./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1270673678 <...> syzkaller syzkaller login: [ 17.756988][ T24] kauditd_printk_skb: 31 callbacks suppressed [ 17.757000][ T24] audit: type=1400 audit(1749144170.760:59): avc: denied { transition } for pid=217 comm="sshd-session" path="/bin/sh" dev="sda1" ino=90 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 17.770101][ T24] audit: type=1400 audit(1749144170.760:60): avc: denied { noatsecure } for pid=217 comm="sshd-session" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 17.779809][ T24] audit: type=1400 audit(1749144170.760:61): avc: denied { write } for pid=217 comm="sh" path="pipe:[14461]" dev="pipefs" ino=14461 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 17.802373][ T24] audit: type=1400 audit(1749144170.760:62): avc: denied { rlimitinh } for pid=217 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 17.821655][ T24] audit: type=1400 audit(1749144170.760:63): avc: denied { siginh } for pid=217 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.1.49' (ED25519) to the list of known hosts. execve("./syz-executor1270673678", ["./syz-executor1270673678"], 0x7ffdf4a6de50 /* 10 vars */) = 0 brk(NULL) = 0x55557c100000 brk(0x55557c100d00) = 0x55557c100d00 arch_prctl(ARCH_SET_FS, 0x55557c100380) = 0 set_tid_address(0x55557c100650) = 282 set_robust_list(0x55557c100660, 24) = 0 rseq(0x55557c100ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1270673678", 4096) = 28 getrandom("\x5c\x96\x11\x71\xd4\x3e\x23\x57", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55557c100d00 brk(0x55557c121d00) = 0x55557c121d00 brk(0x55557c122000) = 0x55557c122000 mprotect(0x7fb592ad2000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 mkdir("./syzkaller.Myt2OA", 0700) = 0 chmod("./syzkaller.Myt2OA", 0777) = 0 chdir("./syzkaller.Myt2OA") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557c100650) = 284 ./strace-static-x86_64: Process 284 attached [pid 284] set_robust_list(0x55557c100660, 24) = 0 [pid 284] chdir("./0") = 0 [pid 284] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 284] setpgid(0, 0) = 0 [pid 284] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 284] write(3, "1000", 4) = 4 [pid 284] close(3) = 0 [pid 284] symlink("/dev/binderfs", "./binderfs") = 0 [pid 284] write(1, "executing program\n", 18executing program ) = 18 [pid 284] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 284] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 284] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 284] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 284] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 284] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 284] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 284] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 284] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 284] memfd_create("syzkaller", 0) = 5 [pid 284] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb58a61f000 [ 27.376639][ T24] audit: type=1400 audit(1749144180.380:64): avc: denied { execmem } for pid=282 comm="syz-executor127" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 27.397841][ T24] audit: type=1400 audit(1749144180.400:65): avc: denied { read write } for pid=282 comm="syz-executor127" name="loop0" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 284] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 284] munmap(0x7fb58a61f000, 138412032) = 0 [pid 284] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 284] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 284] close(5) = 0 [pid 284] close(6) = 0 [pid 284] mkdir("./file0", 0777) = 0 [ 27.423776][ T24] audit: type=1400 audit(1749144180.400:66): avc: denied { open } for pid=282 comm="syz-executor127" path="/dev/loop0" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 27.450100][ T24] audit: type=1400 audit(1749144180.400:67): avc: denied { ioctl } for pid=282 comm="syz-executor127" path="/dev/loop0" dev="devtmpfs" ino=115 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 27.479003][ T24] audit: type=1400 audit(1749144180.420:68): avc: denied { read write } for pid=284 comm="syz-executor127" name="vhost-vsock" dev="devtmpfs" ino=262 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 27.504404][ T24] audit: type=1400 audit(1749144180.420:69): avc: denied { open } for pid=284 comm="syz-executor127" path="/dev/vhost-vsock" dev="devtmpfs" ino=262 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 27.530426][ T24] audit: type=1400 audit(1749144180.420:70): avc: denied { ioctl } for pid=284 comm="syz-executor127" path="/dev/vhost-vsock" dev="devtmpfs" ino=262 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [pid 284] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 284] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 284] chdir("./file0") = 0 [pid 284] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 284] ioctl(6, LOOP_CLR_FD) = 0 [ 27.558406][ T24] audit: type=1400 audit(1749144180.490:71): avc: denied { mounton } for pid=284 comm="syz-executor127" path="/root/syzkaller.Myt2OA/0/file0" dev="sda1" ino=2027 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 27.593677][ T284] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 284] close(6) = 0 [pid 284] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 284] write(6, "#! ./file1\n", 11) = 11 [pid 284] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 284] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [ 27.616079][ T24] audit: type=1400 audit(1749144180.630:72): avc: denied { mount } for pid=284 comm="syz-executor127" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 27.639946][ T24] audit: type=1400 audit(1749144180.640:73): avc: denied { write } for pid=284 comm="syz-executor127" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [pid 284] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 284] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=284, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557c1016f0 /* 4 entries */, 32768) = 112 [ 27.666398][ T285] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-284: bg 0: block 234: padding at end of block bitmap is not set umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557c109730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557c109730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0"executing program ) = 0 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 getdents64(3, 0x55557c1016f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557c100650) = 289 ./strace-static-x86_64: Process 289 attached [pid 289] set_robust_list(0x55557c100660, 24) = 0 [pid 289] chdir("./1") = 0 [pid 289] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 289] setpgid(0, 0) = 0 [pid 289] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 289] write(3, "1000", 4) = 4 [pid 289] close(3) = 0 [pid 289] symlink("/dev/binderfs", "./binderfs") = 0 [pid 289] write(1, "executing program\n", 18) = 18 [pid 289] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 289] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 289] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 289] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 289] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 289] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 289] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 289] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 289] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 289] memfd_create("syzkaller", 0) = 5 [pid 289] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb58a61f000 [pid 289] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 289] munmap(0x7fb58a61f000, 138412032) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 289] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 289] close(5) = 0 [pid 289] close(6) = 0 [pid 289] mkdir("./file0", 0777) = 0 [pid 289] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 289] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 289] chdir("./file0") = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 289] ioctl(6, LOOP_CLR_FD) = 0 [pid 289] close(6) = 0 [pid 289] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 289] write(6, "#! ./file1\n", 11) = 11 [pid 289] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 289] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 289] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 289] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=289, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557c1016f0 /* 4 entries */, 32768) = 112 [ 27.803539][ T289] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.835281][ T290] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-289: bg 0: block 234: padding at end of block bitmap is not set umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557c109730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557c109730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 getdents64(3, 0x55557c1016f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557c100650) = 294 ./strace-static-x86_64: Process 294 attached [pid 294] set_robust_list(0x55557c100660, 24) = 0 [pid 294] chdir("./2") = 0 [pid 294] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 294] setpgid(0, 0) = 0 [pid 294] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 294] write(3, "1000", 4) = 4 [pid 294] close(3) = 0 [pid 294] symlink("/dev/binderfs", "./binderfs") = 0 [pid 294] write(1, "executing program\n", 18executing program ) = 18 [pid 294] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 294] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 294] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 294] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 294] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 294] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 294] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 294] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 294] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 294] memfd_create("syzkaller", 0) = 5 [pid 294] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb58a61f000 [pid 294] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 294] munmap(0x7fb58a61f000, 138412032) = 0 [pid 294] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 294] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 294] close(5) = 0 [pid 294] close(6) = 0 [pid 294] mkdir("./file0", 0777) = 0 [pid 294] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 294] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 294] chdir("./file0") = 0 [pid 294] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 294] ioctl(6, LOOP_CLR_FD) = 0 [pid 294] close(6) = 0 [pid 294] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 294] write(6, "#! ./file1\n", 11) = 11 [pid 294] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 294] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 294] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 294] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=294, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557c1016f0 /* 4 entries */, 32768) = 112 [ 27.983192][ T294] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.011323][ T294] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor127: bg 0: block 234: padding at end of block bitmap is not set umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557c109730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557c109730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 getdents64(3, 0x55557c1016f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557c100650) = 299 ./strace-static-x86_64: Process 299 attached [pid 299] set_robust_list(0x55557c100660, 24) = 0 [pid 299] chdir("./3") = 0 [pid 299] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 299] setpgid(0, 0) = 0 [pid 299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 299] write(3, "1000", 4) = 4 [pid 299] close(3) = 0 [pid 299] symlink("/dev/binderfs", "./binderfs") = 0 [pid 299] write(1, "executing program\n", 18) = 18 [pid 299] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 299] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 299] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 299] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 299] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 299] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 299] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 299] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 299] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 299] memfd_create("syzkaller", 0) = 5 [pid 299] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb58a61f000 [pid 299] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 299] munmap(0x7fb58a61f000, 138412032) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 299] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 299] close(5) = 0 [pid 299] close(6) = 0 [pid 299] mkdir("./file0", 0777) = 0 [pid 299] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 299] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 299] chdir("./file0") = 0 [pid 299] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 299] ioctl(6, LOOP_CLR_FD) = 0 [pid 299] close(6) = 0 [pid 299] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 299] write(6, "#! ./file1\n", 11) = 11 [pid 299] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 299] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 299] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 299] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=299, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557c1016f0 /* 4 entries */, 32768) = 112 [ 28.165967][ T299] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.197252][ T299] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor127: bg 0: block 234: padding at end of block bitmap is not set umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557c109730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557c109730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 getdents64(3, 0x55557c1016f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 304 attached , child_tidptr=0x55557c100650) = 304 [pid 304] set_robust_list(0x55557c100660, 24) = 0 [pid 304] chdir("./4") = 0 [pid 304] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 304] setpgid(0, 0) = 0 [pid 304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 304] write(3, "1000", 4) = 4 [pid 304] close(3) = 0 [pid 304] symlink("/dev/binderfs", "./binderfs") = 0 [pid 304] write(1, "executing program\n", 18executing program ) = 18 [pid 304] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 304] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 304] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 304] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 304] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 304] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 304] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 304] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 304] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 304] memfd_create("syzkaller", 0) = 5 [pid 304] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb58a61f000 [pid 304] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 304] munmap(0x7fb58a61f000, 138412032) = 0 [pid 304] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 304] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 304] close(5) = 0 [pid 304] close(6) = 0 [pid 304] mkdir("./file0", 0777) = 0 [pid 304] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 304] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 304] chdir("./file0") = 0 [pid 304] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 304] ioctl(6, LOOP_CLR_FD) = 0 [pid 304] close(6) = 0 [pid 304] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 304] write(6, "#! ./file1\n", 11) = 11 [pid 304] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 304] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 304] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 304] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=304, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557c1016f0 /* 4 entries */, 32768) = 112 [ 28.343259][ T304] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.375507][ T305] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-304: bg 0: block 234: padding at end of block bitmap is not set umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557c109730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557c109730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 getdents64(3, 0x55557c1016f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557c100650) = 309 ./strace-static-x86_64: Process 309 attached [pid 309] set_robust_list(0x55557c100660, 24) = 0 [pid 309] chdir("./5") = 0 [pid 309] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 309] setpgid(0, 0) = 0 [pid 309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 309] write(3, "1000", 4) = 4 [pid 309] close(3) = 0 [pid 309] symlink("/dev/binderfs", "./binderfs") = 0 [pid 309] write(1, "executing program\n", 18executing program ) = 18 [pid 309] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 309] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 309] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 309] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 309] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 309] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 309] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 309] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 309] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 309] memfd_create("syzkaller", 0) = 5 [pid 309] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb58a61f000 [pid 309] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 309] munmap(0x7fb58a61f000, 138412032) = 0 [pid 309] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 309] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 309] close(5) = 0 [pid 309] close(6) = 0 [pid 309] mkdir("./file0", 0777) = 0 [pid 309] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 309] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 309] chdir("./file0") = 0 [pid 309] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 309] ioctl(6, LOOP_CLR_FD) = 0 [pid 309] close(6) = 0 [pid 309] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 309] write(6, "#! ./file1\n", 11) = 11 [pid 309] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 309] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 309] openat(AT_FDCWD, "/dev/rtc5", O_RDWR|O_NONBLOCK|O_DIRECT) = -1 ENOENT (No such file or directory) [pid 309] exit_group(0) = ? [ 28.592356][ T309] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 309] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=309, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557c1016f0 /* 4 entries */, 32768) = 112 [ 28.643930][ T310] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-309: bg 0: block 234: padding at end of block bitmap is not set [ 28.665430][ T49] ------------[ cut here ]------------ [ 28.671318][ T49] kernel BUG at fs/ext4/inode.c:2778! [ 28.677691][ T49] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 28.684210][ T49] CPU: 1 PID: 49 Comm: kworker/u4:2 Not tainted 5.10.237-syzkaller-00010-gcf6ed0f1511d #0 [ 28.694507][ T49] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 28.705515][ T49] Workqueue: writeback wb_workfn (flush-7:0) [ 28.712351][ T49] RIP: 0010:ext4_writepages+0x2ddb/0x2e00 [ 28.718949][ T49] Code: 39 94 ff 84 db 75 31 e8 f3 36 94 ff 49 bc 00 00 00 00 00 fc ff df 4c 8b 6c 24 30 48 8b 5c 24 38 e9 21 f8 ff ff e8 d5 36 94 ff <0f> 0b e8 ce 36 94 ff e8 45 0f 31 ff eb 98 e8 c2 36 94 ff e8 39 0f [ 28.741483][ T49] RSP: 0018:ffffc900009e7180 EFLAGS: 00010293 [ 28.748293][ T49] RAX: ffffffff81cf5b9b RBX: 0000008410000000 RCX: ffff888101ff4f00 [ 28.756880][ T49] RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000 [ 28.765269][ T49] RBP: ffffc900009e74f0 R08: dffffc0000000000 R09: ffffed10242942ff [ 28.773798][ T49] R10: ffffed10242942ff R11: 1ffff110242942fe R12: dffffc0000000000 [ 28.782334][ T49] R13: ffff888104fb0000 R14: 0000008000000000 R15: ffff8881214a17f0 [ 28.790915][ T49] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 28.800949][ T49] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 28.807613][ T49] CR2: 000055557c1096f8 CR3: 000000012125b000 CR4: 00000000003506a0 [ 28.816352][ T49] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 28.824506][ T49] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 28.833009][ T49] Call Trace: [ 28.836425][ T49] ? ext4_readpage+0x220/0x220 [ 28.841616][ T49] ? find_next_and_bit+0x17a/0x1b0 [ 28.847303][ T49] ? memcpy+0x56/0x70 [ 28.851414][ T49] ? load_balance+0x1193/0x4320 [ 28.856463][ T49] ? update_load_avg+0xdf5/0x14f0 [ 28.862269][ T49] ? __update_load_avg_cfs_rq+0xaf/0x2f0 [ 28.868275][ T49] ? ext4_readpage+0x220/0x220 [ 28.873735][ T49] do_writepages+0x12a/0x270 [ 28.878418][ T49] ? __writepage+0x130/0x130 [ 28.883183][ T49] ? __kasan_check_write+0x14/0x20 [ 28.888364][ T49] ? _raw_spin_lock+0x8e/0xe0 [ 28.893110][ T49] ? __kasan_check_write+0x14/0x20 [ 28.898289][ T49] __writeback_single_inode+0xd5/0xa20 [ 28.903863][ T49] ? wbc_attach_and_unlock_inode+0x385/0x590 [ 28.910143][ T49] writeback_sb_inodes+0x860/0x1400 [ 28.915392][ T49] ? queue_io+0x4c0/0x4c0 [ 28.920073][ T49] ? __kasan_check_read+0x11/0x20 [ 28.925729][ T49] ? queue_io+0x385/0x4c0 [ 28.930074][ T49] wb_writeback+0x3e3/0xb90 [ 28.934746][ T49] ? wb_io_lists_depopulated+0x180/0x180 [ 28.940418][ T49] ? set_worker_desc+0x155/0x1c0 [ 28.945730][ T49] ? update_load_avg+0x4dc/0x14f0 [ 28.951359][ T49] ? __kasan_check_write+0x14/0x20 [ 28.956749][ T49] wb_workfn+0x38f/0xe20 [ 28.961289][ T49] ? inode_wait_for_writeback+0x200/0x200 [ 28.967268][ T49] ? _raw_spin_unlock_irq+0x4e/0x70 [ 28.972541][ T49] ? finish_task_switch+0x12e/0x5a0 [ 28.977723][ T49] ? __switch_to_asm+0x34/0x60 [ 28.982635][ T49] ? __schedule+0xb4f/0x1310 [ 28.987673][ T49] ? __kasan_check_read+0x11/0x20 [ 28.993032][ T49] ? read_word_at_a_time+0x12/0x20 [ 28.998251][ T49] ? strscpy+0x9b/0x290 [ 29.002913][ T49] process_one_work+0x6e1/0xba0 [ 29.008009][ T49] worker_thread+0xa6a/0x13b0 [ 29.012881][ T49] ? _raw_spin_lock_irqsave+0xb0/0x110 [ 29.018410][ T49] kthread+0x346/0x3d0 [ 29.022466][ T49] ? worker_clr_flags+0x190/0x190 [ 29.028020][ T49] ? kthread_blkcg+0xd0/0xd0 [ 29.032682][ T49] ret_from_fork+0x1f/0x30 [ 29.037110][ T49] Modules linked in: [ 29.041539][ T49] ---[ end trace 622227fa322be6c4 ]--- [ 29.047734][ T49] RIP: 0010:ext4_writepages+0x2ddb/0x2e00 [ 29.053907][ T49] Code: 39 94 ff 84 db 75 31 e8 f3 36 94 ff 49 bc 00 00 00 00 00 fc ff df 4c 8b 6c 24 30 48 8b 5c 24 38 e9 21 f8 ff ff e8 d5 36 94 ff <0f> 0b e8 ce 36 94 ff e8 45 0f 31 ff eb 98 e8 c2 36 94 ff e8 39 0f [ 29.074509][ T49] RSP: 0018:ffffc900009e7180 EFLAGS: 00010293 [ 29.080697][ T49] RAX: ffffffff81cf5b9b RBX: 0000008410000000 RCX: ffff888101ff4f00 [ 29.089330][ T49] RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000 [ 29.097801][ T49] RBP: ffffc900009e74f0 R08: dffffc0000000000 R09: ffffed10242942ff [ 29.106726][ T49] R10: ffffed10242942ff R11: 1ffff110242942fe R12: dffffc0000000000 [ 29.115170][ T49] R13: ffff888104fb0000 R14: 0000008000000000 R15: ffff8881214a17f0 [ 29.124419][ T49] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 29.133866][ T49] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 29.141130][ T49] CR2: 000055557c1096f8 CR3: 000000000620f000 CR4: 00000000003506a0 [ 29.149804][ T49] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 29.158718][ T49] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 29.167782][ T49] Kernel panic - not syncing: Fatal exception [ 29.174967][ T49] Kernel Offset: disabled [ 29.179806][ T49] Rebooting in 86400 seconds..