365] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 365] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 365] chdir("./file0") = 0 [pid 365] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 365] ioctl(6, LOOP_CLR_FD) = 0 [pid 365] close(6) = 0 [pid 365] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 364] <... futex resumed>) = 0 [pid 364] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 364] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 365] <... futex resumed>) = 1 [pid 365] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 365] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 364] <... futex resumed>) = 0 [pid 364] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 364] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 365] <... futex resumed>) = 1 [pid 365] write(6, "#! ./file1\n", 11) = 11 [pid 365] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 364] <... futex resumed>) = 0 [pid 364] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 364] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 365] <... futex resumed>) = 1 [pid 365] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 365] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 364] <... futex resumed>) = 0 [pid 364] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 22.839820][ T365] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [pid 364] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 365] <... futex resumed>) = 1 [pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 364] <... futex resumed>) = ? [pid 365] +++ killed by SIGBUS +++ [pid 364] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=364, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 [ 22.883348][ T366] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-365: bg 0: block 234: padding at end of block bitmap is not set umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 371 attached , child_tidptr=0x55558dca6690) = 371 [pid 371] set_robust_list(0x55558dca66a0, 24) = 0 [pid 371] chdir("./2") = 0 [pid 371] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 371] setpgid(0, 0) = 0 [pid 371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 371] write(3, "1000", 4) = 4 [pid 371] close(3) = 0 [pid 371] symlink("/dev/binderfs", "./binderfs") = 0 [pid 371] write(1, "executing program\n", 18executing program ) = 18 [pid 371] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 371] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 371] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 371] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 371] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 371] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0} => {parent_tid=[372]}, 88) = 372 [pid 371] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 371] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 371] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 372 attached [pid 372] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 372] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 372] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 372] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 371] <... futex resumed>) = 0 [pid 371] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 371] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 372] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 372] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 371] <... futex resumed>) = 0 [pid 371] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 371] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 372] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 372] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 371] <... futex resumed>) = 0 [pid 371] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 371] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 372] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 372] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 371] <... futex resumed>) = 0 [pid 371] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 371] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 372] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 372] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 371] <... futex resumed>) = 0 [pid 371] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 371] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 372] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 372] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 371] <... futex resumed>) = 0 [pid 371] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 371] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 372] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 372] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 371] <... futex resumed>) = 0 [pid 371] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 371] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 372] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 372] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 371] <... futex resumed>) = 0 [pid 372] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 371] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 371] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 372] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 372] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 372] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 371] <... futex resumed>) = 0 [pid 371] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 372] memfd_create("syzkaller", 0 [pid 371] <... futex resumed>) = 0 [pid 371] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 372] <... memfd_create resumed>) = 5 [pid 372] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 372] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 372] munmap(0x7fc9d7676000, 138412032) = 0 [pid 372] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 372] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 372] close(5) = 0 [pid 372] close(6) = 0 [pid 372] mkdir("./file0", 0777) = 0 [pid 372] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 372] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 372] chdir("./file0") = 0 [pid 372] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 372] ioctl(6, LOOP_CLR_FD) = 0 [pid 372] close(6) = 0 [pid 372] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 371] <... futex resumed>) = 0 [pid 371] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 371] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 372] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 372] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 371] <... futex resumed>) = 0 [pid 372] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 371] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 371] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 372] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 372] write(6, "#! ./file1\n", 11) = 11 [pid 372] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 371] <... futex resumed>) = 0 [pid 371] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 371] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 372] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 372] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 371] <... futex resumed>) = 0 [pid 371] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 371] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 372] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 371] <... futex resumed>) = ? [pid 372] +++ killed by SIGBUS +++ [pid 371] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=371, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 [ 23.079935][ T372] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 23.113788][ T373] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-372: bg 0: block 234: padding at end of block bitmap is not set umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558dca6690) = 377 ./strace-static-x86_64: Process 377 attached [pid 377] set_robust_list(0x55558dca66a0, 24) = 0 [pid 377] chdir("./3") = 0 [pid 377] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 377] setpgid(0, 0) = 0 [pid 377] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 377] write(3, "1000", 4) = 4 [pid 377] close(3) = 0 [pid 377] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 377] write(1, "executing program\n", 18) = 18 [pid 377] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 377] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 377] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 377] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 377] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 377] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 377] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0}./strace-static-x86_64: Process 378 attached => {parent_tid=[378]}, 88) = 378 [pid 378] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 378] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 378] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 377] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 377] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 378] <... futex resumed>) = 0 [pid 377] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 378] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 378] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 377] <... futex resumed>) = 0 [pid 377] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 378] ioctl(3, VHOST_SET_OWNER [pid 377] <... futex resumed>) = 0 [pid 377] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 378] <... ioctl resumed>, 0) = 0 [pid 378] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 377] <... futex resumed>) = 0 [pid 377] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 377] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 378] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 378] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 377] <... futex resumed>) = 0 [pid 377] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 377] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 378] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 378] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 377] <... futex resumed>) = 0 [pid 377] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 377] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 378] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 378] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 377] <... futex resumed>) = 0 [pid 377] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 377] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 378] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 378] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 377] <... futex resumed>) = 0 [pid 377] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 377] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 378] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 378] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 377] <... futex resumed>) = 0 [pid 377] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 377] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 378] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 378] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 377] <... futex resumed>) = 0 [pid 377] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 378] <... futex resumed>) = 1 [pid 377] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 378] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 378] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 377] <... futex resumed>) = 0 [pid 377] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 377] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 378] memfd_create("syzkaller", 0) = 5 [pid 378] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 378] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 378] munmap(0x7fc9d7676000, 138412032) = 0 [pid 378] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 378] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 378] close(5) = 0 [pid 378] close(6) = 0 [pid 378] mkdir("./file0", 0777) = 0 [pid 378] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 378] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 378] chdir("./file0") = 0 [pid 378] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 378] ioctl(6, LOOP_CLR_FD) = 0 [pid 378] close(6) = 0 [pid 378] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 377] <... futex resumed>) = 0 [pid 377] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 377] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 378] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 378] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 377] <... futex resumed>) = 0 [pid 377] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 377] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 378] write(6, "#! ./file1\n", 11) = 11 [pid 378] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 377] <... futex resumed>) = 0 [pid 377] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 377] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 378] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 378] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 378] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 377] <... futex resumed>) = 0 [pid 377] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 377] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 378] <... futex resumed>) = 0 [ 23.289999][ T378] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 23.326027][ T379] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-378: bg 0: block 234: padding at end of block bitmap is not set [pid 378] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 377] <... futex resumed>) = ? [pid 378] +++ killed by SIGBUS +++ [pid 377] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=377, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558dca6690) = 383 ./strace-static-x86_64: Process 383 attached [pid 383] set_robust_list(0x55558dca66a0, 24) = 0 [pid 383] chdir("./4") = 0 [pid 383] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 383] setpgid(0, 0) = 0 [pid 383] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 383] write(3, "1000", 4) = 4 [pid 383] close(3) = 0 [pid 383] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 383] write(1, "executing program\n", 18) = 18 [pid 383] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 383] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 383] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 383] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 383] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 383] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 383] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0}./strace-static-x86_64: Process 384 attached => {parent_tid=[384]}, 88) = 384 [pid 384] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 384] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 384] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 383] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 383] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 384] <... futex resumed>) = 0 [pid 383] <... futex resumed>) = 1 [pid 383] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 384] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 384] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 383] <... futex resumed>) = 0 [pid 384] ioctl(3, VHOST_SET_OWNER [pid 383] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 383] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 384] <... ioctl resumed>, 0) = 0 [pid 384] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 383] <... futex resumed>) = 0 [pid 383] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 383] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 384] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 384] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 383] <... futex resumed>) = 0 [pid 383] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 383] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 384] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 384] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 383] <... futex resumed>) = 0 [pid 383] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 383] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 384] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 384] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 383] <... futex resumed>) = 0 [pid 383] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 383] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 384] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 384] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 383] <... futex resumed>) = 0 [pid 383] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 383] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 384] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 384] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 383] <... futex resumed>) = 0 [pid 383] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 383] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 384] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 384] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 383] <... futex resumed>) = 0 [pid 384] <... futex resumed>) = 1 [pid 383] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 383] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 384] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 384] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 383] <... futex resumed>) = 0 [pid 383] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 383] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 384] memfd_create("syzkaller", 0) = 5 [pid 384] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 384] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 384] munmap(0x7fc9d7676000, 138412032) = 0 [pid 384] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 384] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 384] close(5) = 0 [pid 384] close(6) = 0 [pid 384] mkdir("./file0", 0777) = 0 [pid 384] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 384] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 384] chdir("./file0") = 0 [pid 384] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 384] ioctl(6, LOOP_CLR_FD) = 0 [pid 384] close(6) = 0 [pid 384] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 383] <... futex resumed>) = 0 [pid 383] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 383] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 384] <... futex resumed>) = 1 [pid 384] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 384] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 383] <... futex resumed>) = 0 [pid 383] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 383] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 384] write(6, "#! ./file1\n", 11) = 11 [pid 384] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 383] <... futex resumed>) = 0 [pid 383] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 383] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 384] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 23.529742][ T384] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [pid 384] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 384] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 383] <... futex resumed>) = 0 [pid 383] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 383] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 384] <... futex resumed>) = 0 [pid 384] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 383] <... futex resumed>) = ? [pid 384] +++ killed by SIGBUS +++ [pid 383] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=383, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 [ 23.574184][ T385] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-384: bg 0: block 234: padding at end of block bitmap is not set umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 389 attached , child_tidptr=0x55558dca6690) = 389 [pid 389] set_robust_list(0x55558dca66a0, 24) = 0 [pid 389] chdir("./5") = 0 [pid 389] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 389] setpgid(0, 0) = 0 [pid 389] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 389] write(3, "1000", 4) = 4 [pid 389] close(3) = 0 [pid 389] symlink("/dev/binderfs", "./binderfs") = 0 [pid 389] write(1, "executing program\n", 18executing program ) = 18 [pid 389] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 389] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 389] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 389] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 389] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 389] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 389] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0} => {parent_tid=[390]}, 88) = 390 [pid 389] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 389] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 389] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 390 attached [pid 390] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 390] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 390] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 390] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 389] <... futex resumed>) = 0 [pid 389] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 389] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 390] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 390] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 389] <... futex resumed>) = 0 [pid 390] ioctl(3, VHOST_SET_VRING_ADDR [pid 389] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 389] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 390] <... ioctl resumed>, 0x200000000300) = 0 [pid 390] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 389] <... futex resumed>) = 0 [pid 390] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 389] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 389] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 390] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 390] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 390] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 389] <... futex resumed>) = 0 [pid 390] eventfd2(4294967295, EFD_SEMAPHORE [pid 389] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 389] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 390] <... eventfd2 resumed>) = 4 [pid 390] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 389] <... futex resumed>) = 0 [pid 389] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 389] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 390] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 390] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 389] <... futex resumed>) = 0 [pid 389] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 389] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 390] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 390] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 389] <... futex resumed>) = 0 [pid 389] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 389] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 390] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 390] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 389] <... futex resumed>) = 0 [pid 389] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 389] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 390] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 390] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 389] <... futex resumed>) = 0 [pid 389] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 389] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 390] memfd_create("syzkaller", 0) = 5 [pid 390] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 390] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 390] munmap(0x7fc9d7676000, 138412032) = 0 [pid 390] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 390] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 390] close(5) = 0 [pid 390] close(6) = 0 [pid 390] mkdir("./file0", 0777) = 0 [pid 390] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 390] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 390] chdir("./file0") = 0 [pid 390] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 390] ioctl(6, LOOP_CLR_FD) = 0 [pid 390] close(6) = 0 [pid 390] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 389] <... futex resumed>) = 0 [pid 389] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 389] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 390] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 390] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 389] <... futex resumed>) = 0 [pid 389] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 389] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 390] write(6, "#! ./file1\n", 11) = 11 [pid 390] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 389] <... futex resumed>) = 0 [pid 389] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 389] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 390] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 23.718975][ T390] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [pid 390] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 389] <... futex resumed>) = 0 [pid 390] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 389] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 390] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 389] <... futex resumed>) = 0 [pid 389] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 390] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 389] <... futex resumed>) = ? [pid 390] +++ killed by SIGBUS +++ [pid 389] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=389, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 [ 23.763866][ T391] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-390: bg 0: block 234: padding at end of block bitmap is not set umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558dca6690) = 396 ./strace-static-x86_64: Process 396 attached [pid 396] set_robust_list(0x55558dca66a0, 24) = 0 [pid 396] chdir("./6") = 0 [pid 396] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 396] setpgid(0, 0) = 0 [pid 396] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 396] write(3, "1000", 4) = 4 [pid 396] close(3) = 0 [pid 396] symlink("/dev/binderfs", "./binderfs") = 0 [pid 396] write(1, "executing program\n", 18executing program ) = 18 [pid 396] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 396] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 396] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 396] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 396] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 396] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 396] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0}./strace-static-x86_64: Process 397 attached [pid 397] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 397] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 397] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 396] <... clone3 resumed> => {parent_tid=[397]}, 88) = 397 [pid 396] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 396] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] <... futex resumed>) = 0 [pid 397] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 397] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 396] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 396] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] <... futex resumed>) = 0 [pid 397] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 397] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 396] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 396] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] <... futex resumed>) = 0 [pid 397] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 397] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 396] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 396] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] <... futex resumed>) = 0 [pid 397] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 397] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 396] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 396] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] <... futex resumed>) = 0 [pid 397] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 397] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 396] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 396] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] <... futex resumed>) = 0 [pid 397] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 397] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 396] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 396] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 397] <... futex resumed>) = 0 [pid 396] <... futex resumed>) = 1 [pid 397] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 397] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 396] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 396] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 397] <... futex resumed>) = 0 [pid 396] <... futex resumed>) = 1 [pid 397] ioctl(3, VHOST_SET_VRING_KICK [pid 396] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 397] <... ioctl resumed>, 0x200000000000) = 0 [pid 397] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 396] <... futex resumed>) = 0 [pid 397] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 396] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 397] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 396] <... futex resumed>) = 0 [pid 397] <... ioctl resumed>, 0x200000000140) = 0 [pid 396] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 397] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 396] <... futex resumed>) = 0 [pid 397] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 396] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 397] memfd_create("syzkaller", 0 [pid 396] <... futex resumed>) = 0 [pid 397] <... memfd_create resumed>) = 5 [pid 396] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 397] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 397] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 397] munmap(0x7fc9d7676000, 138412032) = 0 [pid 397] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 397] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 397] close(5) = 0 [pid 397] close(6) = 0 [pid 397] mkdir("./file0", 0777) = 0 [pid 397] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 397] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 397] chdir("./file0") = 0 [pid 397] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 397] ioctl(6, LOOP_CLR_FD) = 0 [pid 397] close(6) = 0 [pid 397] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 396] <... futex resumed>) = 0 [pid 396] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 396] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 397] <... futex resumed>) = 1 [pid 397] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 397] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 396] <... futex resumed>) = 0 [pid 396] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 396] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 397] <... futex resumed>) = 1 [pid 397] write(6, "#! ./file1\n", 11) = 11 [pid 397] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 396] <... futex resumed>) = 0 [pid 396] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 396] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 397] <... futex resumed>) = 1 [pid 397] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 397] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 396] <... futex resumed>) = 0 [pid 396] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 396] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 397] <... futex resumed>) = 1 [pid 397] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 396] <... futex resumed>) = ? [pid 397] +++ killed by SIGBUS +++ [pid 396] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=396, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 [ 23.929281][ T397] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 23.961100][ T398] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-397: bg 0: block 234: padding at end of block bitmap is not set umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 402 attached , child_tidptr=0x55558dca6690) = 402 [pid 402] set_robust_list(0x55558dca66a0, 24) = 0 [pid 402] chdir("./7") = 0 [pid 402] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 402] setpgid(0, 0) = 0 [pid 402] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 402] write(3, "1000", 4) = 4 [pid 402] close(3) = 0 [pid 402] symlink("/dev/binderfs", "./binderfs") = 0 [pid 402] write(1, "executing program\n", 18executing program ) = 18 [pid 402] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 402] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 402] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 402] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 402] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 402] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 402] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0} => {parent_tid=[403]}, 88) = 403 [pid 402] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 402] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 402] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 403 attached [pid 403] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 403] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 403] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 403] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 402] <... futex resumed>) = 0 [pid 402] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 402] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 403] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 403] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 402] <... futex resumed>) = 0 [pid 402] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 402] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 403] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 403] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 402] <... futex resumed>) = 0 [pid 402] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 402] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 403] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 403] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 402] <... futex resumed>) = 0 [pid 402] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 402] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 403] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 403] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 402] <... futex resumed>) = 0 [pid 402] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 402] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 403] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 403] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 402] <... futex resumed>) = 0 [pid 402] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 402] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 403] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 403] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 402] <... futex resumed>) = 0 [pid 402] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 402] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 403] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 403] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 402] <... futex resumed>) = 0 [pid 402] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 402] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 403] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 403] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 402] <... futex resumed>) = 0 [pid 402] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 402] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 403] memfd_create("syzkaller", 0) = 5 [pid 403] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 403] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 403] munmap(0x7fc9d7676000, 138412032) = 0 [pid 403] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 403] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 403] close(5) = 0 [pid 403] close(6) = 0 [pid 403] mkdir("./file0", 0777) = 0 [pid 403] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 403] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 403] chdir("./file0") = 0 [pid 403] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 403] ioctl(6, LOOP_CLR_FD) = 0 [pid 403] close(6) = 0 [pid 403] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 402] <... futex resumed>) = 0 [pid 402] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 402] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 403] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 403] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 402] <... futex resumed>) = 0 [pid 402] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 402] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 403] write(6, "#! ./file1\n", 11) = 11 [pid 403] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 402] <... futex resumed>) = 0 [pid 403] <... futex resumed>) = 1 [pid 402] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 402] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 403] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 24.148020][ T403] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [pid 403] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 403] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 402] <... futex resumed>) = 0 [pid 402] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 402] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 403] <... futex resumed>) = 0 [pid 403] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 402] <... futex resumed>) = ? [pid 403] +++ killed by SIGBUS +++ [pid 402] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=402, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 [ 24.196136][ T404] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-403: bg 0: block 234: padding at end of block bitmap is not set umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558dca6690) = 408 ./strace-static-x86_64: Process 408 attached [pid 408] set_robust_list(0x55558dca66a0, 24) = 0 [pid 408] chdir("./8") = 0 [pid 408] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 408] setpgid(0, 0) = 0 [pid 408] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 408] write(3, "1000", 4) = 4 [pid 408] close(3) = 0 [pid 408] symlink("/dev/binderfs", "./binderfs") = 0 [pid 408] write(1, "executing program\n", 18executing program ) = 18 [pid 408] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 408] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 408] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 408] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 408] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 408] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0} => {parent_tid=[409]}, 88) = 409 [pid 408] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 408] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 409 attached [pid 409] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 409] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 409] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 409] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 408] <... futex resumed>) = 0 [pid 408] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 409] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 409] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 408] <... futex resumed>) = 0 [pid 408] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 409] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 409] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 408] <... futex resumed>) = 0 [pid 409] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 408] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 409] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 409] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 409] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 408] <... futex resumed>) = 0 [pid 408] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 409] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 409] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 408] <... futex resumed>) = 0 [pid 408] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 409] ioctl(3, VHOST_SET_VRING_ERR [pid 408] <... futex resumed>) = 0 [pid 408] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 409] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 409] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 408] <... futex resumed>) = 0 [pid 408] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 409] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 409] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 408] <... futex resumed>) = 0 [pid 408] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 409] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 409] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 408] <... futex resumed>) = 0 [pid 409] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 408] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 409] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 409] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 409] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 408] <... futex resumed>) = 0 [pid 409] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 408] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 409] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 409] memfd_create("syzkaller", 0) = 5 [pid 409] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 409] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 409] munmap(0x7fc9d7676000, 138412032) = 0 [pid 409] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 409] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 409] close(5) = 0 [pid 409] close(6) = 0 [pid 409] mkdir("./file0", 0777) = 0 [pid 409] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 409] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 409] chdir("./file0") = 0 [pid 409] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 409] ioctl(6, LOOP_CLR_FD) = 0 [pid 409] close(6) = 0 [pid 409] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 408] <... futex resumed>) = 0 [pid 409] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 408] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 409] <... openat resumed>) = 6 [pid 409] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 408] <... futex resumed>) = 0 [pid 408] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 409] write(6, "#! ./file1\n", 11) = 11 [pid 409] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 408] <... futex resumed>) = 0 [pid 408] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 409] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 409] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 409] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 408] <... futex resumed>) = 0 [pid 408] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 408] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 409] <... futex resumed>) = 0 [pid 409] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 408] <... futex resumed>) = ? [pid 409] +++ killed by SIGBUS +++ [pid 408] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=408, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 [ 24.339799][ T409] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 24.374290][ T410] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-409: bg 0: block 234: padding at end of block bitmap is not set umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 414 attached , child_tidptr=0x55558dca6690) = 414 [pid 414] set_robust_list(0x55558dca66a0, 24) = 0 [pid 414] chdir("./9") = 0 [pid 414] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 414] setpgid(0, 0) = 0 [pid 414] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 414] write(3, "1000", 4) = 4 [pid 414] close(3) = 0 [pid 414] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 414] write(1, "executing program\n", 18) = 18 [pid 414] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 414] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 414] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 414] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 414] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 414] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0}./strace-static-x86_64: Process 415 attached => {parent_tid=[415]}, 88) = 415 [pid 414] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 414] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 415] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 415] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 415] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 414] <... futex resumed>) = 0 [pid 414] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 415] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 414] <... futex resumed>) = 0 [pid 414] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 415] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 414] <... futex resumed>) = 0 [pid 414] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 415] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 414] <... futex resumed>) = 0 [pid 414] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 415] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 414] <... futex resumed>) = 0 [pid 414] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 415] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 414] <... futex resumed>) = 0 [pid 414] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 415] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 414] <... futex resumed>) = 0 [pid 414] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 415] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 414] <... futex resumed>) = 0 [pid 414] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 415] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 414] <... futex resumed>) = 0 [pid 414] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 415] memfd_create("syzkaller", 0) = 5 [pid 415] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 415] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 415] munmap(0x7fc9d7676000, 138412032) = 0 [pid 415] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 415] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 415] close(5) = 0 [pid 415] close(6) = 0 [pid 415] mkdir("./file0", 0777) = 0 [pid 415] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 415] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 415] chdir("./file0") = 0 [pid 415] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 415] ioctl(6, LOOP_CLR_FD) = 0 [pid 415] close(6) = 0 [pid 415] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 414] <... futex resumed>) = 0 [pid 414] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 415] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 414] <... futex resumed>) = 0 [pid 414] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] write(6, "#! ./file1\n", 11) = 11 [pid 415] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 414] <... futex resumed>) = 0 [pid 414] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 415] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 415] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 414] <... futex resumed>) = 0 [pid 414] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 414] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] <... futex resumed>) = 0 [pid 415] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 414] <... futex resumed>) = ? [pid 415] +++ killed by SIGBUS +++ [pid 414] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=414, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 [ 24.529777][ T415] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 24.563907][ T416] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-415: bg 0: block 234: padding at end of block bitmap is not set umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558dca6690) = 420 ./strace-static-x86_64: Process 420 attached [pid 420] set_robust_list(0x55558dca66a0, 24) = 0 [pid 420] chdir("./10") = 0 [pid 420] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 420] setpgid(0, 0) = 0 [pid 420] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 420] write(3, "1000", 4) = 4 [pid 420] close(3) = 0 [pid 420] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 420] write(1, "executing program\n", 18) = 18 [pid 420] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 420] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 420] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 420] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 420] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 420] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0} => {parent_tid=[421]}, 88) = 421 [pid 420] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 420] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 421 attached [pid 421] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 421] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 421] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 421] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 420] <... futex resumed>) = 0 [pid 420] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 421] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 420] <... futex resumed>) = 0 [pid 420] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 421] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 420] <... futex resumed>) = 0 [pid 420] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 421] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 420] <... futex resumed>) = 0 [pid 420] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 421] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 420] <... futex resumed>) = 0 [pid 420] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 421] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 420] <... futex resumed>) = 0 [pid 420] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 421] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 420] <... futex resumed>) = 0 [pid 420] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 421] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 420] <... futex resumed>) = 0 [pid 420] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 421] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 420] <... futex resumed>) = 0 [pid 420] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 421] memfd_create("syzkaller", 0) = 5 [pid 421] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 421] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 421] munmap(0x7fc9d7676000, 138412032) = 0 [pid 421] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 421] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 421] close(5) = 0 [pid 421] close(6) = 0 [pid 421] mkdir("./file0", 0777) = 0 [pid 421] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 421] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 421] chdir("./file0") = 0 [pid 421] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 421] ioctl(6, LOOP_CLR_FD) = 0 [pid 421] close(6) = 0 [pid 421] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 420] <... futex resumed>) = 0 [pid 420] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 421] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 420] <... futex resumed>) = 0 [pid 420] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] write(6, "#! ./file1\n", 11) = 11 [pid 421] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 420] <... futex resumed>) = 0 [pid 420] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 421] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 421] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 420] <... futex resumed>) = 0 [pid 420] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 420] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] <... futex resumed>) = 0 [pid 421] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 420] <... futex resumed>) = ? [pid 421] +++ killed by SIGBUS +++ [pid 420] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=420, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 [ 24.729906][ T421] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 24.765588][ T422] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-421: bg 0: block 234: padding at end of block bitmap is not set umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558dca6690) = 427 ./strace-static-x86_64: Process 427 attached [pid 427] set_robust_list(0x55558dca66a0, 24) = 0 [pid 427] chdir("./11") = 0 [pid 427] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 427] setpgid(0, 0) = 0 [pid 427] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 427] write(3, "1000", 4) = 4 [pid 427] close(3) = 0 [pid 427] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 427] write(1, "executing program\n", 18) = 18 [pid 427] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 427] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 427] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 427] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 427] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 427] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0}./strace-static-x86_64: Process 428 attached [pid 428] set_robust_list(0x7fc9dfa969a0, 24 [pid 427] <... clone3 resumed> => {parent_tid=[428]}, 88) = 428 [pid 428] <... set_robust_list resumed>) = 0 [pid 428] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 428] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 427] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 427] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 428] <... futex resumed>) = 0 [pid 428] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 428] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 428] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 427] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 427] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 428] <... futex resumed>) = 0 [pid 427] <... futex resumed>) = 1 [pid 428] ioctl(3, VHOST_SET_OWNER [pid 427] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 428] <... ioctl resumed>, 0) = 0 [pid 428] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 427] <... futex resumed>) = 0 [pid 428] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 427] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 428] <... futex resumed>) = 0 [pid 427] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 428] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 428] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 428] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 427] <... futex resumed>) = 0 [pid 427] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 428] <... futex resumed>) = 0 [pid 427] <... futex resumed>) = 1 [pid 428] ioctl(3, VHOST_SET_MEM_TABLE [pid 427] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 428] <... ioctl resumed>, 0x200000003380) = 0 [pid 428] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 428] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 427] <... futex resumed>) = 0 [pid 427] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 428] <... futex resumed>) = 0 [pid 427] <... futex resumed>) = 1 [pid 428] eventfd2(4294967295, EFD_SEMAPHORE [pid 427] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 428] <... eventfd2 resumed>) = 4 [pid 428] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 428] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 427] <... futex resumed>) = 0 [pid 428] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 427] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 428] ioctl(3, VHOST_SET_VRING_ERR [pid 427] <... futex resumed>) = 0 [pid 428] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 427] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 428] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 427] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 428] <... futex resumed>) = 0 [pid 427] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 428] ioctl(3, VHOST_SET_VRING_ADDR [pid 427] <... futex resumed>) = 0 [pid 428] <... ioctl resumed>, 0x200000000240) = 0 [pid 427] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 428] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 428] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 427] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 427] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 427] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 428] <... futex resumed>) = 0 [pid 428] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 428] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 428] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 427] <... futex resumed>) = 0 [pid 428] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 427] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 428] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 427] <... futex resumed>) = 0 [pid 428] <... ioctl resumed>, 0x200000000140) = 0 [pid 427] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 428] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 427] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 428] <... futex resumed>) = 0 [pid 427] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 428] memfd_create("syzkaller", 0 [pid 427] <... futex resumed>) = 0 [pid 428] <... memfd_create resumed>) = 5 [pid 427] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 428] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 428] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 428] munmap(0x7fc9d7676000, 138412032) = 0 [pid 428] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 428] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 428] close(5) = 0 [pid 428] close(6) = 0 [pid 428] mkdir("./file0", 0777) = 0 [pid 428] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 428] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 428] chdir("./file0") = 0 [pid 428] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 428] ioctl(6, LOOP_CLR_FD) = 0 [pid 428] close(6) = 0 [pid 428] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 427] <... futex resumed>) = 0 [pid 427] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 428] <... futex resumed>) = 1 [pid 428] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 428] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 427] <... futex resumed>) = 0 [pid 427] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 428] <... futex resumed>) = 1 [pid 428] write(6, "#! ./file1\n", 11) = 11 [pid 428] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 427] <... futex resumed>) = 0 [pid 427] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 428] <... futex resumed>) = 1 [pid 428] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 428] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 427] <... futex resumed>) = 0 [pid 427] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 428] <... futex resumed>) = 1 [pid 428] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 427] <... futex resumed>) = ? [pid 428] +++ killed by SIGBUS +++ [pid 427] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=427, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 [ 24.887276][ T428] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 24.920242][ T429] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-428: bg 0: block 234: padding at end of block bitmap is not set umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558dca6690) = 433 ./strace-static-x86_64: Process 433 attached [pid 433] set_robust_list(0x55558dca66a0, 24) = 0 [pid 433] chdir("./12") = 0 [pid 433] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 433] setpgid(0, 0) = 0 [pid 433] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 433] write(3, "1000", 4) = 4 [pid 433] close(3) = 0 [pid 433] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 433] write(1, "executing program\n", 18) = 18 [pid 433] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 433] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 433] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 433] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 433] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 433] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 433] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0}./strace-static-x86_64: Process 434 attached [pid 434] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 433] <... clone3 resumed> => {parent_tid=[434]}, 88) = 434 [pid 434] rt_sigprocmask(SIG_SETMASK, [], [pid 433] rt_sigprocmask(SIG_SETMASK, [], [pid 434] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 434] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 433] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 433] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 434] <... futex resumed>) = 0 [pid 433] <... futex resumed>) = 1 [pid 434] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 433] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 434] <... openat resumed>) = 3 [pid 434] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 433] <... futex resumed>) = 0 [pid 434] <... futex resumed>) = 1 [pid 433] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 434] ioctl(3, VHOST_SET_OWNER [pid 433] <... futex resumed>) = 0 [pid 433] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 434] <... ioctl resumed>, 0) = 0 [pid 434] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 433] <... futex resumed>) = 0 [pid 434] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 433] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 434] <... futex resumed>) = 0 [pid 434] ioctl(3, VHOST_SET_VRING_ADDR [pid 433] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 434] <... ioctl resumed>, 0x200000000300) = 0 [pid 434] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 434] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 433] <... futex resumed>) = 0 [pid 433] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 434] <... futex resumed>) = 0 [pid 433] <... futex resumed>) = 1 [pid 433] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 434] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 434] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 433] <... futex resumed>) = 0 [pid 434] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 433] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 434] <... futex resumed>) = 0 [pid 434] eventfd2(4294967295, EFD_SEMAPHORE [pid 433] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 434] <... eventfd2 resumed>) = 4 [pid 434] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 433] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 434] <... futex resumed>) = 0 [pid 434] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 433] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 434] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 434] ioctl(3, VHOST_SET_VRING_ERR [pid 433] <... futex resumed>) = 0 [pid 434] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 434] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 434] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 433] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 433] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 434] <... futex resumed>) = 0 [pid 433] <... futex resumed>) = 1 [pid 434] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 433] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 434] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 433] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 434] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 433] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 434] <... futex resumed>) = 0 [pid 433] <... futex resumed>) = 1 [pid 434] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 433] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 434] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 433] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 434] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 433] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 434] <... futex resumed>) = 0 [pid 433] <... futex resumed>) = 1 [pid 434] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 433] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 434] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 433] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 434] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 433] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 434] memfd_create("syzkaller", 0 [pid 433] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 434] <... memfd_create resumed>) = 5 [pid 434] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 434] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 434] munmap(0x7fc9d7676000, 138412032) = 0 [pid 434] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 434] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 434] close(5) = 0 [pid 434] close(6) = 0 [pid 434] mkdir("./file0", 0777) = 0 [pid 434] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 434] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 434] chdir("./file0") = 0 [pid 434] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 434] ioctl(6, LOOP_CLR_FD) = 0 [pid 434] close(6) = 0 [pid 434] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 433] <... futex resumed>) = 0 [pid 433] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 434] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 433] <... futex resumed>) = 0 [pid 433] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 434] <... openat resumed>) = 6 [pid 434] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 433] <... futex resumed>) = 0 [pid 433] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 433] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 434] write(6, "#! ./file1\n", 11) = 11 [pid 434] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 433] <... futex resumed>) = 0 [pid 433] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 433] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 434] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 434] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 434] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 433] <... futex resumed>) = 0 [pid 433] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 433] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 434] <... futex resumed>) = 0 [pid 434] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 433] <... futex resumed>) = ? [pid 434] +++ killed by SIGBUS +++ [pid 433] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=433, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 [ 25.069747][ T434] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 25.102462][ T435] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-434: bg 0: block 234: padding at end of block bitmap is not set umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558dca6690) = 439 ./strace-static-x86_64: Process 439 attached [pid 439] set_robust_list(0x55558dca66a0, 24) = 0 [pid 439] chdir("./13") = 0 [pid 439] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 439] setpgid(0, 0) = 0 [pid 439] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 439] write(3, "1000", 4) = 4 [pid 439] close(3) = 0 [pid 439] symlink("/dev/binderfs", "./binderfs") = 0 [pid 439] write(1, "executing program\n", 18executing program ) = 18 [pid 439] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 439] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 439] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 439] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 439] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 439] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0}./strace-static-x86_64: Process 440 attached [pid 440] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 440] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 440] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 439] <... clone3 resumed> => {parent_tid=[440]}, 88) = 440 [pid 439] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 439] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 440] <... futex resumed>) = 0 [pid 440] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 439] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] <... openat resumed>) = 3 [pid 440] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 439] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 439] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 440] <... futex resumed>) = 0 [pid 439] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 440] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 440] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 439] <... futex resumed>) = 0 [pid 439] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] <... futex resumed>) = 0 [pid 439] <... futex resumed>) = 1 [pid 440] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 439] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 440] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 439] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] <... futex resumed>) = 0 [pid 439] <... futex resumed>) = 1 [pid 440] ioctl(3, VHOST_SET_MEM_TABLE [pid 439] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] <... ioctl resumed>, 0x200000003380) = 0 [pid 440] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 440] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 439] <... futex resumed>) = 0 [pid 439] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] <... futex resumed>) = 0 [pid 439] <... futex resumed>) = 1 [pid 440] eventfd2(4294967295, EFD_SEMAPHORE [pid 439] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] <... eventfd2 resumed>) = 4 [pid 440] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 439] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 440] <... futex resumed>) = 0 [pid 440] ioctl(3, VHOST_SET_VRING_ERR [pid 439] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 440] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 439] <... futex resumed>) = 0 [pid 440] <... futex resumed>) = 0 [pid 440] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 439] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 439] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] <... futex resumed>) = 0 [pid 439] <... futex resumed>) = 1 [pid 440] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 439] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 440] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 439] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] <... futex resumed>) = 0 [pid 439] <... futex resumed>) = 1 [pid 440] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 439] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 440] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 439] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] <... futex resumed>) = 0 [pid 439] <... futex resumed>) = 1 [pid 440] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 439] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 440] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 439] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] <... futex resumed>) = 0 [pid 439] <... futex resumed>) = 1 [pid 439] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 440] memfd_create("syzkaller", 0) = 5 [pid 440] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 440] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 440] munmap(0x7fc9d7676000, 138412032) = 0 [pid 440] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 440] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 440] close(5) = 0 [pid 440] close(6) = 0 [pid 440] mkdir("./file0", 0777) = 0 [pid 440] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 440] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 440] chdir("./file0") = 0 [pid 440] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 440] ioctl(6, LOOP_CLR_FD) = 0 [pid 440] close(6) = 0 [pid 440] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 439] <... futex resumed>) = 0 [pid 439] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 440] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 439] <... futex resumed>) = 0 [pid 439] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] write(6, "#! ./file1\n", 11) = 11 [pid 440] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 439] <... futex resumed>) = 0 [pid 439] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 439] <... futex resumed>) = 0 [pid 439] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] <... mmap resumed>) = 0x200000000000 [pid 440] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 439] <... futex resumed>) = 0 [pid 439] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 25.287639][ T440] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [pid 439] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 439] <... futex resumed>) = ? [pid 440] +++ killed by SIGBUS +++ [pid 439] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=439, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 [ 25.334277][ T441] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-440: bg 0: block 234: padding at end of block bitmap is not set umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 445 attached , child_tidptr=0x55558dca6690) = 445 [pid 445] set_robust_list(0x55558dca66a0, 24) = 0 [pid 445] chdir("./14") = 0 [pid 445] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 445] setpgid(0, 0) = 0 [pid 445] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 445] write(3, "1000", 4) = 4 [pid 445] close(3) = 0 [pid 445] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 445] write(1, "executing program\n", 18) = 18 [pid 445] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 445] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 445] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 445] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 445] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 445] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0} => {parent_tid=[446]}, 88) = 446 [pid 445] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 445] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 446 attached [pid 446] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 446] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 446] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 446] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 446] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 446] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 446] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 446] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 446] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 446] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 446] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 446] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 446] memfd_create("syzkaller", 0) = 5 [pid 446] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 446] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 446] munmap(0x7fc9d7676000, 138412032) = 0 [pid 446] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 446] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 446] close(5) = 0 [pid 446] close(6) = 0 [pid 446] mkdir("./file0", 0777) = 0 [pid 446] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 446] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 446] chdir("./file0") = 0 [pid 446] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 446] ioctl(6, LOOP_CLR_FD) = 0 [pid 446] close(6) = 0 [pid 446] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 446] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] write(6, "#! ./file1\n", 11) = 11 [pid 446] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 446] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 445] <... futex resumed>) = ? [pid 446] +++ killed by SIGBUS +++ [pid 445] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=445, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 [ 25.565883][ T446] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 25.600220][ T447] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-446: bg 0: block 234: padding at end of block bitmap is not set umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558dca6690) = 451 ./strace-static-x86_64: Process 451 attached [pid 451] set_robust_list(0x55558dca66a0, 24) = 0 [pid 451] chdir("./15") = 0 [pid 451] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 451] setpgid(0, 0) = 0 [pid 451] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 451] write(3, "1000", 4) = 4 [pid 451] close(3) = 0 [pid 451] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 451] write(1, "executing program\n", 18) = 18 [pid 451] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 451] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 451] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 451] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 451] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 451] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0}./strace-static-x86_64: Process 452 attached [pid 452] set_robust_list(0x7fc9dfa969a0, 24 [pid 451] <... clone3 resumed> => {parent_tid=[452]}, 88) = 452 [pid 452] <... set_robust_list resumed>) = 0 [pid 451] rt_sigprocmask(SIG_SETMASK, [], [pid 452] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 452] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 451] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 451] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 452] <... futex resumed>) = 0 [pid 451] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 452] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 451] <... futex resumed>) = 0 [pid 452] ioctl(3, VHOST_SET_OWNER [pid 451] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] <... ioctl resumed>, 0) = 0 [pid 452] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 452] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 452] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 452] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 452] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 452] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 452] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 452] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 452] memfd_create("syzkaller", 0) = 5 [pid 452] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 452] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 452] munmap(0x7fc9d7676000, 138412032) = 0 [pid 452] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 452] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 452] close(5) = 0 [pid 452] close(6) = 0 [pid 452] mkdir("./file0", 0777) = 0 [pid 452] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 452] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 452] chdir("./file0") = 0 [pid 452] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 452] ioctl(6, LOOP_CLR_FD) = 0 [pid 452] close(6) = 0 [pid 452] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 452] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] <... futex resumed>) = 1 [pid 452] write(6, "#! ./file1\n", 11) = 11 [pid 452] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] <... futex resumed>) = 1 [pid 452] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 452] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 25.859917][ T452] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [pid 451] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] <... futex resumed>) = 1 [pid 452] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 451] <... futex resumed>) = ? [pid 452] +++ killed by SIGBUS +++ [pid 451] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=451, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 [ 25.903851][ T453] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-452: bg 0: block 234: padding at end of block bitmap is not set umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558dca6690) = 458 ./strace-static-x86_64: Process 458 attached [pid 458] set_robust_list(0x55558dca66a0, 24) = 0 [pid 458] chdir("./16") = 0 [pid 458] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 458] setpgid(0, 0) = 0 [pid 458] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 458] write(3, "1000", 4) = 4 [pid 458] close(3) = 0 [pid 458] symlink("/dev/binderfs", "./binderfs") = 0 [pid 458] write(1, "executing program\n", 18executing program ) = 18 [pid 458] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 458] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 458] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 458] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 458] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 458] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 458] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0} => {parent_tid=[459]}, 88) = 459 [pid 458] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 458] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 458] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 459 attached [pid 459] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 459] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 459] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 459] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 458] <... futex resumed>) = 0 [pid 458] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 458] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 459] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 459] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 458] <... futex resumed>) = 0 [pid 458] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 458] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 459] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 459] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 458] <... futex resumed>) = 0 [pid 458] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 458] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 459] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 459] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 458] <... futex resumed>) = 0 [pid 458] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 458] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 459] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 459] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 458] <... futex resumed>) = 0 [pid 458] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 458] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 459] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 459] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 458] <... futex resumed>) = 0 [pid 458] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 458] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 459] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 459] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 458] <... futex resumed>) = 0 [pid 458] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 458] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 459] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 459] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 458] <... futex resumed>) = 0 [pid 458] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 458] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 459] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 459] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 458] <... futex resumed>) = 0 [pid 458] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 458] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 459] memfd_create("syzkaller", 0) = 5 [pid 459] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 459] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 459] munmap(0x7fc9d7676000, 138412032) = 0 [pid 459] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 459] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 459] close(5) = 0 [pid 459] close(6) = 0 [pid 459] mkdir("./file0", 0777) = 0 [pid 459] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 459] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 459] chdir("./file0") = 0 [pid 459] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 459] ioctl(6, LOOP_CLR_FD) = 0 [pid 459] close(6) = 0 [pid 459] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 458] <... futex resumed>) = 0 [pid 458] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 458] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 459] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 459] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 458] <... futex resumed>) = 0 [pid 458] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 458] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 459] write(6, "#! ./file1\n", 11) = 11 [pid 459] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 458] <... futex resumed>) = 0 [pid 458] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 458] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 459] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 459] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 459] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 458] <... futex resumed>) = 0 [pid 458] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 458] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 459] <... futex resumed>) = 0 [pid 459] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 458] <... futex resumed>) = ? [pid 459] +++ killed by SIGBUS +++ [pid 458] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=458, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 [ 26.058600][ T459] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 26.091966][ T460] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-459: bg 0: block 234: padding at end of block bitmap is not set umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 464 attached , child_tidptr=0x55558dca6690) = 464 [pid 464] set_robust_list(0x55558dca66a0, 24) = 0 [pid 464] chdir("./17") = 0 [pid 464] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 464] setpgid(0, 0) = 0 [pid 464] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 464] write(3, "1000", 4) = 4 [pid 464] close(3) = 0 [pid 464] symlink("/dev/binderfs", "./binderfs") = 0 [pid 464] write(1, "executing program\n", 18executing program ) = 18 [pid 464] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 464] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 464] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 464] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 464] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 464] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0}./strace-static-x86_64: Process 465 attached => {parent_tid=[465]}, 88) = 465 [pid 465] set_robust_list(0x7fc9dfa969a0, 24 [pid 464] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 464] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 465] <... set_robust_list resumed>) = 0 [pid 465] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 465] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 465] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 465] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 465] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 465] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 465] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 465] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 465] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 465] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 465] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 465] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 465] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 465] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 465] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 465] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 465] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 465] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 465] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 465] memfd_create("syzkaller", 0) = 5 [pid 465] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 465] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 465] munmap(0x7fc9d7676000, 138412032) = 0 [pid 465] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 465] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 465] close(5) = 0 [pid 465] close(6) = 0 [pid 465] mkdir("./file0", 0777) = 0 [pid 465] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 465] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 465] chdir("./file0") = 0 [pid 465] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 465] ioctl(6, LOOP_CLR_FD) = 0 [pid 465] close(6) = 0 [pid 465] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 465] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 465] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 465] write(6, "#! ./file1\n", 11) = 11 [pid 465] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 465] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 465] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 465] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 464] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 465] <... futex resumed>) = 0 [pid 465] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 464] <... futex resumed>) = ? [pid 465] +++ killed by SIGBUS +++ [pid 464] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=464, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 [ 26.241454][ T465] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 26.273651][ T466] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-465: bg 0: block 234: padding at end of block bitmap is not set umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 470 attached , child_tidptr=0x55558dca6690) = 470 [pid 470] set_robust_list(0x55558dca66a0, 24) = 0 [pid 470] chdir("./18") = 0 [pid 470] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 470] setpgid(0, 0) = 0 [pid 470] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 470] write(3, "1000", 4) = 4 [pid 470] close(3) = 0 [pid 470] symlink("/dev/binderfs", "./binderfs") = 0 [pid 470] write(1, "executing program\n", 18executing program ) = 18 [pid 470] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 470] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 470] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 470] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 470] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 470] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0} => {parent_tid=[471]}, 88) = 471 [pid 470] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 470] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 471 attached [pid 471] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 471] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 471] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 471] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 470] <... futex resumed>) = 0 [pid 470] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 471] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 470] <... futex resumed>) = 0 [pid 470] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 471] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 470] <... futex resumed>) = 0 [pid 470] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 471] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 470] <... futex resumed>) = 0 [pid 470] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 471] eventfd2(4294967295, EFD_SEMAPHORE [pid 470] <... futex resumed>) = 0 [pid 470] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] <... eventfd2 resumed>) = 4 [pid 471] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 470] <... futex resumed>) = 0 [pid 470] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 471] ioctl(3, VHOST_SET_VRING_ERR [pid 470] <... futex resumed>) = 0 [pid 470] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 471] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 470] <... futex resumed>) = 0 [pid 470] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 471] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 470] <... futex resumed>) = 0 [pid 470] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 471] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 470] <... futex resumed>) = 0 [pid 470] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 471] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 470] <... futex resumed>) = 0 [pid 470] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 471] memfd_create("syzkaller", 0) = 5 [pid 471] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 471] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 471] munmap(0x7fc9d7676000, 138412032) = 0 [pid 471] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 471] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 471] close(5) = 0 [pid 471] close(6) = 0 [pid 471] mkdir("./file0", 0777) = 0 [pid 471] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 471] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 471] chdir("./file0") = 0 [pid 471] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 471] ioctl(6, LOOP_CLR_FD) = 0 [pid 471] close(6) = 0 [pid 471] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 470] <... futex resumed>) = 0 [pid 470] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 471] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 470] <... futex resumed>) = 0 [pid 470] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] write(6, "#! ./file1\n", 11) = 11 [pid 471] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 470] <... futex resumed>) = 0 [pid 470] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 471] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 470] <... futex resumed>) = 0 [pid 470] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 470] <... futex resumed>) = ? [pid 471] +++ killed by SIGBUS +++ [pid 470] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=470, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 [ 26.403413][ T471] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 26.435613][ T472] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-471: bg 0: block 234: padding at end of block bitmap is not set umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558dca6690) = 476 ./strace-static-x86_64: Process 476 attached [pid 476] set_robust_list(0x55558dca66a0, 24) = 0 [pid 476] chdir("./19") = 0 [pid 476] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 476] setpgid(0, 0) = 0 [pid 476] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 476] write(3, "1000", 4) = 4 [pid 476] close(3) = 0 [pid 476] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 476] write(1, "executing program\n", 18) = 18 [pid 476] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 476] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 476] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 476] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 476] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 476] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 476] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0}./strace-static-x86_64: Process 477 attached => {parent_tid=[477]}, 88) = 477 [pid 477] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 477] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 477] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 476] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 476] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 477] <... futex resumed>) = 0 [pid 476] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 477] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 477] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 476] <... futex resumed>) = 0 [pid 477] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 476] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 477] <... futex resumed>) = 0 [pid 476] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 477] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 477] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 477] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 476] <... futex resumed>) = 0 [pid 476] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 477] <... futex resumed>) = 0 [pid 477] ioctl(3, VHOST_SET_VRING_ADDR [pid 476] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 477] <... ioctl resumed>, 0x200000000300) = 0 [pid 477] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 477] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 476] <... futex resumed>) = 0 [pid 476] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 477] <... futex resumed>) = 0 [pid 476] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 477] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 477] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 477] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 476] <... futex resumed>) = 0 [pid 476] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] <... futex resumed>) = 0 [pid 476] <... futex resumed>) = 1 [pid 477] eventfd2(4294967295, EFD_SEMAPHORE [pid 476] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 477] <... eventfd2 resumed>) = 4 [pid 477] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 476] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 477] <... futex resumed>) = 0 [pid 477] ioctl(3, VHOST_SET_VRING_ERR [pid 476] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 477] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 476] <... futex resumed>) = 0 [pid 477] <... futex resumed>) = 0 [pid 477] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 476] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 476] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] <... futex resumed>) = 0 [pid 476] <... futex resumed>) = 1 [pid 476] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 477] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 477] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 477] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 476] <... futex resumed>) = 0 [pid 476] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] <... futex resumed>) = 0 [pid 476] <... futex resumed>) = 1 [pid 477] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 476] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 477] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 476] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 476] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 477] <... futex resumed>) = 0 [pid 477] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 476] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 477] <... ioctl resumed>, 0x200000000140) = 0 [pid 477] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 476] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 477] <... futex resumed>) = 0 [pid 477] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 476] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 476] <... futex resumed>) = 0 [pid 476] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 477] memfd_create("syzkaller", 0) = 5 [pid 477] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 477] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 477] munmap(0x7fc9d7676000, 138412032) = 0 [pid 477] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 477] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 477] close(5) = 0 [pid 477] close(6) = 0 [pid 477] mkdir("./file0", 0777) = 0 [pid 477] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 477] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 477] chdir("./file0") = 0 [pid 477] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 477] ioctl(6, LOOP_CLR_FD) = 0 [pid 477] close(6) = 0 [pid 477] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 476] <... futex resumed>) = 0 [pid 476] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 476] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 477] <... futex resumed>) = 1 [pid 477] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 477] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 476] <... futex resumed>) = 0 [pid 476] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 476] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 477] write(6, "#! ./file1\n", 11) = 11 [pid 477] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 476] <... futex resumed>) = 0 [pid 476] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 476] <... futex resumed>) = 0 [pid 476] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 477] <... mmap resumed>) = 0x200000000000 [pid 477] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 476] <... futex resumed>) = 0 [pid 476] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 476] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 477] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 476] <... futex resumed>) = ? [pid 477] +++ killed by SIGBUS +++ [pid 476] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=476, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 [ 26.599792][ T477] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 26.631211][ T478] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-477: bg 0: block 234: padding at end of block bitmap is not set umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558dca6690) = 482 ./strace-static-x86_64: Process 482 attached [pid 482] set_robust_list(0x55558dca66a0, 24) = 0 [pid 482] chdir("./20") = 0 [pid 482] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 482] setpgid(0, 0) = 0 [pid 482] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 482] write(3, "1000", 4) = 4 [pid 482] close(3) = 0 [pid 482] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 482] write(1, "executing program\n", 18) = 18 [pid 482] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 482] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 482] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 482] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 482] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 482] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0} => {parent_tid=[483]}, 88) = 483 [pid 482] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 482] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 483 attached [pid 483] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 483] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 483] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 483] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 482] <... futex resumed>) = 0 [pid 482] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 483] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 483] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 482] <... futex resumed>) = 0 [pid 482] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 483] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 483] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 482] <... futex resumed>) = 0 [pid 482] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 483] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 483] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 482] <... futex resumed>) = 0 [pid 482] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 483] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 483] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 482] <... futex resumed>) = 0 [pid 482] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 483] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 483] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 482] <... futex resumed>) = 0 [pid 482] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 483] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 483] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 482] <... futex resumed>) = 0 [pid 482] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 483] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 483] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 482] <... futex resumed>) = 0 [pid 482] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 483] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 483] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 482] <... futex resumed>) = 0 [pid 482] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 483] memfd_create("syzkaller", 0) = 5 [pid 483] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 483] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 483] munmap(0x7fc9d7676000, 138412032) = 0 [pid 483] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 483] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 483] close(5) = 0 [pid 483] close(6) = 0 [pid 483] mkdir("./file0", 0777) = 0 [pid 483] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 483] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 483] chdir("./file0") = 0 [pid 483] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 483] ioctl(6, LOOP_CLR_FD) = 0 [pid 483] close(6) = 0 [pid 483] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 482] <... futex resumed>) = 0 [pid 482] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 483] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 483] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 482] <... futex resumed>) = 0 [pid 482] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 483] write(6, "#! ./file1\n", 11) = 11 [pid 483] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 482] <... futex resumed>) = 0 [pid 482] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 483] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 483] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 482] <... futex resumed>) = 0 [pid 482] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 483] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 482] <... futex resumed>) = ? [pid 483] +++ killed by SIGBUS +++ [pid 482] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=482, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 [ 26.777511][ T483] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 26.811714][ T484] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-483: bg 0: block 234: padding at end of block bitmap is not set umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558dca6690) = 489 ./strace-static-x86_64: Process 489 attached [pid 489] set_robust_list(0x55558dca66a0, 24) = 0 [pid 489] chdir("./21") = 0 [pid 489] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 489] setpgid(0, 0) = 0 [pid 489] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 489] write(3, "1000", 4) = 4 [pid 489] close(3) = 0 [pid 489] symlink("/dev/binderfs", "./binderfs") = 0 [pid 489] write(1, "executing program\n", 18executing program ) = 18 [pid 489] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 489] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 489] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 489] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 489] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 489] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 489] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0} => {parent_tid=[490]}, 88) = 490 [pid 489] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 489] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 489] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 490 attached [pid 490] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 490] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 490] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 490] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 489] <... futex resumed>) = 0 [pid 489] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 489] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 490] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 490] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 489] <... futex resumed>) = 0 [pid 489] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 489] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 490] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 490] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 489] <... futex resumed>) = 0 [pid 489] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 489] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 490] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 490] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 489] <... futex resumed>) = 0 [pid 489] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 489] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 490] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 490] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 489] <... futex resumed>) = 0 [pid 489] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 489] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 490] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 490] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 489] <... futex resumed>) = 0 [pid 489] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 489] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 490] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 490] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 489] <... futex resumed>) = 0 [pid 489] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 489] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 490] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 490] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 489] <... futex resumed>) = 0 [pid 489] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 489] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 490] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 490] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 489] <... futex resumed>) = 0 [pid 489] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 489] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 490] memfd_create("syzkaller", 0) = 5 [pid 490] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 490] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 490] munmap(0x7fc9d7676000, 138412032) = 0 [pid 490] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 490] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 490] close(5) = 0 [pid 490] close(6) = 0 [pid 490] mkdir("./file0", 0777) = 0 [pid 490] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 490] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 490] chdir("./file0") = 0 [pid 490] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 490] ioctl(6, LOOP_CLR_FD) = 0 [pid 490] close(6) = 0 [pid 490] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 489] <... futex resumed>) = 0 [pid 489] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 489] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 490] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 490] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 489] <... futex resumed>) = 0 [pid 489] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 489] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 490] write(6, "#! ./file1\n", 11) = 11 [pid 490] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 489] <... futex resumed>) = 0 [pid 489] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 489] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 490] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 490] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 490] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 489] <... futex resumed>) = 0 [pid 489] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 489] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 490] <... futex resumed>) = 0 [pid 490] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 489] <... futex resumed>) = ? [pid 490] +++ killed by SIGBUS +++ [pid 489] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=489, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 [ 26.962716][ T490] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 26.996083][ T491] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-490: bg 0: block 234: padding at end of block bitmap is not set umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 495 attached [pid 495] set_robust_list(0x55558dca66a0, 24) = 0 [pid 495] chdir("./22") = 0 [pid 495] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 495] setpgid(0, 0) = 0 [pid 495] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 356] <... clone resumed>, child_tidptr=0x55558dca6690) = 495 [pid 495] <... openat resumed>) = 3 [pid 495] write(3, "1000", 4) = 4 [pid 495] close(3) = 0 [pid 495] symlink("/dev/binderfs", "./binderfs") = 0 [pid 495] write(1, "executing program\n", 18executing program ) = 18 [pid 495] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 495] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 495] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 495] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 495] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 495] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 495] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0} => {parent_tid=[496]}, 88) = 496 [pid 495] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 495] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 495] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 496 attached [pid 496] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 496] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 496] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 496] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 495] <... futex resumed>) = 0 [pid 495] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 495] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 496] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 496] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 495] <... futex resumed>) = 0 [pid 495] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 495] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 496] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 496] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 495] <... futex resumed>) = 0 [pid 495] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 495] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 496] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 496] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 495] <... futex resumed>) = 0 [pid 495] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 495] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 496] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 496] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 495] <... futex resumed>) = 0 [pid 495] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 495] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 496] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 496] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 495] <... futex resumed>) = 0 [pid 495] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 495] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 496] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 496] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 495] <... futex resumed>) = 0 [pid 495] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 495] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 496] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 496] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 495] <... futex resumed>) = 0 [pid 495] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 495] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 496] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 496] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 495] <... futex resumed>) = 0 [pid 495] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 495] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 496] memfd_create("syzkaller", 0) = 5 [pid 496] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 496] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 496] munmap(0x7fc9d7676000, 138412032) = 0 [pid 496] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 496] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 496] close(5) = 0 [pid 496] close(6) = 0 [pid 496] mkdir("./file0", 0777) = 0 [pid 496] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 496] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 496] chdir("./file0") = 0 [pid 496] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 496] ioctl(6, LOOP_CLR_FD) = 0 [pid 496] close(6) = 0 [pid 496] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 495] <... futex resumed>) = 0 [pid 495] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 495] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 496] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 496] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 495] <... futex resumed>) = 0 [pid 495] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 495] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 496] write(6, "#! ./file1\n", 11) = 11 [pid 496] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 495] <... futex resumed>) = 0 [pid 495] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 495] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 496] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 496] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 496] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 495] <... futex resumed>) = 0 [pid 495] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 495] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 496] <... futex resumed>) = 0 [pid 496] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 495] <... futex resumed>) = ? [pid 496] +++ killed by SIGBUS +++ [pid 495] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=495, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 [ 27.116647][ T496] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 27.150079][ T497] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-496: bg 0: block 234: padding at end of block bitmap is not set umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558dca6690) = 501 ./strace-static-x86_64: Process 501 attached [pid 501] set_robust_list(0x55558dca66a0, 24) = 0 [pid 501] chdir("./23") = 0 [pid 501] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 501] setpgid(0, 0) = 0 [pid 501] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 501] write(3, "1000", 4) = 4 [pid 501] close(3) = 0 [pid 501] symlink("/dev/binderfs", "./binderfs") = 0 [pid 501] write(1, "executing program\n", 18executing program ) = 18 [pid 501] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 501] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 501] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 501] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 501] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 501] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 501] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0}./strace-static-x86_64: Process 502 attached [pid 502] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 502] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 502] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 501] <... clone3 resumed> => {parent_tid=[502]}, 88) = 502 [pid 501] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 501] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 502] <... futex resumed>) = 0 [pid 501] <... futex resumed>) = 1 [pid 502] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 502] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 502] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 501] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 501] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 502] <... futex resumed>) = 0 [pid 501] <... futex resumed>) = 1 [pid 502] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 501] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 502] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 502] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 501] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 501] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 502] <... futex resumed>) = 0 [pid 501] <... futex resumed>) = 1 [pid 502] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 502] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 502] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 501] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 501] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 502] <... futex resumed>) = 0 [pid 501] <... futex resumed>) = 1 [pid 502] ioctl(3, VHOST_SET_MEM_TABLE [pid 501] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 502] <... ioctl resumed>, 0x200000003380) = 0 [pid 502] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 502] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 501] <... futex resumed>) = 0 [pid 501] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 502] <... futex resumed>) = 0 [pid 501] <... futex resumed>) = 1 [pid 502] eventfd2(4294967295, EFD_SEMAPHORE [pid 501] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 502] <... eventfd2 resumed>) = 4 [pid 502] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 502] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 501] <... futex resumed>) = 0 [pid 501] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 502] <... futex resumed>) = 0 [pid 501] <... futex resumed>) = 1 [pid 502] ioctl(3, VHOST_SET_VRING_ERR [pid 501] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 502] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 502] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 501] <... futex resumed>) = 0 [pid 502] ioctl(3, VHOST_SET_VRING_ADDR [pid 501] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 502] <... ioctl resumed>, 0x200000000240) = 0 [pid 501] <... futex resumed>) = 0 [pid 502] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 501] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 502] <... futex resumed>) = 0 [pid 502] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 501] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 501] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 502] <... futex resumed>) = 0 [pid 501] <... futex resumed>) = 1 [pid 502] ioctl(3, VHOST_SET_VRING_KICK [pid 501] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 502] <... ioctl resumed>, 0x200000000000) = 0 [pid 502] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 501] <... futex resumed>) = 0 [pid 502] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 501] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 502] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 501] <... futex resumed>) = 0 [pid 502] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 501] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 502] <... ioctl resumed>, 0x200000000140) = 0 [pid 502] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 501] <... futex resumed>) = 0 [pid 502] memfd_create("syzkaller", 0 [pid 501] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 502] <... memfd_create resumed>) = 5 [pid 502] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 501] <... futex resumed>) = 0 [pid 502] <... mmap resumed>) = 0x7fc9d7676000 [pid 501] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 502] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 502] munmap(0x7fc9d7676000, 138412032) = 0 [pid 502] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 502] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 502] close(5) = 0 [pid 502] close(6) = 0 [pid 502] mkdir("./file0", 0777) = 0 [pid 502] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 502] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 502] chdir("./file0") = 0 [pid 502] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 502] ioctl(6, LOOP_CLR_FD) = 0 [pid 502] close(6) = 0 [pid 502] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 501] <... futex resumed>) = 0 [pid 501] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 501] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 502] <... futex resumed>) = 1 [pid 502] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 502] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 501] <... futex resumed>) = 0 [pid 501] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 501] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 502] <... futex resumed>) = 1 [pid 502] write(6, "#! ./file1\n", 11) = 11 [pid 502] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 501] <... futex resumed>) = 0 [pid 501] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 502] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 501] <... futex resumed>) = 0 [pid 501] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 502] <... mmap resumed>) = 0x200000000000 [pid 502] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 27.319845][ T502] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [pid 501] <... futex resumed>) = 0 [pid 501] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 501] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 502] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 501] <... futex resumed>) = ? [pid 502] +++ killed by SIGBUS +++ [pid 501] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=501, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 [ 27.360173][ T503] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-502: bg 0: block 234: padding at end of block bitmap is not set umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558dca6690) = 507 ./strace-static-x86_64: Process 507 attached [pid 507] set_robust_list(0x55558dca66a0, 24) = 0 [pid 507] chdir("./24") = 0 [pid 507] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 507] setpgid(0, 0) = 0 [pid 507] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 507] write(3, "1000", 4) = 4 [pid 507] close(3) = 0 [pid 507] symlink("/dev/binderfs", "./binderfs") = 0 [pid 507] write(1, "executing program\n", 18executing program ) = 18 [pid 507] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 507] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 507] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 507] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 507] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 507] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 507] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0} => {parent_tid=[508]}, 88) = 508 [pid 507] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 507] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 507] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 508 attached [pid 508] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 508] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 508] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 508] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 507] <... futex resumed>) = 0 [pid 507] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 507] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 508] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 508] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 507] <... futex resumed>) = 0 [pid 507] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 507] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 508] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 508] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 507] <... futex resumed>) = 0 [pid 507] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 507] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 508] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 508] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 507] <... futex resumed>) = 0 [pid 507] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 507] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 508] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 508] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 507] <... futex resumed>) = 0 [pid 507] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 507] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 508] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 508] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 507] <... futex resumed>) = 0 [pid 507] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 507] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 508] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 508] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 507] <... futex resumed>) = 0 [pid 507] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 507] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 508] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 508] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 507] <... futex resumed>) = 0 [pid 507] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 507] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 508] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 508] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 507] <... futex resumed>) = 0 [pid 507] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 507] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 508] memfd_create("syzkaller", 0) = 5 [pid 508] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 508] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 508] munmap(0x7fc9d7676000, 138412032) = 0 [pid 508] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 508] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 508] close(5) = 0 [pid 508] close(6) = 0 [pid 508] mkdir("./file0", 0777) = 0 [pid 508] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 508] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 508] chdir("./file0") = 0 [pid 508] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 508] ioctl(6, LOOP_CLR_FD) = 0 [pid 508] close(6) = 0 [pid 508] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 507] <... futex resumed>) = 0 [pid 507] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 507] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 508] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 508] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 507] <... futex resumed>) = 0 [pid 507] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 507] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 508] write(6, "#! ./file1\n", 11) = 11 [pid 508] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 507] <... futex resumed>) = 0 [pid 507] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 508] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 507] <... futex resumed>) = 0 [pid 507] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 508] <... mmap resumed>) = 0x200000000000 [pid 508] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 507] <... futex resumed>) = 0 [pid 507] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 507] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 508] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 507] <... futex resumed>) = ? [pid 508] +++ killed by SIGBUS +++ [pid 507] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=507, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 [ 27.486519][ T508] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 27.520036][ T509] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-508: bg 0: block 234: padding at end of block bitmap is not set umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558dca6690) = 513 ./strace-static-x86_64: Process 513 attached [pid 513] set_robust_list(0x55558dca66a0, 24) = 0 [pid 513] chdir("./25") = 0 [pid 513] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 513] setpgid(0, 0) = 0 [pid 513] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 513] write(3, "1000", 4) = 4 [pid 513] close(3) = 0 [pid 513] symlink("/dev/binderfs", "./binderfs") = 0 [pid 513] write(1, "executing program\n", 18executing program ) = 18 [pid 513] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 513] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 513] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 513] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 513] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 513] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0} => {parent_tid=[514]}, 88) = 514 [pid 513] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 513] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 514 attached [pid 514] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 514] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 514] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 514] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 513] <... futex resumed>) = 0 [pid 513] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 514] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 514] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 513] <... futex resumed>) = 0 [pid 513] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 514] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 514] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 513] <... futex resumed>) = 0 [pid 513] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 514] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 514] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 513] <... futex resumed>) = 0 [pid 513] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 514] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 514] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 513] <... futex resumed>) = 0 [pid 513] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 514] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 514] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 513] <... futex resumed>) = 0 [pid 513] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 514] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 514] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 513] <... futex resumed>) = 0 [pid 513] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 514] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 514] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 513] <... futex resumed>) = 0 [pid 513] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 514] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 514] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 513] <... futex resumed>) = 0 [pid 513] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 514] memfd_create("syzkaller", 0) = 5 [pid 514] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 514] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 514] munmap(0x7fc9d7676000, 138412032) = 0 [pid 514] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 514] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 514] close(5) = 0 [pid 514] close(6) = 0 [pid 514] mkdir("./file0", 0777) = 0 [pid 514] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 514] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 514] chdir("./file0") = 0 [pid 514] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 514] ioctl(6, LOOP_CLR_FD) = 0 [pid 514] close(6) = 0 [pid 514] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 513] <... futex resumed>) = 0 [pid 513] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 514] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 514] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 513] <... futex resumed>) = 0 [pid 513] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 514] write(6, "#! ./file1\n", 11) = 11 [pid 514] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 513] <... futex resumed>) = 0 [pid 513] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 514] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 514] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 513] <... futex resumed>) = 0 [pid 513] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 514] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 513] <... futex resumed>) = ? [pid 514] +++ killed by SIGBUS +++ [pid 513] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=513, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 [ 27.690066][ T514] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 27.723128][ T515] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-514: bg 0: block 234: padding at end of block bitmap is not set umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558dca6690) = 520 ./strace-static-x86_64: Process 520 attached [pid 520] set_robust_list(0x55558dca66a0, 24) = 0 [pid 520] chdir("./26") = 0 [pid 520] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 520] setpgid(0, 0) = 0 [pid 520] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 520] write(3, "1000", 4) = 4 [pid 520] close(3) = 0 [pid 520] symlink("/dev/binderfs", "./binderfs") = 0 [pid 520] write(1, "executing program\n", 18executing program ) = 18 [pid 520] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 520] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 520] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 520] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 520] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 520] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 520] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0} => {parent_tid=[521]}, 88) = 521 ./strace-static-x86_64: Process 521 attached [pid 520] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 520] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 520] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 521] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 521] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 521] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 521] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 520] <... futex resumed>) = 0 [pid 520] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 520] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 521] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 521] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 520] <... futex resumed>) = 0 [pid 520] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 520] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 521] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 521] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 520] <... futex resumed>) = 0 [pid 520] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 520] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 521] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 521] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 520] <... futex resumed>) = 0 [pid 520] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 520] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 521] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 521] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 520] <... futex resumed>) = 0 [pid 520] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 520] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 521] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 521] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 520] <... futex resumed>) = 0 [pid 520] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 520] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 521] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 521] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 520] <... futex resumed>) = 0 [pid 520] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 520] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 521] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 521] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 520] <... futex resumed>) = 0 [pid 520] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 520] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 521] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 521] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 520] <... futex resumed>) = 0 [pid 521] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 520] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 520] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 521] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 521] memfd_create("syzkaller", 0) = 5 [pid 521] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 521] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 521] munmap(0x7fc9d7676000, 138412032) = 0 [pid 521] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 521] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 521] close(5) = 0 [pid 521] close(6) = 0 [pid 521] mkdir("./file0", 0777) = 0 [pid 521] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 521] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 521] chdir("./file0") = 0 [pid 521] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 521] ioctl(6, LOOP_CLR_FD) = 0 [pid 521] close(6) = 0 [pid 521] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 520] <... futex resumed>) = 0 [pid 520] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 520] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 521] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 521] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 520] <... futex resumed>) = 0 [pid 520] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 520] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 521] write(6, "#! ./file1\n", 11) = 11 [pid 521] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 520] <... futex resumed>) = 0 [pid 520] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 520] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 521] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 521] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 521] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 520] <... futex resumed>) = 0 [pid 520] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 520] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 521] <... futex resumed>) = 0 [pid 521] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 520] <... futex resumed>) = ? [pid 521] +++ killed by SIGBUS +++ [pid 520] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=520, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 [ 27.859843][ T521] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 27.893229][ T522] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-521: bg 0: block 234: padding at end of block bitmap is not set umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558dca6690) = 526 ./strace-static-x86_64: Process 526 attached [pid 526] set_robust_list(0x55558dca66a0, 24) = 0 [pid 526] chdir("./27") = 0 [pid 526] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 526] setpgid(0, 0) = 0 [pid 526] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 526] write(3, "1000", 4) = 4 [pid 526] close(3) = 0 [pid 526] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 526] write(1, "executing program\n", 18) = 18 [pid 526] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 526] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 526] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 526] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 526] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 526] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 526] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0}./strace-static-x86_64: Process 527 attached => {parent_tid=[527]}, 88) = 527 [pid 527] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 527] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 527] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 526] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 526] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 527] <... futex resumed>) = 0 [pid 526] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 527] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 527] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 527] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 526] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 526] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 527] <... futex resumed>) = 0 [pid 526] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 527] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 527] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 526] <... futex resumed>) = 0 [pid 526] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 526] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 527] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 527] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 526] <... futex resumed>) = 0 [pid 526] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 526] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 527] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 527] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 526] <... futex resumed>) = 0 [pid 526] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 526] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 527] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 527] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 526] <... futex resumed>) = 0 [pid 526] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 526] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 527] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 527] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 526] <... futex resumed>) = 0 [pid 526] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 526] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 527] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 527] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 526] <... futex resumed>) = 0 [pid 526] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 526] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 527] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 527] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 526] <... futex resumed>) = 0 [pid 526] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 526] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 527] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 527] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 526] <... futex resumed>) = 0 [pid 526] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 526] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 527] memfd_create("syzkaller", 0) = 5 [pid 527] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 527] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 527] munmap(0x7fc9d7676000, 138412032) = 0 [pid 527] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 527] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 527] close(5) = 0 [pid 527] close(6) = 0 [pid 527] mkdir("./file0", 0777) = 0 [pid 527] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 527] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 527] chdir("./file0") = 0 [pid 527] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 527] ioctl(6, LOOP_CLR_FD) = 0 [pid 527] close(6) = 0 [pid 527] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 526] <... futex resumed>) = 0 [pid 526] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 526] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 527] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 527] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 526] <... futex resumed>) = 0 [pid 526] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 526] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 527] <... futex resumed>) = 1 [pid 527] write(6, "#! ./file1\n", 11) = 11 [pid 527] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 526] <... futex resumed>) = 0 [pid 526] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 526] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 527] <... futex resumed>) = 1 [pid 527] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 527] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 526] <... futex resumed>) = 0 [pid 526] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 526] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 527] <... futex resumed>) = 1 [ 28.128266][ T527] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [pid 527] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 526] <... futex resumed>) = ? [pid 527] +++ killed by SIGBUS +++ [pid 526] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=526, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 [ 28.173647][ T528] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-527: bg 0: block 234: padding at end of block bitmap is not set umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558dca6690) = 532 ./strace-static-x86_64: Process 532 attached [pid 532] set_robust_list(0x55558dca66a0, 24) = 0 [pid 532] chdir("./28") = 0 [pid 532] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 532] setpgid(0, 0) = 0 [pid 532] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 532] write(3, "1000", 4) = 4 [pid 532] close(3) = 0 [pid 532] symlink("/dev/binderfs", "./binderfs") = 0 [pid 532] write(1, "executing program\n", 18executing program ) = 18 [pid 532] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 532] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 532] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 532] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 532] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 532] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 532] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0} => {parent_tid=[533]}, 88) = 533 [pid 532] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 532] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 532] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 533 attached [pid 533] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 533] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 533] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 533] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 532] <... futex resumed>) = 0 [pid 532] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 532] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 533] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 533] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 532] <... futex resumed>) = 0 [pid 532] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 532] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 533] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 533] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 532] <... futex resumed>) = 0 [pid 532] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 532] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 533] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 533] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 532] <... futex resumed>) = 0 [pid 532] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 532] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 533] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 533] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 532] <... futex resumed>) = 0 [pid 532] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 532] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 533] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 533] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 532] <... futex resumed>) = 0 [pid 532] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 532] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 533] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 533] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 532] <... futex resumed>) = 0 [pid 532] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 532] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 533] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 533] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 532] <... futex resumed>) = 0 [pid 533] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 532] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 532] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 533] <... ioctl resumed>, 0x200000000140) = 0 [pid 533] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 532] <... futex resumed>) = 0 [pid 532] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 533] memfd_create("syzkaller", 0 [pid 532] <... futex resumed>) = 0 [pid 532] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 533] <... memfd_create resumed>) = 5 [pid 533] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 533] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 533] munmap(0x7fc9d7676000, 138412032) = 0 [pid 533] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 533] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 533] close(5) = 0 [pid 533] close(6) = 0 [pid 533] mkdir("./file0", 0777) = 0 [pid 533] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 533] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 533] chdir("./file0") = 0 [pid 533] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 533] ioctl(6, LOOP_CLR_FD) = 0 [pid 533] close(6) = 0 [pid 533] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 532] <... futex resumed>) = 0 [pid 532] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 532] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 533] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 533] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 532] <... futex resumed>) = 0 [pid 532] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 532] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 533] write(6, "#! ./file1\n", 11) = 11 [pid 533] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 532] <... futex resumed>) = 0 [pid 532] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 532] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 533] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 533] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 532] <... futex resumed>) = 0 [pid 532] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 532] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 533] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 532] <... futex resumed>) = ? [pid 533] +++ killed by SIGBUS +++ [pid 532] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=532, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 [ 28.309890][ T533] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 28.342459][ T534] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-533: bg 0: block 234: padding at end of block bitmap is not set umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558dca6690) = 538 ./strace-static-x86_64: Process 538 attached [pid 538] set_robust_list(0x55558dca66a0, 24) = 0 [pid 538] chdir("./29") = 0 [pid 538] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 538] setpgid(0, 0) = 0 [pid 538] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 538] write(3, "1000", 4) = 4 [pid 538] close(3) = 0 [pid 538] symlink("/dev/binderfs", "./binderfs") = 0 [pid 538] write(1, "executing program\n", 18executing program ) = 18 [pid 538] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 538] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 538] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 538] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 538] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 538] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 538] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0} => {parent_tid=[539]}, 88) = 539 [pid 538] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 538] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 538] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 539 attached [pid 539] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 539] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 539] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 539] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 538] <... futex resumed>) = 0 [pid 538] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 538] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 539] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 539] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 538] <... futex resumed>) = 0 [pid 538] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 538] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 539] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 539] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 538] <... futex resumed>) = 0 [pid 538] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 538] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 539] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 539] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 538] <... futex resumed>) = 0 [pid 538] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 538] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 539] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 539] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 538] <... futex resumed>) = 0 [pid 538] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 538] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 539] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 539] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 538] <... futex resumed>) = 0 [pid 538] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 538] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 539] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 539] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 538] <... futex resumed>) = 0 [pid 538] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 538] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 539] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 539] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 538] <... futex resumed>) = 0 [pid 538] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 538] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 539] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 539] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 538] <... futex resumed>) = 0 [pid 538] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 538] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 539] memfd_create("syzkaller", 0) = 5 [pid 539] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 539] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 539] munmap(0x7fc9d7676000, 138412032) = 0 [pid 539] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 539] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 539] close(5) = 0 [pid 539] close(6) = 0 [pid 539] mkdir("./file0", 0777) = 0 [pid 539] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 539] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 539] chdir("./file0") = 0 [pid 539] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 539] ioctl(6, LOOP_CLR_FD) = 0 [pid 539] close(6) = 0 [pid 539] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 538] <... futex resumed>) = 0 [pid 538] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 538] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 539] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 539] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 538] <... futex resumed>) = 0 [pid 538] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 538] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 539] write(6, "#! ./file1\n", 11) = 11 [pid 539] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 538] <... futex resumed>) = 0 [pid 538] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 538] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 539] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 539] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 539] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 538] <... futex resumed>) = 0 [pid 538] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 538] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 539] <... futex resumed>) = 0 [pid 539] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 538] <... futex resumed>) = ? [pid 539] +++ killed by SIGBUS +++ [pid 538] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=538, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 [ 28.487642][ T539] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 28.521283][ T540] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-539: bg 0: block 234: padding at end of block bitmap is not set umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558dca6690) = 544 ./strace-static-x86_64: Process 544 attached [pid 544] set_robust_list(0x55558dca66a0, 24) = 0 [pid 544] chdir("./30") = 0 [pid 544] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 544] setpgid(0, 0) = 0 [pid 544] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 544] write(3, "1000", 4) = 4 [pid 544] close(3) = 0 [pid 544] symlink("/dev/binderfs", "./binderfs") = 0 [pid 544] write(1, "executing program\n", 18executing program ) = 18 [pid 544] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 544] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 544] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 544] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 544] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 544] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 544] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0}./strace-static-x86_64: Process 545 attached => {parent_tid=[545]}, 88) = 545 [pid 544] rt_sigprocmask(SIG_SETMASK, [], [pid 545] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 545] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 545] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 544] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 544] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 545] <... futex resumed>) = 0 [pid 545] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 545] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 545] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 544] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 544] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 545] <... futex resumed>) = 0 [pid 545] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 544] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 545] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 545] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 544] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 544] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 545] <... futex resumed>) = 0 [pid 545] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 545] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 545] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 544] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 544] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 545] <... futex resumed>) = 0 [pid 544] <... futex resumed>) = 1 [pid 545] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 545] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 545] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 544] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 544] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 545] <... futex resumed>) = 0 [pid 545] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 545] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 545] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 544] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 544] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 545] <... futex resumed>) = 0 [pid 545] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 545] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 545] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 544] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 544] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 545] <... futex resumed>) = 0 [pid 545] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 545] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 545] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 544] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 544] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 545] <... futex resumed>) = 0 [pid 544] <... futex resumed>) = 1 [pid 545] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 545] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 545] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 544] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 544] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 545] <... futex resumed>) = 0 [pid 544] <... futex resumed>) = 1 [pid 545] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 545] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 545] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 544] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 544] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 545] <... futex resumed>) = 0 [pid 544] <... futex resumed>) = 1 [pid 545] memfd_create("syzkaller", 0 [pid 544] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 545] <... memfd_create resumed>) = 5 [pid 545] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 545] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 545] munmap(0x7fc9d7676000, 138412032) = 0 [pid 545] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 545] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 545] close(5) = 0 [pid 545] close(6) = 0 [pid 545] mkdir("./file0", 0777) = 0 [pid 545] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 545] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 545] chdir("./file0") = 0 [pid 545] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 545] ioctl(6, LOOP_CLR_FD) = 0 [pid 545] close(6) = 0 [pid 545] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 544] <... futex resumed>) = 0 [pid 544] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 544] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 545] <... futex resumed>) = 1 [pid 545] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 545] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 544] <... futex resumed>) = 0 [pid 544] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 544] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 545] <... futex resumed>) = 1 [pid 545] write(6, "#! ./file1\n", 11) = 11 [pid 545] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 544] <... futex resumed>) = 0 [pid 544] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 544] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 545] <... futex resumed>) = 1 [pid 545] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 545] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 544] <... futex resumed>) = 0 [pid 544] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 544] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 545] <... futex resumed>) = 1 [pid 545] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 544] <... futex resumed>) = ? [pid 545] +++ killed by SIGBUS +++ [pid 544] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=544, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 [ 28.687709][ T545] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 28.719361][ T546] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-545: bg 0: block 234: padding at end of block bitmap is not set umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 550 attached , child_tidptr=0x55558dca6690) = 550 [pid 550] set_robust_list(0x55558dca66a0, 24) = 0 [pid 550] chdir("./31") = 0 [pid 550] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 550] setpgid(0, 0) = 0 [pid 550] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 550] write(3, "1000", 4) = 4 [pid 550] close(3) = 0 [pid 550] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 550] write(1, "executing program\n", 18) = 18 [pid 550] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 550] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 550] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 550] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 550] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 550] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 550] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0}./strace-static-x86_64: Process 551 attached [pid 551] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 551] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 551] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 550] <... clone3 resumed> => {parent_tid=[551]}, 88) = 551 [pid 550] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 550] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 551] <... futex resumed>) = 0 [pid 551] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 551] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 551] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 550] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 550] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 551] <... futex resumed>) = 0 [pid 551] ioctl(3, VHOST_SET_OWNER [pid 550] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 551] <... ioctl resumed>, 0) = 0 [pid 551] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 550] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 551] <... futex resumed>) = 0 [pid 550] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 551] ioctl(3, VHOST_SET_VRING_ADDR [pid 550] <... futex resumed>) = 0 [pid 551] <... ioctl resumed>, 0x200000000300) = 0 [pid 550] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 551] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 550] <... futex resumed>) = 0 [pid 551] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 550] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 551] <... futex resumed>) = 0 [pid 550] <... futex resumed>) = 1 [pid 551] ioctl(3, VHOST_SET_MEM_TABLE [pid 550] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 551] <... ioctl resumed>, 0x200000003380) = 0 [pid 551] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 550] <... futex resumed>) = 0 [pid 551] eventfd2(4294967295, EFD_SEMAPHORE [pid 550] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 551] <... eventfd2 resumed>) = 4 [pid 550] <... futex resumed>) = 0 [pid 551] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 550] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 551] <... futex resumed>) = 0 [pid 550] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 551] ioctl(3, VHOST_SET_VRING_ERR [pid 550] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 551] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 550] <... futex resumed>) = 0 [pid 551] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 550] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 551] <... futex resumed>) = 0 [pid 550] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 551] ioctl(3, VHOST_SET_VRING_ADDR [pid 550] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 551] <... ioctl resumed>, 0x200000000240) = 0 [pid 550] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 551] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 551] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 550] <... futex resumed>) = 0 [pid 551] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 550] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 551] ioctl(3, VHOST_SET_VRING_KICK [pid 550] <... futex resumed>) = 0 [pid 551] <... ioctl resumed>, 0x200000000000) = 0 [pid 550] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 551] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 550] <... futex resumed>) = 0 [pid 551] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 550] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 551] <... futex resumed>) = 0 [pid 550] <... futex resumed>) = 1 [pid 551] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 550] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 551] <... ioctl resumed>, 0x200000000140) = 0 [pid 551] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 550] <... futex resumed>) = 0 [pid 551] memfd_create("syzkaller", 0 [pid 550] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 551] <... memfd_create resumed>) = 5 [pid 550] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 551] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 551] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 551] munmap(0x7fc9d7676000, 138412032) = 0 [pid 551] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 551] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 551] close(5) = 0 [pid 551] close(6) = 0 [pid 551] mkdir("./file0", 0777) = 0 [pid 551] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 551] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 551] chdir("./file0") = 0 [pid 551] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 551] ioctl(6, LOOP_CLR_FD) = 0 [pid 551] close(6) = 0 [pid 551] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 550] <... futex resumed>) = 0 [pid 550] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 550] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 551] <... futex resumed>) = 1 [pid 551] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 551] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 550] <... futex resumed>) = 0 [pid 550] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 550] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 551] <... futex resumed>) = 1 [pid 551] write(6, "#! ./file1\n", 11) = 11 [pid 551] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 550] <... futex resumed>) = 0 [pid 550] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 550] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 551] <... futex resumed>) = 1 [pid 551] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 551] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 550] <... futex resumed>) = 0 [pid 550] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 550] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 551] <... futex resumed>) = 1 [pid 551] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 550] <... futex resumed>) = ? [pid 551] +++ killed by SIGBUS +++ [pid 550] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=550, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 [ 28.829852][ T551] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 28.861249][ T552] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-551: bg 0: block 234: padding at end of block bitmap is not set umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 557 attached , child_tidptr=0x55558dca6690) = 557 [pid 557] set_robust_list(0x55558dca66a0, 24) = 0 [pid 557] chdir("./32") = 0 [pid 557] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 557] setpgid(0, 0) = 0 [pid 557] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 557] write(3, "1000", 4) = 4 [pid 557] close(3) = 0 [pid 557] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 557] write(1, "executing program\n", 18) = 18 [pid 557] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 557] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 557] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 557] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 557] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 557] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 557] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0}./strace-static-x86_64: Process 558 attached [pid 558] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 558] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 558] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 557] <... clone3 resumed> => {parent_tid=[558]}, 88) = 558 [pid 557] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 557] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 558] <... futex resumed>) = 0 [pid 557] <... futex resumed>) = 1 [pid 558] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 557] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 558] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 558] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 557] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 557] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 558] <... futex resumed>) = 0 [pid 557] <... futex resumed>) = 1 [pid 558] ioctl(3, VHOST_SET_OWNER [pid 557] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 558] <... ioctl resumed>, 0) = 0 [pid 558] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 558] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 557] <... futex resumed>) = 0 [pid 557] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 558] <... futex resumed>) = 0 [pid 557] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 558] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 558] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 557] <... futex resumed>) = 0 [pid 558] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 557] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 558] <... futex resumed>) = 0 [pid 557] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 558] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 558] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 557] <... futex resumed>) = 0 [pid 558] eventfd2(4294967295, EFD_SEMAPHORE [pid 557] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 558] <... eventfd2 resumed>) = 4 [pid 557] <... futex resumed>) = 0 [pid 558] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 557] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 558] <... futex resumed>) = 0 [pid 557] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 558] ioctl(3, VHOST_SET_VRING_ERR [pid 557] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 558] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 558] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 557] <... futex resumed>) = 0 [pid 558] <... futex resumed>) = 0 [pid 557] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 558] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 557] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 558] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 557] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 558] ioctl(3, VHOST_SET_VRING_ADDR [pid 557] <... futex resumed>) = 0 [pid 558] <... ioctl resumed>, 0x200000000240) = 0 [pid 557] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 558] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 558] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 557] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 557] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 558] <... futex resumed>) = 0 [pid 557] <... futex resumed>) = 1 [pid 558] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 557] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 558] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 557] <... futex resumed>) = 0 [pid 558] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 557] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 558] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 557] <... futex resumed>) = 0 [pid 558] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 557] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 558] <... ioctl resumed>, 0x200000000140) = 0 [pid 558] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 557] <... futex resumed>) = 0 [pid 558] memfd_create("syzkaller", 0 [pid 557] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 558] <... memfd_create resumed>) = 5 [pid 557] <... futex resumed>) = 0 [pid 557] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 558] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 558] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 558] munmap(0x7fc9d7676000, 138412032) = 0 [pid 558] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 558] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 558] close(5) = 0 [pid 558] close(6) = 0 [pid 558] mkdir("./file0", 0777) = 0 [pid 558] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 558] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 558] chdir("./file0") = 0 [pid 558] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 558] ioctl(6, LOOP_CLR_FD) = 0 [pid 558] close(6) = 0 [pid 558] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 557] <... futex resumed>) = 0 [pid 557] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 557] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 558] <... futex resumed>) = 1 [pid 558] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 558] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 557] <... futex resumed>) = 0 [pid 557] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 557] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 558] <... futex resumed>) = 1 [pid 558] write(6, "#! ./file1\n", 11) = 11 [pid 558] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 557] <... futex resumed>) = 0 [pid 557] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 557] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 558] <... futex resumed>) = 1 [pid 558] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 558] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 557] <... futex resumed>) = 0 [pid 557] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 557] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 558] <... futex resumed>) = 1 [pid 558] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 557] <... futex resumed>) = ? [pid 558] +++ killed by SIGBUS +++ [pid 557] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=557, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 [ 28.979787][ T558] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 29.011163][ T559] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-558: bg 0: block 234: padding at end of block bitmap is not set umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 563 attached , child_tidptr=0x55558dca6690) = 563 [pid 563] set_robust_list(0x55558dca66a0, 24) = 0 [pid 563] chdir("./33") = 0 [pid 563] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 563] setpgid(0, 0) = 0 [pid 563] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 563] write(3, "1000", 4) = 4 [pid 563] close(3) = 0 [pid 563] symlink("/dev/binderfs", "./binderfs") = 0 [pid 563] write(1, "executing program\n", 18executing program ) = 18 [pid 563] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 563] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 563] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 563] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 563] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 563] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 563] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0} => {parent_tid=[564]}, 88) = 564 [pid 563] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 563] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 563] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 564 attached [pid 564] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 564] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 564] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 564] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 563] <... futex resumed>) = 0 [pid 563] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 563] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 564] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 564] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 563] <... futex resumed>) = 0 [pid 563] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 563] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 564] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 564] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 563] <... futex resumed>) = 0 [pid 563] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 563] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 564] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 564] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 563] <... futex resumed>) = 0 [pid 563] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 563] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 564] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 564] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 563] <... futex resumed>) = 0 [pid 563] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 563] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 564] <... futex resumed>) = 1 [pid 564] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 564] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 563] <... futex resumed>) = 0 [pid 563] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 563] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 564] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 564] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 563] <... futex resumed>) = 0 [pid 563] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 563] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 564] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 564] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 563] <... futex resumed>) = 0 [pid 563] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 563] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 564] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 564] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 563] <... futex resumed>) = 0 [pid 563] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 563] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 564] memfd_create("syzkaller", 0) = 5 [pid 564] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 564] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 564] munmap(0x7fc9d7676000, 138412032) = 0 [pid 564] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 564] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 564] close(5) = 0 [pid 564] close(6) = 0 [pid 564] mkdir("./file0", 0777) = 0 [pid 564] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 564] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 564] chdir("./file0") = 0 [pid 564] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 564] ioctl(6, LOOP_CLR_FD) = 0 [pid 564] close(6) = 0 [pid 564] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 563] <... futex resumed>) = 0 [pid 563] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 563] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 564] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 564] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 563] <... futex resumed>) = 0 [pid 563] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 563] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 564] write(6, "#! ./file1\n", 11) = 11 [pid 564] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 563] <... futex resumed>) = 0 [pid 563] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 563] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 564] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 564] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 564] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 563] <... futex resumed>) = 0 [pid 563] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 563] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 564] <... futex resumed>) = 0 [pid 564] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 563] <... futex resumed>) = ? [pid 564] +++ killed by SIGBUS +++ [pid 563] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=563, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 [ 29.119723][ T564] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 29.152031][ T565] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-564: bg 0: block 234: padding at end of block bitmap is not set umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558dca6690) = 569 ./strace-static-x86_64: Process 569 attached [pid 569] set_robust_list(0x55558dca66a0, 24) = 0 [pid 569] chdir("./34") = 0 [pid 569] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 569] setpgid(0, 0) = 0 [pid 569] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 569] write(3, "1000", 4) = 4 [pid 569] close(3) = 0 [pid 569] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 569] write(1, "executing program\n", 18) = 18 [pid 569] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 569] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 569] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 569] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 569] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 569] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 569] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0}./strace-static-x86_64: Process 570 attached [pid 570] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 570] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 570] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 569] <... clone3 resumed> => {parent_tid=[570]}, 88) = 570 [pid 569] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 569] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 570] <... futex resumed>) = 0 [pid 570] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 569] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 570] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 570] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 569] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 569] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 570] <... futex resumed>) = 0 [pid 569] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 570] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 570] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 569] <... futex resumed>) = 0 [pid 569] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 569] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 570] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 570] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 569] <... futex resumed>) = 0 [pid 569] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 569] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 570] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 570] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 569] <... futex resumed>) = 0 [pid 569] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 569] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 570] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 570] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 569] <... futex resumed>) = 0 [pid 569] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 569] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 570] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 570] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 569] <... futex resumed>) = 0 [pid 569] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 569] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 570] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 570] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 569] <... futex resumed>) = 0 [pid 569] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 569] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 570] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 570] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 569] <... futex resumed>) = 0 [pid 569] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 569] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 570] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 570] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 569] <... futex resumed>) = 0 [pid 569] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 569] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 570] memfd_create("syzkaller", 0) = 5 [pid 570] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 570] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 570] munmap(0x7fc9d7676000, 138412032) = 0 [pid 570] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 570] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 570] close(5) = 0 [pid 570] close(6) = 0 [pid 570] mkdir("./file0", 0777) = 0 [pid 570] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 570] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 570] chdir("./file0") = 0 [pid 570] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 570] ioctl(6, LOOP_CLR_FD) = 0 [pid 570] close(6) = 0 [pid 570] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 569] <... futex resumed>) = 0 [pid 569] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 569] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 570] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 570] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 569] <... futex resumed>) = 0 [pid 569] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 570] write(6, "#! ./file1\n", 11 [pid 569] <... futex resumed>) = 0 [pid 569] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 570] <... write resumed>) = 11 [pid 570] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 569] <... futex resumed>) = 0 [pid 569] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 569] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 570] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 570] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 569] <... futex resumed>) = 0 [pid 569] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 569] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 570] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 569] <... futex resumed>) = ? [pid 570] +++ killed by SIGBUS +++ [pid 569] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=569, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 [ 29.326355][ T570] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 29.359154][ T571] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-570: bg 0: block 234: padding at end of block bitmap is not set umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 575 attached [pid 575] set_robust_list(0x55558dca66a0, 24) = 0 [pid 575] chdir("./35") = 0 [pid 575] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 575] setpgid(0, 0) = 0 [pid 575] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 356] <... clone resumed>, child_tidptr=0x55558dca6690) = 575 [pid 575] write(3, "1000", 4) = 4 [pid 575] close(3) = 0 [pid 575] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 575] write(1, "executing program\n", 18) = 18 [pid 575] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 575] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 575] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 575] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 575] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 575] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 575] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0} => {parent_tid=[576]}, 88) = 576 [pid 575] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 575] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 575] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 576 attached [pid 576] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 576] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 576] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 576] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 575] <... futex resumed>) = 0 [pid 575] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 575] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 576] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 576] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 575] <... futex resumed>) = 0 [pid 575] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 575] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 576] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 576] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 575] <... futex resumed>) = 0 [pid 575] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 575] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 576] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 576] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 575] <... futex resumed>) = 0 [pid 575] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 575] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 576] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 576] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 575] <... futex resumed>) = 0 [pid 575] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 575] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 576] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 576] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 575] <... futex resumed>) = 0 [pid 575] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 575] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 576] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 576] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 575] <... futex resumed>) = 0 [pid 575] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 575] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 576] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 576] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 575] <... futex resumed>) = 0 [pid 575] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 575] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 576] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 576] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 575] <... futex resumed>) = 0 [pid 575] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 575] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 576] memfd_create("syzkaller", 0) = 5 [pid 576] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 576] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 576] munmap(0x7fc9d7676000, 138412032) = 0 [pid 576] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 576] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 576] close(5) = 0 [pid 576] close(6) = 0 [pid 576] mkdir("./file0", 0777) = 0 [pid 576] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 576] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 576] chdir("./file0") = 0 [pid 576] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 576] ioctl(6, LOOP_CLR_FD) = 0 [pid 576] close(6) = 0 [pid 576] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 575] <... futex resumed>) = 0 [pid 575] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 575] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 576] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 576] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 575] <... futex resumed>) = 0 [pid 575] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 575] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 576] <... futex resumed>) = 1 [pid 576] write(6, "#! ./file1\n", 11) = 11 [pid 576] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 575] <... futex resumed>) = 0 [pid 575] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 575] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 576] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 576] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 576] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 575] <... futex resumed>) = 0 [pid 575] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 575] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 576] <... futex resumed>) = 0 [pid 576] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 575] <... futex resumed>) = ? [pid 576] +++ killed by SIGBUS +++ [pid 575] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=575, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 [ 29.529865][ T576] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 29.564961][ T577] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-576: bg 0: block 234: padding at end of block bitmap is not set umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558dca6690) = 581 ./strace-static-x86_64: Process 581 attached [pid 581] set_robust_list(0x55558dca66a0, 24) = 0 [pid 581] chdir("./36") = 0 [pid 581] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 581] setpgid(0, 0) = 0 [pid 581] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 581] write(3, "1000", 4) = 4 [pid 581] close(3) = 0 [pid 581] symlink("/dev/binderfs", "./binderfs") = 0 [pid 581] write(1, "executing program\n", 18executing program ) = 18 [pid 581] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 581] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 581] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 581] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 581] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 581] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 581] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0}./strace-static-x86_64: Process 582 attached => {parent_tid=[582]}, 88) = 582 [pid 582] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 582] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 582] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 581] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 581] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 582] <... futex resumed>) = 0 [pid 582] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 581] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 582] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 582] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 581] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 581] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 582] <... futex resumed>) = 0 [pid 582] ioctl(3, VHOST_SET_OWNER [pid 581] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 582] <... ioctl resumed>, 0) = 0 [pid 582] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 582] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 581] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 581] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 582] <... futex resumed>) = 0 [pid 582] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 582] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 582] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 581] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 581] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 582] <... futex resumed>) = 0 [pid 582] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 582] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 582] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 581] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 581] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 582] <... futex resumed>) = 0 [pid 582] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 582] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 582] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 581] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 581] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 582] <... futex resumed>) = 0 [pid 582] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 582] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 582] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 581] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 581] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 582] <... futex resumed>) = 0 [pid 582] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 582] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 582] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 581] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 581] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 582] <... futex resumed>) = 0 [pid 581] <... futex resumed>) = 1 [pid 582] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 582] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 582] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 581] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 581] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 582] <... futex resumed>) = 0 [pid 581] <... futex resumed>) = 1 [pid 582] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 582] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 582] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 581] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 581] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 582] <... futex resumed>) = 0 [pid 581] <... futex resumed>) = 1 [pid 582] memfd_create("syzkaller", 0) = 5 [pid 582] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 582] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 581] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 582] <... write resumed>) = 1048576 [pid 582] munmap(0x7fc9d7676000, 138412032) = 0 [pid 582] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 582] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 582] close(5) = 0 [pid 582] close(6) = 0 [pid 582] mkdir("./file0", 0777) = 0 [pid 582] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 582] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 582] chdir("./file0") = 0 [pid 582] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 582] ioctl(6, LOOP_CLR_FD) = 0 [pid 582] close(6) = 0 [pid 582] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 581] <... futex resumed>) = 0 [pid 581] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 581] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 582] <... futex resumed>) = 1 [pid 582] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 582] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 581] <... futex resumed>) = 0 [pid 581] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 581] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 582] <... futex resumed>) = 1 [pid 582] write(6, "#! ./file1\n", 11) = 11 [pid 582] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 581] <... futex resumed>) = 0 [pid 581] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 581] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 582] <... futex resumed>) = 1 [pid 582] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 582] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 581] <... futex resumed>) = 0 [pid 581] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 581] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 582] <... futex resumed>) = 1 [pid 582] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 581] <... futex resumed>) = ? [pid 582] +++ killed by SIGBUS +++ [pid 581] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=581, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 [ 29.679828][ T582] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 29.712035][ T583] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-582: bg 0: block 234: padding at end of block bitmap is not set umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558dca6690) = 587 ./strace-static-x86_64: Process 587 attached [pid 587] set_robust_list(0x55558dca66a0, 24) = 0 [pid 587] chdir("./37") = 0 [pid 587] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 587] setpgid(0, 0) = 0 [pid 587] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 587] write(3, "1000", 4) = 4 [pid 587] close(3) = 0 [pid 587] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 587] write(1, "executing program\n", 18) = 18 [pid 587] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 587] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 587] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 587] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 587] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 587] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 587] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0} => {parent_tid=[589]}, 88) = 589 [pid 587] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 587] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 587] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 589 attached [pid 589] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 589] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 589] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 589] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 587] <... futex resumed>) = 0 [pid 587] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 587] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 589] <... futex resumed>) = 1 [pid 589] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 589] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 587] <... futex resumed>) = 0 [pid 587] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 587] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 589] <... futex resumed>) = 1 [pid 589] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 589] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 587] <... futex resumed>) = 0 [pid 587] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 587] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 589] <... futex resumed>) = 1 [pid 589] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 589] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 587] <... futex resumed>) = 0 [pid 587] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 587] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 589] <... futex resumed>) = 1 [pid 589] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 589] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 587] <... futex resumed>) = 0 [pid 587] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 587] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 589] <... futex resumed>) = 1 [pid 589] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 589] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 587] <... futex resumed>) = 0 [pid 587] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 587] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 589] <... futex resumed>) = 1 [pid 589] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 589] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 587] <... futex resumed>) = 0 [pid 587] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 587] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 589] <... futex resumed>) = 1 [pid 589] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 589] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 587] <... futex resumed>) = 0 [pid 587] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 587] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 589] <... futex resumed>) = 1 [pid 589] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 589] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 587] <... futex resumed>) = 0 [pid 587] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 587] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 589] <... futex resumed>) = 1 [pid 589] memfd_create("syzkaller", 0) = 5 [pid 589] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 589] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 589] munmap(0x7fc9d7676000, 138412032) = 0 [pid 589] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 589] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 589] close(5) = 0 [pid 589] close(6) = 0 [pid 589] mkdir("./file0", 0777) = 0 [pid 589] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 589] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 589] chdir("./file0") = 0 [pid 589] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 589] ioctl(6, LOOP_CLR_FD) = 0 [pid 589] close(6) = 0 [pid 589] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 589] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 587] <... futex resumed>) = 0 [pid 587] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 587] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 589] <... futex resumed>) = 0 [pid 589] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 589] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 587] <... futex resumed>) = 0 [pid 587] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 587] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 589] write(6, "#! ./file1\n", 11) = 11 [pid 589] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 587] <... futex resumed>) = 0 [pid 587] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 587] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 589] <... futex resumed>) = 1 [pid 589] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 589] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 587] <... futex resumed>) = 0 [pid 587] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 587] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 589] <... futex resumed>) = 1 [ 29.839876][ T589] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [pid 589] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 587] <... futex resumed>) = ? [pid 589] +++ killed by SIGBUS +++ [pid 587] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=587, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 [ 29.879728][ T590] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-589: bg 0: block 234: padding at end of block bitmap is not set umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558dca6690) = 594 ./strace-static-x86_64: Process 594 attached [pid 594] set_robust_list(0x55558dca66a0, 24) = 0 [pid 594] chdir("./38") = 0 [pid 594] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 594] setpgid(0, 0) = 0 [pid 594] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 594] write(3, "1000", 4) = 4 [pid 594] close(3) = 0 [pid 594] symlink("/dev/binderfs", "./binderfs") = 0 [pid 594] write(1, "executing program\n", 18executing program ) = 18 [pid 594] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 594] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 594] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 594] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 594] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 594] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 594] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0} => {parent_tid=[595]}, 88) = 595 [pid 594] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 594] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 594] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 595 attached [pid 595] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 595] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 595] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 595] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 594] <... futex resumed>) = 0 [pid 594] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 594] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 595] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 595] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 594] <... futex resumed>) = 0 [pid 594] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 594] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 595] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 595] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 594] <... futex resumed>) = 0 [pid 594] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 594] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 595] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 595] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 594] <... futex resumed>) = 0 [pid 594] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 594] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 595] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 595] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 594] <... futex resumed>) = 0 [pid 594] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 594] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 595] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 595] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 594] <... futex resumed>) = 0 [pid 594] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 594] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 595] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 595] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 594] <... futex resumed>) = 0 [pid 594] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 594] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 595] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 595] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 594] <... futex resumed>) = 0 [pid 594] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 594] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 595] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 595] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 594] <... futex resumed>) = 0 [pid 594] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 594] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 595] memfd_create("syzkaller", 0) = 5 [pid 595] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 595] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 595] munmap(0x7fc9d7676000, 138412032) = 0 [pid 595] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 595] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 595] close(5) = 0 [pid 595] close(6) = 0 [pid 595] mkdir("./file0", 0777) = 0 [pid 595] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 595] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 595] chdir("./file0") = 0 [pid 595] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 595] ioctl(6, LOOP_CLR_FD) = 0 [pid 595] close(6) = 0 [pid 595] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 594] <... futex resumed>) = 0 [pid 594] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 594] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 595] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 595] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 594] <... futex resumed>) = 0 [pid 594] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 594] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 595] write(6, "#! ./file1\n", 11) = 11 [pid 595] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 594] <... futex resumed>) = 0 [pid 594] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 594] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 595] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 595] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 595] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 594] <... futex resumed>) = 0 [pid 594] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 594] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 595] <... futex resumed>) = 0 [pid 595] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 594] <... futex resumed>) = ? [pid 595] +++ killed by SIGBUS +++ [pid 594] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=594, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 [ 30.019741][ T595] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 30.054997][ T596] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-595: bg 0: block 234: padding at end of block bitmap is not set umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558dca6690) = 600 ./strace-static-x86_64: Process 600 attached [pid 600] set_robust_list(0x55558dca66a0, 24) = 0 [pid 600] chdir("./39") = 0 [pid 600] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 600] setpgid(0, 0) = 0 [pid 600] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 600] write(3, "1000", 4) = 4 [pid 600] close(3) = 0 [pid 600] symlink("/dev/binderfs", "./binderfs") = 0 [pid 600] write(1, "executing program\n", 18executing program ) = 18 [pid 600] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 600] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 600] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 600] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 600] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 600] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 600] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0}./strace-static-x86_64: Process 601 attached => {parent_tid=[601]}, 88) = 601 [pid 601] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 601] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 601] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 600] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 600] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 601] <... futex resumed>) = 0 [pid 601] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 600] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 601] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 601] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 600] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 600] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 601] <... futex resumed>) = 0 [pid 601] ioctl(3, VHOST_SET_OWNER [pid 600] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 601] <... ioctl resumed>, 0) = 0 [pid 601] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 601] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 600] <... futex resumed>) = 0 [pid 600] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 601] <... futex resumed>) = 0 [pid 601] ioctl(3, VHOST_SET_VRING_ADDR [pid 600] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 601] <... ioctl resumed>, 0x200000000300) = 0 [pid 601] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 600] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 601] <... futex resumed>) = 0 [pid 601] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 600] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 601] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 600] <... futex resumed>) = 0 [pid 601] ioctl(3, VHOST_SET_MEM_TABLE [pid 600] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 601] <... ioctl resumed>, 0x200000003380) = 0 [pid 601] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 601] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 600] <... futex resumed>) = 0 [pid 600] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 601] <... futex resumed>) = 0 [pid 601] eventfd2(4294967295, EFD_SEMAPHORE [pid 600] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 601] <... eventfd2 resumed>) = 4 [pid 601] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 600] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 601] <... futex resumed>) = 0 [pid 601] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 600] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 601] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 600] <... futex resumed>) = 0 [pid 601] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 600] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 601] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 600] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 601] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 600] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 601] <... futex resumed>) = 0 [pid 601] ioctl(3, VHOST_SET_VRING_ADDR [pid 600] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 601] <... ioctl resumed>, 0x200000000240) = 0 [pid 601] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 601] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 600] <... futex resumed>) = 0 [pid 600] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 601] <... futex resumed>) = 0 [pid 600] <... futex resumed>) = 1 [pid 601] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 600] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 601] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 601] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 600] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 600] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 601] <... futex resumed>) = 0 [pid 600] <... futex resumed>) = 1 [pid 601] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 600] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 601] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 601] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 600] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 600] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 601] <... futex resumed>) = 0 [pid 600] <... futex resumed>) = 1 [pid 600] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 601] memfd_create("syzkaller", 0) = 5 [pid 601] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 601] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 601] munmap(0x7fc9d7676000, 138412032) = 0 [pid 601] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 601] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 601] close(5) = 0 [pid 601] close(6) = 0 [pid 601] mkdir("./file0", 0777) = 0 [pid 601] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 601] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 601] chdir("./file0") = 0 [pid 601] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 601] ioctl(6, LOOP_CLR_FD) = 0 [pid 601] close(6) = 0 [pid 601] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 600] <... futex resumed>) = 0 [pid 600] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 600] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 601] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 601] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 600] <... futex resumed>) = 0 [pid 600] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 600] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 601] write(6, "#! ./file1\n", 11) = 11 [pid 601] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 600] <... futex resumed>) = 0 [pid 600] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 600] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 601] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 601] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 601] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 600] <... futex resumed>) = 0 [pid 600] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 600] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 601] <... futex resumed>) = 0 [pid 601] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 600] <... futex resumed>) = ? [pid 601] +++ killed by SIGBUS +++ [pid 600] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=600, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 [ 30.210044][ T601] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 30.243148][ T602] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-601: bg 0: block 234: padding at end of block bitmap is not set umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558dca6690) = 606 ./strace-static-x86_64: Process 606 attached [pid 606] set_robust_list(0x55558dca66a0, 24) = 0 [pid 606] chdir("./40") = 0 [pid 606] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 606] setpgid(0, 0) = 0 [pid 606] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 606] write(3, "1000", 4) = 4 [pid 606] close(3) = 0 [pid 606] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 606] write(1, "executing program\n", 18) = 18 [pid 606] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 606] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 606] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 606] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 606] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 606] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 606] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0} => {parent_tid=[607]}, 88) = 607 [pid 606] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 606] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 606] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 607 attached [pid 607] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 607] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 607] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 607] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 606] <... futex resumed>) = 0 [pid 606] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 606] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 607] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 607] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 606] <... futex resumed>) = 0 [pid 606] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 606] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 607] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 607] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 606] <... futex resumed>) = 0 [pid 606] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 606] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 607] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 607] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 606] <... futex resumed>) = 0 [pid 606] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 606] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 607] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 607] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 606] <... futex resumed>) = 0 [pid 606] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 606] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 607] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 607] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 606] <... futex resumed>) = 0 [pid 606] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 606] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 607] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 607] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 606] <... futex resumed>) = 0 [pid 606] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 606] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 607] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 607] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 606] <... futex resumed>) = 0 [pid 606] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 606] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 607] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 607] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 606] <... futex resumed>) = 0 [pid 606] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 606] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 607] memfd_create("syzkaller", 0) = 5 [pid 607] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 607] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 607] munmap(0x7fc9d7676000, 138412032) = 0 [pid 607] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 607] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 607] close(5) = 0 [pid 607] close(6) = 0 [pid 607] mkdir("./file0", 0777) = 0 [pid 607] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 607] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 607] chdir("./file0") = 0 [pid 607] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 607] ioctl(6, LOOP_CLR_FD) = 0 [pid 607] close(6) = 0 [pid 607] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 606] <... futex resumed>) = 0 [pid 606] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 606] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 607] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 607] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 606] <... futex resumed>) = 0 [pid 606] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 606] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 607] write(6, "#! ./file1\n", 11) = 11 [pid 607] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 606] <... futex resumed>) = 0 [pid 606] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 606] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 607] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 607] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 607] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 606] <... futex resumed>) = 0 [pid 606] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 606] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 607] <... futex resumed>) = 0 [pid 607] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 606] <... futex resumed>) = ? [pid 607] +++ killed by SIGBUS +++ [pid 606] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=606, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 [ 30.409913][ T607] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 30.444613][ T608] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-607: bg 0: block 234: padding at end of block bitmap is not set umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 612 attached , child_tidptr=0x55558dca6690) = 612 [pid 612] set_robust_list(0x55558dca66a0, 24) = 0 [pid 612] chdir("./41") = 0 [pid 612] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 612] setpgid(0, 0) = 0 [pid 612] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 612] write(3, "1000", 4) = 4 [pid 612] close(3) = 0 [pid 612] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 612] write(1, "executing program\n", 18) = 18 [pid 612] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 612] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 612] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 612] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 612] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 612] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 612] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0}./strace-static-x86_64: Process 613 attached [pid 613] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 613] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 613] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 612] <... clone3 resumed> => {parent_tid=[613]}, 88) = 613 [pid 612] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 612] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 613] <... futex resumed>) = 0 [pid 613] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 613] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 613] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 612] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 612] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 613] <... futex resumed>) = 0 [pid 612] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 613] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 613] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 612] <... futex resumed>) = 0 [pid 612] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 612] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 613] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 613] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 612] <... futex resumed>) = 0 [pid 612] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 612] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 613] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 613] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 612] <... futex resumed>) = 0 [pid 612] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 612] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 613] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 613] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 612] <... futex resumed>) = 0 [pid 612] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 612] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 613] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 613] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 612] <... futex resumed>) = 0 [pid 612] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 612] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 613] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 613] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 612] <... futex resumed>) = 0 [pid 612] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 612] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 613] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 613] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 612] <... futex resumed>) = 0 [pid 612] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 612] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 613] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 613] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 612] <... futex resumed>) = 0 [pid 612] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 613] memfd_create("syzkaller", 0 [pid 612] <... futex resumed>) = 0 [pid 612] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 613] <... memfd_create resumed>) = 5 [pid 613] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 613] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 613] munmap(0x7fc9d7676000, 138412032) = 0 [pid 613] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 613] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 613] close(5) = 0 [pid 613] close(6) = 0 [pid 613] mkdir("./file0", 0777) = 0 [pid 613] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 613] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 613] chdir("./file0") = 0 [pid 613] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 613] ioctl(6, LOOP_CLR_FD) = 0 [pid 613] close(6) = 0 [pid 613] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 612] <... futex resumed>) = 0 [pid 612] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 612] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 613] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 613] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 612] <... futex resumed>) = 0 [pid 612] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 612] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 613] write(6, "#! ./file1\n", 11) = 11 [pid 613] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 612] <... futex resumed>) = 0 [pid 612] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 612] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 613] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 613] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 612] <... futex resumed>) = 0 [pid 612] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 612] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 613] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 612] <... futex resumed>) = ? [pid 613] +++ killed by SIGBUS +++ [pid 612] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=612, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 [ 30.578255][ T613] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 30.611512][ T614] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-613: bg 0: block 234: padding at end of block bitmap is not set umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 618 attached , child_tidptr=0x55558dca6690) = 618 [pid 618] set_robust_list(0x55558dca66a0, 24) = 0 [pid 618] chdir("./42") = 0 [pid 618] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 618] setpgid(0, 0) = 0 [pid 618] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 618] write(3, "1000", 4) = 4 [pid 618] close(3) = 0 [pid 618] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 618] write(1, "executing program\n", 18) = 18 [pid 618] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 618] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 618] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 618] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 618] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 618] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 618] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0} => {parent_tid=[619]}, 88) = 619 [pid 618] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 618] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 618] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 619 attached [pid 619] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 619] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 619] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 619] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 618] <... futex resumed>) = 0 [pid 618] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 618] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 619] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 619] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 618] <... futex resumed>) = 0 [pid 618] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 618] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 619] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 619] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 618] <... futex resumed>) = 0 [pid 618] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 618] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 619] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 619] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 618] <... futex resumed>) = 0 [pid 618] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 618] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 619] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 619] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 618] <... futex resumed>) = 0 [pid 618] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 618] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 619] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 619] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 618] <... futex resumed>) = 0 [pid 618] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 618] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 619] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 619] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 618] <... futex resumed>) = 0 [pid 618] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 618] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 619] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 619] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 618] <... futex resumed>) = 0 [pid 618] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 618] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 619] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 619] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 618] <... futex resumed>) = 0 [pid 618] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 618] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 619] memfd_create("syzkaller", 0) = 5 [pid 619] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 619] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 619] munmap(0x7fc9d7676000, 138412032) = 0 [pid 619] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 619] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 619] close(5) = 0 [pid 619] close(6) = 0 [pid 619] mkdir("./file0", 0777) = 0 [pid 619] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 619] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 619] chdir("./file0") = 0 [pid 619] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 619] ioctl(6, LOOP_CLR_FD) = 0 [pid 619] close(6) = 0 [pid 619] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 618] <... futex resumed>) = 0 [pid 618] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 618] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 619] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 619] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 618] <... futex resumed>) = 0 [pid 618] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 618] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 619] write(6, "#! ./file1\n", 11) = 11 [pid 619] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 618] <... futex resumed>) = 0 [pid 618] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 618] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 619] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 619] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 619] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 618] <... futex resumed>) = 0 [pid 618] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 618] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 619] <... futex resumed>) = 0 [pid 619] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 618] <... futex resumed>) = ? [pid 619] +++ killed by SIGBUS +++ [pid 618] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=618, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 [ 30.755417][ T619] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 30.790038][ T620] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-619: bg 0: block 234: padding at end of block bitmap is not set umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558dca6690) = 625 ./strace-static-x86_64: Process 625 attached [pid 625] set_robust_list(0x55558dca66a0, 24) = 0 [pid 625] chdir("./43") = 0 [pid 625] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 625] setpgid(0, 0) = 0 [pid 625] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 625] write(3, "1000", 4) = 4 [pid 625] close(3) = 0 [pid 625] symlink("/dev/binderfs", "./binderfs") = 0 [pid 625] write(1, "executing program\n", 18executing program ) = 18 [pid 625] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 625] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 625] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 625] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 625] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 625] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 625] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0}./strace-static-x86_64: Process 626 attached => {parent_tid=[626]}, 88) = 626 [pid 626] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 626] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 626] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 625] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 625] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 626] <... futex resumed>) = 0 [pid 626] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 626] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 626] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 625] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 625] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 626] <... futex resumed>) = 0 [pid 625] <... futex resumed>) = 1 [pid 626] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 625] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 626] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 626] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 625] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 625] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 626] <... futex resumed>) = 0 [pid 625] <... futex resumed>) = 1 [pid 626] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 626] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 626] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 625] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 625] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 626] <... futex resumed>) = 0 [pid 625] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 626] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 626] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 625] <... futex resumed>) = 0 [pid 626] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 625] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 626] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 625] <... futex resumed>) = 0 [pid 626] eventfd2(4294967295, EFD_SEMAPHORE [pid 625] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 626] <... eventfd2 resumed>) = 4 [pid 626] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 625] <... futex resumed>) = 0 [pid 625] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 625] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 626] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 626] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 625] <... futex resumed>) = 0 [pid 626] ioctl(3, VHOST_SET_VRING_ADDR [pid 625] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 626] <... ioctl resumed>, 0x200000000240) = 0 [pid 626] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 625] <... futex resumed>) = 0 [pid 626] <... futex resumed>) = 0 [pid 625] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 626] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 625] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 625] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 626] <... futex resumed>) = 0 [pid 625] <... futex resumed>) = 1 [pid 626] ioctl(3, VHOST_SET_VRING_KICK [pid 625] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 626] <... ioctl resumed>, 0x200000000000) = 0 [pid 626] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 626] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 625] <... futex resumed>) = 0 [pid 625] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 626] <... futex resumed>) = 0 [pid 625] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 626] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 626] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 625] <... futex resumed>) = 0 [pid 626] memfd_create("syzkaller", 0 [pid 625] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 626] <... memfd_create resumed>) = 5 [pid 625] <... futex resumed>) = 0 [pid 626] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 625] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 626] <... mmap resumed>) = 0x7fc9d7676000 [pid 626] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 626] munmap(0x7fc9d7676000, 138412032) = 0 [pid 626] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 626] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 626] close(5) = 0 [pid 626] close(6) = 0 [pid 626] mkdir("./file0", 0777) = 0 [pid 626] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 626] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 626] chdir("./file0") = 0 [pid 626] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 626] ioctl(6, LOOP_CLR_FD) = 0 [pid 626] close(6) = 0 [pid 626] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 625] <... futex resumed>) = 0 [pid 625] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 625] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 626] <... futex resumed>) = 1 [pid 626] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 626] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 625] <... futex resumed>) = 0 [pid 625] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 625] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 626] <... futex resumed>) = 1 [pid 626] write(6, "#! ./file1\n", 11) = 11 [pid 626] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 625] <... futex resumed>) = 0 [pid 625] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 625] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 626] <... futex resumed>) = 1 [pid 626] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 626] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 625] <... futex resumed>) = 0 [pid 625] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 625] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 626] <... futex resumed>) = 1 [pid 626] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 625] <... futex resumed>) = ? [pid 626] +++ killed by SIGBUS +++ [pid 625] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=625, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 [ 30.967043][ T626] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 30.999514][ T627] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-626: bg 0: block 234: padding at end of block bitmap is not set umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558dca6690) = 631 ./strace-static-x86_64: Process 631 attached [pid 631] set_robust_list(0x55558dca66a0, 24) = 0 [pid 631] chdir("./44") = 0 [pid 631] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 631] setpgid(0, 0) = 0 [pid 631] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 631] write(3, "1000", 4) = 4 [pid 631] close(3) = 0 [pid 631] symlink("/dev/binderfs", "./binderfs") = 0 [pid 631] write(1, "executing program\n", 18executing program ) = 18 [pid 631] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 631] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 631] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 631] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 631] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 631] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 631] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0} => {parent_tid=[632]}, 88) = 632 [pid 631] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 631] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 631] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 632 attached [pid 632] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 632] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 632] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 632] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 631] <... futex resumed>) = 0 [pid 631] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 631] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 632] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 632] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 631] <... futex resumed>) = 0 [pid 631] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 631] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 632] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 632] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 631] <... futex resumed>) = 0 [pid 631] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 631] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 632] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 632] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 631] <... futex resumed>) = 0 [pid 631] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 631] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 632] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 632] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 631] <... futex resumed>) = 0 [pid 631] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 631] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 632] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 632] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 631] <... futex resumed>) = 0 [pid 631] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 631] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 632] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 632] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 631] <... futex resumed>) = 0 [pid 631] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 631] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 632] <... futex resumed>) = 1 [pid 632] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 632] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 631] <... futex resumed>) = 0 [pid 631] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 631] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 632] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 632] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 631] <... futex resumed>) = 0 [pid 631] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 631] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 632] memfd_create("syzkaller", 0) = 5 [pid 632] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 632] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 632] munmap(0x7fc9d7676000, 138412032) = 0 [pid 632] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 632] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 632] close(5) = 0 [pid 632] close(6) = 0 [pid 632] mkdir("./file0", 0777) = 0 [pid 632] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 632] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 632] chdir("./file0") = 0 [pid 632] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 632] ioctl(6, LOOP_CLR_FD) = 0 [pid 632] close(6) = 0 [pid 632] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 631] <... futex resumed>) = 0 [pid 631] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 631] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 632] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 632] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 631] <... futex resumed>) = 0 [pid 631] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 631] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 632] write(6, "#! ./file1\n", 11) = 11 [pid 632] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 631] <... futex resumed>) = 0 [pid 631] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 631] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 632] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 632] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 632] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 631] <... futex resumed>) = 0 [pid 631] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 631] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 632] <... futex resumed>) = 0 [pid 632] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 631] <... futex resumed>) = ? [pid 632] +++ killed by SIGBUS +++ [pid 631] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=631, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 [ 31.117251][ T632] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 31.152338][ T633] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-632: bg 0: block 234: padding at end of block bitmap is not set umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558dca6690) = 637 ./strace-static-x86_64: Process 637 attached [pid 637] set_robust_list(0x55558dca66a0, 24) = 0 [pid 637] chdir("./45") = 0 [pid 637] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 637] setpgid(0, 0) = 0 [pid 637] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 637] write(3, "1000", 4) = 4 [pid 637] close(3) = 0 [pid 637] symlink("/dev/binderfs", "./binderfs") = 0 [pid 637] write(1, "executing program\n", 18executing program ) = 18 [pid 637] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 637] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 637] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 637] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 637] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 637] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 637] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0}./strace-static-x86_64: Process 638 attached [pid 638] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 638] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 638] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 637] <... clone3 resumed> => {parent_tid=[638]}, 88) = 638 [pid 637] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 637] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 638] <... futex resumed>) = 0 [pid 638] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 638] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 638] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 637] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 637] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 638] <... futex resumed>) = 0 [pid 638] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 637] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 638] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 638] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 637] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 637] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 638] <... futex resumed>) = 0 [pid 638] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 638] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 638] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 637] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 637] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 638] <... futex resumed>) = 0 [pid 638] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 638] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 638] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 637] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 637] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 638] <... futex resumed>) = 0 [pid 638] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 638] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 638] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 637] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 637] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 638] <... futex resumed>) = 0 [pid 638] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 638] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 638] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 637] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 637] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 638] <... futex resumed>) = 0 [pid 638] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 638] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 638] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 637] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 637] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 638] <... futex resumed>) = 0 [pid 637] <... futex resumed>) = 1 [pid 638] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 638] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 638] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 637] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 637] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 638] <... futex resumed>) = 0 [pid 637] <... futex resumed>) = 1 [pid 638] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 638] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 638] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 637] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 637] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 638] <... futex resumed>) = 0 [pid 638] memfd_create("syzkaller", 0 [pid 637] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 638] <... memfd_create resumed>) = 5 [pid 638] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 638] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 638] munmap(0x7fc9d7676000, 138412032) = 0 [pid 638] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 638] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 638] close(5) = 0 [pid 638] close(6) = 0 [pid 638] mkdir("./file0", 0777) = 0 [pid 638] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 638] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 638] chdir("./file0") = 0 [pid 638] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 638] ioctl(6, LOOP_CLR_FD) = 0 [pid 638] close(6) = 0 [pid 638] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 637] <... futex resumed>) = 0 [pid 637] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 637] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 638] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 638] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 637] <... futex resumed>) = 0 [pid 637] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 638] write(6, "#! ./file1\n", 11 [pid 637] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 638] <... write resumed>) = 11 [pid 638] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 637] <... futex resumed>) = 0 [pid 637] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 637] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 638] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 638] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 637] <... futex resumed>) = 0 [pid 637] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 637] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 638] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 637] <... futex resumed>) = ? [pid 638] +++ killed by SIGBUS +++ [pid 637] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=637, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 [ 31.329842][ T638] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 31.362563][ T639] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-638: bg 0: block 234: padding at end of block bitmap is not set umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558dca6690) = 643 ./strace-static-x86_64: Process 643 attached [pid 643] set_robust_list(0x55558dca66a0, 24) = 0 [pid 643] chdir("./46") = 0 [pid 643] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 643] setpgid(0, 0) = 0 [pid 643] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 643] write(3, "1000", 4) = 4 [pid 643] close(3) = 0 [pid 643] symlink("/dev/binderfs", "./binderfs") = 0 [pid 643] write(1, "executing program\n", 18executing program ) = 18 [pid 643] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 643] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 643] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 643] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 643] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 643] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0} => {parent_tid=[644]}, 88) = 644 [pid 643] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 643] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 644 attached [pid 644] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 644] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 644] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 644] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 643] <... futex resumed>) = 0 [pid 643] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 644] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 644] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 643] <... futex resumed>) = 0 [pid 643] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 644] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 644] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 643] <... futex resumed>) = 0 [pid 643] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 644] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 644] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 643] <... futex resumed>) = 0 [pid 643] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 644] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 644] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 643] <... futex resumed>) = 0 [pid 643] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 644] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 644] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 643] <... futex resumed>) = 0 [pid 643] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 644] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 644] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 643] <... futex resumed>) = 0 [pid 643] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 644] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 644] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 643] <... futex resumed>) = 0 [pid 643] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 644] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 644] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 643] <... futex resumed>) = 0 [pid 643] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 644] memfd_create("syzkaller", 0) = 5 [pid 644] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 644] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 644] munmap(0x7fc9d7676000, 138412032) = 0 [pid 644] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 644] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 644] close(5) = 0 [pid 644] close(6) = 0 [pid 644] mkdir("./file0", 0777) = 0 [pid 644] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 644] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 644] chdir("./file0") = 0 [pid 644] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 644] ioctl(6, LOOP_CLR_FD) = 0 [pid 644] close(6) = 0 [pid 644] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 643] <... futex resumed>) = 0 [pid 643] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 644] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 644] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 643] <... futex resumed>) = 0 [pid 643] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 644] write(6, "#! ./file1\n", 11) = 11 [pid 644] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 643] <... futex resumed>) = 0 [pid 643] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 644] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 644] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 644] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 643] <... futex resumed>) = 0 [pid 643] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 643] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 644] <... futex resumed>) = 0 [pid 644] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 643] <... futex resumed>) = ? [pid 644] +++ killed by SIGBUS +++ [pid 643] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=643, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 [ 31.509787][ T644] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 31.543255][ T645] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-644: bg 0: block 234: padding at end of block bitmap is not set umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558dca6690) = 649 ./strace-static-x86_64: Process 649 attached [pid 649] set_robust_list(0x55558dca66a0, 24) = 0 [pid 649] chdir("./47") = 0 [pid 649] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 649] setpgid(0, 0) = 0 [pid 649] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 649] write(3, "1000", 4) = 4 [pid 649] close(3) = 0 [pid 649] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 649] write(1, "executing program\n", 18) = 18 [pid 649] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 649] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 649] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 649] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 649] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 649] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0}./strace-static-x86_64: Process 650 attached => {parent_tid=[650]}, 88) = 650 [pid 649] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 649] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 650] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 650] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 650] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 650] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 649] <... futex resumed>) = 0 [pid 649] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 650] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 650] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 649] <... futex resumed>) = 0 [pid 649] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 650] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 650] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 649] <... futex resumed>) = 0 [pid 649] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 650] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 650] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 649] <... futex resumed>) = 0 [pid 649] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 650] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 650] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 649] <... futex resumed>) = 0 [pid 649] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 650] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 650] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 649] <... futex resumed>) = 0 [pid 649] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 650] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 650] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 649] <... futex resumed>) = 0 [pid 649] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 650] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 650] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 649] <... futex resumed>) = 0 [pid 649] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 650] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 650] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 649] <... futex resumed>) = 0 [pid 649] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 650] memfd_create("syzkaller", 0) = 5 [pid 650] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 650] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 650] munmap(0x7fc9d7676000, 138412032) = 0 [pid 650] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 650] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 650] close(5) = 0 [pid 650] close(6) = 0 [pid 650] mkdir("./file0", 0777) = 0 [pid 650] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 650] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 650] chdir("./file0") = 0 [pid 650] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 650] ioctl(6, LOOP_CLR_FD) = 0 [pid 650] close(6) = 0 [pid 650] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 649] <... futex resumed>) = 0 [pid 649] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 650] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 650] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 649] <... futex resumed>) = 0 [pid 649] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 650] write(6, "#! ./file1\n", 11) = 11 [pid 650] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 649] <... futex resumed>) = 0 [pid 649] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 650] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 650] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 649] <... futex resumed>) = 0 [pid 649] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 650] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 649] <... futex resumed>) = ? [pid 650] +++ killed by SIGBUS +++ [pid 649] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=649, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 [ 31.725278][ T650] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 31.758844][ T651] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-650: bg 0: block 234: padding at end of block bitmap is not set umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558dca6690) = 656 ./strace-static-x86_64: Process 656 attached [pid 656] set_robust_list(0x55558dca66a0, 24) = 0 [pid 656] chdir("./48") = 0 [pid 656] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 656] setpgid(0, 0) = 0 [pid 656] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 656] write(3, "1000", 4) = 4 [pid 656] close(3) = 0 [pid 656] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 656] write(1, "executing program\n", 18) = 18 [pid 656] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 656] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 656] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 656] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 656] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 656] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 656] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0} => {parent_tid=[657]}, 88) = 657 [pid 656] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 656] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 656] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 657 attached [pid 657] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 657] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 657] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 657] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 656] <... futex resumed>) = 0 [pid 656] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 656] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 657] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 657] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 656] <... futex resumed>) = 0 [pid 656] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 656] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 657] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 657] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 656] <... futex resumed>) = 0 [pid 656] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 656] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 657] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 657] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 656] <... futex resumed>) = 0 [pid 656] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 656] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 657] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 657] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 656] <... futex resumed>) = 0 [pid 656] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 656] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 657] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 657] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 656] <... futex resumed>) = 0 [pid 656] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 656] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 657] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 657] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 656] <... futex resumed>) = 0 [pid 656] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 656] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 657] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 657] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 656] <... futex resumed>) = 0 [pid 656] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 656] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 657] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 657] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 656] <... futex resumed>) = 0 [pid 656] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 656] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 657] memfd_create("syzkaller", 0) = 5 [pid 657] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 657] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 657] munmap(0x7fc9d7676000, 138412032) = 0 [pid 657] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 657] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 657] close(5) = 0 [pid 657] close(6) = 0 [pid 657] mkdir("./file0", 0777) = 0 [pid 657] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 657] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 657] chdir("./file0") = 0 [pid 657] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 657] ioctl(6, LOOP_CLR_FD) = 0 [pid 657] close(6) = 0 [pid 657] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 656] <... futex resumed>) = 0 [pid 656] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 656] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 657] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 657] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 656] <... futex resumed>) = 0 [pid 656] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 656] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 657] write(6, "#! ./file1\n", 11) = 11 [pid 657] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 656] <... futex resumed>) = 0 [pid 656] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 656] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 657] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 657] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 657] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 656] <... futex resumed>) = 0 [pid 656] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 656] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 657] <... futex resumed>) = 0 [pid 657] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 656] <... futex resumed>) = ? [pid 657] +++ killed by SIGBUS +++ [pid 656] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=656, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 [ 31.899851][ T657] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 31.933628][ T658] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-657: bg 0: block 234: padding at end of block bitmap is not set umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558dca6690) = 662 ./strace-static-x86_64: Process 662 attached [pid 662] set_robust_list(0x55558dca66a0, 24) = 0 [pid 662] chdir("./49") = 0 [pid 662] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 662] setpgid(0, 0) = 0 [pid 662] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 662] write(3, "1000", 4) = 4 [pid 662] close(3) = 0 [pid 662] symlink("/dev/binderfs", "./binderfs") = 0 [pid 662] write(1, "executing program\n", 18executing program ) = 18 [pid 662] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 662] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 662] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 662] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 662] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 662] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 662] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0}./strace-static-x86_64: Process 663 attached => {parent_tid=[663]}, 88) = 663 [pid 663] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 663] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 663] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 662] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 662] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 663] <... futex resumed>) = 0 [pid 663] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 663] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 663] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 662] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 662] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 663] <... futex resumed>) = 0 [pid 663] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 663] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 663] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 662] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 662] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 663] <... futex resumed>) = 0 [pid 663] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 663] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 663] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 662] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 662] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 663] <... futex resumed>) = 0 [pid 663] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 663] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 663] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 662] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 662] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 663] <... futex resumed>) = 0 [pid 662] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 663] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 663] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 663] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 662] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 662] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 663] <... futex resumed>) = 0 [pid 662] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 663] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 663] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 663] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 662] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 662] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 663] <... futex resumed>) = 0 [pid 662] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 663] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 663] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 663] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 662] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 662] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 663] <... futex resumed>) = 0 [pid 662] <... futex resumed>) = 1 [pid 663] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 662] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 663] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 663] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 662] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 662] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 663] <... futex resumed>) = 0 [pid 662] <... futex resumed>) = 1 [pid 663] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 662] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 663] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 663] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 662] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 662] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 663] <... futex resumed>) = 0 [pid 662] <... futex resumed>) = 1 [pid 663] memfd_create("syzkaller", 0 [pid 662] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 663] <... memfd_create resumed>) = 5 [pid 663] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 663] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 663] munmap(0x7fc9d7676000, 138412032) = 0 [pid 663] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 663] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 663] close(5) = 0 [pid 663] close(6) = 0 [pid 663] mkdir("./file0", 0777) = 0 [pid 663] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 663] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 663] chdir("./file0") = 0 [pid 663] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 663] ioctl(6, LOOP_CLR_FD) = 0 [pid 663] close(6) = 0 [pid 663] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 662] <... futex resumed>) = 0 [pid 662] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 662] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 663] <... futex resumed>) = 1 [pid 663] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 663] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 662] <... futex resumed>) = 0 [pid 662] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 662] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 663] <... futex resumed>) = 1 [pid 663] write(6, "#! ./file1\n", 11) = 11 [pid 663] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 662] <... futex resumed>) = 0 [pid 662] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 662] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 663] <... futex resumed>) = 1 [pid 663] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 663] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 662] <... futex resumed>) = 0 [pid 662] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 662] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 663] <... futex resumed>) = 1 [pid 663] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 662] <... futex resumed>) = ? [pid 663] +++ killed by SIGBUS +++ [pid 662] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=662, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 [ 32.079646][ T663] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 32.112747][ T664] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-663: bg 0: block 234: padding at end of block bitmap is not set umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558dca6690) = 668 ./strace-static-x86_64: Process 668 attached [pid 668] set_robust_list(0x55558dca66a0, 24) = 0 [pid 668] chdir("./50") = 0 [pid 668] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 668] setpgid(0, 0) = 0 [pid 668] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 668] write(3, "1000", 4) = 4 [pid 668] close(3) = 0 [pid 668] symlink("/dev/binderfs", "./binderfs") = 0 [pid 668] write(1, "executing program\n", 18executing program ) = 18 [pid 668] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 668] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 668] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 668] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 668] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 668] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 668] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0} => {parent_tid=[669]}, 88) = 669 [pid 668] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 668] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 668] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 669 attached [pid 669] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 669] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 669] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 669] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 668] <... futex resumed>) = 0 [pid 668] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 668] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 669] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 669] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 668] <... futex resumed>) = 0 [pid 668] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 668] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 669] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 669] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 668] <... futex resumed>) = 0 [pid 668] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 668] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 669] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 669] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 668] <... futex resumed>) = 0 [pid 668] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 668] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 669] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 669] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 668] <... futex resumed>) = 0 [pid 668] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 668] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 669] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 669] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 668] <... futex resumed>) = 0 [pid 668] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 668] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 669] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 669] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 668] <... futex resumed>) = 0 [pid 668] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 669] ioctl(3, VHOST_SET_VRING_KICK [pid 668] <... futex resumed>) = 0 [pid 668] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 669] <... ioctl resumed>, 0x200000000000) = 0 [pid 669] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 668] <... futex resumed>) = 0 [pid 668] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 668] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 669] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 669] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 668] <... futex resumed>) = 0 [pid 668] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 668] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 669] memfd_create("syzkaller", 0) = 5 [pid 669] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 669] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 669] munmap(0x7fc9d7676000, 138412032) = 0 [pid 669] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 669] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 669] close(5) = 0 [pid 669] close(6) = 0 [pid 669] mkdir("./file0", 0777) = 0 [pid 669] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 669] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 669] chdir("./file0") = 0 [pid 669] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 669] ioctl(6, LOOP_CLR_FD) = 0 [pid 669] close(6) = 0 [pid 669] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 668] <... futex resumed>) = 0 [pid 668] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 668] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 669] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 669] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 668] <... futex resumed>) = 0 [pid 668] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 669] write(6, "#! ./file1\n", 11 [pid 668] <... futex resumed>) = 0 [pid 668] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 669] <... write resumed>) = 11 [pid 669] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 668] <... futex resumed>) = 0 [pid 668] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 668] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 669] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 669] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 668] <... futex resumed>) = 0 [pid 668] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 668] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 669] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 668] <... futex resumed>) = ? [pid 669] +++ killed by SIGBUS +++ [pid 668] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=668, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 32.243747][ T669] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 32.278576][ T670] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-669: bg 0: block 234: padding at end of block bitmap is not set unlink("./50/binderfs") = 0 umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558dca6690) = 674 ./strace-static-x86_64: Process 674 attached [pid 674] set_robust_list(0x55558dca66a0, 24) = 0 [pid 674] chdir("./51") = 0 [pid 674] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 674] setpgid(0, 0) = 0 [pid 674] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 674] write(3, "1000", 4) = 4 [pid 674] close(3) = 0 [pid 674] symlink("/dev/binderfs", "./binderfs") = 0 [pid 674] write(1, "executing program\n", 18executing program ) = 18 [pid 674] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 674] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 674] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 674] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 674] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 674] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 674] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0}./strace-static-x86_64: Process 675 attached [pid 675] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 675] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 675] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 674] <... clone3 resumed> => {parent_tid=[675]}, 88) = 675 [pid 674] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 674] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 675] <... futex resumed>) = 0 [pid 674] <... futex resumed>) = 1 [pid 675] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 675] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 675] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 674] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 674] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 675] <... futex resumed>) = 0 [pid 674] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 675] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 675] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 675] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 674] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 674] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 675] <... futex resumed>) = 0 [pid 675] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 675] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 674] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 675] <... futex resumed>) = 0 [pid 674] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 675] ioctl(3, VHOST_SET_MEM_TABLE [pid 674] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 674] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 675] <... ioctl resumed>, 0x200000003380) = 0 [pid 675] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 674] <... futex resumed>) = 0 [pid 675] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 674] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 675] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 674] <... futex resumed>) = 0 [pid 675] eventfd2(4294967295, EFD_SEMAPHORE [pid 674] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 675] <... eventfd2 resumed>) = 4 [pid 675] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 675] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 674] <... futex resumed>) = 0 [pid 674] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 674] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 675] <... futex resumed>) = 0 [pid 675] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 675] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 674] <... futex resumed>) = 0 [pid 675] ioctl(3, VHOST_SET_VRING_ADDR [pid 674] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 675] <... ioctl resumed>, 0x200000000240) = 0 [pid 674] <... futex resumed>) = 0 [pid 675] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 674] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 675] <... futex resumed>) = 0 [pid 674] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 675] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 674] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 675] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 674] <... futex resumed>) = 0 [pid 675] ioctl(3, VHOST_SET_VRING_KICK [pid 674] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 675] <... ioctl resumed>, 0x200000000000) = 0 [pid 675] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 674] <... futex resumed>) = 0 [pid 675] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 674] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 675] <... ioctl resumed>, 0x200000000140) = 0 [pid 675] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 674] <... futex resumed>) = 0 [pid 675] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 674] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 674] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 675] <... futex resumed>) = 0 [pid 674] <... futex resumed>) = 1 [pid 675] memfd_create("syzkaller", 0 [pid 674] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 675] <... memfd_create resumed>) = 5 [pid 675] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 675] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 675] munmap(0x7fc9d7676000, 138412032) = 0 [pid 675] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 675] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 675] close(5) = 0 [pid 675] close(6) = 0 [pid 675] mkdir("./file0", 0777) = 0 [pid 675] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 675] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 675] chdir("./file0") = 0 [pid 675] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 675] ioctl(6, LOOP_CLR_FD) = 0 [pid 675] close(6) = 0 [pid 675] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 674] <... futex resumed>) = 0 [pid 674] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 674] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 675] <... futex resumed>) = 1 [pid 675] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 675] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 674] <... futex resumed>) = 0 [pid 674] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 675] write(6, "#! ./file1\n", 11 [pid 674] <... futex resumed>) = 0 [pid 674] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 675] <... write resumed>) = 11 [pid 675] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 674] <... futex resumed>) = 0 [pid 674] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 674] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 675] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 675] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 674] <... futex resumed>) = 0 [pid 674] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 674] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 675] <... futex resumed>) = 1 [pid 675] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 674] <... futex resumed>) = ? [pid 675] +++ killed by SIGBUS +++ [pid 674] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=674, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 [ 32.439712][ T675] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 32.472658][ T676] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-675: bg 0: block 234: padding at end of block bitmap is not set umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558dca6690) = 680 ./strace-static-x86_64: Process 680 attached [pid 680] set_robust_list(0x55558dca66a0, 24) = 0 [pid 680] chdir("./52") = 0 [pid 680] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 680] setpgid(0, 0) = 0 [pid 680] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 680] write(3, "1000", 4) = 4 [pid 680] close(3) = 0 [pid 680] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 680] write(1, "executing program\n", 18) = 18 [pid 680] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 680] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 680] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 680] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 680] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 680] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 680] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0} => {parent_tid=[681]}, 88) = 681 [pid 680] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 680] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 680] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 681 attached [pid 681] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 681] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 681] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 681] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 680] <... futex resumed>) = 0 [pid 680] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 680] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 681] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 681] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 680] <... futex resumed>) = 0 [pid 680] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 680] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 681] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 681] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 680] <... futex resumed>) = 0 [pid 680] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 680] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 681] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 681] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 680] <... futex resumed>) = 0 [pid 680] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 680] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 681] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 681] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 680] <... futex resumed>) = 0 [pid 680] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 680] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 681] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 681] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 680] <... futex resumed>) = 0 [pid 680] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 680] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 681] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 681] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 680] <... futex resumed>) = 0 [pid 680] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 680] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 681] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 681] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 680] <... futex resumed>) = 0 [pid 680] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 680] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 681] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 681] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 680] <... futex resumed>) = 0 [pid 680] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 680] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 681] memfd_create("syzkaller", 0) = 5 [pid 681] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 681] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 681] munmap(0x7fc9d7676000, 138412032) = 0 [pid 681] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 681] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 681] close(5) = 0 [pid 681] close(6) = 0 [pid 681] mkdir("./file0", 0777) = 0 [pid 681] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 681] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 681] chdir("./file0") = 0 [pid 681] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 681] ioctl(6, LOOP_CLR_FD) = 0 [pid 681] close(6) = 0 [pid 681] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 680] <... futex resumed>) = 0 [pid 680] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 680] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 681] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 681] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 680] <... futex resumed>) = 0 [pid 680] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 680] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 681] write(6, "#! ./file1\n", 11) = 11 [pid 681] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 680] <... futex resumed>) = 0 [pid 680] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 680] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 681] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 681] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 681] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 680] <... futex resumed>) = 0 [pid 680] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 680] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 681] <... futex resumed>) = 0 [pid 681] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 680] <... futex resumed>) = ? [pid 681] +++ killed by SIGBUS +++ [pid 680] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=680, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/binderfs") = 0 [ 32.605912][ T681] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 32.640248][ T682] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-681: bg 0: block 234: padding at end of block bitmap is not set umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558dca6690) = 686 ./strace-static-x86_64: Process 686 attached [pid 686] set_robust_list(0x55558dca66a0, 24) = 0 [pid 686] chdir("./53") = 0 [pid 686] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 686] setpgid(0, 0) = 0 [pid 686] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 686] write(3, "1000", 4) = 4 [pid 686] close(3) = 0 [pid 686] symlink("/dev/binderfs", "./binderfs") = 0 [pid 686] write(1, "executing program\n", 18executing program ) = 18 [pid 686] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 686] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 686] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 686] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 686] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 686] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 686] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0}./strace-static-x86_64: Process 687 attached [pid 687] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 687] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 687] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 686] <... clone3 resumed> => {parent_tid=[687]}, 88) = 687 [pid 686] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 686] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 687] <... futex resumed>) = 0 [pid 687] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 687] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 687] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 686] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 686] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 687] <... futex resumed>) = 0 [pid 687] ioctl(3, VHOST_SET_OWNER [pid 686] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 687] <... ioctl resumed>, 0) = 0 [pid 687] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 687] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 686] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 686] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 687] <... futex resumed>) = 0 [pid 687] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 687] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 687] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 686] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 686] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 687] <... futex resumed>) = 0 [pid 687] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 687] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 687] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 686] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 686] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 687] <... futex resumed>) = 0 [pid 687] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 687] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 687] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 686] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 686] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 687] <... futex resumed>) = 0 [pid 687] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 687] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 687] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 686] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 686] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 687] <... futex resumed>) = 0 [pid 686] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 687] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 687] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 687] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 686] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 686] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 687] <... futex resumed>) = 0 [pid 686] <... futex resumed>) = 1 [pid 687] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 687] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 687] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 686] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 686] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 687] <... futex resumed>) = 0 [pid 686] <... futex resumed>) = 1 [pid 687] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 687] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 686] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 687] <... futex resumed>) = 0 [pid 686] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 687] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 686] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 687] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 687] memfd_create("syzkaller", 0) = 5 [pid 687] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 687] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 686] <... futex resumed>) = 0 [pid 687] <... write resumed>) = 1048576 [pid 686] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 687] munmap(0x7fc9d7676000, 138412032) = 0 [pid 687] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 687] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 687] close(5) = 0 [pid 687] close(6) = 0 [pid 687] mkdir("./file0", 0777) = 0 [pid 687] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 687] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 687] chdir("./file0") = 0 [pid 687] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 687] ioctl(6, LOOP_CLR_FD) = 0 [pid 687] close(6) = 0 [pid 687] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 686] <... futex resumed>) = 0 [pid 686] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 686] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 687] <... futex resumed>) = 1 [pid 687] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 687] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 686] <... futex resumed>) = 0 [pid 686] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 686] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 687] <... futex resumed>) = 1 [pid 687] write(6, "#! ./file1\n", 11) = 11 [pid 687] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 686] <... futex resumed>) = 0 [pid 686] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 686] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 687] <... futex resumed>) = 1 [pid 687] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 687] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 686] <... futex resumed>) = 0 [pid 686] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 32.809697][ T687] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [pid 686] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 687] <... futex resumed>) = 1 [pid 687] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 686] <... futex resumed>) = ? [pid 687] +++ killed by SIGBUS +++ [pid 686] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=686, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 [ 32.855298][ T688] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-687: bg 0: block 234: padding at end of block bitmap is not set umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 693 attached , child_tidptr=0x55558dca6690) = 693 [pid 693] set_robust_list(0x55558dca66a0, 24) = 0 [pid 693] chdir("./54") = 0 [pid 693] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 693] setpgid(0, 0) = 0 [pid 693] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 693] write(3, "1000", 4) = 4 [pid 693] close(3) = 0 [pid 693] symlink("/dev/binderfs", "./binderfs") = 0 [pid 693] write(1, "executing program\n", 18executing program ) = 18 [pid 693] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 693] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 693] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 693] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 693] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 693] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 693] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0}./strace-static-x86_64: Process 694 attached [pid 694] set_robust_list(0x7fc9dfa969a0, 24 [pid 693] <... clone3 resumed> => {parent_tid=[694]}, 88) = 694 [pid 694] <... set_robust_list resumed>) = 0 [pid 694] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 694] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 693] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 693] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 694] <... futex resumed>) = 0 [pid 694] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 694] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 694] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 693] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 693] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 694] <... futex resumed>) = 0 [pid 693] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 694] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 694] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 694] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 693] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 693] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 694] <... futex resumed>) = 0 [pid 693] <... futex resumed>) = 1 [pid 694] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 694] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 694] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 693] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 693] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 694] <... futex resumed>) = 0 [pid 693] <... futex resumed>) = 1 [pid 694] ioctl(3, VHOST_SET_MEM_TABLE [pid 693] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 694] <... ioctl resumed>, 0x200000003380) = 0 [pid 694] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 693] <... futex resumed>) = 0 [pid 694] eventfd2(4294967295, EFD_SEMAPHORE [pid 693] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 694] <... eventfd2 resumed>) = 4 [pid 693] <... futex resumed>) = 0 [pid 694] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 693] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 694] <... futex resumed>) = 0 [pid 693] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 694] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 693] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 694] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 693] <... futex resumed>) = 0 [pid 694] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 693] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 694] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 694] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 693] <... futex resumed>) = 0 [pid 694] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 693] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 694] ioctl(3, VHOST_SET_VRING_ADDR [pid 693] <... futex resumed>) = 0 [pid 694] <... ioctl resumed>, 0x200000000240) = 0 [pid 693] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 694] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 693] <... futex resumed>) = 0 [pid 694] ioctl(3, VHOST_SET_VRING_KICK [pid 693] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 694] <... ioctl resumed>, 0x200000000000) = 0 [pid 693] <... futex resumed>) = 0 [pid 694] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 693] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 694] <... futex resumed>) = 0 [pid 693] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 694] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 693] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 694] <... ioctl resumed>, 0x200000000140) = 0 [pid 693] <... futex resumed>) = 0 [pid 694] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 693] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 694] <... futex resumed>) = 0 [pid 693] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 694] memfd_create("syzkaller", 0 [pid 693] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 694] <... memfd_create resumed>) = 5 [pid 693] <... futex resumed>) = 0 [pid 694] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 693] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 694] <... mmap resumed>) = 0x7fc9d7676000 [pid 694] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 694] munmap(0x7fc9d7676000, 138412032) = 0 [pid 694] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 694] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 694] close(5) = 0 [pid 694] close(6) = 0 [pid 694] mkdir("./file0", 0777) = 0 [pid 694] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 694] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 694] chdir("./file0") = 0 [pid 694] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 694] ioctl(6, LOOP_CLR_FD) = 0 [pid 694] close(6) = 0 [pid 694] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 693] <... futex resumed>) = 0 [pid 693] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 693] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 694] <... futex resumed>) = 1 [pid 694] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 694] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 693] <... futex resumed>) = 0 [pid 693] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 693] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 694] <... futex resumed>) = 1 [pid 694] write(6, "#! ./file1\n", 11) = 11 [pid 694] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 693] <... futex resumed>) = 0 [pid 693] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 693] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 694] <... futex resumed>) = 1 [pid 694] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 694] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 693] <... futex resumed>) = 0 [pid 693] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 693] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 694] <... futex resumed>) = 1 [pid 694] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 693] <... futex resumed>) = ? [pid 694] +++ killed by SIGBUS +++ [pid 693] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=693, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 [ 32.983862][ T694] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 33.016128][ T695] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-694: bg 0: block 234: padding at end of block bitmap is not set umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558dca6690) = 699 ./strace-static-x86_64: Process 699 attached [pid 699] set_robust_list(0x55558dca66a0, 24) = 0 [pid 699] chdir("./55") = 0 [pid 699] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 699] setpgid(0, 0) = 0 [pid 699] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 699] write(3, "1000", 4) = 4 [pid 699] close(3) = 0 [pid 699] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 699] write(1, "executing program\n", 18) = 18 [pid 699] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 699] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 699] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 699] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 699] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 699] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 699] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0} => {parent_tid=[700]}, 88) = 700 [pid 699] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 699] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 699] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 700 attached [pid 700] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 700] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 700] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 700] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 699] <... futex resumed>) = 0 [pid 699] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 699] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 700] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 700] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 699] <... futex resumed>) = 0 [pid 699] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 699] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 700] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 700] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 699] <... futex resumed>) = 0 [pid 699] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 699] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 700] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 700] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 699] <... futex resumed>) = 0 [pid 699] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 699] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 700] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 700] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 699] <... futex resumed>) = 0 [pid 699] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 699] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 700] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 700] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 699] <... futex resumed>) = 0 [pid 699] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 699] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 700] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 700] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 699] <... futex resumed>) = 0 [pid 699] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 699] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 700] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 700] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 699] <... futex resumed>) = 0 [pid 699] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 699] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 700] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 700] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 699] <... futex resumed>) = 0 [pid 699] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 699] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 700] memfd_create("syzkaller", 0) = 5 [pid 700] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 700] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 700] munmap(0x7fc9d7676000, 138412032) = 0 [pid 700] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 700] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 700] close(5) = 0 [pid 700] close(6) = 0 [pid 700] mkdir("./file0", 0777) = 0 [pid 700] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 700] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 700] chdir("./file0") = 0 [pid 700] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 700] ioctl(6, LOOP_CLR_FD) = 0 [pid 700] close(6) = 0 [pid 700] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 699] <... futex resumed>) = 0 [pid 699] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 699] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 700] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 700] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 699] <... futex resumed>) = 0 [pid 699] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 699] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 700] write(6, "#! ./file1\n", 11) = 11 [pid 700] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 699] <... futex resumed>) = 0 [pid 699] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 699] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 700] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 700] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 700] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 699] <... futex resumed>) = 0 [pid 699] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 699] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 700] <... futex resumed>) = 0 [pid 700] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 699] <... futex resumed>) = ? [pid 700] +++ killed by SIGBUS +++ [pid 699] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=699, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 [ 33.129876][ T700] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 33.163414][ T701] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-700: bg 0: block 234: padding at end of block bitmap is not set umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558dca6690) = 705 ./strace-static-x86_64: Process 705 attached [pid 705] set_robust_list(0x55558dca66a0, 24) = 0 [pid 705] chdir("./56") = 0 [pid 705] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 705] setpgid(0, 0) = 0 [pid 705] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 705] write(3, "1000", 4) = 4 [pid 705] close(3) = 0 [pid 705] symlink("/dev/binderfs", "./binderfs") = 0 [pid 705] write(1, "executing program\n", 18executing program ) = 18 [pid 705] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 705] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 705] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 705] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 705] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 705] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 705] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0} => {parent_tid=[706]}, 88) = 706 ./strace-static-x86_64: Process 706 attached [pid 706] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 706] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 706] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 705] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 705] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 706] <... futex resumed>) = 0 [pid 706] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 706] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 706] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 705] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 705] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 706] <... futex resumed>) = 0 [pid 706] ioctl(3, VHOST_SET_OWNER [pid 705] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 706] <... ioctl resumed>, 0) = 0 [pid 706] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 706] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 705] <... futex resumed>) = 0 [pid 705] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 706] <... futex resumed>) = 0 [pid 706] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 706] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 706] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 705] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 705] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 706] <... futex resumed>) = 0 [pid 705] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 706] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 706] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 705] <... futex resumed>) = 0 [pid 706] eventfd2(4294967295, EFD_SEMAPHORE [pid 705] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 706] <... eventfd2 resumed>) = 4 [pid 705] <... futex resumed>) = 0 [pid 706] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 705] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 706] <... futex resumed>) = 0 [pid 705] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 706] ioctl(3, VHOST_SET_VRING_ERR [pid 705] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 706] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 705] <... futex resumed>) = 0 [pid 706] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 705] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 706] <... futex resumed>) = 0 [pid 705] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 706] ioctl(3, VHOST_SET_VRING_ADDR [pid 705] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 706] <... ioctl resumed>, 0x200000000240) = 0 [pid 705] <... futex resumed>) = 0 [pid 705] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 706] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 706] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 705] <... futex resumed>) = 0 [pid 706] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 705] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 706] ioctl(3, VHOST_SET_VRING_KICK [pid 705] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 706] <... ioctl resumed>, 0x200000000000) = 0 [pid 706] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 705] <... futex resumed>) = 0 [pid 706] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 705] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 706] <... ioctl resumed>, 0x200000000140) = 0 [pid 706] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 705] <... futex resumed>) = 0 [pid 706] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 705] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 705] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 706] <... futex resumed>) = 0 [pid 705] <... futex resumed>) = 1 [pid 706] memfd_create("syzkaller", 0 [pid 705] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 706] <... memfd_create resumed>) = 5 [pid 706] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 706] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 706] munmap(0x7fc9d7676000, 138412032) = 0 [pid 706] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 706] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 706] close(5) = 0 [pid 706] close(6) = 0 [pid 706] mkdir("./file0", 0777) = 0 [pid 706] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 706] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 706] chdir("./file0") = 0 [pid 706] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 706] ioctl(6, LOOP_CLR_FD) = 0 [pid 706] close(6) = 0 [pid 706] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 705] <... futex resumed>) = 0 [pid 705] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 705] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 706] <... futex resumed>) = 1 [pid 706] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 706] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 705] <... futex resumed>) = 0 [pid 705] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 705] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 706] write(6, "#! ./file1\n", 11) = 11 [pid 706] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 705] <... futex resumed>) = 0 [pid 705] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 705] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 706] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 706] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 705] <... futex resumed>) = 0 [pid 705] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 705] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 706] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 705] <... futex resumed>) = ? [pid 706] +++ killed by SIGBUS +++ [pid 705] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=705, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/binderfs") = 0 [ 33.283238][ T706] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 33.315839][ T707] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-706: bg 0: block 234: padding at end of block bitmap is not set umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558dca6690) = 711 ./strace-static-x86_64: Process 711 attached [pid 711] set_robust_list(0x55558dca66a0, 24) = 0 [pid 711] chdir("./57") = 0 [pid 711] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 711] setpgid(0, 0) = 0 [pid 711] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 711] write(3, "1000", 4) = 4 [pid 711] close(3) = 0 [pid 711] symlink("/dev/binderfs", "./binderfs") = 0 [pid 711] write(1, "executing program\n", 18executing program ) = 18 [pid 711] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 711] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 711] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 711] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 711] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 711] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 711] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0} => {parent_tid=[712]}, 88) = 712 [pid 711] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 711] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 711] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 712 attached [pid 712] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 712] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 712] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 712] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 711] <... futex resumed>) = 0 [pid 711] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 711] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 712] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 712] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 711] <... futex resumed>) = 0 [pid 711] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 711] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 712] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 712] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 711] <... futex resumed>) = 0 [pid 711] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 711] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 712] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 712] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 711] <... futex resumed>) = 0 [pid 711] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 711] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 712] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 712] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 711] <... futex resumed>) = 0 [pid 711] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 711] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 712] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 712] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 711] <... futex resumed>) = 0 [pid 711] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 711] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 712] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 712] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 711] <... futex resumed>) = 0 [pid 711] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 711] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 712] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 712] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 711] <... futex resumed>) = 0 [pid 711] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 711] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 712] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 712] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 711] <... futex resumed>) = 0 [pid 711] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 711] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 712] memfd_create("syzkaller", 0) = 5 [pid 712] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 712] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 712] munmap(0x7fc9d7676000, 138412032) = 0 [pid 712] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 712] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 712] close(5) = 0 [pid 712] close(6) = 0 [pid 712] mkdir("./file0", 0777) = 0 [pid 712] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 712] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 712] chdir("./file0") = 0 [pid 712] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 712] ioctl(6, LOOP_CLR_FD) = 0 [pid 712] close(6) = 0 [pid 712] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 711] <... futex resumed>) = 0 [pid 711] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 711] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 712] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 712] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 711] <... futex resumed>) = 0 [pid 711] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 711] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 712] write(6, "#! ./file1\n", 11) = 11 [pid 712] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 711] <... futex resumed>) = 0 [pid 711] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 711] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 712] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 712] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 712] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 711] <... futex resumed>) = 0 [pid 711] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 711] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 712] <... futex resumed>) = 0 [pid 712] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 711] <... futex resumed>) = ? [pid 712] +++ killed by SIGBUS +++ [pid 711] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=711, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/binderfs") = 0 [ 33.443476][ T712] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 33.477481][ T713] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-712: bg 0: block 234: padding at end of block bitmap is not set umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 717 attached [pid 717] set_robust_list(0x55558dca66a0, 24) = 0 [pid 717] chdir("./58") = 0 [pid 717] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 717] setpgid(0, 0) = 0 [pid 717] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 717] write(3, "1000", 4) = 4 [pid 717] close(3) = 0 [pid 717] symlink("/dev/binderfs", "./binderfs" [pid 356] <... clone resumed>, child_tidptr=0x55558dca6690) = 717 executing program [pid 717] <... symlink resumed>) = 0 [pid 717] write(1, "executing program\n", 18) = 18 [pid 717] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 717] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 717] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 717] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 717] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 717] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 717] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0} => {parent_tid=[718]}, 88) = 718 [pid 717] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 717] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 717] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 718 attached [pid 718] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 718] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 718] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 718] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 717] <... futex resumed>) = 0 [pid 717] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 717] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 718] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 718] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 717] <... futex resumed>) = 0 [pid 717] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 717] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 718] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 718] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 717] <... futex resumed>) = 0 [pid 717] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 717] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 718] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 718] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 717] <... futex resumed>) = 0 [pid 717] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 717] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 718] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 718] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 717] <... futex resumed>) = 0 [pid 717] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 717] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 718] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 718] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 717] <... futex resumed>) = 0 [pid 717] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 717] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 718] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 718] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 717] <... futex resumed>) = 0 [pid 717] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 717] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 718] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 718] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 717] <... futex resumed>) = 0 [pid 717] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 717] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 718] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 718] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 717] <... futex resumed>) = 0 [pid 717] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 717] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 718] memfd_create("syzkaller", 0) = 5 [pid 718] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 718] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 718] munmap(0x7fc9d7676000, 138412032) = 0 [pid 718] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 718] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 718] close(5) = 0 [pid 718] close(6) = 0 [pid 718] mkdir("./file0", 0777) = 0 [pid 718] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 718] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 718] chdir("./file0") = 0 [pid 718] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 718] ioctl(6, LOOP_CLR_FD) = 0 [pid 718] close(6) = 0 [pid 718] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 717] <... futex resumed>) = 0 [pid 717] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 717] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 718] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 718] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 717] <... futex resumed>) = 0 [pid 717] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 717] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 718] write(6, "#! ./file1\n", 11) = 11 [pid 718] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 717] <... futex resumed>) = 0 [pid 717] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 717] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 718] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 718] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 717] <... futex resumed>) = 0 [pid 717] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 717] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 718] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 717] <... futex resumed>) = ? [pid 718] +++ killed by SIGBUS +++ [pid 717] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=717, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/binderfs") = 0 [ 33.589472][ T718] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 33.624443][ T719] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-718: bg 0: block 234: padding at end of block bitmap is not set umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 723 attached , child_tidptr=0x55558dca6690) = 723 [pid 723] set_robust_list(0x55558dca66a0, 24) = 0 [pid 723] chdir("./59") = 0 [pid 723] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 723] setpgid(0, 0) = 0 [pid 723] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 723] write(3, "1000", 4) = 4 [pid 723] close(3) = 0 [pid 723] symlink("/dev/binderfs", "./binderfs") = 0 [pid 723] write(1, "executing program\n", 18executing program ) = 18 [pid 723] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 723] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 723] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 723] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 723] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 723] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 723] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0} => {parent_tid=[724]}, 88) = 724 [pid 723] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 723] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 723] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 724 attached [pid 724] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 724] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 724] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 724] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 723] <... futex resumed>) = 0 [pid 723] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 723] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 724] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 724] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 723] <... futex resumed>) = 0 [pid 723] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 723] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 724] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 724] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 723] <... futex resumed>) = 0 [pid 723] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 723] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 724] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 724] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 723] <... futex resumed>) = 0 [pid 723] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 723] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 724] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 724] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 723] <... futex resumed>) = 0 [pid 723] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 723] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 724] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 724] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 723] <... futex resumed>) = 0 [pid 723] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 723] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 724] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 724] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 723] <... futex resumed>) = 0 [pid 723] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 723] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 724] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 724] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 723] <... futex resumed>) = 0 [pid 723] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 723] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 724] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 724] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 723] <... futex resumed>) = 0 [pid 723] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 723] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 724] memfd_create("syzkaller", 0) = 5 [pid 724] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 724] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 724] munmap(0x7fc9d7676000, 138412032) = 0 [pid 724] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 724] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 724] close(5) = 0 [pid 724] close(6) = 0 [pid 724] mkdir("./file0", 0777) = 0 [pid 724] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 724] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 724] chdir("./file0") = 0 [pid 724] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 724] ioctl(6, LOOP_CLR_FD) = 0 [pid 724] close(6) = 0 [pid 724] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 723] <... futex resumed>) = 0 [pid 723] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 723] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 724] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 724] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 723] <... futex resumed>) = 0 [pid 723] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 723] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 724] write(6, "#! ./file1\n", 11) = 11 [pid 724] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 723] <... futex resumed>) = 0 [pid 723] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 723] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 724] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 724] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 724] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 723] <... futex resumed>) = 0 [pid 723] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 723] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 724] <... futex resumed>) = 0 [pid 724] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 723] <... futex resumed>) = ? [pid 724] +++ killed by SIGBUS +++ [pid 723] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=723, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/binderfs") = 0 [ 33.739838][ T724] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 33.773312][ T725] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-724: bg 0: block 234: padding at end of block bitmap is not set umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558dca6690) = 730 ./strace-static-x86_64: Process 730 attached [pid 730] set_robust_list(0x55558dca66a0, 24) = 0 [pid 730] chdir("./60") = 0 [pid 730] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 730] setpgid(0, 0) = 0 [pid 730] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 730] write(3, "1000", 4) = 4 [pid 730] close(3) = 0 [pid 730] symlink("/dev/binderfs", "./binderfs") = 0 [pid 730] write(1, "executing program\n", 18executing program ) = 18 [pid 730] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 730] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 730] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 730] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 730] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 730] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 730] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0}./strace-static-x86_64: Process 731 attached [pid 731] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 731] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 730] <... clone3 resumed> => {parent_tid=[731]}, 88) = 731 [pid 731] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 730] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 730] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 731] <... futex resumed>) = 0 [pid 730] <... futex resumed>) = 1 [pid 731] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 730] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 731] <... openat resumed>) = 3 [pid 731] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 730] <... futex resumed>) = 0 [pid 730] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 731] ioctl(3, VHOST_SET_OWNER [pid 730] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 731] <... ioctl resumed>, 0) = 0 [pid 731] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 730] <... futex resumed>) = 0 [pid 730] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 730] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 731] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 731] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 730] <... futex resumed>) = 0 [pid 730] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 730] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 731] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 731] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 730] <... futex resumed>) = 0 [pid 731] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 730] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 730] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 731] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 731] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 731] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 730] <... futex resumed>) = 0 [pid 730] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 730] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 731] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 731] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 730] <... futex resumed>) = 0 [pid 730] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 730] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 731] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 731] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 730] <... futex resumed>) = 0 [pid 731] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 730] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 731] <... futex resumed>) = 0 [pid 730] <... futex resumed>) = 1 [pid 731] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 730] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 731] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 730] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 731] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 730] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 731] <... futex resumed>) = 0 [pid 730] <... futex resumed>) = 1 [pid 731] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 730] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 731] <... ioctl resumed>, 0x200000000140) = 0 [pid 731] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 730] <... futex resumed>) = 0 [pid 731] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 730] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 731] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 730] <... futex resumed>) = 0 [pid 730] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 731] memfd_create("syzkaller", 0) = 5 [pid 731] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 731] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 731] munmap(0x7fc9d7676000, 138412032) = 0 [pid 731] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 731] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 731] close(5) = 0 [pid 731] close(6) = 0 [pid 731] mkdir("./file0", 0777) = 0 [pid 731] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 731] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 731] chdir("./file0") = 0 [pid 731] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 731] ioctl(6, LOOP_CLR_FD) = 0 [pid 731] close(6) = 0 [pid 731] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 730] <... futex resumed>) = 0 [pid 730] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 730] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 731] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 731] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 730] <... futex resumed>) = 0 [pid 730] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 730] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 731] write(6, "#! ./file1\n", 11) = 11 [pid 731] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 730] <... futex resumed>) = 0 [pid 730] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 730] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 731] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 731] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 730] <... futex resumed>) = 0 [pid 730] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 730] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 731] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 730] <... futex resumed>) = ? [pid 731] +++ killed by SIGBUS +++ [pid 730] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=730, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/binderfs") = 0 [ 33.929779][ T731] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 33.964336][ T732] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-731: bg 0: block 234: padding at end of block bitmap is not set umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558dcaf770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558dcaf770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file0") = 0 getdents64(3, 0x55558dca7730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 736 attached , child_tidptr=0x55558dca6690) = 736 [pid 736] set_robust_list(0x55558dca66a0, 24) = 0 [pid 736] chdir("./61") = 0 [pid 736] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 736] setpgid(0, 0) = 0 [pid 736] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 736] write(3, "1000", 4) = 4 [pid 736] close(3) = 0 [pid 736] symlink("/dev/binderfs", "./binderfs") = 0 [pid 736] write(1, "executing program\n", 18executing program ) = 18 [pid 736] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 736] rt_sigaction(SIGRT_1, {sa_handler=0x7fc9dfb00370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc9dfaf1520}, NULL, 8) = 0 [pid 736] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 736] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc9dfa76000 [pid 736] mprotect(0x7fc9dfa77000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 736] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 736] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc9dfa96990, parent_tid=0x7fc9dfa96990, exit_signal=0, stack=0x7fc9dfa76000, stack_size=0x20300, tls=0x7fc9dfa966c0} => {parent_tid=[737]}, 88) = 737 [pid 736] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 736] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 736] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 737 attached [pid 737] set_robust_list(0x7fc9dfa969a0, 24) = 0 [pid 737] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 737] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 737] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 736] <... futex resumed>) = 0 [pid 736] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 736] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 737] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 737] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 736] <... futex resumed>) = 0 [pid 736] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 736] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 737] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 737] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 736] <... futex resumed>) = 0 [pid 736] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 736] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 737] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 737] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 736] <... futex resumed>) = 0 [pid 737] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 736] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 736] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 737] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 737] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 737] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 736] <... futex resumed>) = 0 [pid 737] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 736] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 736] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 737] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 737] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 737] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 736] <... futex resumed>) = 0 [pid 737] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 736] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 736] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 737] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 737] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 737] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 736] <... futex resumed>) = 0 [pid 736] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 736] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 737] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 737] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 736] <... futex resumed>) = 0 [pid 736] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 736] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 737] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 737] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 736] <... futex resumed>) = 0 [pid 737] futex(0x7fc9dfb626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 736] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 736] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 737] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 737] memfd_create("syzkaller", 0) = 5 [pid 737] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9d7676000 [pid 737] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 737] munmap(0x7fc9d7676000, 138412032) = 0 [pid 737] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 737] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 737] close(5) = 0 [pid 737] close(6) = 0 [pid 737] mkdir("./file0", 0777) = 0 [pid 737] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"...) = 0 [pid 737] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 737] chdir("./file0") = 0 [pid 737] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 737] ioctl(6, LOOP_CLR_FD) = 0 [pid 737] close(6) = 0 [pid 737] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 736] <... futex resumed>) = 0 [pid 736] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 736] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 737] <... futex resumed>) = 1 [pid 737] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 737] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 736] <... futex resumed>) = 0 [pid 736] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 736] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 737] <... futex resumed>) = 1 [pid 737] write(6, "#! ./file1\n", 11) = 11 [pid 737] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 736] <... futex resumed>) = 0 [pid 736] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 736] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 737] <... futex resumed>) = 1 [pid 737] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 737] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 736] <... futex resumed>) = 0 [pid 736] futex(0x7fc9dfb626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 736] futex(0x7fc9dfb626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 737] <... futex resumed>) = 1 [pid 737] lchown("./file0", 0, 60929) = 0 [pid 737] futex(0x7fc9dfb626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 736] <... futex resumed>) = 0 [pid 736] exit_group(0) = ? [pid 737] <... futex resumed>) = ? [ 34.099296][ T737] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 34.129982][ T23] kauditd_printk_skb: 7 callbacks suppressed [pid 737] +++ exited with 0 +++ [pid 736] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=736, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558dca7730 /* 4 entries */, 32768) = 112 umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/binderfs") = 0 [ 34.129994][ T23] audit: type=1400 audit(1745037010.580:83): avc: denied { setattr } for pid=736 comm="syz-executor163" name="file0" dev="loop0" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 34.158777][ T738] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-737: bg 0: block 234: padding at end of block bitmap is not set [ 34.184957][ T7] ------------[ cut here ]------------ [ 34.190327][ T7] kernel BUG at fs/ext4/inode.c:2844! [ 34.195744][ T7] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 34.201622][ T7] CPU: 1 PID: 7 Comm: kworker/u4:0 Not tainted 5.4.290-syzkaller #0 [ 34.209421][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 34.219789][ T7] Workqueue: writeback wb_workfn (flush-7:0) [ 34.225858][ T7] RIP: 0010:ext4_writepages+0x3c96/0x3cc0 [ 34.231420][ T7] Code: 82 9a ff 31 ff 89 de e8 48 82 9a ff 45 84 f6 75 2e e8 fe 7f 9a ff 49 bf 00 00 00 00 00 fc ff df e9 1d f9 ff ff e8 ea 7f 9a ff <0f> 0b e8 e3 7f 9a ff 0f 0b e8 dc 7f 9a ff e8 c7 39 35 ff eb 99 e8 [ 34.251376][ T7] RSP: 0018:ffff8881f5db70c0 EFLAGS: 00010293 [ 34.257271][ T7] RAX: ffffffff81cb1ae6 RBX: 0000010000000000 RCX: ffff8881f5d6cec0 [ 34.265094][ T7] RDX: 0000000000000000 RSI: 0000010000000000 RDI: 0000000000000000 [ 34.272931][ T7] RBP: ffff8881f5db74b0 R08: ffffffff81cae736 R09: ffffed103b1ae8b0 [ 34.280910][ T7] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881d8d74628 [ 34.289067][ T7] R13: 0000000000000001 R14: 0000010410000000 R15: dffffc0000000000 [ 34.296899][ T7] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 34.306010][ T7] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 34.312436][ T7] CR2: 000055558dcaf738 CR3: 00000001eed9f000 CR4: 00000000003406a0 [ 34.320235][ T7] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 34.328057][ T7] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 34.335872][ T7] Call Trace: [ 34.339091][ T7] ? __die+0xbc/0x100 [ 34.342902][ T7] ? die+0x2a/0x50 [ 34.346549][ T7] ? do_trap+0x1a4/0x310 [ 34.350717][ T7] ? do_invalid_op+0x105/0x120 [ 34.355313][ T7] ? ext4_writepages+0x3c96/0x3cc0 [ 34.360277][ T7] ? ext4_writepages+0x3c96/0x3cc0 [ 34.365386][ T7] ? invalid_op+0x1e/0x30 [ 34.369539][ T7] ? ext4_writepages+0x8e6/0x3cc0 [ 34.374402][ T7] ? ext4_writepages+0x3c96/0x3cc0 [ 34.379431][ T7] ? ext4_writepages+0x3c96/0x3cc0 [ 34.384382][ T7] ? debug_smp_processor_id+0x20/0x20 [ 34.389591][ T7] ? _raw_spin_lock+0xa4/0x1b0 [ 34.394360][ T7] ? __kasan_check_read+0x11/0x20 [ 34.399222][ T7] ? mark_page_accessed+0x280/0x670 [ 34.404256][ T7] ? write_boundary_block+0x150/0x150 [ 34.409462][ T7] ? blk_mq_get_driver_tag+0x690/0x690 [ 34.414862][ T7] ? check_preemption_disabled+0x9f/0x320 [ 34.420399][ T7] ? ext4_readpage+0x2d0/0x2d0 [ 34.425001][ T7] ? __getblk_gfp+0x3d/0x770 [ 34.429454][ T7] ? ext4_get_group_desc+0x253/0x2a0 [ 34.434578][ T7] ? __ext4_get_inode_loc+0x612/0xe40 [ 34.439781][ T7] ? update_load_avg+0x43f/0x1250 [ 34.444623][ T7] ? check_preemption_disabled+0x9f/0x320 [ 34.450195][ T7] ? ext4_readpage+0x2d0/0x2d0 [ 34.454962][ T7] do_writepages+0x12b/0x270 [ 34.459501][ T7] ? __writepage+0x110/0x110 [ 34.463994][ T7] ? __kasan_check_write+0x14/0x20 [ 34.468960][ T7] ? _raw_spin_lock+0xa4/0x1b0 [ 34.473540][ T7] ? _raw_spin_trylock_bh+0x190/0x190 [ 34.478843][ T7] __writeback_single_inode+0xdb/0xc80 [ 34.484339][ T7] writeback_sb_inodes+0x9e0/0x1800 [ 34.489457][ T7] ? _raw_spin_lock+0xa4/0x1b0 [ 34.494135][ T7] ? queue_io+0x5b0/0x5b0 [ 34.498387][ T7] ? writeback_sb_inodes+0x1800/0x1800 [ 34.503683][ T7] ? queue_io+0x3f8/0x5b0 [ 34.507945][ T7] wb_writeback+0x403/0xd70 [ 34.512283][ T7] ? wb_io_lists_depopulated+0x170/0x170 [ 34.517975][ T7] ? check_preemption_disabled+0x9f/0x320 [ 34.523516][ T7] ? debug_smp_processor_id+0x20/0x20 [ 34.528811][ T7] ? __kasan_check_write+0x14/0x20 [ 34.533741][ T7] ? check_preemption_disabled+0x9f/0x320 [ 34.539295][ T7] wb_workfn+0x3b6/0x1230 [ 34.543464][ T7] ? inode_wait_for_writeback+0x280/0x280 [ 34.549312][ T7] ? _raw_spin_unlock_irq+0x4e/0x70 [ 34.554528][ T7] ? finish_task_switch+0x130/0x590 [ 34.559541][ T7] ? __schedule+0xb0d/0x1320 [ 34.563968][ T7] ? __kasan_check_read+0x11/0x20 [ 34.569035][ T7] ? strscpy+0x9c/0x260 [ 34.573131][ T7] process_one_work+0x781/0xd50 [ 34.577793][ T7] worker_thread+0xa27/0x1360 [ 34.582358][ T7] kthread+0x321/0x3a0 [ 34.586205][ T7] ? worker_clr_flags+0x180/0x180 [ 34.591065][ T7] ? kthread_blkcg+0xd0/0xd0 [ 34.595493][ T7] ret_from_fork+0x1f/0x30 [ 34.599743][ T7] Modules linked in: [ 34.603802][ T7] ---[ end trace 33f28a47925298ee ]--- [ 34.609102][ T7] RIP: 0010:ext4_writepages+0x3c96/0x3cc0 [ 34.614592][ T7] Code: 82 9a ff 31 ff 89 de e8 48 82 9a ff 45 84 f6 75 2e e8 fe 7f 9a ff 49 bf 00 00 00 00 00 fc ff df e9 1d f9 ff ff e8 ea 7f 9a ff <0f> 0b e8 e3 7f 9a ff 0f 0b e8 dc 7f 9a ff e8 c7 39 35 ff eb 99 e8 [ 34.634136][ T7] RSP: 0018:ffff8881f5db70c0 EFLAGS: 00010293 [ 34.640019][ T7] RAX: ffffffff81cb1ae6 RBX: 0000010000000000 RCX: ffff8881f5d6cec0 [ 34.647916][ T7] RDX: 0000000000000000 RSI: 0000010000000000 RDI: 0000000000000000 [ 34.655822][ T7] RBP: ffff8881f5db74b0 R08: ffffffff81cae736 R09: ffffed103b1ae8b0 [ 34.663647][ T7] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881d8d74628 [ 34.671400][ T7] R13: 0000000000000001 R14: 0000010410000000 R15: dffffc0000000000 [ 34.679375][ T7] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 34.688118][ T7] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 34.694749][ T7] CR2: 000055558dcaf738 CR3: 00000001ecfe1000 CR4: 00000000003406a0 [ 34.702551][ T7] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 34.710461][ T7] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 34.718348][ T7] Kernel panic - not syncing: Fatal exception [ 34.724521][ T7] Kernel Offset: disabled [ 34.728650][ T7] Rebooting in 86400 seconds..